AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← News

Only One-Third of S&P 100 Companies Disclose Both Board AI Oversight and Formal Policies, Harvard Law Finds

What happened

A Harvard Law School analysis of 2025 proxy statements from S&P 100 companies, published at US AI Oversight Through Three Lenses: Investor Expectations, the S&P 100, and Company-Specific Analysis, found that 54% of those companies disclose board-level AI oversight, yet only one-third disclose both board oversight structures and formal AI policies. Among companies reporting board oversight, 63% assign that responsibility to specific committees rather than the full board. The research further documents that US institutional investors are raising expectations for formalized AI governance, with 46% favoring board or committee-based oversight mechanisms. The findings establish a de facto market benchmark against which S&P 100 companies and their peers are increasingly being measured by investors and regulators. The SEC and institutional shareholders are identified as intensifying scrutiny of AI risk management disclosures, making the gap between current practice and emerging norms a material governance concern.

Why it matters

  • ·Companies lacking both a documented board oversight structure and a formal AI policy face growing regulatory exposure as the SEC increases scrutiny of AI risk management disclosures in proxy filings.
  • ·The findings set a concrete operational benchmark: compliance and governance teams at public companies must now evaluate their proxy disclosures against S&P 100 peer norms or risk being visibly out of step with market standards.
  • ·Institutional investors representing significant ownership stakes are formalizing expectations for AI governance structures, creating organizational risk for boards that have not yet assigned clear AI oversight responsibility to a named committee or body.

Governance controls affected

What to do now

  • Audit current proxy statement disclosures to confirm whether both a board or committee-level AI oversight structure and a formal AI policy are explicitly documented and publicly disclosed.
  • Map AI risk oversight responsibilities to a specific board committee and record that assignment in governance charters and proxy filings to align with the 63% committee-assignment practice among disclosing S&P 100 peers.
  • Review and update the formal AI policy to ensure it addresses risk classification, oversight accountability, and escalation paths that satisfy institutional investor expectations as documented in the Harvard Law analysis.
  • Engage investor relations and legal counsel to assess whether current AI governance disclosures meet the emerging expectations of the 46% of institutional investors favoring board or committee-based oversight mechanisms.
  • Establish an internal benchmarking process that compares the company's AI governance disclosures against S&P 100 peer disclosures on an annual proxy cycle basis.

What to watch next

Compliance teams should monitor the SEC for any forthcoming guidance or rulemaking that formalizes AI risk management disclosure requirements in proxy statements, as the Harvard Law findings signal that current voluntary disclosure norms may be a precursor to mandatory standards. Institutional investor voting guidelines for the 2026 proxy season warrant close attention, particularly from major asset managers who may begin conditioning votes on the presence of both board oversight structures and formal AI policies. Enforcement patterns related to AI-related material omissions in public company disclosures should also be tracked as a leading indicator of the SEC's evolving expectations.

AI Governance Weekly

Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.

Powered by Buttondown.

Related Coverage

Research2026-07-16

100% Model Registration Compliance Achieved Across Azure, Databricks, and Vertex AI Using IBM OpenPages, Case Study Shows

A TechVest Global case study documents how an organization deployed IBM OpenPages as a unified governance backbone across three major ML platforms, achieving full model registration compliance and a 30% reduction in audit cycle times. The implementation embedded risk scoring, bias audit checkpoints, and human-in-the-loop validation triggers directly into model lifecycle workflows. The case study offers a reproducible framework for enterprises managing AI governance across fragmented multi-cloud environments.

Research2026-07-09

EU Municipal AI Registers and Mandatory Audits Set a New Procurement Bar for Enterprise AI Vendors

A CIDOB research chapter on urban AI governance documents how EU municipalities are implementing Algorithm Lifecycle Approaches that include mandatory audits for high-risk systems, public algorithm registers, and vendor fact sheet requirements. The framework draws on live municipal case studies and provides a practical implementation model that cities can adopt directly. Enterprises selling AI systems to public sector buyers in the EU should treat these mechanisms as emerging procurement conditions, not optional transparency gestures.

Research2026-07-08

DDMI's Two-Step AI Approval Model Shows How GRC Tooling Can Operationalize Guardrails at Enterprise Scale

Data and analytics firm DDMI published a case study describing its structured two-step AI approval process, which evaluates use case soundness and ethical boundaries before submission to an Architecture Review Committee and Architecture Review Board. The model uses a GRC platform to manage AI initiatives with embedded guardrails covering legal compliance, security, human accountability, and continuous monitoring. The case study offers a named, replicable operating model for enterprise compliance teams building or maturing their own AI governance programs.