Board oversight of AI built for Section 180, FAR, and AICD scrutiny.
66% of boards say they do not know enough about AI for effective oversight. Fewer than 25% of companies have board-approved AI policies. We advise Australian directors on Section 180 obligations, AICD eight-element governance, and FAR accountability, with frameworks built for ASX-listed, government, and regulated entities.
Built for
Directors now face three converging AI obligations.
AI adoption has outpaced the governance structures designed to oversee it. The legal and regulatory landscape demands a documented response from the board, not a referral to management.
- 01
Section 180 and 181 cover AI oversight.
Under Section 180 of the Corporations Act 2001, directors must exercise care and diligence in their oversight of AI systems. Section 181 requires acting in good faith. In ASIC v RI Advice Group [2022] FCA 496, the Federal Court established precedent for personal director liability in technology governance failures, confirming that ignorance of how systems operate is not a defence.
- 02
The board knowledge gap is real.
66% of boards report insufficient AI knowledge for effective oversight. Fewer than 25% of companies have board-approved AI policies. 40% of directors are rethinking board composition to address AI expertise gaps. Boards cannot govern what they do not understand, and generative AI has widened the gap further.
- 03
ASIC and FAR have named AI a focus area.
ASIC's 2025-26 Corporate Plan identifies both AI use and directors' conduct as regulatory focus areas. Under the Financial Accountability Regime, accountable persons face personal accountability for AI failures in regulated entities. Directors in financial services, healthcare, and other regulated sectors carry exposure beyond standard Corporations Act obligations.
Board advisory services.
Three integrated services from initial board education through framework development to ongoing risk oversight. Tailored to the AICD eight-element framework and your board's industry context.
Service A
Board education & AI literacy
Half-day or full-day board workshops covering machine learning fundamentals, generative AI risks, data governance principles, and regulatory developments. Aligned with the AICD's eight elements framework, tailored to your industry.
- Non-technical, governance-focused content
- Australian case study analysis
- Director reference guides
- Critical-questioning skills for AI matters
Service B
AI governance framework
AI inventory, board-approved policies, committee charter development, and reporting frameworks that surface meaningful data governance and risk indicators to directors.
- AI inventory and risk classification
- Board-approved AI policies
- Committee charter and TOR
- Board reporting templates and dashboards
Service C
Ongoing risk oversight
Quarterly regulatory updates, management report reviews, advisory calls on high-risk deployments including generative AI, and annual framework refresh.
- Quarterly regulatory updates
- Management report reviews
- Ad hoc advisory calls
- Annual maturity assessment
The AICD eight elements of AI governance.
Our advisory work is built on the Australian Institute of Company Directors and Human Technology Institute guidance suite released in June 2024. We apply each element to your specific context.
- 01
Roles and responsibilities
Clear accountability for AI decision-making from board to operations. Defines who owns AI strategies and how accountability flows through the organisation. - 02
People, skills and culture
AI literacy assessment across board and management, capability building, and cultural strategies that support responsible innovation. - 03
Governance structures
Board committee structures for AI oversight, whether expanding existing audit or risk committees or establishing dedicated AI governance bodies. - 04
Principles and strategy
Integration of responsible AI principles into corporate strategy. Aligns AI investment with values, stakeholder expectations, and regulatory requirements. - 05
Practices and controls
Operational controls throughout the AI lifecycle. Covers generative AI policies, model validation, and human oversight for high-risk decisions. - 06
Stakeholder engagement
Frameworks for identifying stakeholders affected by AI decisions and assessing impact. Maintains transparency with customers, employees, and regulators. - 07
Third-party management
Governance protocols for AI vendors. Contract provisions for explainability, audit access, data governance standards, and liability allocation. - 08
Monitoring and reporting
Risk-based monitoring and board dashboards that surface actionable AI performance and risk data. Designed for directors without technical expertise.
Learning from Australian AI governance failures.
Effective AI governance is not theoretical. Two recent Australian cases illustrate what happens when boards lose visibility of how AI is operating inside their organisations.
- 01
Robodebt Scheme (2016 to 2019).
The Australian Government's automated debt recovery system used income averaging to identify welfare overpayments. The Royal Commission found the methodology was legally invalid, lacked meaningful human oversight, and dismissed repeated warnings. The scheme wrongfully recovered $746 million from 381,000 individuals, resulted in $1.75 billion in debts written off, and was linked to multiple suicides. The Commission described it as a case of "venality, incompetence and cowardice."
Failures: no human oversight, dismissed concerns, no transparency, insufficient contestability.
- 02
Major consulting firm AI failure (2025).
A major consulting firm used generative AI to produce a 237-page independent review for a government client. The final report contained fabricated academic citations and non-existent court references generated by the model. AI use was not disclosed until after errors surfaced. The firm refunded part of the AU$440,000 contract and absorbed material reputational damage.
Failures: AI outputs unverified, use not disclosed, QA inadequate, governance lagging adoption.
Director liability and insurance considerations.
Personal liability risks from inadequate AI governance, and the limits of D&O coverage that directors should understand before the next board meeting.
Personal liability triggers.
Boards are subject to strict obligations under the Corporations Act, and these extend to AI oversight. Key triggers include failure to understand how AI systems are used, inadequate governance frameworks, failure to act on known risks from machine learning systems, and misleading statements about AI capabilities (sometimes called "AI washing").
If an AI-related failure causes financial losses, reputational damage, or consumer harm, directors may be held personally liable under Section 180 for failing to exercise care and diligence.
D&O insurance limitations.
Directors and Officers insurance provides important protection, but coverage has limitations in AI governance failures. Breaches of duty, defence costs, and settlements are typically covered. Regulatory fines, gross negligence, and inaction on known risks may be excluded.
Insurers increasingly inquire about AI governance as part of underwriting. Weak data governance or undocumented AI oversight can reduce or deny coverage, leaving directors personally exposed.
Boards we advise.
Four board archetypes, each with distinct AI oversight expectations. We tailor advisory services to the governance environment each board operates within.
Related AI governance services.
Discharge your AI governance obligations with documented oversight.
Two-thirds of Australian businesses already use or plan to use AI. ASIC has named both AI use and directors' conduct as regulatory focus areas. Schedule a complimentary 60-minute consultation to discuss your board's AI governance requirements.