Corporate boards are struggling to keep pace with artificial intelligence, with nearly three-quarters lacking the expertise needed to oversee AI's transformative impact on business models, security, and workforce strategy. A new report from KPMG International and the INSEAD Corporate Governance Centre reveals that boards must fundamentally rethink their oversight structures and committee responsibilities to manage AI effectively, moving beyond treating it as a purely technical issue and embedding it as a core strategic priority across the entire organization.

Why Are Boards Falling Behind on AI Governance?

The challenge is stark: nearly 75% of boards possess only moderate or limited AI expertise, according to the KPMG and INSEAD report. This knowledge gap creates a dangerous imbalance where boards struggle to provide meaningful oversight without over-relying on management recommendations. The problem is compounded by the speed of AI development, which outpaces traditional board education cycles and governance frameworks.

AI is not simply a technology issue confined to IT committees. It fundamentally reshapes business models, decision-making processes, and organizational workflows. Yet many boards continue to silo AI discussions within specific committees rather than treating it as a holistic strategic imperative that touches every function from audit and risk to compensation and talent management.

"AI is absolutely not just an IT issue; it is driving holistic business model disruption, so it is important that boards elevate AI from a purely technical discussion, often siloed in specific board committees, to a core strategic imperative addressed by the full board," said Samantha Gloede, global head of risk services and global trusted AI leader at KPMG.

Samantha Gloede, Global Head of Risk Services and Global Trusted AI Leader, KPMG

How Can Boards Rapidly Build AI Fluency?

Closing the expertise gap requires a multifaceted approach that goes far beyond passive briefings. Gloede recommends three concrete strategies for boards to elevate their collective AI understanding:

• Experiential Learning: Move beyond high-level presentations to hands-on workshops where directors interact directly with generative AI and agentic tools to understand their real capabilities and limitations in practice.
• External Advisory Support: Establish an external AI advisory council or bring in independent technology advisors to provide objective perspectives that are distinct from management's views and recommendations.
• Succession Planning for Tech Fluency: Nominating committees should prioritize digital and AI literacy in their succession planning, ensuring the next generation of board recruits possesses the technical acumen to challenge management constructively.

Individual board members also bear responsibility for their own development. Annet Aris, academic director at the INSEAD Corporate Governance Centre, emphasizes that curiosity and proactive engagement are essential. Directors should actively practice with AI tools themselves, attend educational programs specifically designed for board members, and visit companies that are advanced in AI implementation to see real-world applications firsthand.

"Individual board members should actively engage and practice with AI themselves. In addition, they should proactively visit meetings and conferences and attend educational programs on AI specifically geared toward board members, and take the time to visit companies who are advanced in AI implementation, as this can serve as a major eye-opener," explained Annet Aris, academic director at the INSEAD Corporate Governance Centre.

Annet Aris, Academic Director, INSEAD Corporate Governance Centre

What Structural Changes Do Boards Need to Make?

Beyond individual director education, boards must restructure their governance frameworks to ensure AI oversight is comprehensive and integrated. This means updating committee charters explicitly to address AI's impact across the organization:

• Audit Committees: Should oversee AI-related assurance considerations, including data governance, model validation, and compliance with regulatory requirements.
• Risk Committees: Must evaluate the impact of AI on enterprise risk, including cybersecurity threats, model bias, and unintended consequences of AI-driven decisions.
• Compensation Committees: Should tie executive incentives to responsible AI adoption, enterprise return on investment (ROI), and workforce transformation metrics to align leadership incentives with sustainable AI deployment.
• Nominating and Governance Committees: Need to track board tech fluency and ensure that board composition includes sufficient AI and digital expertise.

Many organizations are establishing dedicated AI or technology committees composed of members with diverse expertise, not solely AI specialists. However, the full board must allocate sufficient time to receive comprehensive reports from these committees, ensuring AI strategy and risk remain standing agenda items alongside quarterly financial results and risk reviews.

How Should Boards Balance Innovation With Oversight?

A critical tension exists between the speed and experimentation that AI requires and the disciplined oversight that boards must provide. The solution lies in what Gloede calls a "secure sandbox approach." Boards should champion rapid experimentation within contained, ring-fenced environments where data privacy and security are guaranteed, allowing organizations to test AI applications and capture quick wins without exposing the enterprise to unnecessary risk.

Simultaneously, boards should approve agile governance models that accelerate low-risk, internal-facing AI use cases while requiring more rigorous reviews for high-risk, customer-facing AI applications. This tiered approach allows organizations to build momentum and learn from experimentation while maintaining meaningful human oversight over decisions that directly impact customers, employees, and regulatory compliance.

For high-impact decisions, boards should insist that AI augments rather than replaces human judgment. Effective AI governance requires that outputs are explainable, auditable, and aligned with the organization's values, risk appetite, and regulatory requirements.

Why Does Trustworthy AI Matter for Board Accountability?

As AI scales across organizations, trust and accountability have become central governance concerns. Boards must ensure that "trustworthy AI" is not merely a compliance checkbox but a fundamental governance responsibility that demonstrates accountability to regulators, stakeholders, and the public.

Establishing trustworthy AI requires well-defined ethical guidelines, policies to protect against cyber threats, and effective translation of these principles into documented processes that ensure consistent compliance from AI design and sourcing through ongoing monitoring and impact assessment. Boards should oversee the governance of data used in AI solutions to ensure it is obtained legally and protected against unauthorized access or misuse.

"At the board level, ensuring trustworthy AI is a fundamental governance responsibility, not just a technical challenge. It's about setting the expectation that the organization will build, buy and use AI in a way that is lawful, ethical, robust and aligned with enterprise values. Trust is the foundation that allows an organization to innovate with AI responsibly, driving adoption at scale and enterprise growth and value," stated Samantha Gloede.

Samantha Gloede, Global Head of Risk Services and Global Trusted AI Leader, KPMG

Board oversight should extend beyond internal governance to the wider impact of the organization's AI systems on sustainability and societal commitments. By fostering a culture of transparency and accountability, boards ensure that enterprise values are translated into concrete principles and practices, earning the trust of customers, employees, regulators, and the public at large.

The stakes are high. As AI becomes increasingly central to business strategy and operations, boards that fail to develop adequate oversight capabilities risk exposing their organizations to regulatory penalties, reputational damage, and missed opportunities for responsible innovation. The time for boards to act is now.