Supervisory boards are being asked to oversee the biggest cross-industry technology shift since the internet: AI everywhere. So what does this mean for supervisory boards? In December 2025, the SEC’s Investor Advisory Committee voted to recommend that companies disclose how their boards oversee AI deployment across operations and products. At the same time, a KPMG and INSEAD Corporate Governance Centre study, led by Annet Aris, found that nearly three quarters of boards are perceived to have only moderate or limited AI expertise.
That creates a clear governance gap. Good news is that boards do not need to become AI engineers. They need to be literate in AI and map it into the existing risk, audit, strategy and nomination committees. A look at history helps. Neither the steam engine, nor ERP, nor the internet required boards to invent new fiduciary duties. New tools, same discipline. In short. Board are there for oversight. That’s not changing with AI.
Board Directors Need To Apply AI Oversight – As Usual
Let’s break down what an AI board member needs to track. The first two are standard for most boards:
AI Impact Revenue
AI is opening channels that did not exist a year ago. I have written extensively about the decline of the website and the rise of the agent as the new customer surface. Agents are now part of the customer mix. Many companies will expose open MCP endpoints; I’ve shown how a Chrome MCP plugin can complete a coffee purchase on any retailer’s site. The metric to track: percent of revenue originated or touched by an agent surface — your own MCP endpoint, partner agent traffic, or third-party assistants. Same revenue line management already reports, sliced by a new channel. (Strategy committee.)
AI Impact Cost
AI is making teams more effective. The naive metric is headcount. The right metric is cost per unit of output: cost per ticket resolved, per accounting close, per software commit, per pull request shipped. But that’s not the only metric. AI supported activities cost tokens and new tools. Thus companies are shifting OpEx to CapEx and adding tokens to the per-employee cost line. KPI: Boards should monitor this new employee cost as salary plus tokens consumed and no longer the headcount alone. Where? In the audit committees.
New KPIs For Board Directors Due To AI
AI In Every Workflow
In a previous piece I argued that AI will make us rewrite most workflows. Companies fail when they bolt AI onto a process designed for humans. KPI that board members should track: percent of workflows redesigned for AI rather than retrofitted, plus the time-to-completion for the workflows that matter — time to product launch, time to invoice, time to whatever your business sells. Where? Strategy committees.
The Skills Uplevel issue
Who does the redesign? Consultants rarely know the business well enough. You need an AI-savvy workforce. Most companies aren’t there. Silicon Valley is doing the brutal version: cut staff, equip the survivors with more tools. See analysis about Meta’s recent job cuts. The KPI for the board to watch: percent of employees trained on AI, using approved tools, and the impact those tools generate. The metric for the board itself: hours of substantive AI discussion per year, and whether each director can challenge management without deferring to a single voice. With three quarters of boards self-assessing as moderately or barely AI-literate, this is the principle most likely to be quietly skipped. Don’t skip it.
Risk Due To AI: The Main Focus For Board Directors
Risk has always been on the board agenda. But AI changes the area we need to look at.
Supplier Risk
If half your engineering capacity sits on top of one frontier model, the supplier is your single point of failure. In June 2025, Anthropic cut Windsurf’s direct access to Claude after rumors that OpenAI was acquiring the startup. Windsurf had to reroute to third-party providers on short notice. If your engineering team depends on a single frontier model, your engineering capacity depends on that vendor’s mood and contract politics. The same supplier-concentration analysis your board already runs on raw materials applies here. In my workshops I push for model-portable workflows, but each model interprets prompts differently and portability is expensive.
Add on the geo-political dimension to the supplier discussion. A China-trained model may carry training-data bias your compliance and brand teams have never seen. Board members need to model out in contingency plans the supplier risk to the business. Where? Most likely in the audit committees.
PR And Trustworthy AI Risk
As everyone rolls out AI we will see unintended consequences. Take Taco Bell that rolled out AI ordering across more than 500 drive-throughs and quietly walked it back after a customer ordered 18,000 cups of water and the internet did the rest. There was no quantity sanity check. No second-question logic. No guardrail. The brand took the hit for a problem any product manager could have caught.
Tesla — a far more sophisticated AI operator — shipped a self-driving stack that did not reliably stop for railroad crossings; NHTSA opened a formal investigation in late 2025 after 58 incidents. The board question: which of our AI deployments has a documented guardrail review, who signed it, and what is the blast radius if it fails.
Business Model Risk
This is the one most underappreciated. In February 2026, $285 billion in SaaS valuations were wiped in 48 hours on the thesis that AI agents would replace per-seat software. I argued in SaaSpocalypse Is Dead that the interface dies, not the industry. Either way, the board question is the same. Which of our revenue lines, distribution channels, or competitive moats sits inside an interface that an agent is about to bypass. That is not a cost question and not a revenue question. It is a “does our business model still hold” question, and it belongs on the audit committee agenda this quarter.
The Job Is Not New. The Director Has To Learn AI.
The board’s mandate has not changed. Protect shareholders. Supervise management. The five areas above are the same four every board has always watched. The risk register is the same register, populated with three new patterns. What has to change is the director. Every member now needs enough AI literacy to ask the second question after management’s confident answer.
Lutz Finger is a supervisory board member at the Scout24 SE – G24 (XETRA).
