AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← News

AI Incidents Up 32% in 2024, NACD Urges Boards to Strengthen Oversight Structures

What happened

The National Association of Corporate Directors (NACD) has published its 2025 Governance Outlook, a guidance document directed at corporate boards across the United States calling for strengthened AI oversight structures in response to a measurable rise in AI-related incidents. Drawing on data from the AI Incident Database, the NACD reports that AI incidents increased 26% between 2022 and 2023, followed by a further increase exceeding 32% in 2024. The guidance identifies hallucinations, bias, and data privacy failures as the primary risk categories driving this trend. In response, the NACD calls on boards to implement updated governance frameworks and reporting structures that provide directors with meaningful visibility into AI risk. Although the document is non-binding, NACD guidance carries significant weight among directors and institutional investors who use it as a benchmark for evaluating governance adequacy.

Why it matters

  • ·Regulatory exposure: Although non-binding, NACD guidance is used by institutional investors and regulators as a benchmark for governance adequacy, meaning organizations that lack board-level AI oversight documentation may face heightened scrutiny during regulatory inquiries or investor reviews.
  • ·Operational impact: The identification of hallucinations, bias, and data privacy failures as primary risk areas signals that organizations must operationalize monitoring and mitigation controls for these specific categories, not treat AI risk as a single undifferentiated concern.
  • ·Organizational risk: The shift of AI oversight from an operational concern to a board-level accountability expectation means compliance and risk teams must establish clear escalation pathways to senior leadership, creating structural and resourcing obligations that many organizations have not yet addressed.

Governance controls affected

What to do now

  • Audit current board reporting materials to determine whether AI risk is explicitly surfaced and whether named accountability owners are identified for each primary risk category.
  • Establish or update a responsible AI policy that addresses the three risk areas named by the NACD: hallucinations, bias, and data privacy failures, with defined escalation pathways to the board.
  • Map existing AI governance controls to board-level visibility requirements and identify gaps where incident data, bias assessments, or privacy failures are not currently reported upward.
  • Prepare documentation demonstrating board engagement on AI risk that can be produced in response to regulatory inquiry, investor scrutiny, or an AI-related incident.
  • Review and strengthen the AI incident response playbook to ensure it includes escalation procedures that reach board level for incidents meeting defined severity thresholds.

What to watch next

Compliance teams should monitor whether the Securities and Exchange Commission or state-level regulators in the United States begin referencing NACD guidance as an informal standard when evaluating board-level AI governance adequacy in disclosure reviews or enforcement actions. The continued rise in AI incident volumes tracked by the AI Incident Database suggests that incident-driven regulatory and investor pressure on boards is likely to intensify through 2025, making the maturity of escalation and reporting structures an increasingly visible governance metric. Teams should also watch for follow-on NACD publications or peer governance body guidance that may further specify director competency expectations or required reporting cadences for AI risk.

AI Governance Weekly

Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.

Powered by Buttondown.

Related Coverage

Research2026-07-03

NACD Board AI Governance Guide Puts Director Competency and ERM Integration at the Center of Oversight Accountability

The National Association of Corporate Directors (NACD) has published 'Director Essentials: Implementing AI Governance,' a practical guide establishing what boards must do to govern AI responsibly at the enterprise level. The guide calls on directors to integrate AI risk into enterprise risk management frameworks, assess their own AI competency, update committee charters, and establish AI-specific KPIs. Compliance teams can use the guidance to benchmark board-level accountability structures and identify gaps in governance program design.

Research2026-07-14

Mastercard's Pre-Build Risk Scorecard Model Offers a Replicable Blueprint for Operationalizing AI Governance

A Dataversity case study published in June 2026 documents how Mastercard operationalized AI governance using small, specialist teams that built bias-testing APIs and required product owners to complete risk scorecards before any system build or contract signing. The approach prioritizes developer enablement over restrictive controls. The model offers compliance teams a concrete, scalable framework for embedding governance earlier in the AI development lifecycle.

Research2026-07-12

Ten-Step Enterprise AI Governance Framework from Fisher Phillips Puts Governance Committees, Bias Audits, and Vendor Due Diligence at the Center

Law firm Fisher Phillips published a practitioner guide outlining ten foundational steps for businesses building AI governance programs. The guide calls for forming dedicated governance committees, defining approved AI use cases, implementing bias-checking protocols, and mandating annual employee training. It also requires organizations to conduct periodic audits and demand evidence of diverse training datasets from AI vendors.