
All rights reserved, Habeas 2026
See our Privacy Policy
See our Privacy Policy

At some point in the next board meeting, or perhaps the one after that, a director is going to be asked to confirm that accountability for AI has been clearly allocated across their organisation. The AICD's second edition of A Director's Guide to AI Governance, released on 29 June 2026, makes that expectation explicit. The question the guide doesn't answer (and cannot, by design) is what happens when a director tries to exercise that accountability and the underlying AI work cannot be traced.
This is a narrower point than it might appear, and a more consequential one.
The second edition responds to a specific shift in how AI is being deployed in Australian organisations: the move from AI that assists to AI that acts. Agentic AI systems, which can plan, sequence tasks, and take actions with limited human intervention at each step, are embedding across corporate operations faster than governance frameworks were designed to handle.
The guide stresses board accountability and oversight. It asks directors to confirm that accountability for AI has been clearly allocated within the organisation, and to test whether existing risk and reporting frameworks remain adequate as agentic systems spread. The core ask is that boards treat AI governance as their responsibility, not something delegated entirely to management or IT.
As governance advice goes, this is sensible. AI is consequential enough to warrant board-level attention. The risk of treating it as a purely operational matter, something beneath the board's notice until something goes wrong, is real.
Here is where the guide, and governance advice of this kind generally, encounters a structural limitation. The language of accountability, oversight, and framework adequacy all assume that a board, or the general counsel advising that board, can examine what the AI did. That examination requires an audit trail: what source material was considered, what the system concluded on the basis of it, and how that conclusion traces back to verifiable authority.
Most AI tools don't provide this. They return outputs. Those outputs may be fluent, they may even be accurate, but the path from question to answer is opaque. There is nothing to check, because there is nothing to show.
A board that adopts a thorough AI governance policy and then relies on AI tools that cannot be audited has not closed the accountability gap. It has documented it.
Consider what this looks like when something goes wrong. A regulator opens an inquiry. A board seeks assurance that its AI-assisted compliance work was conducted properly. The question is not whether a governance policy existed. The question is whether the GC can reconstruct what the AI relied on to reach the legal position that informed the decision under scrutiny. If the answer is no, if the output was accepted and actioned without any traceable basis, the framework that allocated accountability offers no protection. It is a record of intention, not of performance.
This matters more for legal and compliance work than for almost any other function. A commercial decision supported by AI-generated legal analysis carries the general counsel's professional judgment behind it. When that analysis cannot be traced to its sources, when the citations, if they appear at all, have not been verified against primary Australian law, the GC's sign-off is exposed. The policy says accountability is allocated. The work is silent on whether it was exercised.
The AICD's focus on agentic AI is well-founded, and the traceability problem is more acute there than in single-step AI outputs. An agentic system doesn't return one answer; it executes a sequence of tasks, each of which may involve retrieving, synthesising, or acting on information. The accountability question, what did the AI do, and on what basis, multiplies across every step in that chain.
The compounding risk is specific: if an agentic system retrieves an incorrect legal position in an early step, that position may become a parameter for decisions made later in the chain. By the time a document or recommendation surfaces for review, the original error is invisible in the output. There is no moment at which it announced itself. The governance framework required sign-off. The sign-off happened. The error persisted beneath it.
For boards and general counsel trying to govern these systems, the practical difficulty is real. A governance framework that requires sign-off on AI-assisted work can only function if the work can be reviewed. Sign-off on unauditable output is a formality, not a control.
Australian courts are watching this closely. The professional obligation in federal proceedings runs to the output, regardless of the process that produced it: a practitioner who relies on AI to prepare filed documents remains responsible for confirming that cited authorities exist and support the proposition stated. Boards operating under the AICD's framework face an analogous obligation at the governance level. The policy and the framework need something behind them: work that was done in a traceable way and can be shown to have been.
For the general counsel sitting between the board and the organisation's AI use, the practical implication is specific. The board will look to the GC to confirm that AI governance is functioning, not documented without substance behind it. That confirmation is defensible when the underlying legal and compliance work can be traced to its sources and reviewed. It becomes aspirational when the AI tools in use generate outputs that cannot be audited.
The moment this sharpens is the regulatory inquiry, the litigation discovery request, or the internal investigation after an incident, when someone with authority asks the GC to account for the legal analysis that informed a consequential decision. "We used AI" is an incomplete answer. "We used AI and the analysis traced to verified Australian primary law, which we can show you" is a different answer. The governance framework is what authorised the process. The audit trail is what demonstrates the process was followed.
The GC's role is to ensure that the legal and compliance work feeding board-level decisions meets a standard that would survive scrutiny from the board, from a regulator, or, if things go badly, from a court.
Foundational research processes that used to take a full morning can now be completed in minutes. That efficiency is real and it matters. The question is whether the speed comes with an audit trail the governance framework can rely on.
We built Habeas on this problem. The search engine underlying the platform scans over 300,000 Australian cases and pieces of legislation, with results grounded in a closed dataset of verified Australian legal sources: verifiable and traceable, not generated from a model that may or may not have encountered those sources in training. Every research output comes with citations that point back to the source document. A GC reviewing AI-assisted legal analysis can see where the answer came from and check it against the primary law.
We are not claiming this resolves AI governance across an organisation. The AICD's guidance addresses a broader and more complex problem than any single research tool can. Board accountability encompasses how AI is used across commercial, operational, and strategic decisions, and that is properly a board-level matter requiring the kind of framework the AICD is right to press boards to build.
The narrower claim is this: when general counsel use Habeas for the legal research and analysis that informs board-level decisions, the work that comes back is auditable. The citations are real. The sources are verifiable. The path from question to answer can be shown to whoever asks.
A governance policy allocates responsibility. Traceable work is how a board demonstrates that responsibility was exercised, and those two things are not the same.
If you want to see what that looks like for your team, book a demo at habeas.ai.
If you want to try for yourself or get in contact, book a demo with us here. We also offer the capacity for self-serve individuals to sign up, and subscribe or register a free trial at app.habeas.ai.
The legal research in this article was conducted and every citation verified using Habeas, the Australian legal AI research platform.
Hero image: Nastuh Abootalebi on Unsplash
