The governance architecture that satisfies the Caremark standard for AI oversight has three layers.
The board layer: a chartered committee with explicit AI oversight mandate, receiving quarterly reports built from a documented information system. The officer layer: each C-suite officer with a documented accountability contract for their AI domain, with named red flags and a defined escalation protocol. The exposure clock: three converging timelines (proxy season, first derivative action, SEC disclosure rule) that close on boards without architecture faster than most governance committees currently estimate.
The Governance Boundary Principle applies here. The board governs. Officers manage. The architecture that makes both functions defensible requires documentation at both levels.
64% of boards have no formal AI governance framework (NACD 2025 Director Survey). 85% of S&P 500 companies make no board AI oversight disclosure. The Caremark standard does not wait for regulation to require documentation.
The Colorado AI Act was repealed on May 14, 2026. The Caremark obligation was not. A statute’s absence has never been a defense against a derivative claim grounded in documented failure to oversee a known material risk. AI is that risk.
The board that builds the architecture before the claim arrives has governed. What successors inherit is not a defense strategy, but a functioning oversight record, built before litigation, not in response to it.
The full architecture, including four working artifacts ready for immediate use, is developed in the Touch Stone Publishers AI Fiduciary Gap Executive Leadership Playbook.