The Chief Justice of NSW has put Australian directors on notice. The legal protections most boards have relied on for decades probably do not apply when AI is involved in a decision. That is not a commentary or prediction from a technology vendor. That is the view delivered by Chief Justice Andrew Bell AC at the 2026 Harold Ford Memorial Lecture, held at Melbourne Law School on 21 May 2026.

The lecture is titled “Corporate responsibility and directors’ duties in the era of Artificial Intelligence.” If you sit on a board, advise one, or lead a business that makes decisions with AI input, you need to read it. The full lecture is available on the Supreme Court of NSW website.

I want to walk through what Bell actually said, because the implications are more serious than most commentary is acknowledging.

What Did Chief Justice Bell Actually Say About the Corporations Act?

Bell went through the Corporations Act section by section. The conclusion he reached at each step was the same: the existing protections were designed for a world where human judgement was the default. AI sits outside that framework in ways that create real exposure for directors.

Section 189 allows directors to rely on expert advice. Bell’s analysis was clear. AI output does not qualify as expert advice because it is not prepared by a person. That is the threshold. If the advice does not come from a person, the protection does not apply.

The problem gets worse when a human uses AI to prepare advice and then presents it to a board. Bell pointed to what he called the “black box problem.” If you cannot explain how the AI reached its conclusion, you cannot credibly claim you independently assessed the advice. The defence requires genuine assessment. Rubber-stamping output you do not understand is not assessment.

Section 190 allows directors to delegate decisions. Bell was direct on this point: “There is no power to delegate to AI.” AI is not a person under the Corporations Act. The delegation protection simply does not reach it.

Section 180(2), the business judgment rule, received perhaps the most pointed commentary. Bell stated it “must be extremely doubtful that a director who simply adopts the recommendation of an AI bot could rely on the business judgment rule defence.” The rule requires a conscious decision. A conscious decision requires the director’s own reasoning. Adopting an AI recommendation without genuine deliberation falls short of that standard.

These are not edge cases or hypothetical readings of the law. The Chief Justice of NSW worked through the legislation methodically and reached these conclusions. Boards should treat them as the working legal reality until the law says otherwise.

Does Avoiding AI Protect You From This Risk?

No. This is where the analysis gets more complicated, and where I think many boards are making a mistake.

Bell was explicit that rejecting AI does not solve the problem. As AI tools make more information accessible, the standard for what it means to be “appropriately informed” rises alongside it. A board that chooses not to use available tools may find itself just as exposed as one that used them poorly. The question is not whether you used AI. The question is whether you made a properly informed decision with the tools that were reasonably available to you.

Bell also asked whether AI literacy should now be part of a board’s skills matrix. That question was not rhetorical. Boards are expected to have skills relevant to the governance of their organisation. If AI now shapes material business decisions, the argument that it falls outside board competency becomes harder to sustain.

Bell went further and raised the provocative question of whether an AI system used consistently enough in decision-making could itself qualify as a “shadow director” under the law. That question has not been answered. But the fact it is being raised by the Chief Justice tells you something about where this is heading.

ASIC has already signalled it will take enforcement action for what it has described as “poor use of AI.” The regulatory direction is clear, even if the legal framework has not fully caught up.

The uncomfortable truth is that using AI carelessly exposes you, and avoiding AI carelessly exposes you too. What protects you is a deliberate, documented approach to how AI is used in decisions.

What Is the Shadow IT Discovery Risk?

This is the part that catches people off guard. It is also, in my view, the most immediate operational risk for many businesses.

When organisations restrict access to sanctioned AI tools without providing alternatives, people do not stop using AI. They use personal accounts. They use consumer tools. They use whatever is available on their personal devices outside the organisation’s security stack.

Bell flagged this directly in the lecture. Those prompts and transcripts are already discoverable in litigation. He warned of “a new avalanche of discovery” that AI creates. Every conversation an employee has with a personal ChatGPT account about a work matter is potentially discoverable. Every prompt that fed into a business decision may need to be produced.

Most organisations have no visibility over this activity. They have no records. They have no audit trail. And if something goes wrong, the absence of that trail is not protection. It is a gap that opposing counsel will point to.

We see this pattern regularly. A business restricts AI because the IT or legal team is concerned about data security. The intent is reasonable. But without a practical alternative, the restriction does not reduce AI use. It just moves it underground and outside the security perimeter.

If you want to understand what a defensible AI policy looks like, we have published a practical AI policy template for Australian businesses that you are welcome to use as a starting point.

What Should Boards and Businesses Actually Do?

The answer is governance, not avoidance.

Bell framed this clearly: AI is a governance issue that sits with directors, not a technology issue to delegate to IT. That framing matters. A policy buried in the IT department is not board-level governance. It does not demonstrate the deliberation and oversight the law now appears to require.

Practically, that means a few things.

Boards need to understand how AI is being used in their organisation. Not at a technical level, but at a governance level. Which decisions are being informed by AI output? Who is accountable for those decisions? What processes exist to ensure human judgement is genuinely applied?

Decisions informed by AI need to be documented in a way that shows genuine reasoning. A board minute that says “we adopted the AI recommendation” without further analysis is precisely the scenario Bell described as insufficient. The record needs to show that the director understood the recommendation, assessed it, and applied their own judgement in accepting or rejecting it.

Organisations need a clear AI use policy. That policy needs to cover what tools are approved, what categories of decision they can inform, and what is required before acting on AI output. If you do not have an approved path for AI use, you will have unsanctioned AI use instead. And as Bell made clear, the consequences of that are already starting to arrive.

Boards should also consider whether they have the right skills to govern AI. That may mean adding expertise, engaging external advice, or ensuring directors receive appropriate briefings on how AI is being used across the business.

None of this is about becoming AI experts. It is about applying the same standard of care to AI that the law expects directors to apply to every other material aspect of their business.

Where Does This Leave Australian Directors?

Bell’s closing prediction deserves to be quoted in full: “It is not difficult to imagine a wave of litigation occurring down the track… It will be a bitter irony that AI may itself play a significant role in formulating claims and identifying vulnerabilities leading to litigation about the use of AI.”

Australian directors are running out of road on this. The lecture is not a warning about something that might happen in five years. The legal framework is already applied as-is to AI decisions. ASIC is already signalling enforcement. Discovery obligations already capture AI prompts and transcripts.

At Otto IT, we work with professional services businesses that are navigating exactly this. The questions we hear most often are not about AI capability. They are about confidence. How do we use AI responsibly? How do we document that we did? How do we make sure what our team is doing is inside our security perimeter?

These are the right questions to be asking. And the time to ask them is now, before a decision goes wrong and the answer needs to be reconstructed from litigation discovery.

Read the full lecture: Corporate responsibility and directors’ duties in the era of Artificial Intelligence — Chief Justice Andrew Bell AC, 21 May 2026.

If you want to talk through what this means for your business, we are here. Contact us or book a time directly.

This is not legal advice. For advice specific to your situation, consult a qualified legal professional.

Frequently Asked Questions

Do Australian directors’ duties apply to AI decisions?

Yes. The Corporations Act duties apply regardless of whether AI was involved in a decision. Chief Justice Bell’s 2026 Harold Ford Memorial Lecture found that the existing legal protections under sections 189, 190, and 180(2) likely do not cover directors who rely on or delegate to AI without applying genuine independent judgement.

Can a director rely on AI output as expert advice under section 189?

No. Chief Justice Bell found that AI output does not qualify as expert advice under section 189 of the Corporations Act because it is not prepared by a person. Even where a human uses AI to prepare advice, the “black box problem” makes it very difficult to demonstrate the independent assessment the defence requires.

Is it safer to avoid using AI altogether?

Not necessarily. Bell made clear that as AI makes more information accessible, the standard for being “appropriately informed” rises. Boards that choose not to use available tools may face equal exposure. The issue is not whether you use AI. It is whether you have a deliberate, documented approach to how AI informs decisions.

What is the shadow IT discovery risk for businesses?

When organisations restrict access to approved AI tools without providing alternatives, employees often use personal ChatGPT accounts or consumer tools. Chief Justice Bell warned those prompts and transcripts are already discoverable in litigation. Businesses with no visibility over this activity have no audit trail, which creates serious risk if a decision is later challenged.

What should a board do about AI governance right now?

Boards should understand how AI is used in their organisation, ensure decisions informed by AI are properly documented with genuine reasoning, put a clear AI use policy in place, and consider whether the board’s skills matrix includes appropriate AI literacy. This is a governance issue for directors, not a technology issue for IT teams to handle in isolation.

This is not legal advice. For advice specific to your situation, consult a qualified legal professional.