← All Posts

Every Board Now Has a Fiduciary Duty to Understand AI

June 16, 2026

Whether you govern a hospital, a university, a startup, or a Fortune 500, the same question is landing in every board packet: do we actually understand what we're deploying — and who bears the accountability when it goes wrong?

For most boards, the honest answer to the first question is no. And the answer to the second is legally murky but trending toward: you do.

This is not a technology question. It is a governance question. And it has a clear answer rooted in the same legal framework boards have operated under for decades: fiduciary duty.

What Fiduciary Duty Actually Requires

The two foundational duties of any board member are loyalty and care. The duty of loyalty requires board members to act in the interest of the organization they serve, not their own interests. The duty of care requires board members to make decisions with the diligence of a reasonably prudent person in a similar position.

Notice what the care standard does not say. It does not require expertise. It requires reasonable understanding — the kind of understanding that allows a board member to ask meaningful questions, evaluate management's recommendations, and recognize when something warrants further scrutiny.

For decades, that standard was applied to financial statements, legal compliance, and strategic risk. Boards hired audit committees, retained outside counsel, and built financial literacy expectations for directors. The standard evolved alongside what organizations actually did.

What organizations actually do now includes deploying AI systems that influence hiring decisions, clinical diagnoses, student evaluations, and loan approvals. The care standard has not changed. The domain to which it applies has.

A board member who cannot articulate what AI systems their organization deploys, what decisions those systems influence, and what oversight mechanisms exist is not meeting the duty of care — regardless of whether they have a computer science degree.

Three Governance Failures That Are Already Happening

These are not hypotheticals. They are the pattern of how AI governance failures actually unfold at the board level.

A regional hospital system adopted an AI diagnostic support tool for emergency triage. The board approved the capital expenditure as a line item in an IT modernization budget. No board member asked how the system made its recommendations, what its error rates were across patient demographics, or what physician override protocols existed. Eighteen months later, an internal audit found the system was systematically undertriaging patients from lower-income zip codes. The board had no framework for knowing this was possible, let alone monitoring for it.

A mid-sized university approved an AI-assisted grading platform for large introductory courses. The provost presented it as an efficiency gain — more consistent feedback, faster turnaround. The board approved. Two semesters later, a group of students filed a complaint with the accreditor alleging the system penalized non-native English speakers. When the accreditor asked the board what oversight mechanisms existed for the system's ongoing use, the board could not answer. There were none.

A regional nonprofit deployed an AI-powered donor outreach system that used predictive modeling to identify high-value prospects and personalize fundraising appeals. Donations increased 23%. Then a journalist filed a public records request and discovered the system had used demographic proxies that effectively excluded donors of color from certain campaign categories. The board had approved the vendor contract. No board member had asked what data the model used or whether it had been audited for equity implications.

In each case, the board was not malicious. It was inattentive — in exactly the way that a fiduciary standard prohibits.

The care standard does not require boards to become AI experts. It requires them to ask the questions a reasonably prudent person would ask before authorizing a system that materially affects the people the organization exists to serve.

The Practical Minimum

What does the care standard actually require in the AI context? Less than boards fear, but more than most are doing.

At minimum, a board should be able to answer three questions about any significant AI system its organization deploys:

  1. What does this system do, and what decisions does it influence? Not at a marketing-brochure level — at a process level. Who in the organization acts differently because this system exists?
  2. How is the system monitored for accuracy and equity? Not whether it works on average, but whether it works equitably across the populations it affects. Who reviews that data, how often, and what triggers a board-level conversation?
  3. What is the escalation path if something goes wrong? Who has authority to pause or shut down a system? Under what conditions? How would the board know if those conditions had been met?

A board that can answer these questions for every material AI deployment is not just meeting its fiduciary duty — it is genuinely governing. A board that cannot is operating on faith, which is not a fiduciary posture.

What Good Looks Like

The boards getting this right share a few characteristics. They have designated an AI governance committee or assigned AI oversight to an existing committee with a clear mandate. They receive a periodic AI systems inventory — not a vendor demo, but a management report on what is deployed, what it influences, and what the monitoring results show. They have established thresholds: what level of AI adoption requires board approval versus CEO delegation.

They have also invested in board education — not to make directors into technologists, but to give them enough fluency to ask the right questions. A half-day session with an outside expert once a year is not sufficient. Ongoing learning, integrated into how the board does its work, is what actually builds the capability the care standard now requires.

The organizations that will face governance failures in the next three years are not primarily those deploying AI recklessly. They are those deploying AI earnestly but without the oversight infrastructure to know when something is going wrong. The board's job is to ensure that infrastructure exists. That has always been the job. AI has just made the stakes of not doing it considerably higher.