The full compliance deadline for the SEC's amended Regulation S-P arrived on June 3, 2026, and for the first time it reaches the smaller advisers, broker-dealers, and investment companies that assumed these rules were written for someone larger.
The amendment treats every third-party platform with embedded AI as a service provider the firm is now obligated to oversee in writing. The AI meeting-notes tool, the AI email assistant, the vendor that quietly added a model to its workflow last quarter: each one now sits inside a written incident-response policy, a vendor-oversight framework, and a contract binding it to a 30-day breach-notification standard. Those policies had to exist by June 3, not be planned for it.
The obligation did not announce itself as an AI rule. It arrived as a privacy and vendor-oversight rule that happens to govern every AI system the firm touches without owning. Regulators are not writing new AI law in 2026 so much as making clear the old law already reaches it. The firm that waited for a statute with "artificial intelligence" in the title is now exposed under one that does not mention it by name.
The deeper exposure is governance, not compliance. A board that cannot name which AI-bearing vendors its firm relies on, cannot say who certified the oversight policy, and cannot point to the written agreement binding those vendors has no oversight architecture. It has passive awareness, and the 2026 proxy season has stopped accepting that. Fiduciary duty now extends to the systems the firm did not build but depends on, and the directors who treat that as a management detail are the ones a Caremark claim will name first.
The question worth carrying into this week is not whether your firm filed its policies on time. It is whether your board could, on one page, list every AI system operating inside the business through a vendor it does not control, and name the person accountable for each. If that page does not exist, the deadline did not pass you by. It found you.
The complete AI vendor-oversight governance framework, including the human authority documentation standard and the board certification protocol, is developed in the Leadership Reinvention in the AI Era research hub.