All White Papers

What Public Company Directors and Senior Executive Teams Need to Know About the SEC

New research from Iterate.ai explains why public company directors and senior executive teams can no longer treat AI governance as a future compliance issue—and what boards must do now to meet rising SEC, litigation, and disclosure expectations.

New research from Iterate.ai explainAI-specific federal legislation remains incomplete, but the SEC has already begun applying existing material risk, cybersecurity governance, and disclosure rules to artificial intelligence. For boards, AI is no longer just an innovation or IT issue. If AI is material to the business, its oversight, risks, vendor dependencies, and public disclosures are already board-level responsibilities.s why public company directors and senior executive teams can no longer treat AI governance as a future compliance issue—and what boards must do now to meet rising SEC, litigation, and disclosure expectations. What the research reveals:

  • Why AI disclosure expectations already apply. The SEC is scrutinizing whether AI disclosures are specific, substantive, and tied to actual governance practices—not vague or boilerplate language.
  • How Caremark-style oversight risk reaches AI. As AI moves into pricing, lending, hiring, compliance, customer service, and financial reporting, boards must show they have systems for monitoring mission-critical AI risks.
  • Why public AI creates privilege and confidentiality exposure. A 2026 federal court ruling found that documents created using a public AI platform were not protected by attorney-client privilege, raising serious risks for legal, compliance, and regulatory work.
  • Why vendor assumptions are not governance. Enterprise AI licenses do not automatically guarantee confidentiality, zero-training protections, or privilege. Boards need documented proof of how AI tools are configured and controlled.

Download the full whitepaper. Fill out the form to download, and learn the six questions every board should be able to answer about AI systems, SEC disclosure accuracy, committee oversight, third-party model dependencies, and legal privilege.

The companies that wait are betting that the SEC, plaintiffs’ attorneys, and institutional investors will not ask hard questions before the rules are fully formed. Based on the trajectory of the past two years, that is not a safe bet.

Thank you! Your submission has been received!
Download AI Risk Disclosure and the Regulator in the Room  - Handout 2
Oops! Something went wrong while submitting the form.