The Boardroom’s New Mandate

The corporate conversation around artificial intelligence has moved on. The early focus on generative AI – tools that draft text, generate images and summarize documents – has given way to agentic  AI managing business workflows autonomously. Agentic AI systems can now approve transactions, manage supply chains and resolve customer issues, often with little human oversight.

This shift means that boards can no longer treat AI as a technology initiative delegated only to the chief technology officer.  Agentic AI introduces risks to operations, reputation and regulatory standing, for which boards have fiduciary responsibility. 
 

The five pillars of responsible AI oversight

To guide organizations effectively, board members must focus on people, process, technology, data and governance.

1. People: From in-the-loop to responsible guardians

Agentic AI allows people to shift their focus toward oversight, risk management and relationship building. 

• Board literacy: Board members and senior executives must develop sufficient AI literacy to challenge assumptions and guide strategy. Boards must speak the “language” of AI.

• Upskilling mandate: Beyond technical teams, boards must ensure business, operations and risk functions management teams are also reskilled to critically challenge AI outputs while operating alongside AI-augmented workflows and agents.

2. Process: Re-engineering for autonomy

Boards must ensure that agentic AI implementations are value-driven and strategically aligned.

• Avoiding the pilot graveyard: Many firms remain overwhelmed by the number of proof-of-concepts. Clear go/no-go criteria and exit thresholds that include robust risk and control metrics are required to move into production. 

• Reinventing, not just improving: Success does not simply mean layering AI onto existing processes; operating models can now be designed around agentic capabilities.

3. Technology: Building for the future

A responsible AI strategy requires a secure, scalable and cost-effective infrastructure. 

• Model diversity: Firms can choose between proprietary models from big technology firms, tailored solutions from startups or open-source alternatives. Cost, security and vendor dependency are likely to be the main priorities. Given the pace of change, access to the latest model versions is also critical.
• Hardware and supply chain: Agentic AI depends on specialized compute. Boards must oversee procurement strategies, manage capital intensity and mitigate supply chain risks, focusing on AI sovereignty concerns.
• Token costs: As model usage scales, token consumption becomes a material cost driver, particularly in multi-agent workflows where models continuously interact. Firms should monitor usage at a workflow level, optimize model and prompt design, and set clear benchmarks to ensure spend remains aligned with business outcomes.

4. Data: Deriving value from the unstructured

Data remains the key differentiator. With agentic AI, the emphasis shifts to managing complex, unstructured data such as audio, video and text.

• Quality and traceability: "Garbage in, garbage out" still applies, but in agentic systems poor inputs can scale quickly across workflows. Firms should treat input quality as a control, with basic checks on data, guardrails on prompts and clear tracking of prompts, data and model versions to ensure output can be trusted and traced over time.
• Handling sensitive information: Firms must scrutinize how models process personal and sensitive data. As AI systems increasingly interact with external agents, privacy and third-party risks intensify. 
• Single points of failure: Models trained on proprietary data can become concentrated repositories of an organization's know-how. Firms must plan for risks such as model theft or cyber compromise.

5. Governance: Creating fit-for-purpose frameworks

Governance must be proactive and embedded within the organization, aligning AI oversight with broader frameworks for operational resilience, third-party risk and cybersecurity.

• Enterprise integration and board oversight: AI governance cannot operate in isolation. Boards must ensure it is integrated into existing risk disciplines, including operational resilience, third-party risk management and cyber security, with clear accountability at senior management level.
•  Model inventory: Firms cannot govern what they cannot identify. A comprehensive inventory of all models, including third-party tools, is essential and should align with existing enterprise risk and technology inventories. Prompt repositories and logs will be critical for monitoring. 
• Risk guardrails: Organizations must define and manage risks such as bias and reputational exposure within enterprise risk frameworks, ensuring consistency with broader governance standards.
• Regulatory alignment: With frameworks such as the EU AI Act taking effect, firms must ensure compliance across jurisdictions. Non-compliance carries material financial and reputational consequences. For example, under the EU AI Act, non-compliance can result in a fine of up to €35 million or 7% of a firm’s annual turnover. 

Successful implementation of Agentic AI will not come from adopting the latest tools alone, but from executing a balanced approach that combines innovation with disciplined risk management. Boards and senior executives have a central role in embedding effective AI governance across the organisation.