Today’s ponderable: AI governance didn’t knock on the boardroom door. It kicked it in!

Dear Diary

Today’s ponderable: AI governance didn’t knock on the boardroom door. It kicked it in. Were governance structures built for foresight or for damage control?

There’s a moment in every leadership trend when you can feel the collective sigh. It’s that moment when executives stop saying ‘That’s interesting’ and start asking ‘Who’s accountable?’. That’s where AI governance is now.

When I predicted that AI governance would become a board‑level priority, I wasn’t imagining a sudden outbreak of ethical soul‑searching in the boardroom. What I foresaw was something far more prosaic and powerful: AI was about to stop behaving like a tool and start behaving like an actor.

Unsurprisingly, boards took notice.

An uncomfortable truth: AI outgrew its sandbox

Enterprise AI didn’t creep quietly into organizations. It arrived fast and furious. Suddenly it was ‘useful’ and everywhere in the form of productivity copilots, decision support systems, automated workflows, generative content. Oh yes, and agentic systems started nudging, recommending, coaching – and [gulp] dare I even say – deciding.

For a while, we let all of that live comfortably under the banner of technology ‘innovation’ or ‘transformation’. Expectations were that IT would handle it. Data teams would tune it. Legal and risk would be consulted [ehem] occasionally.

But then AI started touching things boards care about:

• employee outcomes
• customer trust
• regulatory exposure
• brand reputation
• strategic decision‑making.

In an instant, AI governance suddenly became fiduciary.

Case signal #1: Microsoft – When the platform is the risk surface1

Microsoft is a useful early signal because it sits at the centre of the enterprise AI ecosystem. By publicly articulating and operationalizing its Responsible AI Framework (replete with governance principles, review processes and executive accountability), Microsoft implicitly acknowledged something many enterprises were still resisting. This was the idea that AI risk does not scale linearly; it compounds logarithmically.

For Microsoft, governance had to be visible, systematic and defensible because its AI capabilities would be embedded inside other people’s enterprises. That visibility inevitably pulled responsibility upwards. That was not just to executives but also to the board.

The takeaway is not just to copy and paste Microsoft’s framework. Tick and job done. It is a wake-up call that once AI becomes infrastructural, governance becomes existential.2

An uncomfortable truth: Boards don’t trust ‘below the line’ anymore

One of the most consistent signals across enterprises is a quiet erosion of board confidence in traditional assurance models. ‘We’ve got it covered’ no longer cuts it when AI systems are probabilistic, opaque and adaptive.

Boards started asking questions like:

• Who owns this AI system end‑to‑end?
• How do we know when it’s behaving badly?
• What decisions has it influenced without us realizing?

And then came the uncomfortable follow‑on questions, which quickly became:

• What data is it trained on / allowed to see – and what’s explicitly off limits?
• Where are the humans in the loop, and where’s the stop button?
• What’s our risk appetite for this use case – and who signed up to it?
• What does ‘good’ look like here – and what are we trading off to get it?
• What happens when the model or vendor changes under our feet?
• When something goes wrong, what’s the incident path – and how fast do we escalate?
• Can we explain outcomes after the fact – enough to defend them?
• Are we ready to evidence compliance across jurisdictions (not just claim it)?
• Are we disclosing AI use and oversight in a way we can stand behind?

And when those questions can’t be answered cleanly, AI migrates rapidly onto the board agenda.

Case signal #2: JPMorgan Chase – Scale changes everything3

At JPMorgan Chase, AI governance didn’t rise because of novelty. It rose because of scale.

With AI deployed across fraud detection, risk modelling, customer service and internal operations, the organization reached a point where AI behaviour could materially affect financial outcomes and regulatory standing.

That’s the moment when governance shifts from operational hygiene to strategic oversight.

In heavily regulated industries, AI governance has risen above ethics theatre to become a matter of institutional survival and/or strategic advantage. Boards know this instinctively.

Another uncomfortable truth: Boards are learning AI in public

Here’s the part few people say out loud: Most boards are still playing catch‑up. They are being asked to govern systems they didn’t grow up with, didn’t design and don’t fully understand. Yet they are accountable.

So, we’re seeing boards do a multitude of things at once, including:

1. Upskilling for oversight: Demanding education for decision-grade fluency, not just technical depth.4
2. Institutionalizing controls: Pulling AI into the governance machinery we already trust (risk, audit, ethics, etc.).5
3. Prototyping new oversight: Trying out new models (committees, councils, charters) without a universally accepted playbook.6
4. Hardwiring accountability: Naming owners, tightening decision rights, defining escalation thresholds – and, increasingly, tying outcomes to executive scorecards.7
5. Demanding evidence, not assurances: Asking for board-grade dashboards – use-case inventory, risk register, incidents, audit signals, drift and control effectiveness.8
6. Setting ‘permission to play’ boundaries: Forcing clarity on risk appetite – where AI can advise, where it can act and where it simply cannot decide alone.9
7. Updating governance mechanics: Rewriting committee charters, tightening reporting cadence and making AI a standing agenda item – sometimes at full board level.10
8. Recruiting AI expertise: Adding directors with genuine AI/digital scar tissue – and leaning on external advisers to pressure-test decisions.11
9. Driving regulation and disclosure readiness: Getting ahead of regimes like the EU AI Act – and telling a more defensible story in public reporting about how AI is overseen.12

Make no mistake! This leg of the journey is messy. It’s uneven. At the same time, it is entirely predictable.

Case signal #3: New York Life – From pilots to grownup governance13

New York Life provides a quieter but telling signal.

As the organization moved beyond AI pilots into more embedded, enterprise‑grade AI capabilities, governance had to mature alongside adoption. AI could no longer be treated as a series of discrete experiments; it became a portfolio of systems with lifecycle, ownership and risk implications.

That transition from ‘interesting use cases’ to ‘governed capability’ is where boards get involved. Not because they want to slow innovation, but because ungoverned scale is how trust gets broken.

Case signal #4: Unilever – Values meet operations14

At Unilever, long‑standing commitments to responsible business and ethical technology have translated into explicit expectations about how AI is developed and deployed across the organization.

What’s interesting here isn’t the principles themselves. Many companies have those. It is their insistence that AI governance aligns with corporate values in practice, not just on paper.

That alignment requires executive sponsorship and board‑level visibility. Otherwise, values remain decorative.

What this really tells us

AI governance did not march confidently into the boardroom. Reality pulled it to that place. The reality that… systems do not behave deterministically; the reality that… decisions cannot always be explained after the fact; the reality that… risks often surface sideways, not sequentially.

Boards are clocking it: When AI runs the enterprise, AI governance is enterprise governance.

A final inconvenient truth: AI rarely fails for technical reasons alone; more often, it exposes failures of the leadership discipline around it

The organizations that will win, show or place with AI will not be the ones with the most pilots or the flashiest demos or the glossiest slides depicting an AI-first approach. They will be the ones that figure out how to make AI governable at scale with clarity, accountability, judgement and board‑grade confidence.

Importantly, that’s not a technology challenge; it’s a leadership one. And like most leadership challenges, it shows up in the boardroom whether anyone invited it or not.

So, what next?

Tap into DWG to ensure that your digital workplace is poised for a new ERA (Enterprise Results with AI).

• For DWG Members: Visit the DWG Member Extranet for the latest insights, research and upcoming events–including the live benchmarks results and other insights from our spring member meeting.
• For digital workplace practitioners at large: Visit the DWG Knowledge for our current guide to AI and Automation.

*****

References

1 Case signal #1: Microsoft

• Responsible AI Transparency Report pdf (Microsoft, 2024)
• Responsible AI Transparency Report landing page (Microsoft, 2025)
• 2025 Responsible AI Transparency Report pdf (Microsoft, 2025)
• Responsible AI at Microsoft: Ethical policies and practices (Microsoft, 2025)

2 Nobel prize-winner on AI ‘existential threat’ (YouTube, Bloomberg Television: Wall St Week, 2025)

3 Case signal #2: JPMorgan Chase

• Annual Report 2024 (JPMorgan Chase & Co, 2024)
• 2025 Proxy Statement (JPMorgan Chase & Co, 2025)
• Risk Committee (JPMorganChase, accessed 2026)
• Jamie Dimon Maps JPMorgan’s Risk Playbook And AI (Simply Wall St, 2026)
• How JPMorgan Chase Built an AI Governance Moat (LinkedIn, 2026)

4 Artificial Intelligence: Governance resources (board education and director resources) (NACD, 2026)

5 Empowering AI leadership: Oversight Toolkit – modules aligned to risk, audit, ethics, governance (World Economic Forum, 2020)

6 Board oversight of AI (Harvard Law School Forum on Corporate Governance, 2024)

7 Strategic AI Governance Roadmap: What boards of directors need to know (Deloitte, 2025)

8 Cyber and AI oversight disclosures: What companies shared in 2025 (EY / Harvard Law School Forum on Corporate Governance, 2025)

9 Article 14: Human oversight (EU AI Act) (EU Artificial Intelligence Act, 2026)

10 Oversight in the AI era: Understanding the Audit Committee’s role (PwC / Harvard Law School Forum on Corporate Governance, 2025)

11 Roughly one-third of large U.S. companies now disclose board oversight of AI, ISS-Corporate finds (ISS-Corporate, 2025)

12 AI and ESG: How companies are thinking about AI board governance (Latham & Watkins LLP, 2024)

13 Case signal #3: New York Life

• New York Life and Norm Ai partner to transform compliance (New York Life, 2025)
• WIRED article details New York Life’s gen AI adoption (New York Life, 2024)
• New York Life reframes its approach to data and AI using AWS (AWS, 2024)

14 Case signal #4: Unilever

• The EU AI Act has arrived: How Unilever is preparing (Unilever, 2024)
• AI ethics at Unilever: From policy to process (MIT Sloan Management Review, 2023)
• Unilever readies use cases, adoption plans for EU AI Act provisions (CIO Dive, 2024)
• How organizations build a culture of AI ethics (MIT Sloan School of Management, 2025)

Categorised in:   → Diary of a She-E-O