Corporate Governance 2026

GERMANY Trends and Developments Contributed by: Stephan Waldhausen, Moritz Pellmann, Justus Anacker and Cristina Hajek Gross, Freshfields PartG mbB

spanning AI integration, talent transformation and the management of regulatory complexity at the interface of employment, data protection and technology law. Agentic AI One development of growing significance is so-called agentic AI: systems that do not merely respond to prompts but autonomously perform tasks, such as negotiating or settling transactions without direct human involvement. As software begins to assume such functions, traditional regulatory and governance concepts are placed under strain. At the same time, the more capable, autonomous and operationally cen - tral these systems become, the stronger the case for elevating AI oversight to the highest level of corporate governance. To make AI governance tangible and auditable, boards should consider defining concrete metrics and key performance indicators, such as the number of AI use cases deployed, AI-related incidents, or employ - ee training coverage. Quantifiable oversight enables boards to track progress, identify gaps and demon - strate governance maturity to regulators and inves - tors. In parallel, boards should ensure that appropriate redundancies and fall-back procedures are in place so that governance and decision-making can continue if critical AI systems become unavailable due to tech - nical failures, cyber incidents or third-party outages. AI as a strategic tool for the board itself Boards are no longer merely overseeing AI use across the enterprise – they are becoming users themselves. According to a 2026 PwC survey of board members on corporate governance trends, 35% of directors report that their boards have already integrated AI, including generative AI, into their oversight activities (PwC, 2026 Corporate Governance Trends: Five Pri - orities for Directors). This trend is likely to accelerate. Boards and directors can use AI to digest information in preparation for meetings, identify trends from com - plex or vast data, or enable scenario planning, and use AI for strategic reflection. Although AI expertise is not a requirement for super - visory board membership, all directors should have a shared understanding of the AI models used by the board and the company, including their capabilities

and limitations. Ultimately, AI remains a decision sup - port tool and cannot substitute the board’s duty to make informed business judgements, including the critical examination of assumptions and data sources. Boards whose members actively use AI should treat AI usage policies and targeted training as priorities. Boards that do not yet use AI should nonetheless place the topic on their agenda. Adoption should be deliberate and organic, allowing space for experimen - tation and skill development rather than forced or dis - Mirroring the technology itself, the regulatory environ - ment surrounding AI is highly dynamic. Most of the EU AI Act (Regulation (EU) 2024/1689) will become applicable in August 2026, introducing a binding risk- based classification system. High-risk AI systems, which are common in enterprise settings, will be sub - ject to stringent requirements relating to transparency, data governance and human oversight. ruptive implementation. Regulatory environment In parallel, the EU Commission proposed the “Digi - tal Omnibus” in November 2025 – a comprehensive package aimed at simplifying parts of the EU digital regulatory framework, including targeted amendments to facilitate implementation of the AI Act. Beyond the EU, AI regulation is becoming increasingly fragment - ed, with major jurisdictions pursuing structurally differ - ent policy approaches. Boards must therefore embed AI Act compliance into their governance and compli - ance architecture, closely monitor the Digital Omni - bus process and ensure that their organisations are equipped to manage AI compliance across divergent and, in some cases, conflicting regulatory regimes. Data and Cybersecurity Risks In the digital economy, data serves as both a strate - gic asset and a critical point of vulnerability. As digi - tal integration deepens, cybersecurity has become a governance priority. Greater interconnectivity exposes companies to an expanding threat landscape, includ - ing data breaches, ransomware attacks and industrial espionage. Cyber threats have intensified significantly in recent years. Distributed Denial of Service (DDoS) attacks,

274 CHAMBERS.COM

Powered by