Briefing · Boards & Officers
AI Governance & D&O Liability
A briefing for directors, officers, and their advisors on the intersection of AI deployment, fiduciary duty, and director-and-officer liability under the Marchand standard.
- Author
- Khullani M. Abdullahi, JD
- Length
- 28 pages
- Format
- Edition
- May 2026
- Audience
- Boards, GCs, brokers
Abstract
For two decades, the Caremark duty of oversight was treated as the most difficult theory in corporation law. Marchand v. Barnhill (2019) changed that. The Delaware Supreme Court held that in industries where compliance failures present catastrophic risk, directors have an affirmative duty to establish a board-level information system to monitor that compliance topic — and that the failure to even attempt oversight constitutes bad faith.
This briefing argues that AI now meets the Marchand mission-critical threshold at most U.S. public and large private companies in 2026. Four factors converge: AI-specific regulation has arrived (Illinois HB 3773, the Colorado AI Act, NYC Local Law 144, the EU AI Act, California ADMT); AI-related securities class actions roughly doubled from 2023 to 2024 and continued growing through 2025; SEC enforcement on AI disclosures is active; and AI is operationally central across hiring, credit, clinical, and strategic decision workflows.
The briefing maps the Caremark trajectory from 1996 to the present, sets out the practical oversight infrastructure boards need to discharge the duty (a board-approved AI governance policy, named committee oversight, regular reporting cadence, an AI inventory, vendor due diligence, incident logging, and ideally independent advisory review), and provides a sequence the audit committee chair can begin executing this quarter. It closes with a specific framing for the D&O renewal conversation — how the documentation produced by the oversight process serves the broker, the underwriter, and the defense file simultaneously.
The first AI-specific Caremark complaint to survive a motion to dismiss is, in our view, a 2026 or 2027 event. Boards that have built oversight infrastructure are insulated from that theory at the pleading stage. Boards that have not are accumulating exposure that will surface when an AI-related incident hits the company.
Send me the briefing
Contents
- 01
The Caremark trajectory: from 1996 to Marchand
How a duty of oversight that practitioners called nearly impossible to violate became a viable theory plaintiffs are pleading past motions to dismiss in Clovis, Hu, Chou, and McDonald's.
- 02
Why AI now qualifies as mission-critical
Four converging factors: AI-specific regulation, the rise of AI-related securities class actions, active SEC enforcement on AI disclosures, and the operational centrality of AI in regulated workflows.
- 03
What "mission-critical" means in practice
The seven elements of board-level oversight infrastructure under Marchand: policy, named committee, reporting cadence, AI inventory, vendor due diligence, incident logging, and independent advisory review.
- 04
Anticipating the first AI Caremark claim
The pattern the first surviving complaint will follow — drawn from Marchand itself — and the discovery posture that exposes a board with no infrastructure to defend.
- 05
What the audit committee chair should do this quarter
A six-step sequence: place AI on the next agenda, direct a current-state assessment, determine the committee structure, establish a reporting cadence, consider independent review, and use the documentation at D&O renewal.
- 06
The D&O renewal conversation
How AI oversight documentation serves the broker, the underwriter, and the defense file simultaneously — and how to engage the broker 90+ days before renewal to negotiate against AI exclusions.
The compression is real. The AI arc is moving faster than the cyber arc did. Boards that wait for the first AI-specific Caremark decision before acting will be too late.
— from the briefing
Who this briefing is for
Boards, the executives advising them, and the brokers underwriting them.
The briefing is written for the small set of readers who will need to make decisions about AI oversight in 2026:
- Audit committee chairs and independent directors at U.S. public and large private companies, particularly in regulated industries.
- General counsel and chief compliance officers assembling a defensible AI compliance posture for the board, the carrier, and a future regulator.
- D&O brokers and underwriters evaluating insureds' AI risk posture during renewal cycles, and negotiating against AI exclusions.
- Outside counsel advising boards on the duty of oversight and the documentation that discharges it.
Founder
Khullani M. Abdullahi, JD
Founder & Principal Advisor
Khullani founded Techné AI as an independent advisory practice at the intersection of AI governance, D&O liability, and regulatory compliance. She authored the AI Governance & D&O Liability briefing now in active distribution to boards and broker partners; after her testimony to the Illinois Senate Executive Subcommittee on AI and Social Media, the substance of one of her recommendations was incorporated into an AI-risk impact study bill. She also hosts the AI in Chicago podcast.
Cite as
The briefing is a working document; the most current edition is dated on the cover page. To cite this edition:
Abdullahi, Khullani M. (May 2026). AI Governance & D&O Liability: A Briefing for Directors, Officers, and Their Advisors. Techné AI. https://techne.ai/briefings/ai-governance-and-d-o-liability
If your board needs to act on this, the next step is the Diagnostic.
A two-week productized assessment that produces a Risk Profile, prioritized gap map, and three-action sequence the board can adopt at its next meeting. From there, we scope the right depth of review for your jurisdictional footprint and risk exposure.