Logo
FrontierNews.ai

Why Most Corporate Boards Still Don't Know How to Govern AI, Even as Regulators Demand It

Corporate boards are facing an urgent governance crisis: while artificial intelligence is reshaping workflows across every sector, most companies lack the basic oversight structures regulators and investors now expect. Only 8% of over 3,000 US companies reviewed disclosed board-level AI oversight, and just 9% acknowledged having AI policies at all, according to research from ISS STOXX. Meanwhile, the EU AI Act, state-level regulations in the US, and institutional investors are all demanding that boards demonstrate structured, credible AI governance.

What's Driving the Sudden Push for Board-Level AI Governance?

The shift accelerated dramatically in the first half of 2026, driven by three converging forces. First, AI itself has evolved from a tool that responds to user prompts into "agentic" AI, which can plan, act, and learn autonomously. This shift raises the stakes significantly because autonomous systems create new accountability and traceability challenges that boards must address. Second, regulatory pressure is intensifying globally. The EU AI Act remains largely unchanged in its core architecture, with high-risk classification, conformity assessments, and transparency obligations still in place. Third, proxy advisors and institutional investors have made AI governance a defining theme of this proxy season, signaling that this is not a future concern but a current expectation.

Glass Lewis, a major proxy advisor, stated plainly in March 2026 that "AI governance and related disclosures will likely be top of mind for issuers and investors, and companies are navigating the challenge of balancing innovation with responsible integration as best practices continue to emerge". That language matters because it tells boards that they need to act now, not later.

How Are Leading Companies Building AI Governance Structures?

Despite the low baseline, momentum is building among listed companies. Freshfields' tracking of the UK FTSE 100 shows a clear trend of more companies naming AI as a principal risk and a steady uptick in dedicated AI committees, specialized teams, and directors with AI expertise. These structural changes reflect a recognition that AI governance cannot be an afterthought or delegated to a single department.

The EU AI Act does not prescribe a specific governance model, but the expectation from regulators, investors, and the market is clear: management and supervisory boards must have the competence to scrutinize AI strategy and the frameworks to hold their organizations accountable. This expectation is intensifying as agentic AI deployments expand.

Steps to Build Effective AI Governance in Your Organization

  • Assign Clear Accountability: Develop governance processes and assign internal accountability for all agentic AI deployments, ensuring traceability from deployment through ongoing monitoring and performance review.
  • Build Board Competence: Ensure that management and supervisory boards have the expertise to scrutinize AI strategy, ask informed questions about risk, and understand the technical and business implications of AI systems in use.
  • Document and Communicate Your Approach: Create clear, credible articulations of how your organization governs AI, what risks have been identified, and what actions are being taken to mitigate those risks, for both internal and external stakeholders.
  • Establish Dedicated Oversight Structures: Consider forming dedicated AI committees or teams with directors who have AI expertise, rather than treating AI governance as a secondary responsibility within existing committees.
  • Monitor Regulatory and Investor Expectations: Stay informed about evolving requirements under the EU AI Act, state-level US AI laws, and investor guidance on AI governance best practices, and adjust your governance framework accordingly.

What Happens to Companies That Fall Behind on AI Governance?

The stakes for inaction are rising. Freshfields noted that "the companies that get ahead of this will build trust with investors and regulators. Those that don't will find themselves playing catch-up in an increasingly unforgiving environment". This is not hyperbole. Regulatory agencies, particularly the US Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC), remain focused on AI-washing and the accuracy of AI-related disclosures and representations. Companies that misrepresent their AI governance or fail to disclose material AI risks face enforcement action.

Freshfields

The regulatory landscape is also fragmented. US states have enacted a growing patchwork of state AI laws that range from governing frontier models to regulating specific AI use cases in consumer contexts. These laws impose various requirements regarding public disclosures, regulatory reporting, and user safeguards that directly impact internal AI governance. The EU AI Act, meanwhile, is not being radically reformed despite some agreed-upon reforms aimed at reducing compliance burdens and delaying certain duties, such as compliance with rules for high-risk AI systems in human resources contexts.

The direction of travel is unmistakable: the way a business governs AI is becoming key to managing risks and part of how investors, regulators, and the market assess the quality of its wider corporate governance. Boards that wait for clearer guidance or hope that AI governance becomes less important will find themselves at a competitive and regulatory disadvantage.

As AI continues to evolve over the coming months, particularly with the rise of agentic systems, the importance of effective governance will only intensify. The playbook is clear: boards need to develop structured oversight, assign accountability, ensure traceability, and be able to articulate their approach credibly to investors and regulators. The time to act is now.