Activist investors may soon begin scrutinizing how boards use AI as closely as they do ESG and cyber-security, according to Nithya Das, general manager, governance and chief legal officer at Diligent. She says that the issue is not efficiency, but fiduciary effectiveness.
Das believes transparency demands around AI will focus on whether directors are fully using available tools to meet their duties. ‘With AI tools, it’s much easier to collect data, benchmark, conduct research and perform scenario analysis,’ she says, adding that scrutiny will center on ‘whether directors are fully and effectively using AI to carry out their duties’. Cyber-security oversight is an early example, particularly when boards are expected to understand how their company compares to peers, how to respond to incidents and when disclosure is required.
That expectation could eventually find its way into courtrooms. Das points to a future in which failing to use AI may be framed as a lapse in fiduciary duty. ‘If we fast forward to 2027 and a board is not using AI, missing targets and losing shareholder value, that could become part of a shareholder lawsuit,’ she says. The question will be whether directors met their obligations when widely available tools could have improved decision-making.
Central to that debate is AI fluency. Das argues boards will increasingly be judged on whether they understand how AI affects the business, from supply chains and products to market opportunity and strategy. ‘To even engage in those conversations, boards need a baseline level of AI fluency,’ she explains.
That fluency will not come from a single source: boards should treat AI education the same way they treat other core governance topics, she advises. ‘Just as boards receive education on insider trading, compensation trends, risk and audit practices, AI should be part of baseline board education,’ she adds. Individual directors may go deeper, but companies should already be providing foundational education to the full board.
At the same time, many directors are already using AI tools without formal guidance, creating governance and confidentiality risks. Das cites research from the Diligent Institute showing ‘about 66 percent of directors are putting board materials into open-source AI tools to summarize and extract insights, while only around 20 percent have AI usage policies or guidelines’. That gap, she says, exposes companies to risks around confidentiality and attorney-client privilege.
Open-source tools can retain context across conversations and may surface information later ‘incorrectly or correctly’, Das warns. That data may exist outside systems governed by records retention or ethical use guidelines. Even attempts to redact or anonymize information often fail. ‘The responsibility falls on companies to provide approved tools, clear policies and education,’ she says. ‘This isn’t a question of if directors are doing this – it’s already happening.’
Recording and transcribing board meetings with AI raises similar concerns. Das identifies confidentiality and legal discovery as the two biggest risks, citing questions around how long transcripts are kept, who can access them and how they are stored. There is also the risk that transcripts could be taken out of context in shareholder litigation. While there are legitimate reasons to use AI for minutes, she says boards need strong retention policies and best practices once meetings conclude.
Nithya Das, general manager, governance and chief legal officer at Diligent
Looking ahead, Das is unequivocal about whether failing to use AI could amount to a breach of fiduciary duty. ‘Absolutely,’ she says, framing the issue around decision quality rather than speed. She draws a parallel to compensation committees, which are expected to use peer benchmarking data and disclose their process. ‘If you oversee cyber-security but don’t know how your company compares to peers or don’t have reliable, data-driven insights when AI tools are readily available, are you fulfilling your duty of care?’ she asks.
Boards should also be thinking carefully about how they document AI oversight. Das says oversight should be visible in board materials, reporting and minutes, with AI embedded in discussions around strategy, workforce and risk. AI education, she adds, should be explicitly incorporated into ongoing board development.
Human judgment remains essential. For high-stakes governance decisions, Das recommends keeping human oversight firmly within the process, adding that AI-generated content should be clearly labeled. Transparency around AI use, she argues, should be normalized rather than hidden: ‘What matters is transparency and appropriate review.’
The boards that stand out will be those that move beyond awareness to literacy. Das describes AI-literate boards as those that consider AI across strategy, talent and board operations, with management reporting on progress at every quarterly meeting. These boards are moving from pilots to adoption and metrics, applying AI to workforce efficiency, reskilling and competitive differentiation.
As AI becomes more embedded in governance, the role of the general counsel is also shifting. Das says the position is already more strategic and tied to enterprise risk management and AI will accelerate that trend by providing better data and benchmarks. There is also an ethical dimension and growing regulatory complexity around retention and governance. ‘GCs who become AI-fluent and help organizations adopt AI safely and effectively will stand out,’ she says, warning that those who focus solely on restriction will struggle.
Culture may be one of the biggest obstacles. Das points to fears around security, replacement, perception and failure. In organizations without tolerance for experimentation, AI use is often discouraged. In those where failure is accepted, adoption is easier.
As boards, investors and regulators recalibrate expectations, the question may no longer be whether directors can use AI, but whether they can justify not using it.