Board-level AI governance for New Zealand directors.
Sections 131 to 138 of the Companies Act 1993 do not mention artificial intelligence. They do not need to. Your duty of care, diligence, and skill applies to every system your organisation deploys. We build oversight grounded in the Companies Act, the Privacy Act 2020, FMA and RBNZ expectations, and Te Tiriti o Waitangi.
Built for
What your board receives.
How we workBoard AI governance charter
A formal charter defining the board's AI oversight role, delegated authorities, and reporting requirements, drafted for your constitution and committee structure.
Director liability briefing pack
A confidential reference document mapping your organisation's AI footprint against Companies Act duties, with specific liability scenarios and mitigation actions.
Treaty-aware practice
Board reporting on Treaty compliance in AI deployments, with consultation frameworks for AI affecting M膩ori communities and alignment to Te Mana Raraunga principles.
FMA / RBNZ readiness
Gap analysis of your AI governance against current FMA conduct expectations and RBNZ prudential risk standards, with a prioritised remediation roadmap.
Why NZ boards cannot afford to wait on AI governance.
New Zealand has no AI-specific legislation. That is not a comfort. Without prescriptive rules, your existing director duties under the Companies Act 1993 become the standard against which your AI oversight will be judged. 76% of NZ leaders are prioritising AI agents. One in four says governance is the missing link.
- 01Personal liability
Personal liability under the Companies Act.
Section 131 requires directors to act in good faith and in the best interests of the company. Section 137 demands the care, diligence, and skill of a reasonable director. Section 135 prohibits reckless trading. When an AI system causes harm, whether biased lending decisions that trigger FMA scrutiny, privacy breaches that require mandatory notification under the Privacy Act 2020, or flawed automated advice that exposes the organisation to Fair Trading Act 1986 liability, the question is whether the board took reasonable steps to govern it.
- 02Voluntary landscape
Voluntary landscape means boards set the standard.
The Algorithm Charter is opt-in. The Public Service AI Framework applies to agencies, not the private sector. The National AI Strategy, published in July 2025, takes a principles-based approach grounded in the OECD AI Principles. There is no NZ equivalent of the EU AI Act. Your board is not following a rulebook. It is writing one. The organisations that establish rigorous governance now will define what "reasonable" looks like.
- 03Constitutional obligation
Te Tiriti obligations at board level.
AI systems that process data about M膩ori communities, deliver services to M膩ori, or operate in sectors with Crown obligations raise questions that technology teams cannot answer alone. M膩ori data governance, tino rangatiratanga over information, meaningful partnership in system design, and equitable algorithmic outcomes are governance-level decisions that demand board attention. The Public Service AI Framework explicitly requires Crown agencies to consider Treaty of Waitangi obligations in AI deployment.
How our team delivers board-level AI governance for NZ.
Four integrated workstreams designed for the New Zealand governance context. Built for the Companies Act 1993, the Privacy Act 2020, FMA and RBNZ expectations, and Te Tiriti o Waitangi.
Track A
Director liability briefings
Structured briefings that translate sections 131 through 138 of the Companies Act into concrete AI governance expectations: what directors must ask, what documentation to require, where personal liability exposure sits, and how D&O insurance coverage applies to AI-related claims.
- 路 Companies Act duty mapping to AI risk categories
- 路 Personal liability scenarios and case analysis
- 路 D&O insurance gap assessment for AI-related claims
- 路 Director question frameworks for management reporting
Track B
NZ regulatory landscape education
The FMA expects conduct obligations to extend to AI in financial services. The RBNZ expects prudential risk oversight to encompass technology systems, with growing attention to model risk and operational resilience. The Office of the Privacy Commissioner has signalled algorithmic decision-making as a priority under the Privacy Act 2020. We bring boards up to speed on what each regulator expects.
- 路 FMA conduct expectations for AI-enabled services
- 路 RBNZ prudential risk expectations mapping
- 路 Privacy Act 2020 automated decision-making obligations
- 路 Algorithm Charter and Public Service AI Framework briefing
Track C
Treaty-informed governance design
Te Tiriti o Waitangi creates obligations that cannot be addressed by a privacy impact assessment or a standard risk register. We help boards integrate Treaty of Waitangi obligations into AI governance substantively, working with directors on data kaitiakitanga, tino rangatiratanga over information, and the practical governance mechanisms that demonstrate genuine partnership.
- 路 M膩ori data sovereignty assessment for AI systems
- 路 Board reporting on Treaty compliance in AI deployments
- 路 Consultation frameworks for AI affecting M膩ori communities
- 路 Alignment with Te Mana Raraunga principles
Track D
Governance structure and charter development
Committee mandates, escalation thresholds, reporting cadences, and decision authorities that give directors genuine oversight without requiring them to become technologists. For NZX-listed companies, we align with the NZX Corporate Governance Code. For Crown entities, we integrate Public Service AI Framework requirements. For FMA and RBNZ-regulated businesses, we satisfy the conduct and prudential expectations.
- 路 Board AI governance charter with NZ-specific provisions
- 路 Committee mandate design or expansion recommendations
- 路 AI risk escalation and decision authority matrix
- 路 Board-ready AI reporting templates and dashboards
What your board receives.
Tangible outputs that change how your board governs AI, not a slide deck that gathers dust after the strategy offsite.
Boards we work with.
Different organisations face different AI governance pressures. We tailor every engagement to your regulatory exposure, organisational scale, and AI maturity.
NZX-listed and large private companies
For boards applying the NZX Corporate Governance Code alongside AI adoption. We build governance structures that satisfy both the Code's principles and your Companies Act 1993 duties, including section 131's good faith requirement and section 137's standard of care. Aligned to Privacy Act 2020 compliance for AI-driven data processing.
Crown entities and government organisations
Public sector boards face additional layers. The Public Service AI Framework sets explicit expectations for AI deployment. Cabinet expectations on algorithmic transparency demand documented decision-making processes. The Algorithm Charter creates voluntary but reputationally binding commitments. Treaty of Waitangi obligations are non-negotiable, requiring genuine partnership with M膩ori in AI system design, deployment, and oversight.
FMA and RBNZ regulated entities
Financial services boards face the most immediate regulatory pressure on AI governance. The FMA's conduct expectations increasingly encompass algorithmic decision-making, AI-assisted customer advice, and automated compliance processes. The RBNZ's prudential focus is expanding to encompass model risk from machine learning systems, operational resilience dependencies on AI infrastructure, and concentration risk from third-party AI providers.
Organisations with M膩ori community impact
If your AI systems collect, analyse, or make decisions using data about M膩ori communities, your board has governance obligations that go beyond the Privacy Act 2020. Te Tiriti o Waitangi creates expectations of partnership, protection, and participation. We work with boards to integrate Treaty principles into AI governance substantively, ensuring data kaitiakitanga, rangatiratanga over information, and meaningful iwi consultation are reflected in how AI is overseen.
Common questions from NZ directors.
How does the Companies Act 1993 create personal liability for AI governance failures?
Sections 131 through 138 impose duties on directors to act in good faith, with care, diligence, and skill, and to avoid reckless trading. These duties are technology-agnostic. If an AI system causes financial loss, privacy breaches under the Privacy Act 2020, or discriminatory outcomes that attract Human Rights Act scrutiny, and the board did not exercise reasonable oversight, individual directors may be held personally liable.
How do Te Tiriti obligations apply at board level for AI?
Te Tiriti o Waitangi creates obligations of partnership, protection, and participation. For AI governance, this means boards must consider who holds rangatiratanga over data collected from or about M膩ori, whether AI systems perpetuate existing inequities affecting M膩ori communities, and whether meaningful consultation has occurred before deploying AI in areas with M膩ori impact. For Crown entities they are legally grounded obligations rather than voluntary best practice.
What does the FMA expect from boards regarding AI governance?
The FMA has not issued AI-specific regulations, but its conduct expectations already encompass technology systems that affect customers. If your organisation uses AI in financial advice, credit assessment, insurance underwriting, or customer interactions, the FMA expects the board to have oversight of those systems' fairness, transparency, and consumer outcomes.
Should our board create a dedicated AI committee or expand an existing one?
There is no single right answer. For organisations where AI is transformative to the business model, a dedicated technology and AI committee may be warranted. For most NZ organisations, expanding the mandate of the risk committee or audit and risk committee is more practical. What matters is that AI governance has a clear home within your board structure, with defined escalation paths and reporting cadences.
NZ AI governance is mostly voluntary. Why invest now?
Precisely because it is voluntary. When New Zealand does not prescribe specific AI governance requirements, courts and regulators will look at what comparable organisations were doing to determine the standard of care under the Companies Act 1993. Boards that establish governance frameworks early are shaping the benchmark against which future compliance will be measured. The National AI Strategy, published in July 2025, signals a direction of travel toward greater regulatory structure.
Your board approved AI adoption. Now it needs governance.
A 90-minute director briefing is where most boards start. We walk through your Companies Act 1993 obligations, your current AI exposure, Privacy Act 2020 implications, and the governance gaps that create personal liability. FMA and RBNZ expectations relevant to your sector, Treaty of Waitangi considerations for M膩ori data governance, and the practical steps that demonstrate informed oversight.