ASX-Listed Companies and AI: Disclosure, Directors Duties, and Governance Obligations

Why listed companies face additional AI obligations

ASX-listed companies face AI governance obligations that go beyond those applying to private entities. The additional obligations flow from three sources: continuous disclosure requirements that apply to material risks and events; the ASX Corporate Governance Principles and Recommendations, which set governance expectations that listed entities are expected to follow or explain; and ASIC's heightened scrutiny of technology risk governance in listed entities.

For company secretaries and board risk committees, the key question is where AI fits in the existing governance framework — and increasingly the answer is that it fits in the same place as cyber risk, technology risk, and regulatory risk: as a material enterprise risk requiring board-level visibility and appropriate management structures.

Continuous disclosure and AI material risks

ASX Listing Rule 3.1 requires listed entities to immediately disclose information that a reasonable person would expect to have a material effect on the price or value of the entity's securities. The correlate rule 3.1A provides exceptions for confidential information, incomplete negotiations, and similar circumstances.

AI-related events that may trigger continuous disclosure obligations include: a material AI system failure that disrupts operations and materially affects financial results; an AI-related regulatory action or investigation that materially affects the entity; significant AI-related litigation; and the introduction of an AI system that materially changes the entity's business model or risk profile in ways investors would consider material.

The materiality threshold matters. Not every AI incident triggers disclosure — but organisations that have not thought through the disclosure analysis in advance will be slower and less confident in their response when an AI incident occurs. Establishing clear criteria for AI incident materiality assessment, as part of the broader AI governance framework, is good practice for listed entities.

ASX Corporate Governance Principles and AI

The ASX Corporate Governance Principles and Recommendations (4th edition) establish the governance expectations that listed entities are expected to follow or explain. Principle 7 (Recognise and Manage Risk) is the most directly relevant. Recommendation 7.1 requires a sound risk management framework; Recommendation 7.2 requires annual review of the framework; Recommendation 7.4 requires disclosure of material risks.

Entities that have not identified AI as a potential material risk should consider whether that assessment is still defensible. For entities where AI affects revenue generation, cost structure, customer relationships, or regulatory compliance status, it is increasingly difficult to argue that AI is not a material risk requiring disclosure. Where it is material, boards should be satisfied that the risk management framework addresses AI risk — and the basis for that satisfaction should be documented.

What company secretaries should do now

Add AI risk as a standing item on the board risk committee's agenda at least annually. Ensure the risk committee's charter explicitly includes oversight of technology and AI risk. Establish a process for escalating material AI incidents to the board within the continuous disclosure decision timeline. Work with the CFO and CRO to ensure AI risk is captured in the entity's material risk disclosures in the annual report. And ensure directors are receiving training — or at least board briefings — on AI risk so that their oversight obligations are properly informed. The absence of AI literacy at board level is not a defence to governance failures; it is itself a governance failure.