What Boards Need to Know About AI Governance in 2026: Director Duties, Liability, and Oversight

• Director duties of care and diligence apply to AI governance. ASIC has explicitly stated that deploying AI without understanding its risks could constitute a failure of the duty of care — this principle applies under equivalent statutes globally.

• Institutional investors with ESG mandates are developing AI governance expectations. ISS and Glass Lewis are incorporating AI governance into director evaluation criteria, beginning to affect re-election votes.

• Boards should understand what AI systems the organisation uses, for what decisions, and what the consequences of failure would be — as a governance-oriented risk view, not a technical inventory.

• Board-approved AI governance framework is now expected: articulating principles, risk categorisation, oversight processes, monitoring, and ethics approach.

• Regular AI risk reporting to boards should cover: significant AI incidents, new AI deployments, audit findings, regulatory developments, and material third-party AI changes. Quarterly is appropriate for most organisations.

• The EU AI Act, APRA's CPS 230, and FCA's Senior Manager and Certification Regime all create documented board-level accountability for AI governance.

"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导，请咨询合格专家。"