Artificial intelligence has moved from the edges of board practice to the board portal itself. What started as document search and automated summaries is quickly becoming something more ambitious: AI assistants that can interrogate board packs, recall earlier decisions, draft minutes, suggest questions, identify follow-up actions and, in some cases, operate as a governed network of agents across risk, compliance and subsidiary governance workflows.
Some vendors now use bold language. Diligent has announced an "AI Board Member". Other providers deliberately avoid that label, preferring terms such as AI Assistant, Board Assistant, IQ, Minute Writer or AI governance assistant. The terminology matters. In Australia, an AI tool is not a director. It cannot vote. It cannot owe fiduciary duties. It cannot discharge the personal duties imposed on directors and officers. It cannot bring the independent human judgement that remains central to corporate decision-making.
That does not make these tools irrelevant. It means they should be treated for what they are: potentially powerful boardroom co-pilots, not licensed drivers.
The better description is not "director" but boardroom AI assistant. At its most useful, this is a permissioned AI layer embedded in or connected to a board portal. It draws on board papers, minutes, resolutions, policies, registers, entity records and sometimes selected external sources to help directors and governance teams make sense of large volumes of information.
Common functions now being promoted or released include board-pack summaries; natural-language questions across historic board records; comparison of current papers with past decisions; draft questions for management; minute generation; action tracking; meeting-preparation prompts; risk and compliance gap-spotting; and, in more agentic products, the orchestration of bounded workflows subject to human approval and audit logs.
This is more than a generic chatbot. The better products are designed around the board's own governance record, existing access permissions, enterprise security controls and citations back to source documents. That is a significant advance on directors copying confidential board papers into a public AI tool. But it is still a tool. Its output is not a board decision. It is material for directors to test, challenge and use - or reject.
The immediate attraction is obvious. Board packs are too large, board agendas are too crowded and directors are expected to identify the critical issues quickly. A well-designed AI assistant can reduce search time, improve induction, make institutional memory accessible and help directors ask better questions. For company secretaries, it may also reduce the administrative burden associated with draft minutes, action items and routine board-cycle preparation.
The legal context is also important. In ASIC v Bekier (the Star Entertainment case), Justice Lee accepted that emergent technology may help address information overload, while also emphasising that analysing and understanding management information is a core board function. That is the balance the article should strike: AI can assist the board to control and interrogate information, but it cannot replace the board's responsibility to engage with that information.
Regulators are moving in the same direction. APRA has warned that many boards are still developing the technical literacy required to challenge AI-related risks and has cautioned against over-reliance on vendor presentations. ASIC has urged licensees and market participants to act now on AI-accelerated cyber threats, using a principles-based and model-agnostic approach. Those messages are directly relevant to boardroom AI tools because the board pack is among the most sensitive information sets an organisation holds.
The starting point is simple. Under Australian corporate law, a company director must be an individual. An AI system is not an individual. It cannot consent to act, be disqualified, be insured in the usual way, be examined in court as a responsible decision-maker, or owe duties of care, diligence, good faith, proper purpose and avoidance of conflicts.
Nor should a board attempt to create practical ambiguity by giving an AI tool a director-like title, a persona, or a standing invitation to "participate" without clear rules. A system may be called an AI Board Member for product purposes, but the governance documents, minutes and board protocols should describe it accurately: an approved technology tool used to assist directors and governance personnel.
This is not pedantry. If an AI assistant produces a flawed summary, misses a critical risk, misunderstands a paper, fabricates a source, or overstates the significance of historical material, the company cannot point to the tool as the accountable decision-maker. Directors and officers remain responsible for the decisions they make and the processes they adopt.
The strongest argument against rapid adoption is not that AI is useless. It is that boardroom use creates a concentrated risk profile: highly confidential materials, time-pressured decisions, legal privilege, market-sensitive information, cyber exposure, director reliance and formal records all intersect in one place.
The principal risks include hallucination, incomplete retrieval, excessive summarisation, automation bias, groupthink, loss of nuance, unclear data retention, cross-border processing, privilege waiver, poor auditability, model drift, weak access controls and vendor concentration. AI minute-taking introduces further issues: whether recordings or transcripts should exist at all, how long drafts are retained, who verifies them, and whether the final minutes fairly record the thrust of the discussion rather than merely summarising a transcript.
Agentic tools raise a further question. If a system can assign actions, follow up, propose filings, update registers or move information between systems, the board is no longer dealing only with text generation. It is dealing with workflow automation. That requires tighter authority limits, logging, approvals, exception reporting and incident response.
There is also a risk in avoiding the issue. If directors and executives are already using general-purpose AI informally, the board may be better served by approving a controlled tool with defined boundaries. A prohibition that is ignored can be worse than a policy that permits appropriate use in a secure environment.
Used well, AI can improve board effectiveness. It can help a new director understand the history of a matter, identify inconsistent management statements, compare commitments with progress, surface unresolved actions and test whether a paper explains the decision being sought. For subsidiaries and regulated entities, it may improve consistency across entity records, delegations, policies, compliance attestations and board reporting.
We are ready to pilot boardroom AI assistants. We are not ready to let them drive.
The sensible position for most boards is controlled adoption: start with low-risk use cases, such as search, summarisation, induction support and draft action tracking; prohibit unsupervised decision-making; keep legal and company secretariat oversight close; and require directors to verify AI outputs against source materials before relying on them.
Before procurement, boards and management should ask: What data will the tool access? Where will it be processed? Is customer data used to train models? What are the retention settings? Are responses source-cited? How are hallucinations tested? What permissions apply? Are privileged documents excluded or specially controlled? Can the company export its data and logs? What happens if the model is withdrawn, degraded or unavailable? Who approves agentic actions? How is use recorded for audit and discovery?
The ancillary debate about open-weight AI and on-device hardware adds one more lesson: boards should think about resilience. Cloud-hosted frontier models may change, degrade, be withdrawn or become unavailable. On-premise or locally hosted models may reduce some data-boundary and continuity risks, but they introduce their own governance, security, model-management and assurance burdens. There is no risk-free architecture. There is only a better or worse governed one.
Adopt a board-approved AI use policy covering approved tools, prohibited uses, role boundaries and escalation.
Start with a time-limited pilot and defined use cases.
Require source citations and director verification for any material point.
Keep confidential, privileged and market-sensitive information within approved systems only.
Document data residency, retention, training, access, audit logs and incident-response arrangements.
Maintain human review of draft minutes, actions, summaries and recommendations.
Define who may activate AI features and for which meetings, committees and papers.
Report periodically to the board or risk committee on usage, incidents, limitations and benefits.
Build fallbacks for model outage, vendor failure and records access.
The Digital Director is not a director. It is a new form of boardroom infrastructure. The boards that benefit most will not be those that anthropomorphise the technology or hand over judgement. They will be the boards that use AI deliberately, transparently and with disciplined governance.
In that sense, the question is not whether AI should be allowed into the boardroom. It already has been. The real question is whether the board has decided who is driving, who is navigating, and where the guardrails are.
Suggested source note for publication: This article draws on publicly available vendor materials, ASIC and APRA statements, AICD and Governance Institute guidance, Bell CJ's 2026 Harold Ford Memorial Lecture and commentary on ASIC v Bekier (Liability Judgment) [2026] FCA 196.
Whilst this article contains information which may be considered legal or legalistic in nature (including references to legislation and case law), it does NOT constitute or purport to be legal advice of any kind or in any way whatsoever. Independent legal advice must be sought where appropriate.
IMPORTANT: This post has been prepared with the aid of AI (including refining structure, wording and readability).Final judgement, editing and accountability remain with the author.
Recent governance failures are not just stories about bad behaviour. They are stress tests for every board. The real question is whether governance works when power, profit, ego and pressure are all pointing in the wrong direction.
Australian law does not impose a separate category of directors’ duties on board chairs. However, courts recognise that a chair’s additional responsibilities — including agenda-setting, information flow and board leadership — may affect how the duty of care and diligence is applied. The result is subtle but important: the duties are largely the same, but the standard expected of a chair may be more demanding.
In a governance context, diplomacy means handling sensitive issues with judgement, tact and integrity so that the right decisions can be made by the right people, using the right information, at the right time. It requires calmness, preparation, respect, independence and courage.