There is a question that every board of directors will face in the next 18 months.
A shareholder, a regulator, a plaintiff’s attorney, or an institutional investor engagement team will ask it in one form or another. The answer will determine whether the board’s governance position is defensible or exposed.
The question is this: if your organization’s AI systems produced a material adverse outcome today, what document would your board produce to prove it discharged its oversight obligation?
Most boards do not have an answer. That is not a prediction. The NACD’s 2025 survey found that only 36% of boards have implemented formal AI governance frameworks. Only 6% have established AI management reporting metrics. Eighty-five percent of S&P 500 companies do not disclose board oversight of AI to their shareholders.
These are current measurements of a governance gap. Not a future risk. A present condition.
What the Delaware Courts Have Already Decided
The Caremark standard does not require a board to prevent every adverse outcome. It requires the board to implement and monitor a reasonable information and reporting system for mission-critical risks. A board that does neither: or that implements a system but ignores the signals it produces: is liable for bad faith.
AI deployment is a mission-critical risk. When an organization uses AI systems to make or influence consequential decisions: in credit, employment, financial reporting, operations, customer service: and the board has no documented framework for overseeing that use, the board has failed the Caremark standard. Not theoretically. Structurally.
The McDonald’s Corp. derivative litigation in 2023 extended this further. Caremark oversight duties now apply to officers within their delegated domains, not only to the board as a whole. The CFO, COO, CHRO, CRO, and CIO who lack documented AI governance accountability contracts for their functional domains carry personal fiduciary exposure alongside the board.
The Declarative Board Failure Pattern
There is a failure mode that board governance literature rarely names directly. It is the pattern where a board issues a policy statement: “our organization is committed to responsible AI”: and considers the governance obligation addressed. No architecture follows the declaration. No committee is chartered to receive reports. No officer is designated with documented accountability. The policy exists; the governance does not.
In Delaware, that is not a defense. It is the record of a board that knew AI was a material risk, declared a commitment to managing it, and built nothing.
The Declarative Board Failure Pattern is visible in organizations at every size and sector. It is not the result of malicious intent. It is the result of boards treating governance as a communications exercise rather than an architecture exercise. Declarations are easy. Architecture requires specificity. Specificity creates accountability. Accountability requires follow-through.
What the Architecture Must Include
The minimum viable AI governance architecture has four elements. A board that has all four is defensible. A board that lacks any one of them has a gap the derivative plaintiff’s discovery team will find.
The first is a committee charter amendment. The board must designate by name the committee responsible for AI oversight. The charter must be amended to reflect the mandate. An informal understanding is not a governance structure.
The second is a quarterly AI governance report. Management must deliver a structured report to the designated committee at least quarterly. The report must address which AI systems operate in consequential decision domains, what the red flag thresholds are, what incidents occurred, and what the remediation status is. A dashboard without accountability is monitoring theater, not governance.
The third is a pre-deployment impact assessment process. Before any AI system is deployed in a domain where its outputs affect material financial outcomes, customer rights, or regulatory compliance, management must document the governance architecture for that system. Deploying without documentation is the Caremark failure mode.
The fourth is officer accountability contracts. Each C-suite officer with AI governance responsibility must have a documented accountability contract specifying domain, red flags, authority, and escalation protocol. The McDonald’s extension means the absence of this documentation creates personal exposure at the officer level.
The Proxy Season Is the Practical Deadline
The 18-month horizon for the first AI-specific Caremark derivative claim is probabilistic. The proxy season is not. Q3 2026 is when shareholder resolutions addressing AI governance will be filed. Institutional investors and proxy advisory firms are developing AI governance scoring criteria. The boards that enter the Q3 proxy season without documented architecture will face adversarial pressure to build it at the shareholder’s timeline.
Building governance architecture under pressure produces compliance documents. Building it from conviction produces governance. Proxy advisory firms and institutional engagement teams read the difference. They have read it in cybersecurity, in environmental governance, in human capital management. They will read it in AI governance.
The Question the Board Must Be Able to Answer
Return to the opening question. If your organization’s AI systems produced a material adverse outcome today, what document would your board produce to prove it discharged its oversight obligation?
The board that can answer with a committee charter, a quarterly report on file, a set of officer accountability contracts, and an impact assessment process has built something defensible. The board that cannot answer the question has not.
The architecture is not aspirational. It exists at boards that have built it. The only question is whether your board builds it before the question is asked, or after.
The board that builds the architecture before the first challenge arrives has built something its successors will benefit from. That is what governance looks like when it is not built in response to litigation.
The board that builds it before has governed. The board that builds it after has responded.
The AI Fiduciary Gap: What Every Board Must Document Before June 30 is a Touch Stone Publishers Executive Leadership Playbook available at touchstonepublishers.com/ai-fiduciary-gap/. The Board of Directors White Paper is available free.