Maciejko proposes STAR quarterly review

Corporate boards are finally getting a more concrete playbook for AI oversight. That is the real news here. Robert Maciejko — writing on Columbia Law School’s Blue Sky Blog on May 8 — argued that boards need a repeatable quarterly process, not vague “AI is important” discussions, and tied that push to a working paper he coauthored on SSRN. ### What changed here? The new thing is not that AI governance matters. Everyone already says that. The new thing is the attempt to turn board oversight into a simple recurring checklist — the STAR review — that directors can use every quarter instead of treating AI as a one-off strategy session or dumping it on a single committee. The paper is titled *Power Steering, Not a Brake: How Boards Should Actually Govern AI*, and the authors are Henk de Jong, Robert Maciejko, Sampsa Samila, and Christoph Wollersheim. (clsbluesky.law.columbia.edu) ### What is STAR supposed to do? Basically, STAR is a four-question governance cadence. The letters stand for Shareholder Value Thesis, Threat Parity, Ability, and Risk Budget. The point is to force boards to ask, every quarter, where AI is actually creating value, whether the company’s defenses are keeping pace with the threats, whether the organization has the talent and operating capacity to execute, and how much risk the board is willing to tolerate. That is much more specific than “management should keep us updated on AI.” (corpgov.com) ### Why quarterly? Because AI changes faster than annual planning cycles but slower than daily operations. A quarterly review is the middle layer — frequent enough to catch drift, but not so constant that the board starts micromanaging. Maciejko’s Columbia piece says each STAR question should map to a few indicators with escalation rules, which turns AI oversight into a standing governance rhythm instead of an occasional panic meeting. (corpgov.com) ### What problem is this trying to fix? Maciejko says boards are failing in two opposite ways. One is the “clueless board” — directors who barely discuss AI and mostly delegate it downward. The other is the “FOMO board” — directors who push aggressive adoption before controls, data systems, and operating processes are ready. One leaks value slowly. The other can blow up fast through bias, bad claims, security failures, or regulatory trouble. (clsbluesky.law.columbia.edu) ### Why does this land now? Because the gap between AI exposure and board readiness is getting harder to ignore. In the Columbia post, Maciejko points to survey data showing that two-thirds of directors say their boards do not know enough about AI, only 26% discuss it at every board meeting, and just 27% have formally added AI governance to committee charters. He also notes that large-cap companies disclosing AI as a material risk jumped from 12% in 2023 to 83% in 2025. (clsbluesky.law.columbia.edu) ### Is this about regulation too? Yes — but not in the simple “new law arrived” sense. Maciejko argues that the EU AI Act reaches companies whose AI touches the EU market, while the U.S. still lacks a federal board-level AI governance framework. So boards cannot wait for a neat legal template. They have to build their own oversight machinery now, and they may still face liability if they fail to monitor a critical risk properly. (clsbluesky.law.columbia.edu) ### Why spread oversight across committees? Because AI is not one risk. It hits strategy, audit, cyber, compliance, talent, capital allocation, and product decisions all at once. A single “AI committee” can turn into a dumping ground. The STAR idea works better as a shared map — each committee owns the part closest to its job, but the board still gets one common quarterly frame. That is the “power steering” metaphor in the paper’s title: guide the company, do not just slam the brakes. (clsbluesky.law.columbia.edu) ### Bottom line? This is really a governance design story. Maciejko is saying boards do not need another AI principles memo — they need a calendar, four recurring questions, and clear escalation rules. If that catches on, STAR could become a practical default for boardrooms that know AI is now a core business issue but still do not know how to govern it. (clsbluesky.law.columbia.edu) (corpgov.com)