AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← News

NACD Tells Boards to Recalibrate AI Risk Appetite and Assign Clear Governance Ownership in 2025 Outlook

What happened

The National Association of Corporate Directors published Tuning Corporate Governance for AI Adoption as part of its 2025 Governance Outlook series, offering boards a structured approach to AI oversight without displacing existing governance frameworks. The guidance instructs directors to identify responsible leaders for AI accountability, assess how AI materially shifts the organization's risk profile, and treat data governance as a core strategic input rather than a downstream IT concern. It directly names AI hallucinations and algorithmic bias as risk categories that boards must understand and monitor, placing those concerns at the same level as financial and operational risk. The document is framed as an adaptation guide, acknowledging that most boards have governance infrastructure in place but arguing that AI demands deliberate recalibration of how that infrastructure operates. The guidance is US-focused but draws on principles applicable across jurisdictions where fiduciary duties extend to technology risk oversight.

Why it matters

  • ·Regulatory exposure is increasing: securities regulators and state legislatures are beginning to scrutinize whether boards have adequate AI competency and oversight structures, meaning gaps identified by the NACD guidance could surface in enforcement or litigation contexts.
  • ·Operational impact is direct: assigning named accountability for AI governance and integrating data governance into strategic planning requires immediate changes to committee charters, reporting lines, and board information flows, not just policy updates.
  • ·Organizational risk is compounded by inaction: boards that cannot demonstrate they have assessed how AI changes the company's risk profile face heightened exposure in shareholder derivative suits, regulatory examinations, and ESG disclosures where AI governance maturity is increasingly a rated criterion.

Governance controls affected

What to do now

  • Map current board committee charters to confirm that AI risk oversight is explicitly assigned, with named accountability at the director and executive level, and update charters where that assignment is absent or ambiguous.
  • Commission a formal assessment of how AI deployment has altered the organization's risk profile, specifically documenting hallucination-related exposure and algorithmic bias risk in business-facing AI systems, and present findings to the full board.
  • Evaluate whether existing board-level AI reporting covers the data governance dimensions the NACD guidance identifies as strategic, including training data quality, lineage, and bias assessment, and close gaps in the reporting cadence.
  • Conduct a director AI literacy assessment using a structured competency framework and schedule targeted education for directors who will sit on or chair committees with AI oversight responsibility.
  • Review AI risk appetite and tolerance documentation to confirm it reflects current AI deployment scope, including generative AI and any agentic systems, and seek formal board ratification of updated thresholds.

What to watch next

Compliance teams should monitor whether the SEC expands its AI governance disclosure expectations in proxy guidance or comment letters, as the NACD's framing of AI oversight as a board fiduciary matter increases the likelihood that regulators will look for corresponding disclosures in proxy statements and 10-K risk factor sections. State-level corporate governance legislation, particularly in Delaware, may also begin referencing AI oversight standards as a benchmark for duty of care analysis. Additionally, proxy advisory firms including ISS and Glass Lewis are expected to update their governance rating methodologies to incorporate AI board competency criteria, which will affect voting recommendations for companies that have not formalized their oversight structures.

AI Governance Weekly

Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.

Powered by Buttondown.

Related Coverage

Corporate Policy2026-07-08

Protiviti's AI Governance Guide Surfaces a Structural Gap: Most Enterprises Still Lack Formal Intake, Inventory, and Committee Controls

Protiviti has published a comprehensive AI governance guide covering executive accountability, committee structures, and scalable AI model intake processes for enterprise organizations. The guide synthesizes foundational governance practices into an FAQ-style reference for compliance and risk teams building or maturing their programs. It is aimed at US-based enterprises navigating the absence of a single prescriptive federal AI standard.

Research2026-07-03

NACD Board AI Governance Guide Puts Director Competency and ERM Integration at the Center of Oversight Accountability

The National Association of Corporate Directors (NACD) has published 'Director Essentials: Implementing AI Governance,' a practical guide establishing what boards must do to govern AI responsibly at the enterprise level. The guide calls on directors to integrate AI risk into enterprise risk management frameworks, assess their own AI competency, update committee charters, and establish AI-specific KPIs. Compliance teams can use the guidance to benchmark board-level accountability structures and identify gaps in governance program design.

Research2026-06-30

U.S. AI Action Plan Shifts AI Risk Ownership to Corporate Boards, Harvard Ethics Center Warns

The Harvard University Ethics Center published a commentary on November 10, 2025, analyzing the governance implications of America's AI Action Plan for private-sector organizations. The commentary argues that the plan's preference for reduced federal regulation transfers primary AI risk management responsibility to corporate boards and senior executives. This shift elevates board accountability and executive liability as central compliance concerns for U.S. enterprises.