The Development

KPMG International and the INSEAD Corporate Governance Centre released the first globally applicable AI Governance Principles for Boards on June 9, 2026. The five-principle framework spans strategic oversight for long-term value creation, active technology and security oversight, workforce transformation and human accountability, building trustworthy AI aligned to regulatory obligations, and a direct examination of how AI changes the board’s own governance processes. The publication is grounded in the KPMG Global AI Pulse Survey, which found that nearly three quarters of boards are perceived by their own executives to have only moderate or limited AI expertise.

The principles are sector-agnostic and applicable regardless of AI maturity level. KPMG and INSEAD anchored the framework in direct insights gathered from board members across multiple industries and geographies. This represents the most substantive independent board-level AI governance guidance to emerge from a credible advisory and academic partnership in 2026, arriving precisely as regulatory pressure and institutional investor expectations are accelerating simultaneously.

The framework does not treat AI governance as a technology compliance function. It treats it as a board-level fiduciary responsibility requiring the same rigor directors apply to financial controls, executive succession, and strategic risk. That distinction matters because it changes where accountability sits and what questions directors must be able to answer under examination.

Why It Matters to the Board

The governance gap this framework addresses is not theoretical. Eighty percent of Fortune 500 companies are actively deploying AI agents, yet only 10 percent have formal governance frameworks in place, according to Microsoft’s February 2026 security report. The SEC has opened a petition for rulemaking that would require public companies to disclose, directly in filings, which board committee oversees AI deployment and what that oversight actually entails. Directors who cannot articulate the substance of their oversight face both regulatory exposure and institutional investor scrutiny.

The KPMG-INSEAD framework offers boards a starting architecture at the exact moment they need one. The five principles create a governance structure that maps to how boards already divide their attention: strategy, risk, operations, ethics, and process. The only addition is the fifth principle, which directs boards to examine how AI reshapes the board’s own decision-making and oversight processes, a question most directors have not yet confronted directly.

Accountability and trust are identified as the central priorities. The framework calls for boards to ensure AI initiatives align with ethical standards and long-term value creation, and to develop explicit clarity on how AI decision-making and human decision-making should work together. That level of specificity signals that general AI literacy programs for directors are necessary but not sufficient. Boards need defined governance architecture, not just awareness training.

The Risk If You Wait

Directors who defer AI governance to management or delegate it entirely to the chief information security officer are constructing liability exposure, not protection. When AI systems produce decisions that harm customers, employees, or third parties, the questions regulators, plaintiffs’ counsel, and institutional investors will ask are consistent: what did the board know, when did they know it, and what oversight did they exercise? A governance policy that exists on paper without board-level competency to interrogate it is not a defense in any of those forums.

The regulatory timeline is tightening. The SEC’s investor advisory committee has recommended mandatory AI governance disclosure guidelines for public company filings. Colorado’s revised AI Act, delayed to January 2027, will still require organizations to demonstrate meaningful human accountability over high-risk automated decision-making systems. The EU AI Act is already imposing board-level accountability requirements on companies operating in European markets. These are not distant risks.

The litigation landscape is developing in parallel. Early cases involving AI-driven decisions in hiring, lending, and customer service are establishing precedent on what constitutes adequate board oversight. Boards that have not built a defensible governance record before those precedents consolidate will face a substantially harder position than those that acted proactively.

What Other Boards Are Doing

The boards moving fastest are treating AI governance as an extension of existing fiduciary discipline, not a separate technology initiative. Audit committees are expanding their mandates to include AI risk alongside financial controls. Nominating and governance committees are adding AI oversight competency to director recruitment criteria. Some boards have created standing AI governance subcommittees with explicit oversight charters to prevent AI accountability from being absorbed and deprioritized inside existing risk or technology committees.

Board-specific AI literacy programs are replacing general briefings. The distinction matters: briefings build awareness, structured programs build the capability to interrogate management assumptions, evaluate AI risk assessments, and ask the right questions in real time. INSEAD and KPMG both identify this capability gap as the primary structural weakness in current board governance of AI.

The most advanced boards are using AI governance as a competitive differentiator. Institutional investors and major clients are beginning to ask governance questions in due diligence and proxy season conversations. Boards that can demonstrate a structured governance framework with defined accountability, documented oversight processes, and director-level competency are positioned to convert governance rigor into commercial and reputational advantage.

The Governance Question

The question every board chair should be asking this week: Which of our five principal AI oversight functions, strategic, security, workforce, ethics, and board process, has a named director accountable for it, and when did we last formally interrogate the assumptions behind each? If the answer for any of these functions is that management handles it, the board has an accountability gap that external parties will eventually surface.

A second question is equally important: How does AI decision-making intersect with human decision-making in the organization’s most consequential business processes, and has the board reviewed that interface with the same rigor it applies to financial controls? The KPMG-INSEAD framework specifically requires that boards develop clarity and transparency on this intersection. That standard goes well beyond confirming that a governance policy document exists somewhere in the organization.

Intelligence Bottom Line

KPMG and INSEAD have produced the clearest board-level AI governance architecture available in 2026. The finding that three quarters of boards lack adequate AI expertise is not a judgment on director capability. It is a structural problem that governance frameworks, competency development programs, and disciplined board agenda management can solve. The KPMG-INSEAD principles provide the structural foundation. What boards do with that foundation in the next six to twelve months will determine their governance posture when the next wave of regulatory enforcement and litigation arrives.

The window for proactive governance is open. The SEC’s rulemaking timeline, the pace of agentic AI deployment across Fortune 500 operations, and the trajectory of AI-related litigation all converge on the same conclusion: boards that build genuine AI governance fluency now will be materially better positioned to protect shareholder and stakeholder value when the enforcement environment hardens. Source: KPMG International and INSEAD Corporate Governance Centre, AI Governance Principles for Boards, June 9, 2026.