The reason isn't the UN's authority. It's the pattern. International frameworks like this one consistently precede domestic regulation, often by just a few years. Boards that treat this as someone else's problem tend to scramble when the regulations arrive.
AI development is concentrated in a small number of companies and countries. The decisions those developers make affect millions of people who had no voice in them. And the regulatory environment that governs those decisions is, right now, a patchwork — creating real uncertainty for organizations operating across jurisdictions.
That uncertainty is already a board-level problem.
TLDR
- 118 of 193 UN member states have no meaningful seat at the AI governance table — most are in the global South
- The seven recommendations aren't binding, but they signal where mandatory requirements are heading
- Data governance, human rights framing, and standards interoperability will become compliance baselines
- Boards unable to explain how AI is governed internally are drawing scrutiny from regulators, investors, and legal counsel
- Now — between framework proposals and enacted law — is when governance infrastructure should be built
The Global AI Governance Gap in Numbers
The numbers from the UN's final report are stark. Only seven countries — Canada, France, Germany, Italy, Japan, the UK, and the US — are party to all of the sampled international AI governance initiatives. 118 UN member states are party to none of them, and those 118 are primarily in the global South.
That gap isn't only a development equity problem — it's a governance architecture problem with direct exposure consequences for any multinational business operating across those jurisdictions.
What Regulatory Fragmentation Looks Like Right Now
Three major jurisdictions, three completely different approaches:
- EU: The AI Act (Regulation 2024/1689) entered into force August 1, 2024, with phased implementation running through 2027. It's the most comprehensive binding AI law currently in effect, and it applies to non-EU companies whose AI outputs reach EU users.
- United States: Relies primarily on voluntary frameworks, sector-specific agency guidance, and evolving executive-branch actions. No comprehensive federal AI statute is in force.
- China: Has addressed AI through targeted rules — Algorithmic Recommendation Provisions, Deep Synthesis Provisions, and Generative AI Interim Measures — focused on stability and state-defined content standards.
For a company operating across these three jurisdictions, compliance looks different depending on which legal team you're asking. Add 118 countries with no formal framework at all, and the exposure becomes harder to map.
Boards in financial services, healthcare, and retail face the sharpest edge of this fragmentation. These sectors already carry dense regulatory environments. AI layered on top means legal and compliance teams are managing obligations that regulators haven't finished writing yet — which is exactly the kind of ambiguity that boards need a clear position on before an incident forces the question.
The Seven Recommendations: What the UN Is Actually Proposing
The HLAB-AI's proposals are explicitly designed to be "agile, adaptive, and effective" — not binding mandates. Boards should read them not as current legal obligations but as a blueprint shaping what binding obligations will look like when they arrive.
Knowledge and Policy Infrastructure
Recommendation 1 — International Scientific Panel on AI An independent, multidisciplinary body that would produce annual reports and thematic assessments on AI capabilities, risks, and uncertainties. The goal is closing the information asymmetry between AI developers and everyone else : governments, regulators, and civil society.
The analogy here is the IPCC for climate change. When expert panels like that establish consensus knowledge, that consensus becomes the reference standard for what "reasonable" governance looks like. Any organization whose AI risk posture diverges from that emerging consensus accumulates exposure — quietly, then suddenly.
Recommendation 2 — Policy Dialogue at the UN Twice-yearly intergovernmental and multistakeholder meetings to share best practices and promote regulatory interoperability , rooted explicitly in human rights. Boards should already be asking vendors what regulatory standards their AI systems are built to comply with — because that question will only get harder to answer later.
Standards, Capacity, and Funding
Recommendations 3 and 4 — AI Standards Exchange and Capacity Development Network
- The Standards Exchange would maintain a register of AI definitions and standards, evaluate existing ones, and identify gaps
- The Capacity Development Network would provide compute resources, training data, and governance expertise to underserved regions
Standards fragmentation today creates real vendor lock-in and compliance risk. When a vendor's AI system is built to one set of standards and a regulator references another, organizations get caught in the middle. ISO/IEC 42001:2023 offers one current management-system baseline, but it won't remain the only reference regulators cite.
Recommendations 5 and 6 — Global AI Fund and Global AI Data Framework
- The fund targets compute access and SDG-related AI capacity for underserved regions
- The data framework defines data principles, standards for AI training data provenance, and mechanisms like data trusts and exchanges
The data framework is the piece most relevant to enterprise boards. Organizations will eventually need to demonstrate where their AI training data came from, how it was used, and what accountability exists for decisions the model makes.
If your organization can't produce that evidence today, that's a governance gap worth documenting now.
Recommendation 7 — UN AI Office
Taken together, the six mechanisms above need a home. This small coordinating office within the UN Secretariat supports and connects them. Its significance is institutional: AI oversight is being built into the UN's permanent architecture, not parked in a temporary advisory project.
Why This Is a Board-Level Risk Right Now
A common response from boards is some version of "this doesn't apply to us yet." That posture is harder to defend than it looks.
According to a Deloitte survey of 468 board members and C-suite executives across 57 countries, 45% said AI had not made it onto their board agenda, and 79% reported boards had limited, minimal, or no AI knowledge or experience.
The SEC has already charged investment advisers for making false and misleading statements about their AI use — which means regulators are watching claims, not just practices.
Three Specific Exposure Points Boards Often Miss
The EU AI Act applies to any provider whose AI system's output is used in the EU — regardless of where the company is headquartered. A US-based company with European customers already has obligations taking effect on a phased schedule through 2027.
AI embedded in third-party software, HR platforms, credit tools, or healthcare systems creates indirect exposure. The organization deploying that AI bears accountability under the EU's Annex III high-risk categories — which include recruitment and selection, creditworthiness assessment, and healthcare patient triage.
Between January 2023 and June 2024, 23 AI-related shareholder proposals were filed at U.S. companies, with the number doubling in 2024. Netflix received 43.3% support on an AI transparency proposal. Apple received 37.5%. These aren't majority votes — but investor attention on AI accountability is building steadily.
NACD's "Director Essentials: AI and Board Governance" publication makes explicit that boards need foundational AI knowledge, defined oversight responsibilities, and clear focus areas. More than 62% of directors now set aside dedicated board time for AI discussions — yet dedicated agenda time only creates accountability when paired with defined roles, escalation thresholds, and measurable oversight criteria.
What These Recommendations Signal for Corporate Leaders
The seven recommendations aren't just aspirational. Each one points toward a requirement that will eventually show up in law, contract, or litigation.
Signal 1 — Data governance becomes a compliance baseline The proposed global AI data framework signals that data lineage, consent mechanisms, and audit trails will become governance expectations — not technical features. Boards should ask: can our organization produce evidence of how AI systems use data, and where did that data come from?
Signal 2 — Standards fragmentation is a near-term vendor risk The push for an AI Standards Exchange acknowledges today's gaps explicitly. Technology leaders need clear answers on how AI vendor contracts address standards compliance — and what protections exist when those standards shift.
Signal 3 — Human rights framing will appear in litigation and regulation The report's human rights grounding is already shaping enforcement. The EU AI Act is framed around protecting fundamental rights. The CFPB has stated that algorithmic credit decisions must provide specific adverse-action reasons — opacity is not an acceptable defense.
Signal 4 — Expert consensus will define "reasonable" governance When an international scientific panel begins publishing annual AI risk assessments, those assessments become the reference for what a reasonable board should have known. Organizations calibrating AI risk posture to current law alone — rather than emerging expert consensus — will find themselves behind that standard.
Tyson Martin works with boards to build AI governance frameworks that are inspectable before regulators or plaintiffs ask — with clear decision rights, escalation thresholds, and reporting tied to business outcomes. Boards that structure this oversight now adapt faster when requirements formalize.
How Boards Should Respond Now
The gap between a proposed international framework and enacted domestic law is not a waiting period. It's the window for building governance infrastructure that holds under scrutiny when regulations arrive.
Action 1 — Map your AI inventory Boards should be able to answer three questions: what AI systems does the organization use, what data do they rely on, and where do transparency or human rights obligations apply?
Tyson Martin's AI Governance Starter Pack addresses this directly: a 30-day sprint that produces an AI risk assessment, decision-rights map, one-page board-level AI policy, and a facilitated director briefing.
Action 2 — Clarify AI decision rights Define which AI-related decisions require board oversight, which belong to management, and what the escalation thresholds are. The HLAB-AI's framework will reinforce this accountability structure. Organizations that haven't defined it yet will be forced to under pressure, which is a worse time to do it.
Action 3 — Engage your regulatory and legal function proactively General counsel and risk leaders should be tracking:
- EU AI Act implementation deadlines (August 2025 for GPAI provisions; August 2026 for most Annex III high-risk systems)
- U.S. voluntary guidance evolution through NIST and sector regulators
- Sector-specific rules in financial services (CFPB adverse-action requirements), healthcare (FDA predetermined change control plans), and retail (FTC facial recognition enforcement)
Action 4 — Demand plain-English AI risk reporting AI risk reporting should communicate trend, not trivia: tied to business decisions and material exposures, not just technical metrics. If a board report requires a data scientist to interpret it, it's not serving governance.
Frequently Asked Questions
What is the UN High-level Advisory Body on Artificial Intelligence?
The HLAB-AI is a 39-member body created by the UN Secretary-General to address gaps in international AI governance. It draws on experts from government, industry, and civil society to produce recommendations the broader international community can act on.
Are the UN's seven AI governance recommendations legally binding?
They are advisory proposals, not binding rules. Frameworks like these consistently precede binding regulation at the national and regional level — often by just a few years.
How does the UN's AI governance framework compare to the EU AI Act?
The EU AI Act is the most comprehensive binding AI regulation currently in force. The UN framework proposes the international infrastructure — scientific panels, standards bodies, funding mechanisms — to support governance globally. They are complementary, addressing different levels of the same problem.
What is the biggest gap in current global AI governance?
The participation gap. With 118 of 193 UN member states absent from substantive AI governance initiatives, and AI development concentrated in a handful of companies, accountability is structurally limited. Most of the world has no formal seat at the table where AI rules are being written.
What should a board of directors do in response to global AI governance trends?
Start by mapping AI exposure across the organization, clarifying internal decision rights, and ensuring AI risk is reported in terms the board can act on. Governance readiness built now will be defensible when regulations formalize.
How will the proposed global AI data framework affect enterprises?
A standardized data framework will require organizations to demonstrate transparency and accountability in how AI systems use data. Data lineage, consent mechanisms, and audit trails will shift from technical features to governance expectations — and then to compliance requirements.
