AI governance and board oversight: implications for M&A and private equity transactions

Introduction

Artificial intelligence has introduced a new dimension to corporate governance. Boards are increasingly expected to oversee AI deployment as a core fiduciary duty, and for M&A and private equity practitioners, governance failures can destroy deal value and fundamentally alter a target’s risk profile.

The evolving standard of board oversight

Directors’ duties of care and oversight under Section 174 of the Companies Act 2006 are now squarely engaged by the deployment of AI. Boards that fail to establish adequate governance structures risk claims of breach of duty and erosion of business value.

Regulatory expectations are crystallising through several channels, including:

• The EU AI Act
• The UK’s AI Safety Institute and evolving regulatory framework
• The Data Protection Act alongside changes under the new Data Use and Access Act and ICO Code of Practice
• Sector-specific guidance from the FCA and PRA.

The question is no longer whether boards must oversee AI, but what standard of oversight will be expected of them.

AI governance as a value driver and risk factor in M&A

AI systems may represent significant IP value as high-value intangible assets, but they may equally harbour substantial undisclosed liabilities.

Due diligence in AI-intensive transactions now extends well beyond traditional technology diligence. Key areas of enquiry include whether:

• The board has established an AI ethics committee
• Documented policies govern AI development and deployment
• Regular reporting mechanisms escalate AI-related risks to the board
• Impact assessments have been conducted for high-risk applications.

Transaction documents are also evolving to reflect the AI landscape. Sellers may be asked to provide a list of AI systems in use, warranties that AI systems comply with applicable laws and that training data has been lawfully obtained, alongside specific indemnities for AI-related liabilities including regulatory fines, data protection claims, and IP infringement.

Parties should also consider whether governance-related events should constitute MAC triggers and how compliance costs should be allocated.

Private equity: portfolio governance and value creation

For private equity funds, AI governance presents both a value creation opportunity and a portfolio risk requiring active management.

Key actions include:

• Assessing AI governance maturity during commercial due diligence
• Appointing individuals with relevant technical expertise to the board
• Implementing AI risk registers and escalation protocols
• Ensuring compliance with the Data Protection Act and, where applicable, the EU AI Act, DORA, and standards such as ISO/IEC 42001.

Demonstrable AI governance maturity is increasingly attractive to prospective acquirers and public market investors at exit.

The road ahead

The regulatory response is intensifying. For M&A and private equity practitioners, AI governance is no longer a niche technical matter. It is a board-level strategic issue that can determine whether a transaction creates or destroys value, and those who integrate AI governance assessment into their transactional practice now will be best positioned as the landscape continues to develop.