Most university trustees who voted on their institution's AI policy in the last 18 months couldn't explain what it actually governs. That's a problem that will compound.
The pattern is almost universal at this point. A faculty senate working group, or a provost's task force, or an academic technology committee drafts an AI policy after months of deliberation. The document arrives at the board meeting as item seven of eleven, after a facilities capital project and a Title IX update. The president summarizes it in three minutes. The board votes to approve it. The chair thanks the committee for its work.
Six months later, ask any trustee what the policy actually governs. Most cannot say. Ask whether it covers AI tools that faculty are currently using in the classroom. Most do not know. Ask what the enforcement mechanism is, who monitors compliance, and what the board would receive if something went wrong. The answer, almost always, is silence.
This is not a failure of trustee intelligence or institutional commitment. It is a structural governance failure — and it is accumulating consequences that will eventually be very difficult to explain to an accreditor, a plaintiff's attorney, or a reporter.
The Rubber-Stamp Problem
Higher education has a long tradition of shared governance — the idea that faculty hold primary authority over academic matters, while trustees hold fiduciary authority over institutional health and long-term strategy. It is a workable model when the domains are relatively distinct: faculty govern the curriculum, trustees govern the balance sheet.
AI does not fit cleanly into either domain. It is simultaneously an academic matter (how AI influences teaching, learning, and research) and a fiduciary matter (what risks does AI deployment create for the institution, and are those risks being managed). When institutions route AI policy development entirely through faculty governance channels — as most have — and then ask the board to ratify the result, trustees are being asked to take fiduciary accountability for a document they did not shape and may not understand.
The consequences of that gap are not hypothetical. They are already appearing in three forms.
Policies that do not govern what they claim to govern. Most university AI policies drafted in 2024 and 2025 focus on student academic integrity — whether and how students may use AI in coursework. Very few address AI tools used by faculty in instruction, by administrative offices in operations, or by research teams in data analysis. The policies look comprehensive from a distance; they are narrowly scoped upon examination. Trustees who approved them without scrutiny are accountable for governance gaps they did not examine.
No monitoring mechanism. A policy without a monitoring mechanism is a statement of intent, not a governance tool. Most university AI policies include no requirement for periodic reporting to the board — no dashboard, no compliance audit, no incident escalation protocol. If a faculty member's use of AI in grading produces a disparate impact lawsuit, the board's first awareness of the problem will likely be the lawsuit itself.
Accreditor scrutiny is intensifying. Regional accreditors are beginning to ask about AI governance in institutional effectiveness reviews. The Higher Learning Commission, SACSCOC, and MSCHE have all issued guidance or asked questions about how institutions are governing AI. A board that approved a policy it cannot explain is poorly positioned to respond to accreditor inquiry — and accreditation risk has direct implications for federal financial aid eligibility, which is an institutional existential issue.
A policy without a monitoring mechanism is a statement of aspiration, not a governance tool. Trustees who approve AI policies they cannot explain have not discharged their fiduciary duty — they have documented their exposure to it.
Three Questions Trustees Should Have Asked
Asking these questions before approving any AI policy is not second-guessing faculty governance. It is the board doing its job — ensuring that what the institution adopts actually constitutes governance, not just documentation.
- What does this policy actually cover, and what does it explicitly not cover? A policy that governs student AI use but not faculty AI use is a partial policy. Trustees should understand the scope explicitly — and should ask what governance mechanism exists for the areas the policy does not cover, and when it will.
- What is the enforcement mechanism, and who is accountable for it? Policies without enforcement mechanisms are wishes. Who investigates a complaint? Who has authority to impose consequences? Who reports compliance data to the board, and at what frequency? If no one can answer these questions, the policy is not operational.
- How will the board know if this policy is working — or if something has gone wrong? This is the monitoring question, and it is the one most frequently absent from higher education AI governance discussions. Trustees should require, as a condition of approval, that management specify what information the board will receive about AI governance and when — not wait to be told when there is a problem.
What Adequate Monitoring Looks Like
Boards do not need to receive detailed operational reports on every AI tool deployed at their institution. They need to receive the right signal — a periodic summary that tells them whether the governance framework is functioning as intended.
That summary should include, at minimum: a current inventory of AI tools in institutional use by category (academic, administrative, research); any significant incidents involving AI — student complaints, faculty grievances, data security events — and how they were resolved; compliance rate with any training or disclosure requirements in the policy; and any changes in the regulatory or accreditation environment that affect the institution's obligations.
This is not a burdensome reporting requirement. It is what governance actually looks like. Trustees who approved AI policies without establishing this monitoring infrastructure have left their institutions operating on faith — which is not a fiduciary posture, and which accreditors, plaintiffs' attorneys, and journalists will eventually notice. The cost of building the infrastructure now is much lower than the cost of explaining its absence later.