AI at the board table: what the Chief Justice’s warning means for directors

The Chief Justice of New South Wales has made clear what many directors and boards have been reluctant to confront, being that artificial intelligence is not a technology issue to be delegated to senior managers. Rather, it is a governance issue that sits squarely with directors.

In his recent Harold Ford Memorial Lecture, the Hon. Andrew Bell AC delivered what amounts to a signal for corporate Australia. His message was not that AI should be feared or avoided, but that the legal framework governing directors' duties already applies to every decision touched by AI and that many boards are not yet governing accordingly in response.

For directors and senior leaders, the implications and risks are immediate and practical.

The law as it applies today

One of the Chief Justice's central observations is that, on the national level, Australia is not introducing AI-specific corporations legislation. The Commonwealth Government's technology neutral regulatory approach means that directors' existing duties of care, diligence, good faith and independent judgment under the Corporations Act still apply to AI-related decisions without modification.

However, the potential application of these duties in the context of AI is significant. The test under section 180(1) of the Corporations Act (the Act) asks whether a reasonable person in the director’s position or circumstances would have exercised the same degree of care and diligence. Importantly, those circumstances extend to any breach, or potential breach, of law by the corporation.

Where a company deploys AI that causes harm (whether through bias, hallucinations, privacy breaches or flawed decision-making) the focus will inevitably turn to the board - in particular, what the board knew or ought reasonably to have known, as well as the governance frameworks it had in place to oversee the use of AI.

ASIC has already signalled enforcement action in relation to 'poor use of AI', and APRA has warned that 'AI adoption is moving fast, but governance maturity is lagging'. Boards that treat AI governance as aspirational, rather than obligatory, are already out of step with regulatory expectations.

Delegation, reliance and the accountability gap

The most technically significant risk within the existing governance framework concerns the protections relied upon by directors under the Act's safe harbour provisions. The application of these provisions in the context of AI-assisted decision-making is, for the time being, uncertain.

Section 198D of the Act permits directors to delegate powers to persons, however that doesn't apply to delegations to AI models that are not 'persons' for the purposes of the Act. A director that effectively delegates a decision to an AI system receives no statutory protection for doing so. More subtly, where a board delegates to a human, who then relies on AI to perform a task, questions arise about whether the director's belief in that delegate's competence must extend to competence in the responsible use of AI.

The reliance safe harbour in section 189 of the Act also presents similar difficulties. It protects directors who rely on advice from employees or experts. However, that advice requires an 'independent assessment' of that information. Where AI-generated outputs emerge from opaque systems with unknown training data and reasoning that cannot be readily explained (i.e. the 'black box' problem), making that independent assessment may be extremely difficult, if not impossible.

The business judgment rule under section 180(2) faces similar difficulties. A director who blindly adopts an AI recommendation without their own reasoning process has likely not made the kind of conscious, rational judgment the provision requires. As the Chief Justice put it, it is "extremely doubtful" that in those circumstances, a director could avail themselves of this defence.

A duty to not use AI and a duty to use it

There is a growing tension that boards must navigate carefully. On one side, uncritical reliance on AI will likely negate the statutory protections directors rely on. On the other, there is a growing body of scholarship suggesting that directors may increasingly be required to use AI in order to satisfy their duty to inform themselves adequately before making decisions.

The question is no longer simply 'did the board have enough information', but rather 'did the board use the tools available to obtain and test that information?'. This, on its own, is a significant evolution in the standard of care and one that boards should be actively preparing for.

Boardroom dynamics and shadow AI-use

Beyond legal liability, a concern that should resonate with any experienced director is the risk that AI erodes the quality of boardroom deliberation itself. In the words of the Chief Justice, AI produces outputs with "great confidence and clarity of language", which are features it shares with "the most accomplished of fraudsters". That confidence breeds deference, which in turn leads to groupthink and cognitive surrender.

Healthy company boards depend on robust discussion, productive conflict and a diversity of perspectives. When an AI system used by a board delivers its recommendation with convincing authority, the desire to push back diminishes. Directors must be alert to this dynamic and boards should reflect on how AI can be introduced into their deliberative processes without going so far as to defer their decision-making power to it.

Equally pressing is the issue of shadow AI use. Where organisations fail to provide secure, sanctioned platforms, directors and officers will resort to publicly available tools, creating uncontrolled risks around confidentiality, data governance, privilege and cybersecurity. Effective governance in practice requires not only policies that prohibit misuse, but also provide a viable alternative to publicly available tools to make compliant AI use by personnel (whether board members or employees) the path of least resistance.

What boards should do now

The risks identified in the Chief Justice's lecture are not merely academic commentary. They are a clear indication of how judicial thinking is likely to develop when AI-related governance failures inevitably come before the courts. Boards should be acting now to:

1. Adopt specific, detailed AI governance policies covering both operation use and directors' own use of AI in their governance function;
2. Ensure directors are educated on AI capabilities, limitations and risks, as well as whether AI literacy should now be part of the board's skills matrix;
3. Require management to disclose AI use in preparing board papers, including that verification has been undertaken;
4. Establish clear protocols around AI transcription, recording and minute drafting tools, with particular attention to discoverability and privilege; and
5. Document independent reasoning processes when AI has informed a board decision.

The space between blind reliance of AI, and wilful avoidance of it, is where governance now must operate. Boards that find the right balance will be well positioned, whereas those that do not may find themselves explaining their approach to a regulator, a court, or both.

This article builds on our AI in Practice series - for more practical insights on AI governance, AI-assisted meetings and embedding appropriate human oversight into AI-enabled workflows, contact our Artificial Intelligence experts.