Why 66% of Boards Are Still Underprepared for AI Oversight
66% of boards have limited to no knowledge or experience with AI—which means many directors are being asked to govern a capability they still cannot reliably interrogate (Deloitte, 2025). In the boardroom, that gap shows up in a familiar scene: management presents an AI roadmap, the slides are polished, the upside sounds plausible, and the discussion drifts too quickly toward enthusiasm or unease.
That is not a technology problem. It is a governance problem.
Deloitte also found that 31% said AI is not on the board agenda (Deloitte, 2025). For a board, that is not a neutral omission. It means strategy may be moving faster than oversight, capital may be allocated without a clear test of value, and risk may be discussed only after a public failure, a regulator’s question, or an operational surprise. This article is about closing that gap: how directors can build enough judgment to challenge AI decisions credibly—without pretending to be technologists.
The standard is higher now. AI literacy has become a fiduciary capability.
A director does not need to understand model architecture at engineer level. But a director does need to ask whether an AI proposal serves a real enterprise objective, whether management can explain the operating risks in plain language, and whether the expected value is measurable rather than theatrical. That is the difference between oversight and spectatorship.
The Board’s Role Is Judgment, Not Instinct
Consider a quarterly review at a regional financial services firm. The executive team asks for funding to expand AI into customer operations. The promise is speed, lower cost, better service. The board’s job is not to approve that plan because competitors are doing something similar, nor to resist it because the technology feels opaque. The job is to test the case.
That means pressing on basics that often go unchallenged. What business problem is being solved? What process changes are required for the benefit to appear? Where could errors, bias, vendor dependence, or control failures create enterprise exposure? If the proposal succeeds, how will the board know? If it fails, how quickly will management detect it?
This is why board AI literacy belongs inside serious leadership development, not on the margins of a digital agenda. Boards do not need more AI vocabulary. They need sharper pattern recognition, better questions, and the confidence to separate strategic substance from executive optimism.
66% of boards report limited to no AI knowledge or experience, while 31% say AI is not on the board agenda (Deloitte, 2025).
The hard part is not deciding whether AI matters. That question is already settled. The harder question is whether your board can tell the difference between an AI initiative that strengthens the enterprise—and one that simply sounds modern.
What Questions Should Directors Ask Before AI Becomes a Board Blind Spot?
More than 62% of directors now set aside agenda time for full-board AI discussions—so why do so many boards still leave the room without better judgment on the decisions in front of them? If AI is already on the agenda, what exactly is missing? The answer is usually not attention. It is interrogation.
PwC found that only 35% of directors say their boards have incorporated AI and GenAI into their oversight roles (PwC, 2025). NACD shows the mismatch from the other side: discussion is happening, but governance discipline is not yet keeping pace (NACD, 2025). A board blind spot rarely begins with silence. It begins when conversation stays broad, optimistic, and hard to test.
In a quarterly review at a mid-market manufacturing company, the COO asks for new funding to expand AI into demand planning and procurement. The case sounds sensible: better forecasts, fewer stockouts, lower working capital. The board does not need another primer on AI. It needs a short list of questions that forces management to show its work.
The Questions That Expose Substance
Start with competitive advantage. What will this system let us do better than rivals, and why is that advantage likely to persist? If the answer is simply “efficiency,” directors should press harder. Efficiency matters, but it is rarely defensible on its own when the same vendors sell similar tools to the rest of the market.
Then test workforce transition. Which roles, decisions, and workflows will change if this proposal succeeds? Management teams often present AI as a software investment when it is actually an operating-model change. If no one can explain how managers, frontline teams, and control functions will work differently, the value case is still theoretical.
Where Boards Should Press Hardest
Next comes vendor dependence. What capability are we truly building in-house, and what are we renting? Directors should ask what happens if the vendor changes pricing, restricts access, suffers an outage, or falls behind on controls. That is not technical nitpicking. It is basic resilience.
Finally, ask about governance readiness. Who owns performance monitoring, exception handling, and escalation when outputs are wrong or unstable? This is where AI governance stops being a policy topic and becomes a board issue. It also connects directly to AI investment evaluation: if management cannot define decision rights, review triggers, and measures of value, the board is not evaluating an investment. It is funding a story.
More than 62% of directors now reserve full-board agenda time for AI, yet only 35% say AI and GenAI have been incorporated into board oversight roles (NACD, 2025; PwC, 2025).
That gap is where weak oversight hides. And once management has answered these questions, a harder one appears: is this actually strategy—or just AI theater with a budget line?
The Three Tests That Separate AI Strategy From AI Theater
The V-R-R Test—value, risk, readiness—is the simplest way for a board to tell whether an AI proposal is strategy or stagecraft. Without it, directors end up approving polished narratives, not operating decisions, and the budget fills with experiments no one can govern.
Start with value. Not “could this be useful?” but “what changes in the business if this works?” A board-ready AI case should show where margin, speed, retention, or decision quality improves—and why that improvement is hard for competitors to copy. If management cannot explain the economic mechanism in plain language, the proposal is still marketing. This is where hype usually hides: in broad claims about transformation with no clear path from model output to enterprise result.
A practical example helps. In an enterprise retail budget review, the CEO asks for a major AI investment across merchandising, customer service, and pricing. The board should not evaluate those as one modernizing package. It should separate them. Which use case has a measurable payoff inside 12 months? Which one depends on major process redesign? Which one is really a pilot disguised as a platform decision?
Test 1 and 2: Value First, Then Risk
Then comes risk. A strong proposal does not claim risk is low; it shows risk is contained. That means clear ownership, escalation paths, controls around data use, and thresholds for human intervention when outputs drift or fail. IAPP reports that 77% of organizations are currently working on AI governance—a useful signal that governance is becoming standard operating practice, not optional caution (IAPP, 2025).
That matters because many boards still sit too far from the actual governance design. McKinsey found that only 17% say the board of directors is responsible for overseeing AI governance (McKinsey, 2025). If oversight is diffuse, accountability will be too. Boards should ask whether management has built decision rights that can survive a real incident—not just a successful demo. In some companies, that may require a formal AI governance structure or an AI ethics committee with authority beyond advisory language.
77% of organizations are working on AI governance, yet only 17% say the board is responsible for overseeing it (IAPP, 2025; McKinsey, 2025).
Test 3: Readiness Decides the Pace of Investment
Finally, readiness. Does the organization have the data discipline, management capacity, and workflow maturity to absorb the tool? This is the test that tells a board whether to approve aggressive investment now—or demand a narrower proof of concept first.
Most AI theater fails here. The model may work, but the company is not ready.
And once readiness becomes the constraint, a harder board question appears: does the company have the right people around the table to govern what it is trying to build—or not?
Why Board Composition Is Becoming an AI Governance Decision
40% of directors say AI has made them think differently about their board’s composition. That should tell boards something uncomfortable: if AI changes the company’s operating model, leaving board makeup untouched is not neutrality—it is a governance choice (Deloitte, 2025).
Most boards still treat composition as a periodic refresh exercise. Skills matrix, tenure, independence, committee load. Useful, but built for a world where technology risk could be delegated downward and reviewed after the fact. AI does not fit that pattern. It cuts across strategy, operations, talent, compliance, and capital allocation at the same time.
Fluency Changes the Quality of Oversight
This is why board composition is no longer just a nominations issue. It is an oversight issue.
In a quarterly review at an enterprise healthcare company, the management team proposes expanding AI into clinical documentation, scheduling, and revenue-cycle workflows. The audit committee chair understands controls. The compensation chair understands incentives. The former CEO on the board understands scaling operations. But if no one around the table can probe model limits, data dependencies, or where human review must stay in the loop, the board is forced to govern by trust in management’s confidence.
That is too thin.
A board does not need every director to become technical. It does need enough AI fluency in the room to test assumptions, shape committee mandates, and know when outside expertise is required. That may mean adding one or two directors with direct experience. It may mean redesigning committee charters. It may also mean stronger board education for directors whose judgment is strong but whose AI frame is dated.
40% of directors say AI is changing how they think about board composition (Deloitte, 2025).
The Right Mix Beats the Loudest Expert
Boards can overcorrect here. One AI-literate director does not solve the problem if that person lacks independence, industry judgment, or the credibility to influence the room. Technical expertise matters. So do skepticism, pattern recognition, regulatory instinct, and the ability to connect a tool decision to enterprise consequences.
Diversity matters for the same reason. AI systems can amplify narrow assumptions; boards can too. A stronger board composition approach does not ask, “Do we have an AI expert?” It asks, “Do we have the mix of experience, independence, and perspective to govern AI responsibly?”
That question gets sharper once the board starts assigning ownership. Which committee should hold what risk—and what happens when ethics, vendor exposure, and regulation cut across all of them?
How Should Boards Govern AI Ethics, Vendor Risk, and Regulatory Exposure?
The Three-Line AI Oversight Model matters here because AI failures rarely stay in one lane. In a quarterly review at a regional services company, the CIO assures the board that a new AI vendor has passed security review, while the general counsel quietly raises a different concern: the same tool will process customer data across multiple jurisdictions, and no one can yet say which rules govern which outputs.
That is the moment boards recognize the real issue. Not whether AI is useful, but what governance structure actually protects the board when ethical, legal, and reputational exposure arrive together.
KPMG found that 73% selected ad hoc or self-education as the main mode of board education on generative AI (KPMG, 2024). That helps explain why many boards still discuss AI risk in fragments — privacy in one committee, cyber in another, conduct risk somewhere else. Fragmented learning produces fragmented oversight. And serious governance does not emerge from scattered briefings. INSEAD makes the point indirectly: its AI for Boards offering is a 4-day in-person programme, which tells you the capability gap is substantial enough to require structured development, not occasional reading (INSEAD, 2025).
Build One Risk Architecture, Not Three Separate Conversations
Boards need an oversight design that covers ethics, bias, security, privacy, and cross-jurisdiction compliance in one operating view. That does not always require a new standing committee. It does require explicit ownership.
A practical model is simple. Management owns first-line controls. Risk, legal, compliance, and security test them. The board assigns clear committee responsibility for enterprise exposure, with defined escalation triggers when an AI use case crosses material thresholds — customer harm, regulatory reporting, model drift, or sensitive data use. In some companies, that may justify an AI ethics committee. In others, the better answer is tighter committee coordination under a single AI governance framework.
The key is integration. If AI risk sits outside enterprise risk management, it becomes a compliance ritual.
Vendor Dependence Is a Board-Level Decision
Vendor risk is not just procurement risk. It is strategic dependence.
When management chooses a foundation model provider, a workflow platform, or a narrow specialist vendor, the board should ask what dependency is being created: pricing power, data lock-in, outage exposure, audit limitations, or constraints on future product design. Build-versus-buy is often framed as a cost question. It is usually a control question.
A board should press on concentration explicitly. How many critical use cases depend on one vendor? What rights exist around data portability, model changes, and incident transparency? What happens if a regulator challenges the vendor’s controls in one market but not another? Those are governance questions, not technical details.
The boards that handle this well do one thing consistently: they connect AI oversight to the same risk discipline used for capital, conduct, and resilience. The harder question comes after that — does the board have the time, habits, and learning model to do this well, or is it still improvising?
What Does Effective Board AI Development Look Like in Practice?
73% of boards rely on ad hoc or self-education for generative AI learning—so what exactly are directors preparing themselves to govern: a strategic capability, or a moving target they only encounter between meetings? If most learning still happens in fragments, it is worth challenging a common assumption. Is one annual briefing really development, or just exposure without retention? KPMG’s finding suggests many boards are still mistaking informal familiarity for usable oversight capability (KPMG, 2024).
That gap matters because 66% of boards report limited to no knowledge or experience with AI. Not abstractly. In the room, during real decisions, under time pressure (Deloitte, 2025).
Development That Changes Board Behavior
Effective board AI development is not a seminar. It is a governance routine tied to the company’s strategy, operating model, and risk profile.
In a budget-cycle discussion at a mid-market technology company, the CFO asks the board to approve a larger AI spend across customer support and internal software delivery. A capable board does not respond by requesting another generic presentation on model types. It asks sharper questions: Which roles will change first? What data controls must improve before scale is safe? If competitors adopt similar tools within six months, where does advantage actually come from?
That is the standard. Not technical mastery, but practical fluency.
The best boards build this through recurring, scenario-based sessions linked to upcoming decisions. One quarter may focus on workforce transition — where productivity gains require role redesign, manager retraining, and new performance measures. Another may focus on data governance — not as a compliance topic, but as the condition for reliable outputs and defensible accountability. A third may test competitive response: if a rival cuts service time or pricing through AI, how should management respond, and what evidence should the board demand before backing that move?
Put Learning Inside the Governance Cadence
This is why board AI literacy belongs inside normal board work, not beside it. Committee chairs should shape learning around the decisions they will soon face — audit on controls, compensation on workforce implications, full board on capital allocation and CEO judgment. Done well, AI development becomes part of broader leadership development, because directors are really strengthening decision quality, not collecting terminology.
Boards that do this consistently become harder to impress and easier to trust.
The unresolved question is tougher: when pressure rises — activist scrutiny, a failed deployment, a CEO pushing speed — will your board treat AI oversight as a practiced discipline, or revert to improvisation?
The Boards That Win Will Treat AI Oversight as a Long-Term Discipline
Boards can lose revenue, erode trust, and drive away strong talent long before an AI failure becomes a headline. The real cost of weak oversight is not technical embarrassment; it is strategic drift under the board’s watch.
When AI becomes a durable source of competitive advantage and reputational risk, stakeholders do not expect a board that merely tolerates the topic. They expect a board that can govern pace, tradeoffs, and consequences. That is why AI oversight has moved out of the category of optional expertise and into the core of fiduciary judgment. As Corporate Board Member puts it, “AI is not only a management priority—it is a board accountability mandate” (Corporate Board Member, 2026).
The Divide Will Not Be Technical
In a market-shift discussion at an enterprise retail company, the C-suite pushes for faster rollout after a competitor launches AI-enabled service features. The pressure in the room is familiar: move now, defend market position, sort out controls later. A strong board does not slow the company reflexively. It does something harder. It asks where speed creates advantage, where it creates fragility, and what level of uncertainty the enterprise can actually absorb.
That is the divide.
Not between boards with technical experts and boards without them. Between boards that rubber-stamp management enthusiasm and boards that can shape the terms of adoption strategically. NACD notes that directors are already making room for full-board AI discussion (NACD, 2025). The harder question is whether that agenda time produces better judgment — or just more exposure to management’s preferred narrative.
Boards that build AI literacy early will have an advantage over the next few years because they will be better at balancing three things that often collide: speed, risk, and stakeholder trust. They will know when to back management decisively, when to narrow scope, and when to insist on stronger controls before scale. That is not caution for its own sake. It is disciplined timing.
Board Excellence Now Includes AI Judgment
This is where board AI literacy connects directly to broader leadership development. The issue is not whether every director becomes fluent in the mechanics. The issue is whether the board, as a governing body, can keep exercising sound judgment as AI changes strategy, operating models, and stakeholder expectations.
The boards that win will treat AI oversight the way they treat capital allocation, succession, and risk: as a long-term discipline, practiced repeatedly, refined under pressure, and owned at the top.
So the honest question is simple: when the next consequential AI decision reaches your boardroom, will your board be there to approve it — or to truly govern it?
