Practical Governance for Enterprise AI
Tag
12 items
The National Association of Corporate Directors has published governance guidance titled 'Tuning Corporate Governance for AI Adoption,' calling on boards to adapt oversight mechanisms to address AI-specific risks including hallucinations, data privacy concerns, and algorithmic bias. The guidance references AI Incident Database figures showing a 26 percent increase in AI incidents from 2022 to 2023, with 2024 data suggesting a further rise exceeding 32 percent. It is directed at US corporate boards and positions AI risk oversight as a core board-level responsibility.
Corporate governance frameworks are emerging as the next frontier for enforceable AI accountability, while the AI governance talent surge is outpacing the enforcement infrastructure needed to give it teeth.
A peer-reviewed article published in the Brooklyn Law Review proposes a dual-board corporate governance structure designed to embed AI safety obligations directly into board-level accountability frameworks. The model would create enforceable fiduciary duties tied to AI safety outcomes, treating AI risk oversight as a formal governance responsibility rather than a voluntary management function. The article argues that existing single-board structures are inadequate to address the complexity and speed of AI-related risks facing corporations.
Partnership on AI published a policy piece titled 'Corporate AI Governance Matters Now More Than Ever,' calling on companies globally to embed AI governance directly into business-model design and enterprise risk management. The guidance stresses the need for clear ownership of AI-related accountability, cross-functional governance structures, and both internal and external mechanisms to ensure ongoing oversight. No binding requirements are imposed, but the piece represents a recognized industry body's normative expectations for responsible corporate AI practice.
A peer-reviewed article published in the Seattle University Law Review examines how AI and emerging technologies are creating structural mismatches with existing corporate governance and regulatory frameworks. The article identifies three phenomena: the blurring of firm boundaries through externally provided AI services, strategic resource access without ownership, and the dual role of online platforms as both market facilitators and market participants. The authors argue that current governance frameworks are poorly equipped to address these shifts.
UNESCO and the Thomson Reuters Foundation published research on November 1, 2025, analyzing 2,972 companies across 11 sectors globally, revealing a wide gap between AI communication and formal governance adoption. While 43.7% of companies surveyed communicated an AI strategy, only 13% publicly claimed adherence to a recognized AI governance framework. Operational controls remain weak across the sample: just 40% reported board-level oversight of AI, and only 12.4% had policies ensuring human oversight of AI systems. For enterprise compliance teams, the findings signal that having an AI strategy does not constitute governance readiness, and that accountability pathways, human oversight requirements, monitoring, and remediation processes are the areas where most organizations remain materially exposed.
A March 2026 Harvard Law Review article examines how frontier AI companies such as OpenAI and Anthropic have adopted governance structures designed to counterbalance commercial profit pressures with safety-oriented accountability. The analysis focuses in particular on Anthropic's charter mechanism, which grants Class T shareholders the right to elect three of five board directors either after May 24, 2027 or eight months following the receipt of $6 billion in investment capital, whichever occurs first. These trustees are empowered to prioritize safety considerations, structurally limiting the influence of purely profit-driven incentives at the board level. The research classifies these arrangements as prosocial corporate governance tools and situates them within broader stakeholder-focused approaches to managing AI development risks. For enterprise compliance teams, the analysis provides a framework for evaluating whether AI vendors' internal governance structures credibly constrain high-risk development practices, which is increasingly relevant to third-party risk assessments and AI procurement due diligence. While the article is not a binding instrument, its articulation of concrete governance benchmarks offers practical reference points for assessing AI suppliers against emerging standards.
A Harvard Law School analysis of 2025 proxy statements from S&P 100 companies found that 54% disclose board-level AI oversight, but only one-third disclose both oversight structures and formal AI policies, revealing uneven governance practices across large US public companies. Of companies that do disclose board oversight, 63% assign responsibility to specific committees rather than the full board. The research also documents that US institutional investors are increasing expectations for formalized AI governance, with 46% favoring board or committee-based oversight mechanisms. For enterprise compliance teams, the findings establish a de facto market benchmark: companies lacking both a documented oversight structure and a formal AI policy are increasingly out of step with investor expectations and peer disclosure norms. Compliance and governance officers at public companies should assess current proxy disclosures against these emerging standards, particularly as the SEC and institutional shareholders intensify scrutiny of AI risk management disclosures.
The Harvard Ethics Center published an analysis on November 1, 2025, examining the implications of America's AI Action Plan for businesses operating in an increasingly deregulated US AI environment. The analysis finds that the Action Plan shifts primary responsibility for AI risk management onto the private sector, reducing federal oversight in favor of innovation-led development. In response, the Harvard researchers introduce the Boundaries of Tolerance Framework, a structured approach designed to help organizations define and document the range of risks they consider acceptable in AI development and deployment. The framework is positioned as a corporate governance tool for filling the gap left by an immature regulatory landscape, urging companies to establish their own ethics and governance standards proactively. For enterprise compliance teams, this signals that internal risk tolerance documentation may increasingly serve as a de facto governance instrument in the absence of binding federal rules. Organizations subject to sector-specific oversight, such as financial services or healthcare, should assess how voluntary frameworks of this type interact with existing regulatory obligations.
A January 2026 Harvard Law Review article examines the novel corporate governance structures adopted by AI companies OpenAI and Anthropic, concluding that these arrangements may be insufficient to sustain meaningful AI safety commitments over time. The analysis focuses in particular on Anthropic's charter, which grants safety-focused Class T trustees the power to elect three of five board directors either after May 24, 2027, or once the company reaches $6 billion in cumulative investment. The article argues that structural mechanisms designed to counterbalance profit motives are vulnerable to gradual erosion, a phenomenon the authors term amoral drift. For enterprise compliance teams, the research signals that reliance on voluntary governance commitments by AI vendors cannot substitute for independent due diligence on safety and accountability practices. Organizations procuring AI systems from these companies should monitor whether governance structures remain intact and enforceable as commercial pressures intensify.
A May 2025 article in the Harvard Law Review analyzes the atypical corporate governance structures at OpenAI and Anthropic, including capped-profit models and stakeholder-oriented boards designed to resist commercial pressure. The article argues that these mechanisms may still permit unsafe incentive structures and weak accountability, raising questions about whether fiduciary duties and board independence are sufficient to enforce safety-oriented governance at frontier AI developers.
The Partnership on AI published a position piece on May 30, 2025, arguing that corporate AI governance programs are materially incomplete without formal controls spanning supply chain responsibility, end-user terms and conditions, AI assurance ecosystems, and real-time monitoring of autonomous AI agents. The piece targets enterprise compliance and risk functions and connects each governance gap to documented incident patterns and operational accountability failures. It does not carry binding regulatory force but represents practitioner-level guidance from a recognized multi-stakeholder body whose membership includes major technology deployers and civil society organizations.
