governance
AI Literacy for Directors: What It Actually Means in the Boardroom
Published: June 17, 2026
Read Time: 11 minutes
Key Takeaways
- AI literacy is judgment literacy, not technical skill. A director need not build a model, only test its output and keep the board's reasoning independent of the machine.
- The law has built this standard before. Centro made financial literacy a baseline director duty, cyber risk followed, and AI is moving the same way.
- The board test has five parts: know how the tool can be wrong, test its output, map where AI is used, weigh the specific risks, and keep the judgment human.
- One technologist on the board is not governance. AI literacy belongs on the skill matrix as a baseline every director must meet.
Imagine your board is asked to approve a transaction. The board pack includes a market scan, a risk summary and a set of integration assumptions. Management says AI helped prepare the material. The paper is well written. The risks are neatly ranked. The recommendation sounds plausible.
Then a director asks five basic questions. Which tool produced this? What information was it given? What was checked against a primary source? Were confidential details entered into a public system? And if the AI’s recommendation shaped the final paper, whose reasoning is the board actually adopting?
If no one can answer, the problem is not that the board lacks a data scientist. The problem is that the board cannot yet govern a decision shaped by AI.
That is the practical meaning of AI literacy for directors. It is not about prompt fluency, building models, or having an AI policy. Nor is it about using AI to analyse your board papers or summarise the minutes. It is the board-level ability to understand AI well enough to test its outputs, oversee its use, and keep the board’s own judgment independent of the machine.
The Chief Justice of New South Wales put the same issue to boards in his 2026 Harold Ford Memorial Lecture, asking whether “AI-literacy or competency” should be a criterion of a board’s skill matrix, and “what level of investment is required by a board in order for its directors to become AI-literate”. Whether boards should be AI literate is no longer really the question; the answer is plainly yes. The real question is what it actually means to be AI literate.
The law has built this kind of literacy standard before. Directors are already expected to be financially literate, and that expectation did not begin as an express checklist in the Corporations Act. It emerged from the general duty of care and diligence. That history matters because it shows how a broad obligation to be informed can harden into a baseline competency every director is expected to have.
How financial literacy became a duty
For a long time, a director could plausibly say the numbers were the accountant’s job. That excuse ran out in 2011, with the Centro decision.
In ASIC v Healey (2011), the directors of the Centro property group signed off on financial statements that misclassified billions of dollars of short-term liabilities as long-term. The mistake was there to be seen by anyone who read the accounts against what they already knew about the company’s borrowings. Every non-executive director and the chief executive were found to have breached the duty of care and diligence under section 180(1) of the Corporations Act. So was the chief financial officer, who was an officer of the company rather than a member of the board.
Centro matters for AI because of how Justice Middleton framed the obligation.
First, he placed it somewhere no director can delegate away. “There is a core, irreducible requirement of directors,” he held, “to be involved in the management of the company and to take all reasonable steps to be in a position to guide and monitor.” Directors can rely on management, auditors and committees. They cannot rely their way out of understanding what they approve.
Second, he described the competency in practical terms. “All directors must carefully read and understand financial statements before they form the opinions which are to be expressed in the declaration.” The obligation was not to become an accountant. It was to read the accounts, understand them, and catch the kind of error that should have been apparent.
Third, he kept the bar at a sensible height. “The basic concepts and financial literacy required by the directors to be in a position to properly question the apparent errors in the financial statements were not complicated.” Financial literacy was a floor, not a professional qualification.
Finally, drawing on the older AWA line of authority and Daniels v Anderson, he described the posture expected of every director: a “diligent and intelligent interest” in the information available, an effort to understand it, and an “enquiring mind” applied to the responsibilities of the office.
That is the bridge to AI. Cross out “financial statements”, write in “AI-shaped advice”, and the principle travels almost intact. A director does not need to be able to build an AI system. They do not even need to be able to prompt one. But they do need enough literacy to question the output before it becomes the board’s judgment.
The pattern has also moved beyond financial statements. In ASIC v RI Advice Group (2022), the Federal Court held that a licensee’s failure to put adequate cybersecurity controls in place fell short of its obligation to provide financial services efficiently and fairly. That case was not a directors’ personal duty case under section 180. But it illustrates the same governance movement: once a technology becomes central to how an organisation operates, and its risks become foreseeable, responsibility for managing those risks cannot simply be outsourced. If that ground is new to your board, Rinske Geerlings’ primer on cyber security for boards is a good starting point.
Directors’ AI obligations are not yet settled in the same way. No court has handed down a Centro for AI. But the direction is hard to miss. The Chief Justice has put the questions directly: should AI competency sit on the skill matrix, and how much does a director need to understand about the tools the company depends on? Those are the kinds of questions that can become legal standards once a court is forced to answer them.
None of this stops at the listed company boardroom. Many not-for-profits are companies limited by guarantee, so section 180 applies to their directors directly. Where the company is also a registered charity, the Corporations Act duties are largely switched off and replaced by ACNC Governance Standard 5, which asks the same care and diligence of a charity’s responsible people, enforced by the ACNC rather than ASIC. Incorporated associations answer to their own state and territory Acts; most now spell out the same care and diligence duty, and where an Act is silent the general law and, for a registered charity, Governance Standard 5 close the gap. The statute changes; the standard does not. A volunteer director weighing AI-shaped advice for a community organisation is expected to bring the same enquiring mind the court looked for at Star.
The boardroom AI literacy test
The seminar version of AI literacy is usually a tour of the tools: how to prompt ChatGPT or whichever model is newest, what the latest features can do, and a few cautionary headlines. That may be useful for operators. It is not the literacy the law would test in a director.
For directors, AI literacy comes down to five boardroom capabilities.
1. Know how the tool can be wrong.
This is the AI version of reading and understanding the accounts. Directors do not need to know how a model was trained. They do need to understand the common failure modes: hallucinated facts, hidden bias, sycophantic answers, inconsistent responses to similar prompts, weak sourcing and black-box reasoning. The board question is simple: where is this tool most likely to be wrong in this particular decision?
2. Test the output before relying on it.
Centro punished directors for nodding through figures they should have questioned. The AI version is nodding through a fluent answer because it is polished and confident. Directors should ask what the output was based on, what it may have missed, what assumptions it built in, and who checked it against a real source. Treat AI output as a draft to be interrogated, not a conclusion to be adopted.
3. Know where the organisation is using AI.
A financially literate director understands their own company’s finances. The same specificity applies to AI. Boards need visibility over where AI sits in products, operations, customer interactions, risk processes and board-paper preparation. They need to know what data is being fed into which tools, which tasks have quietly moved to automated systems, and which vendors or models the organisation depends on. You cannot govern a use you cannot see, which comes down to whether your board has done its homework.
4. Weigh the risks specific to the use case.
Confidentiality is the immediate risk. A director who drops the details of a confidential transaction into a public AI tool has likely walked past the company’s data governance and may have compromised legal or commercial obligations. Beyond that sit bias in automated decisions, intellectual property exposure, poor data provenance, over-reliance, the erosion of genuine boardroom debate, and the litigation tail. Depending on the circumstances, prompts, transcripts and outputs may be discoverable. The Delaware case Fortis Advisors v Krafton, where a chief executive’s deleted ChatGPT logs turned up as evidence, is the cautionary tale. Closer to home, ASIC v Bekier was described by the Chief Justice as the first Australian judgment to reflect on AI use by directors, with Justice Lee noting that many directors are already using AI informally to prepare for meetings.
5. Keep the judgment human.
This is where literacy meets the safe harbours. As the Chief Justice warned, a director who simply adopts an AI’s recommendation may find the business judgment rule is not there for them, because they never made the conscious, independently reasoned decision the law requires. Literacy means using AI, in words the lecture endorsed, “as an aide to their own decision-making, rather than as a substitute for making an independent assessment”. The test is whether each director can explain their own reasoning without pointing back to the machine.
These five are framed around risk, because that is where a director’s legal exposure is greatest, but the same literacy that lets a board govern AI’s failures should also let it ask the opportunity question: whether the organisation is using the technology well, and not merely safely.
What it is not
AI literacy does not mean directors have to code, build models, or follow the mathematics of machine learning. Centro is explicit that the financial literacy required “was not complicated”, and the same calibration should apply here. The bar is informed judgment, not technical mastery.
Nor can the board solve the problem by recruiting one technologist and deferring to them. That is no more sufficient than leaving the accounts to the one director who used to be an accountant. Specialist expertise helps, but baseline literacy must be collective. Every director needs enough understanding to ask a sensible question and recognise an unsatisfactory answer.
It is not discharged, either, by a policy nobody reads or an annual briefing over dinner. Financial literacy is a continuing capability. AI literacy will have to be kept current even more deliberately, because the tools, use cases and risks are moving faster.
There is a fair objection here. The competency burden on directors is rising: finance, cyber, climate, culture, technology and now AI. At some point, the cumulative load becomes real. But the answer is not to lower the standard of care. It is to resource it properly: better management reporting, secure tools, external expertise where needed, repeat education, clear escalation paths and board papers that make AI use visible.
What boards should do now
If that is what AI literacy means, here is what it looks like in practice.
- Put AI literacy on the skill matrix as a baseline capability. Assess every director against the five capabilities above. Close the gap with repeated education, not a one-off seminar. A structured governance work plan for responsible AI adoption can give that work a backbone.
- Maintain an AI use register. Management should tell the board where AI is being used, which tools are approved, what data they touch, who owns each use case, and how outputs are checked. This should include AI used in preparing board materials.
- Require disclosure in board papers. If AI materially assisted a recommendation, the paper should say so. It should identify the source material, the validation step and the human owner of the conclusion.
- Offer secure, sanctioned tools. A ban that pushes directors and executives into personal accounts is not governance. It is shadow AI. Boards need a usable, approved alternative with clear rules for confidential information.
- Record the human rationale. For any significant decision AI has touched, the minutes and supporting papers should show the board’s reasoning. If the only explanation for the decision is the AI’s output, the board has a literacy problem and quite possibly a duties problem.
Beyond AI
AI is the technology forcing the question today. It will not be the last. The same reasoning that builds an AI literacy standard out of the duty of care will build the next one too, because the duty itself does not name a technology. It asks directors to be appropriately informed and to bring their own judgment to bear.
So the durable question is not whether every director can explain transformer architecture, model weights or retrieval-augmented generation. It is whether they can explain what they decided, why they decided it, and how they tested any machine-shaped advice that helped get them there.
That is the standard boards should measure themselves against. Holding a workshop, adopting a policy or buying the latest tool does not meet it. A director who can stand behind the decision as genuinely their own has met it.
This article is general in nature and is not legal advice. Directors should seek advice tailored to their own circumstances.
Share this Article
Recommended Reading
Recommended Viewing
Author
-
Managing Director
- About
-
Raphael is the Managing Director of Better Boards Australasia. Over almost 17 years he has worked closely with directors, boards and executives to help them master the Art & Science of the Boardroom, and has built or overseen the development of more than five software products focused on governance, boards and directors.
He has a deep interest in the intersection of technology, business automation, decision-making, investment and behavioural economics. Raphael regularly writes and speaks on boards and the boardroom, decision-making and bias, technology, governance, leadership and not-for-profit matters, and has presented for organisations and events including the Association Leaders eXchange in New Zealand, RMIT University and BDO Melbourne. To book him for your board or event, email info@betterboards.net.
When he’s not in the office, Raphael can be found out on the water sailing, tinkering with electronics, or in the workshop woodworking.
Found this article useful or informative?
Join 5,000+ not-for-profit & for-purpose directors receiving the latest insights on governance and leadership.
Receive a free e-book on improving your board decisions when you subscribe.
Unsubscribe anytime. We care about your privacy - read our Privacy Policy .