# The Caremark Standard Now Applies to AI. Here Is the Documentation Your Board Needs.
**TSP Category:** White Paper Article (Category ID: 600)
**Project:** TSP_2026-003 | The AI Fiduciary Gap
**Target publication:** Day 3
---
## Meta Description
The Delaware Caremark standard applies to AI oversight. The board that lacks documented governance architecture is already exposed. Four minimum viable architecture elements every board needs now.
---
The Delaware Court of Chancery has governed the board oversight obligation since 1996. The Caremark standard has not changed. What has changed is that AI deployment has created a new category of mission-critical risk that most boards have not yet built a governance architecture to address.
The Oxford Law Blogs published an analysis in March 2026 that states the conclusion directly: Caremark applies to AI oversight, and boards must demonstrate good faith governance in "algorithmically mediated" environments. The analysis, by Dr. Felix Matera, identifies the gap between the legal standard that already exists and the governance architecture that most boards have not yet built.
The gap is not a future compliance question. It is a current structural exposure.
---
## What the Primary Sources Show
The Caremark standard, established in *In re Caremark International Inc.* (Del. Ch. 1996) and refined in *Stone v. Ritter* (Del. 2006), requires boards to implement and monitor a reasonable information system for mission-critical risks. The standard applies to AI oversight because AI deployment in consequential decision domains creates the category of risk Caremark was designed to address: organizational decisions made at scale, in domains with material financial and legal consequences, where the board has delegated oversight to management.
The *McDonald's Corp.* derivative litigation (Del. Ch. 2023) extended the obligation to officers. A C-suite officer who has AI systems operating in their functional domain without a documented accountability contract -- specifying the domain, the red flags, the authority, and the escalation protocol -- carries personal fiduciary exposure under the extended Caremark doctrine.
The SEC Investor Advisory Committee voted on December 4, 2025 to advance AI disclosure guidance requiring boards to disclose the nature of their AI oversight. Only 15% of S&P 500 companies currently provide any board AI oversight disclosure. This is not a future compliance gap. It is the current disclosure landscape.
The Colorado AI Act (SB 24-205), scheduled for June 30, 2026, was repealed by SB 26-189 (signed May 14, 2026). The repeal removes a state-statutory compliance deadline. It does not remove the Caremark obligation. The AI fiduciary gap is created by boards without documented governance architecture, not by any single statute. Statutes are temporary. Delaware doctrine is structural.
---
## The Four Architecture Elements That Satisfy the Standard
**Committee Charter Amendment.** The board must designate, by formal charter amendment, the committee responsible for AI oversight. Informal designation does not appear in the governance record. A derivate plaintiff's discovery request will ask for the charter. If the charter does not reflect the AI oversight mandate, the board cannot prove it existed.
**Quarterly AI Governance Report.** The designated committee must receive a structured report from management at least quarterly. The report must document: which AI systems operate in consequential decision domains, the red flag thresholds for each, incidents and anomalies in the reporting period, and remediation status. The distinction between a compliance affirmation ("all systems operating within parameters") and a governance signal (documented threshold status, named accountability, escalation history) is the distinction between a board that is receiving reports and a board that is monitoring risk.
**Pre-Deployment Impact Assessment.** Before any AI system is deployed in a consequential decision domain, management must complete and document a structured impact assessment. The assessment must address: accountability assignment (who is responsible for outcomes when the system errs), review and override mechanism, and post-deployment monitoring plan. Deploying without documentation is the Caremark failure mode.
**Officer Accountability Contracts.** Each C-suite officer with AI oversight responsibility must have a documented accountability contract. The contract must specify: the AI systems within the officer's domain, the red flags requiring board escalation, the authority to act without board approval, and the escalation protocol. The McDonald's extension makes the absence of this documentation personal exposure, not merely organizational exposure.
---
## The Red Flag Problem
The Caremark obligation has two components: implementing a monitoring system, and actually monitoring it. A board that receives quarterly reports but never asks substantive questions about threshold conditions has satisfied the first element and failed the second.
The red flag problem in AI governance is structural. AI systems in consequential decision domains can fail in ways that are not surfaced by standard financial reporting. A credit model that systematically denies credit to a protected class does not produce a visible loss in the quarterly results. It produces regulatory exposure that may only become visible after an enforcement inquiry. A workforce management AI that systematically disadvantages employees in a protected category produces operational efficiency metrics and EEOC exposure simultaneously.
The board's monitoring obligation requires it to ask, from documentation, what the red flag thresholds are and whether any have been triggered. A board that cannot answer those questions from a document is not monitoring the risk. It is receiving reports.
---
## What the 90-Day Governance Calendar Looks Like
The minimum viable architecture can be built in 90 days. Three months from a board decision to act is enough time to have the committee charter amendment in place, the first quarterly AI governance report delivered, and officer accountability contracts executed.
**Days 1 to 30:** Committee designation, charter amendment language drafted by GC, CEO identifies the officer who will own the first quarterly report, initial AI system inventory scoped.
**Days 31 to 60:** First AI system inventory completed, red flag thresholds defined, officer accountability contracts drafted and reviewed by GC.
**Days 61 to 90:** Committee charter amendment approved, accountability contracts executed, first quarterly AI governance report delivered to the designated committee, committee documents questions asked and answers received.
At day 90, the board has a defensible record: a chartered committee, a quarterly report on file, executed accountability contracts, and a documented review. That is the Caremark standard, discharged.
---
## The Disclosure Question That Arrives Before the Claim
The SEC IAC recommendation will move toward a formal disclosure rule. Before it does, institutional shareholders will ask boards directly about AI governance during 2026-2027 engagement season. The board that has no documented architecture has no substantive answer. The board that has built the four-element architecture has a clear, accurate disclosure to make.
The proxy statement question that boards need to be able to answer honestly: "What is the board's oversight architecture for AI systems that make or influence material decisions for this organization?" The board that can answer with a committee charter, a quarterly report on file, and a set of officer accountability contracts has met the emerging disclosure expectation. The board that cannot has not.
---
## The Legacy Test
The board that builds documented AI oversight architecture before the first AI-specific Caremark challenge is filed has built something its successors will benefit from. That is what governance architecture looks like when it is not built in response to litigation.
---
*Research grounded in primary sources: In re Caremark International Inc. (Del. Ch. 1996), Stone v. Ritter (Del. 2006), In re McDonald's Corporation (Del. Ch. 2023), Matera / Oxford Law Blogs (March 2026), SEC IAC AI Disclosure Recommendation (December 4, 2025), NACD 2025 Board Governance Survey.*
*The four working artifacts that operationalize this architecture -- committee charter amendment language, officer accountability contract template, quarterly board report template, and AI Governance Readiness Scorecard -- are developed in full in the Executive Leadership Playbook available at [touchstonepublishers.com/ai-fiduciary-gap/](https://touchstonepublishers.com/ai-fiduciary-gap/).*