Corporate Governance 2026

BERMUDA Law and Practice Contributed by: Ian Stone and Leo Shaw, Wakefield Quin Limited

of AI. Bermuda has not enacted dedicated AI legis - lation, although the BMA’s discussion paper on The Responsible Use of Artificial Intelligence in Bermuda’s Financial Services Sector was issued in July 2025 (the “AI Discussion Paper”). The AI Discussion Paper is analysed in 8.2 AI Use-Related Risks . The general duties of directors – including the duty of care and the duty to act in the best interests of the company – apply to decisions involving the deploy - ment of AI systems, as they do to any other business decision. For regulated entities, the BMA’s existing supervisory expectations regarding risk management, internal controls and technology governance would apply to the use of AI within the regulated business. The Digital Asset Business Act 2018 (DABA) regulates digital asset businesses in Bermuda and includes pro - visions on cybersecurity and technology governance that may be relevant where AI is used in the context of a digital asset business. However, DABA is not a Bermuda does not currently have a bespoke govern - ance framework for AI use-related risks; however, this may change following issuance of the AI Discussion Paper. The AI Discussion Paper proposes an outcomes- based risk management framework with ultimate accountability resting with the board, which would be consistent with general principles of corporate gov - ernance in Bermuda. Rather than prescribing spe - cific technical implementations, the BMA’s approach focuses on the results to be achieved. The BMA states that, while the board may delegate day-to-day design, testing and monitoring, it remains account - able for establishing clear risk appetites, ensuring that governance structures include clear reporting lines, and receiving timely assurance that AI systems operate within approved parameters throughout their life cycle. The board’s accountability is described as “inalienable”, though supervision may be exercised through board committees, internal audit reviews and independent attestations. general AI governance statute. 8.2 AI Use-Related Risks

The AI Discussion Paper proposes a risk assessment framework evaluating AI systems across five key dimensions: • impact severity (the potential consequences of system failure on customers, business operations and the broader financial system); • autonomy and human oversight (the degree of human involvement in decision-making, including

the risk of “automation bias”); • complexity and explainability; • data sensitivity; and • deployment context and scale.

Governance requirements are to be proportionate, scaled to the financial institution’s business profile, size, complexity, AI maturity and the nature of its cus - tomer relationships (retail versus institutional). The consultation period for the AI Discussion Paper closed on 30 September 2025. In a stakeholder let - ter published in February 2026, the BMA confirmed that respondents broadly supported the proposed outcomes-based and principles-led approach and encouraged the BMA to integrate AI considerations within established risk management frameworks rath - er than creating separate AI-specific structures. The BMA confirmed its intention to maintain a technology- neutral supervisory approach. The BMA’s indicative timetable envisages a final proposal in Q3 2026. Consequently, AI governance in Bermuda is currently addressed through the application of existing legal and regulatory frameworks: • directors’ general fiduciary duties apply to deci - sions regarding AI adoption and deployment; • PIPA applies to AI systems processing personal information and requires appropriate protective measures; and • the BMA’s regulatory expectations regarding out - sourcing, technology risk and operational resilience apply to regulated entities’ use of AI. In practice, responsibility for AI strategy and risk man - agement within Bermuda companies varies by entity. For larger and listed companies, AI-related risks may fall within the remit of the risk committee, the audit

57 CHAMBERS.COM

Powered by