Last week, the Securities and Exchange Commission’s Investor Advisory Committee met to discuss, among other things, whether to recommend to the SEC that it issue additional disclosure guidance related to artificial intelligence (AI). With some dissent, the Committee ultimately voted in favor of the recommendations (see Disclosure of Artificial Intelligence’s Impact on Operations), which are fairly prescriptive and seem consistent in spirit, in many respects, with the cybersecurity disclosure rules. The Committee recommends that the SEC issue AI-related disclosure guidance premised on a materiality standard. In its recommendations, the Committee notes that the analysis should take into account the impact of AI on the company’s growth, financial results, barriers to adoption, possible adverse developments and evolving competitive and regulatory landscape and other similar risks. The disclosure guidance should require that issuers adopt a definition of the term “Artificial Intelligence;” disclose board oversight mechanisms, if any, for overseeing the deployment of AI; and, if material, report separately on the deployment of AI and the effects of deployment on the company’s internal business operations and on consumer-facing matters. The Committee recommends that this AI disclosure be integrated into existing Regulation S-K disclosure items, including Reg S-K items 101, 103, 106, and 303, rather than calling for a new standalone line item.
The Committee discussion was preceded by various statements from the Commissioners, including from Chair Atkins. In his introductory remarks, Chair Atkins noted, “with every emerging development, the question for the SEC to consider is not necessarily its novelty, but whether our existing disclosure framework sufficiently provides investors with material information about it. And on that point, I believe that investors can rely on our current principles-based rules to inform them of how AI impacts companies. Indeed, we should resist the temptation to adopt prescriptive disclosure requirements for every “new thing” that affects a business. Our principles-based rules were intentionally designed to allow companies to inform investors of material impacts of any new development, including how AI affects their financial results, how AI can be a material risk factor to an investment, and how AI is a material aspect of their business model. These rules have stood the test of time because they rely on the fundamental principle of materiality rather than on ever-expanding checklists.”
Commissioner Peirce in her introductory remarks raised a number of questions for consideration relating to the disclosure—questioning, among other things why it was inherently problematic that there be variation in and among the AI-related disclosures being made by registrants. Seeking to “harmonize” disclosures and trying to make disclosures more consistent across registrants seems to have taken on a life of its own. Recently, many new proposed or final disclosure requirements have been justified in order to harmonize disclosures made by issuers in the interest of advancing investor protection. But, is this really beneficial? Doesn’t this in fact encourage more boilerplate, less tailored, issuer-specific disclosure that is less informative and less meaningful to an investor? And, if there’s a requirement for a company to disclose board oversight mechanisms how many companies will actually state that they do not feel that their companies require such an oversight process? Probably none. So the end result will be generic language in response to the disclosure requirement. Commissioner Uyeda raised other interesting concerns with respect to board oversight. He noted that “while board oversight is a critical governance function, mandating disclosures in this area may not always yield meaningful insight for investors—especially if oversight responsibilities are diffuse or still evolving. And while reporting on the material effects of AI is a reasonable goal, it may be difficult in practice to isolate those effects separately from regular business operations.”
For AI-related disclosures, we may be well-served to review the types of, and the quality of, the disclosures that have emerged following the SEC’s cybersecurity disclosure rules—a post-mortem review of sorts–and consider whether having relied on the existing (or pre-existing, in the case of cybersecurity) disclosure requirements might yield more nuanced and issuer-specific information.