AI Governance Institute logo
AI Governance Institute

Intelligence for Compliance and GRC Teams

← News
Research2026-05-04

Corporate Boards Must Overhaul Governance for AI, NACD Urges in 2025 Report

What happened

The National Association of Corporate Directors (NACD) published Tuning Corporate Governance for AI Adoption in November 2025, urging U.S. corporate boards to modernize legacy governance frameworks to address the risks and oversight demands of enterprise AI adoption. The report identifies AI governance as a continuous board-level function rather than a one-time compliance exercise. NACD cites real-world incidents involving deepfakes, data leaks, and algorithmic bias as evidence of the consequences of inadequate board oversight. The report recommends that boards establish ongoing monitoring and adjustment mechanisms rather than relying on static policies. For enterprise compliance teams, the report signals growing expectations from institutional governance bodies that AI risk management will be embedded at the highest levels of corporate leadership, with implications for audit committee charters, risk reporting structures, and executive accountability frameworks.

Why it matters

  • ·Regulatory exposure is increasing as board-level AI oversight is being reframed as a fiduciary responsibility, meaning organizations without documented AI governance structures at the board level may face heightened scrutiny from regulators and institutional investors.
  • ·Operationally, the shift from static AI policies to continuous monitoring and adjustment mechanisms requires compliance teams to build ongoing review cadences, update audit committee charters, and integrate AI risk reporting into existing enterprise risk management workflows.
  • ·Organizationally, the report raises the risk that inadequate board oversight of AI incidents such as deepfake fraud, data leaks, and algorithmic bias could be treated as governance failures, creating personal accountability exposure for directors and executives.

Governance controls affected

What to do now

  • Review and update audit committee charters to explicitly include AI risk oversight as a standing agenda item and fiduciary responsibility.
  • Establish a board-level AI risk reporting cadence that covers incidents, drift, bias findings, and emerging threats on at least a quarterly basis.
  • Map existing AI governance policies against the NACD continuous monitoring framework to identify gaps where static policies must be replaced with dynamic review processes.
  • Assign executive accountability for AI governance outcomes and document escalation paths that connect compliance teams to board-level oversight structures.
  • Conduct a tabletop exercise simulating a board-level AI incident scenario, such as a deepfake fraud event or algorithmic bias complaint, to stress-test current escalation and disclosure procedures.

What to watch next

Compliance teams should monitor whether the Securities and Exchange Commission or other U.S. regulatory bodies issue guidance that formally incorporates board-level AI oversight into disclosure or fiduciary duty requirements, building on signals from the NACD report. Enforcement patterns related to AI-driven incidents, particularly those involving deepfakes and data leaks, should be tracked as potential precedents for director liability. Organizations should also watch for updates to institutional investor proxy voting guidelines that may begin scoring board AI competency as a governance quality metric.

AI Governance Weekly

Weekly intelligence on AI regulation, enforcement, and governance. Every Thursday.

Powered by Buttondown.

Related Coverage

Research2026-07-16

100% Model Registration Compliance Achieved Across Azure, Databricks, and Vertex AI Using IBM OpenPages, Case Study Shows

A TechVest Global case study documents how an organization deployed IBM OpenPages as a unified governance backbone across three major ML platforms, achieving full model registration compliance and a 30% reduction in audit cycle times. The implementation embedded risk scoring, bias audit checkpoints, and human-in-the-loop validation triggers directly into model lifecycle workflows. The case study offers a reproducible framework for enterprises managing AI governance across fragmented multi-cloud environments.

Research2026-07-14

Mastercard's Pre-Build Risk Scorecard Model Offers a Replicable Blueprint for Operationalizing AI Governance

A Dataversity case study published in June 2026 documents how Mastercard operationalized AI governance using small, specialist teams that built bias-testing APIs and required product owners to complete risk scorecards before any system build or contract signing. The approach prioritizes developer enablement over restrictive controls. The model offers compliance teams a concrete, scalable framework for embedding governance earlier in the AI development lifecycle.

Research2026-07-12

Ten-Step Enterprise AI Governance Framework from Fisher Phillips Puts Governance Committees, Bias Audits, and Vendor Due Diligence at the Center

Law firm Fisher Phillips published a practitioner guide outlining ten foundational steps for businesses building AI governance programs. The guide calls for forming dedicated governance committees, defining approved AI use cases, implementing bias-checking protocols, and mandating annual employee training. It also requires organizations to conduct periodic audits and demand evidence of diverse training datasets from AI vendors.