Boards must own data

Corporate boards are being told to treat data as a board issue, not just an information-technology task, as artificial intelligence spreads through core business systems. (kpmg.com) KPMG’s Board Leadership Center said boards should test whether a company’s data governance framework is keeping pace with artificial intelligence, generative artificial intelligence, and cybersecurity risks. Its 2024 guidance lists four areas for board focus, including the adequacy of the data governance framework and the company’s use of data. (kpmg.com) A separate KPMG paper published in 2025 says companies should split data quality work from governance work, with artificial intelligence handling more real-time checking and humans retaining oversight of policy, standards, and accountability. The paper argues that data quality has become a strategic decision for senior management because artificial intelligence systems depend on constantly changing data flows. (kpmg.com) KPMG and INSEAD, the business school, published global Artificial Intelligence Governance Principles for Boards on April 14, 2026, saying directors now need oversight of technology architecture, data usage, ethical guardrails, workforce change, and long-term resilience. The framework sets out five principles, including strategic oversight for long-term value creation and active technology and security oversight. (kpmg.com) The push comes as KPMG warns boards that regulation is fragmenting across trade, sustainability, technology, and sector rules, making it harder for multinational companies to treat compliance as a local or siloed problem. In guidance published in 2026, KPMG said boards should fold that divergence into core strategy, risk, and governance processes. (kpmg.com) For directors, the practical question is whether management can show where critical data comes from, who owns it, how it is protected, and how errors are caught before they reach an artificial intelligence model or a financial report. KPMG’s data-risk guidance tells boards to ask about data quality, security, privacy, regulatory compliance, and the people, process, and technology controls around them. (kpmg.com) KPMG has been making the same case across adjacent risks. Its 2023 regulatory outlook said supervisors were already examining board reporting, proof of challenge, data inventories, lineage to legacy systems, and accountabilities across information technology, data management, risk, and compliance teams. (kpmg.com) The shift is that artificial intelligence turns weak data into a board-level exposure faster than older software did. KPMG’s 2026 board principles say directors are being pulled into decisions they once kept at a distance, because choices about data use and guardrails now shape business models, risk exposure, and trust. (kpmg.com)