The White House’s AI Action Plan was released last week. Ambitious and freewheeling, the goal of the WH AI Action Plan is to create a dynamic “try-first” AI culture across American industry by removing regulatory friction while accelerating the development, use and adoption of AI.
With the White House taking a light regulatory approach to AI that is focused on a desire to sail faster into the turbulent AI future, the burden of responsibly capitalizing on the opportunities of AI technologies while controlling their risks is in the hands of the private sector. This makes the corporate boardroom the de facto regulator of artificial intelligence systems and their use throughout the American economy.
Ushering in an accelerated and unregulated pace of AI use and adoption, the White House AI Action Plan wants to create an AI fueled “renaissance.” The action plan is focused on accelerating the use and adoption of AI to drive innovation, ensuring that the capacity and infrastructure exists to scale its development and enablement, and securing America with a first-mover AI leadership advantage globally.
Indicating little to no federal regulation over AI use in the U.S., this elevates the corporate boardroom to the helm of AI governance as the primary, and only, front line leadership control with the authority to oversee the responsible use and adoption of AI throughout America’s companies.
This approach is in contrast to the EU, which recently affirmed that the implementation of the EU Artificial Intelligence Act will not be delayed. The EU AI Act is government regulation focused on ensuring that there is some standard level of transparency, accountability and trust in the creation and use of AI systems. It applies to both the providers of AI systems and their users, including potentially U.S. companies if the AI system’s outputs are used in the EU. It is a risk-based regulation focused on the use of the AI system and requires there to be different controls in place centered on accountability, risk management, security and transparency, e.g., high-risk AI systems must have an established, implemented and documented risk management system in place throughout its lifecycle. Certain uses are prohibited outright. The EU AI Act forces policies and practices to be in place based upon different levels of risk relative to the use of an AI system.
While the EU AI Act does not impose specific corporate governance requirements related to AI systems, the White House is not the only one putting the corporate boardroom on the spot with AI. Norway’s US$2 trillion sovereign wealth fund has stated that, “The board of directors is accountable for companies’ responsible development and use of AI.”
Activist investor Tulipshare submitted a 2025 shareholder proposal for Berkshire Hathaway (BRK: A; BRK. B) to create an AI Committee on their board. This signals a growing investor awareness and desire for boardroom accountability on how AI systems impact investments. While the Tulipshare proposal failed to pass, it did receive the most votes of all shareholder proposals during the Berkshire annual general meeting. Investors expect the corporate boardroom to be an active and effective leadership control and overseer of the journey into the AI future.
Are corporate boards ready for this heightened AI expectation? If digital and cybersecurity governance is any indicator, many of America’s corporate boardrooms may have a long way to go to rise to this AI boardroom leadership moment. However, evidence is showing that when they do, significant business value is being created. Recent MIT research on director AI expertise shows that U.S. boards that were digitally and AI savvy had average returns on equity almost 11 percentage points higher than industry averages. Moreover, research from Virginia Tech consistently shows that director cybersecurity expertise reduces real levels of cybersecurity risk.
However, many corporate boards in the U.S. and elsewhere continue to resist common sense boardroom transformation in the face of digital business disruption and increasing cybersecurity risks. Instead, relying on an accounting and financially centric status-quo governance model firmly anchored in the analog past born of the Sarbanes-Oxley Act of 2002. Many of America’s boardrooms have shown themselves to be remarkably slow and stubborn in transforming themselves into an active and high-performing digital and cybersecurity governance control capable of overseeing the opportunities and risks of the digital future.
The AI governance moment boardrooms are now facing is an even larger challenge that requires significant corporate governance transformation in director skills, board organization and in the active oversight of the unique and systemic risks of AI systems. While boardrooms in the EU will have to ensure their company’s adapt to the risk adjusted compliance requirements of the EU AI Act, the White House AI Action Plan is imposing, by default, boardroom self-regulation as America’s preferred AI oversight model.
Recent research from Kiteworks highlights how much oversight is already needed over management’s use and enablement of AI systems. Kiteworks findings show that only 17% of organizations have implemented AI-specific technical controls, such as data loss prevention (DLP) scanning tied to public AI usage. This means 83% of companies do not automatically prevent employees from uploading company data to public AI tools, posing significant risks.
Tim Freeman, Kiteworks Chief Marketing Officer, succinctly states, “AI adoption is accelerating, but oversight is not. Boards and executive teams are operating in the dark—without enforceable controls or real visibility into where private data is flowing. This is a systemic governance failure.”
Kiteworks research indicates that 27% of organizations report that almost a third of the AI-bound data contains private information, e.g., customer records, employee data and trade secrets.
The White House AI Action Plan wants to fire up all engines and sail even faster into the AI future. Recent survey data from Deloitte reveals a concerning global boardroom leadership gap that could foreshadow AI chaos rather than an AI renaissance: 66% of surveyed boards lack sufficient knowledge about AI, rendering them largely ineffective or merely symbolic in overseeing these disruptive technologies. While 40% of respondents indicated that boards are rethinking their composition to address this director competency gap, 53% also noted the need to accelerate their AI adoption journeys.
Deloitte’s Audit Committee 2025 report shows another lingering legacy governance problem, cybersecurity and AI are both Top 10 priorities of the audit committee in 2025, a leading bad corporate governance practice. Anchoring oversight responsibility of these issues within an audit committee misaligns the oversight agenda and director skills to the complex issues of AI, digital and cybersecurity transformation and risk.
Accelerating AI-driven change without effective boardroom leadership and oversight creates a higher risk profile than many investors may be aware of or find acceptable, while also putting the White House AI Action Plan at risk. And it’s not just relevant levels of director expertise that define boardroom effectiveness on AI, it’s also how the board organizes itself and the reasonable system of oversight that the directors put in place and monitor over management’s use and enablement of these technologies.
The White House AI Action Plan is notably quiet on the role of the boardroom and corporate governance leadership in enabling the AI future. Not surprising, as the SEC recently failed to strengthen the boardroom leadership control in cybersecurity when they eliminated the director cybersecurity expertise disclosure requirement from their final cybersecurity rules that were issued in 2023. A petition was recently filed by a group of cybersecurity leaders requesting the SEC to reinstate this common sense and highly effective boardroom cybersecurity leadership control.
Fortunately guidance for U.S. corporate directors exists on becoming AI boardroom effective. Digital Directors Network recently released The Definitive Corporate Director Guide on AI Boardroom Effectiveness: What Shareholders Want. This standards and AI risk management derived guidance helps directors operationalize the core boardroom policies and procedures that they should be adopting to strengthen their ability to oversee AI systems and their use.
America’s regulators continue to underestimate the importance and critical role of expert boardroom leadership on AI, digital and cybersecurity issues to responsibly, securely and effectively enable their digital and AI ambitions. Investors and stakeholders deserve more from the corporate boardroom than the symbolic oversight of these technologies and their risks. With the U.S. federal government’s preference for regulatory abdication on AI, America’s boardrooms have the responsibility to step up and self-regulate.
The good news is that the boardrooms that are self-regulating through their own transformations are proving that effective boardroom leadership and oversight works to responsibly and securely create value. Moreover, all boardrooms can self-regulate their own effectiveness on these issues, they don’t need the government to impose rules for them.
Absent America’s corporate boardrooms being a strong control over the use and enablement of AI systems, the vision and potential of The White House AI Action Plan will likely be under realized, or sunk outright.
Legacy U.S. corporate governance models need to be transformed to adapt to the AI and digitally enabled present and future. Effective AI corporate governance cannot be symbolically layered onto an analog and financially centric corporate governance approach — the technologies are too complex, their impacts are too far reaching, and their risks are too unique.
The White House AI Action Plan wants to create a “renaissance.” However without effective AI boardroom leadership and oversight, an “AI Perfect Storm” is more likely where risk runs rampant and negative unexpected consequences abound.
The White House AI Action Plan wants to get America into the AI future fast and first. Come to think of it, that was the objective of the Titanic too. Icebergs be damned.