# The Question I Keep Asking Boards About AI
**Category:** Founder’s Legend | Touch Stone Publishers
**Author:** Glenn E. Daniels II
**Word Count:** ~820
—
I have been in a lot of boardrooms. I have watched a lot of governance conversations happen. And over the last three years, I have developed one question that I ask every board I work with about AI. Not because it is the most important question. Because it is the most revealing one.
The question is this: if I asked you right now to name the foundational model that powers your company’s most revenue-critical AI system, could you do it?
Not the product name. Not the vendor relationship. The underlying model. The thing your AI capability is actually built on.
Most directors cannot answer this question. Some are aware they cannot answer it. Some are not aware they cannot answer it: which is the more troubling category. And a small number can answer it, which tells me something important about how that board does its work.
I am not asking the question because the answer is, by itself, the governance. I am asking it because the inability to answer it is evidence of a specific governance gap: the board has received briefings about AI capabilities without requiring those briefings to be grounded in the documentation that makes them verifiable.
A board member who does not know the underlying model does not know the supply chain dependency. Does not know the provider whose terms and conditions govern what the AI can do and what happens if those terms change. Does not know the continuity exposure if that provider modifies its safety filters, changes its pricing, or ceases operations. Does not know what the company is certifying in its 10-K when it describes the capability as proprietary.
These are not technical facts. They are governance facts. The difference matters.
I have watched a version of this conversation happen many times over the last thirty years, in contexts that had nothing to do with AI. A board receives a briefing on a major supplier relationship. The briefing emphasizes the strategic value of the relationship. It does not emphasize the concentration risk. The board approves continued investment. Two years later, the supplier changes its terms, or is acquired, or exits the market. And the board discovers that what it understood as a capability was actually a dependency.
The AI version of this story is playing out now, in the SEC’s comment letters to companies that described their AI as proprietary without disclosing the third-party foundational model dependencies that made it possible. The comment letter is not a punishment for bad AI. It is a consequence of a governance process that accepted the description without requiring the documentation.
The question I ask boards is simple because the governance it tests is simple: not do you understand the technology, but have you required management to produce the documentation that makes the technology’s claims verifiable? That is the Governance Boundary Principle applied to AI. The board governs the risk the technology creates. Management executes within that governance. The documentation is the evidence that the boundary is in place.
I want to be honest about what I have observed. Most boards are not malicious or negligent. They are operating in a governance framework that was not designed for the pace and opacity of AI deployment. The supply chain concentration risk framework was built for physical supply chains. The antitrust framework was built for human price-fixing conversations. The employment discrimination framework was built for human hiring decisions. AI has moved these problems into automated, high-volume, architecturally embedded territory that the existing frameworks were not designed to govern. The boards that are in trouble are not boards that ignored the problem. They are boards that applied the old framework to a situation that required a new one.
Building the new framework is the work. It is not glamorous work. It is documentation work, calendar work, threshold-setting work, and accountability-contract work. It is the work that happens before the briefing, not during it. It is the work that makes the briefing something the board can interrogate rather than something the board receives.
The boards I have watched build this framework share one characteristic: they stopped asking management to tell them how the AI is going well and started asking management to prove the governance is in place. That shift: from performance briefing to governance verification: is the shift that matters.
The full body of work on the governance architecture that makes this shift operational: for the board, and for every C-suite role: is available at [Touch Stone Publishers’ Algorithmic Duty of Care research hub](https://touchstonepublishers.com/algorithmic-duty-of-care/).
—
*Glenn E. Daniels II | Touch Stone Publishers Limited*