Artificial Intelligence in the Boardroom: Key Legal, Governance & Risk Considerations

January 26, 2026

By: Dori K. Bailey, Thomas R. Clifford, Savanna P. Klinek, Delaney M. R. Knapp, and Shannon A. Knapp

As the business world accelerates its adoption of artificial intelligence (AI), many organizations are exploring AI-enabled tools to assist with meeting support functions such as recording, transcription and summarization. While these tools can streamline administrative functions and enhance productivity, they also introduce significant legal, regulatory and operational risks. Organizations should carefully assess the following considerations before bringing AI into the boardroom.

AI Discrepancies and Inaccuracies

AI transcription and summarization tools can easily misinterpret comments, capture unintended side conversations or omit important details, producing flawed summaries that do not accurately represent board discussions. Discrepancies between AI transcriptions and formal meeting minutes may create concerns regarding the accuracy of the formal meeting minutes. Moreover, because board minutes serve as official records, even minor inaccuracies may lead to significant governance deficiencies, compliance and regulatory risks, and investigation and litigation exposure. AI-generated content should be treated only as a preliminary draft and should be reviewed by the board secretary or a designated reviewer for accuracy and completeness.

Cybersecurity and Data Sharing

Without proper safeguards in place, AI tools may inadvertently expose sensitive information to unauthorized users outside of the organization. This risk is only heightened if third-party vendors can store, use or access meeting data. Due to these risks, public or consumer‑grade AI tools should be avoided. Instead, organizations should consider enterprise grade platforms that contractually prohibit data use for training purposes, restrict human access to data and prevent third-party data sharing. Additionally, since many AI tools operate on cloud infrastructure or otherwise rely on third-party providers, cybersecurity and data privacy due diligence is essential. To mitigate risk, organizations need to assess whether their AI providers have comprehensive cybersecurity safeguards in place.

Confidentiality and Privilege

AI tools should not be used during board discussions involving privileged, confidential or highly sensitive topics, such as litigation strategy, regulatory matters or personnel decisions. AI-generated transcripts may become discoverable, increasing legal and regulatory risk if sensitive content is discussed. AI tools may also compromise attorney client privilege by giving third‑party providers access to communications that would otherwise remain protected. AI meeting assistants can turn routine conversations into permanent, discoverable records, dramatically expanding the scope of materials that may be subpoenaed or reviewed in litigation. As a result, the board and individual board members should disable AI transcription or summarization features during executive sessions and ensure that the default settings for their AI tools do not automatically distribute summaries or transcripts of meetings to participants. The board and individual board members should also consider disabling the default setting that allows for AI transcription of every meeting. If AI tools are utilized, proper training is critical to protect confidential and privileged information. It is essential that board members and employees clearly understand the circumstances in which AI should not be used.

Privacy and Regulatory Requirements

Recording and transcription activities may trigger state, federal or international privacy obligations. For example, certain jurisdictions, such as California, require all party consent for recorded conversations. Regardless of location, organizations should clearly notify all participants when AI-based recording or transcription tools are in use. It is critical that organizations stay informed regarding the evolving requirements surrounding AI and data processing.

Fiduciary Duties

As the board of directors is charged with overseeing an organization’s business and affairs, board members should be aware of new developments in AI and other emerging technologies. In addition to a board’s collective responsibilities, directors and officers of an organization individually have legally enforceable fiduciary duties, such as the duty of care, to the organization, its shareholders, members and other constituents as applicable. As part of this duty, directors need to understand the risks, limitations and appropriate applications of AI, particularly when discussing the organization’s sensitive or privileged information. As the use of AI continues to expand, careful consideration of fiduciary duties should be at the forefront of any AI implementation. Ignoring these risks could expose directors and the organization to significant legal and regulatory risks.  

As organizations consider integrating AI meeting support tools into the boardroom, it is essential to recognize the associated risks. Organizations should only implement AI tools for board meetings after undertaking a thorough due diligence review regarding potential vendors, establishing clear policies and safeguards and training board members and staff. In addition, legal counsel should be consulted to mitigate potential regulatory, privacy and litigation exposure. While AI may enhance efficiency in certain circumstances, the risks associated with using AI can easily compromise the organization’s legal, compliance and governance obligations.

For more information related to the use of AI with your board, please reach out to Dori K. Bailey, Thomas R. Clifford, Savanna P. Klinek, Delaney M.R. Knapp, Shannon A. Knapp, CIPP/US, CIPP/A or the Bond attorney with whom you are regularly in contact.