The responsibilities of business leaders and corporate boards have expanded beyond traditional strategic oversight. In an everchanging landscape, boards need to continue to review and adapt governance practices and operations to withstand pressures coming from technological advances such as GenAI and increasing cyber risk. 

Our Spring 2024 Issues for Boards publication identifies key themes for boards to focus on in the coming year and provides insight to aid directors and general counsels in navigating the hurdles ahead. Here, we highlight three themes relevant to tech businesses or those investing in tech.

Using generative AI to enhance performance

If 2023 was the year of peak hype for GenAI, we are now seeing some more critical assessments of the technology as projects start to highlight certain limitations and risks. 

To harness the opportunities of GenAI to deliver value while avoiding pitfalls and risks, boards and GCs need to lay out a strategic plan addressing what they aim to achieve and what this technology can actually deliver, having in mind that redesigning business processes takes time to deliver a return.

When it comes to compliance and risk management, companies will need to keep a watchful eye on the newly emerging legal framework, such as the EU AI Act, China’s generative AI law and various US laws (read more) - as well as increasing enforcement of existing laws and regulations, and private litigation.

As companies continue to explore new ways harness GenAI’s potential, including in customer facing deployments, businesses must ensure that they keep up with the legal and regulatory requirements, putting in place an effective control framework. Managing reputational risk is also key: AI needs to work within a clear ethical framework consistent with the business's broader ESG framework.

Cyber attacks: Keeping pace with new governance expectations

As businesses shift to new technologies, the risk of becoming the focus of cyber attacks – in particular extortion attacks – is greater than ever. And cyber risk has become one of the most common concerns for boards as well as one of the most challenging risks to manage. 

The intrinsic technicality of cyber security means that having the right metrics and ensuring the right governance framework is in place is difficult. For this reason, preparation is key. 

Testing, identifying and reporting vulnerabilities to the board is a powerful way to drive the right behaviours. It is worth considering specific training for boards on cyber security which can help equip board members to recognise and avoid potential threats. Indeed this will soon become a regulatory requirement for some EU businesses as a result of the new Network and Security Information Directive and Digital Operational Resilience Act (DORA) (read more).

Boards can learn to ask the right questions to ensure foundational protective measures are in in place. New cyber governance proposals may also be helpful in setting baseline expectations for boards to properly address cyber risk.

M&A: Making sure you cross the finish line 

2023 was characterised by increasingly unpredictable regulatory environment, and M&A timetables remained long due to the range of merger control, foreign investment and other approvals needed: with impacts for the tech sector which is under specific regulatory scrutiny .

Non-traditional factors, such as political concerns are of increasing importance: for example in investment screening, national security fears have propelled the spread of regimes globally. In in the US, EU and UK attention is also shifting to plans for outbound investment screening, aimed at stemming investment into critical technologies abroad.

Looking ahead, as part of early stage deal deliberations, boards need to consider the developing regulatory trends and factor allocating the risks of regulatory challenge and delay as part of the negotiations (read more).