AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← News
Research2026-05-04

Corporate Boards Must Overhaul Governance for AI, NACD Urges in 2025 Report

What happened

The National Association of Corporate Directors (NACD) published Tuning Corporate Governance for AI Adoption in November 2025, urging U.S. corporate boards to modernize legacy governance frameworks to address the risks and oversight demands of enterprise AI adoption. The report identifies AI governance as a continuous board-level function rather than a one-time compliance exercise. NACD cites real-world incidents involving deepfakes, data leaks, and algorithmic bias as evidence of the consequences of inadequate board oversight. The report recommends that boards establish ongoing monitoring and adjustment mechanisms rather than relying on static policies. For enterprise compliance teams, the report signals growing expectations from institutional governance bodies that AI risk management will be embedded at the highest levels of corporate leadership, with implications for audit committee charters, risk reporting structures, and executive accountability frameworks.

Why it matters

  • ·Regulatory exposure is increasing as board-level AI oversight is being reframed as a fiduciary responsibility, meaning organizations without documented AI governance structures at the board level may face heightened scrutiny from regulators and institutional investors.
  • ·Operationally, the shift from static AI policies to continuous monitoring and adjustment mechanisms requires compliance teams to build ongoing review cadences, update audit committee charters, and integrate AI risk reporting into existing enterprise risk management workflows.
  • ·Organizationally, the report raises the risk that inadequate board oversight of AI incidents such as deepfake fraud, data leaks, and algorithmic bias could be treated as governance failures, creating personal accountability exposure for directors and executives.

Governance controls affected

What to do now

  • Review and update audit committee charters to explicitly include AI risk oversight as a standing agenda item and fiduciary responsibility.
  • Establish a board-level AI risk reporting cadence that covers incidents, drift, bias findings, and emerging threats on at least a quarterly basis.
  • Map existing AI governance policies against the NACD continuous monitoring framework to identify gaps where static policies must be replaced with dynamic review processes.
  • Assign executive accountability for AI governance outcomes and document escalation paths that connect compliance teams to board-level oversight structures.
  • Conduct a tabletop exercise simulating a board-level AI incident scenario, such as a deepfake fraud event or algorithmic bias complaint, to stress-test current escalation and disclosure procedures.

What to watch next

Compliance teams should monitor whether the Securities and Exchange Commission or other U.S. regulatory bodies issue guidance that formally incorporates board-level AI oversight into disclosure or fiduciary duty requirements, building on signals from the NACD report. Enforcement patterns related to AI-driven incidents, particularly those involving deepfakes and data leaks, should be tracked as potential precedents for director liability. Organizations should also watch for updates to institutional investor proxy voting guidelines that may begin scoring board AI competency as a governance quality metric.

Related Coverage

Research2026-06-15

S&P Global Report Frames AI Governance as a Principle-Based Risk Discipline, Raising the Bar for Enterprise Compliance Programs

S&P Global has published a research report titled 'The AI Governance Challenge,' arguing that enterprise AI governance should be anchored in five core principles: transparency, fairness, privacy, adaptability, and accountability. The report documents common organizational practices including ethical review boards, impact assessments, algorithmic transparency mechanisms, and risk-focused controls. Its findings map directly to compliance, model governance, and privacy programs across industries.

Research2026-06-11

Anaconda Implementation Guide Surfaces Five Governance Gaps Most Enterprise AI Programs Have Not Closed

Anaconda has published a practitioner-focused implementation guide covering risk classification, documentation standards, audit processes, red-team testing, accountability assignments, and agentic AI inventory. The guide provides a structured blueprint organizations can use to build or benchmark AI governance programs against operational controls. It is particularly relevant for compliance teams that have adopted high-level frameworks but have not yet translated them into testable procedures.

Research2026-06-23

Municipal Algorithm Registers Offer Enterprise Compliance Teams a Practical Inventory Benchmark

A CIDOB research paper published in February 2025 documents how cities are implementing algorithm lifecycle governance through centralized registers that combine risk assessment, mandatory audits for high-risk systems, and public transparency mechanisms. The research presents a structured model covering the full lifecycle from intake through retirement. For enterprise compliance teams, the municipal register architecture provides a concrete operational template as regulators increasingly require auditable AI system inventories.