Three Structural Gaps Where AI Undermines Corporate Governance, Seattle University Law Review Finds
Source
AI, New Technologies, and Corporate Governance: Three PhenomenaSeattle University School of Law
What happened
The AI, New Technologies, and Corporate Governance: Three Phenomena article was published in Volume 47, Issue 5 of the Seattle University Law Review by Seattle University School of Law researchers. The peer-reviewed article presents a legal-structural analysis identifying three discrete phenomena that destabilize traditional corporate governance doctrine: the erosion of firm boundaries through reliance on externally provided AI services, the emergence of strategic access arrangements in which enterprises use AI capabilities without owning underlying assets or models, and the hybrid nature of online platforms that simultaneously operate as infrastructure providers and competitive market actors. The authors argue that neither corporate law nor existing sector-specific regulatory frameworks adequately address the accountability gaps created by these three conditions. The analysis is framed as a global structural assessment without focus on a single jurisdiction, though it engages directly with developments including the EU AI Act, the EU Digital Services Act, and proposed frameworks such as the EU Digital Networks Act. The article adds a corporate governance lens to a conversation that has previously been dominated by public law and consumer protection perspectives.
Why it matters
- ·Regulatory exposure is increasing as legislative efforts such as the EU AI Act begin codifying supply chain accountability, meaning organizations that access AI capabilities through third-party services rather than owning them may face affirmative compliance obligations they have not yet mapped.
- ·Operational impact is significant for enterprises relying on platform intermediaries for AI services, because those platforms' dual roles as both infrastructure providers and market participants create conflicts of interest that may affect service reliability, pricing, and data handling in ways not currently reflected in enterprise risk registers.
- ·Organizational risk is elevated for boards and general counsel offices whose AI oversight frameworks were designed around assumptions of internal AI development, as those frameworks may no longer match operational reality and could expose organizations to governance failures if not updated.
Governance controls affected
What to do now
- ☐Audit which AI capabilities your organization accesses through third-party services rather than owns, and document the results against your current vendor risk inventory.
- ☐Review existing vendor contracts and liability clauses for AI services to assess whether they address the accountability gaps created by externally hosted models and cloud-based inference services.
- ☐Examine whether platform intermediaries supplying AI services to your organization hold dual market roles that create conflicts of interest, and update enterprise risk registers to reflect those findings.
- ☐Assess whether board-level governance charters, audit committee mandates, and third-party risk policies reflect current operational reliance on external AI rather than internally developed systems, and recommend updates where gaps exist.
- ☐Track legislative developments in the EU and at the U.S. federal level related to AI supply chain accountability, and assign ownership within the compliance function for monitoring how those frameworks will create new affirmative obligations.
What to watch next
Compliance teams should monitor the implementation guidance and enforcement priorities emerging from the EU AI Act, particularly provisions assigning liability along AI supply chains, as these will translate the structural conditions described in the article into concrete legal obligations. The evolution of the EU Digital Services Act and any finalized EU Digital Networks Act framework will also be relevant for organizations that interact with large platforms in a dual-role capacity. At the U.S. federal level, teams should track whether financial regulators expand their existing third-party AI risk guidance into binding requirements that mirror the supply chain accountability logic the article analyzes. Enforcement actions targeting third-party AI arrangements in any of these jurisdictions will serve as early indicators of how regulators are interpreting accountability gaps in practice.