Decoding AI Disclosure – A U.S. Perspective
Addendum to Decoding AI Disclosure – How Europe’s Largest Companies Report on Artificial Intelligence by FTI Consulting & Trinity College Dublin published in November 2024.
Table of Contents
Executive Summary
This report examines how prominent U.S. companies, specifically those in the Dow Jones Industrial Average, disclose information about their use and management of Artificial Intelligence (AI). Following a prior study by FTI Consulting and Trinity College Dublin, which analyzed AI reporting among the 50 largest European companies, this study aims to understand how U.S. corporations are approaching AI-related risks, governance and strategy.
Key findings reveal that while the majority of companies report on AI risk management broadly, either recognizing that the development of AI will affect their operations or noting that the company will benefit from the use of AI, fewer disclose details regarding specific procedures or safeguards in place to identify and mitigate risks in real time. A gap also exists in the disclosure of AI usage and employee upskilling or knowledge development.
Sector-wise, Technology companies generally provided the most robust disclosure and had the most extensive, multi-stakeholder frameworks in place. When comparing large U.S. tech companies against the European companies analyzed previously, the tech companies stood out as standard-setters for disclosure across both regions. These results may be driven by the tech industry’s culture of innovation coupled with heightened regulatory scrutiny, both of which are discussion topics present in the Boardroom.
The report highlights two critical areas for improvement: Board Oversight of AI and Knowledge Development of AI. Effective oversight of AI ensures attendant risks are properly managed, while knowledge development through employee and senior leadership training is essential for companies to stay competitive in the evolving AI landscape.
Recommendations for companies:
- Develop robust, transparent AI policies aligned with business strategies to steer the company’s use of AI.
- Establish clear roles and responsibilities for senior leadership, especially in AI governance.
- Invest in comprehensive, measurable knowledge development initiatives across all organizational levels.
- Address workforce transitions and the potential impacts of AI, particularly in light of increasing shareholder concerns about labor displacement.
As companies continue to refine AI disclosures to better communicate their strategies and risk mitigation efforts to investors and other stakeholders, they will see the corresponding benefit of building trust with their stakeholders, mitigating shareholder proposals and ensuring preparedness for the future integration of AI into their operations.
Introduction
Corporate Reporting has evolved drastically in the last 10 years. As investor stewardship teams have evolved their expectations on disclosure, corporations have adapted their reporting style.
Previously, a company’s annual filings were thought of by the business community only through a legal lens, but now they play a key role in communicating to investors, regulators and other stakeholders on items such as strategic work streams the corporation is involved in and the Board and management’s role in overseeing emerging risks.1
Artificial Intelligence (AI) is an evolving topic which will affect every aspect of society and that corporations will need to integrate into their operations. Regulators, investors, and society at large are keen stakeholders that corporations can speak directly to through public disclosure regarding AI implementation and risk mitigation.
A previous FTI Consulting and Trinity College Dublin study found that among the 50 largest European companies included in the STOXX Europe 50 Index, there was broad, generalized AI strategy and use case reporting. However, there remained gaps in oversight and risk management, as well as an inconsistent approach to disclosure on governance.2 This addendum follows the same research methodology3 as the aforementioned study but analyzes the 30 most prominent U.S. companies included in the Dow Jones Industrial Average.
The additional research into U.S. companies aims to examine AI disclosures across 10 categories to better understand how companies are approaching AI management and risk mitigation and their reporting practices. The categories are included below, with some broken down into sub-categories that provide further detail.
Categories were specifically chosen based on effective ESG disclosure frameworks, namely the Taskforce for Climate-Related Financial Disclosures (TCFD) and the Taskforce for Nature-Related Financial Disclosures (TNFD). The categories “AI Usage” and “Chair or CEO Statement” also naturally emerged from the reports themselves. Our U.S. review covered annual Proxy Statements, Corporate Sustainability Reports and 10-Ks. We chose these three documents as our research sources because of their standardized nature across industries. While we focused on disclosure, it is possible companies have internal practices in place that they chose not to disclose or disclosed in other places, such as on their website.
This report starts with an overview of our key findings, followed by a comparison of disclosure across sectors. We then provide deeper analysis into company disclosure on Board Oversight and Knowledge Development, as well as best practice examples. The report ends with our reflections and recommendations.
Key Findings
Based on data from 10-Ks, Proxy Statements and Corporate Sustainability Reports, the graph below shows the number of companies providing disclosure on AI in the specified categories.
When companies did disclose, they most often
related to AI in terms of overall strategy. This category included disclosure that referenced AI-related risks and opportunities, AI objectives or AI principles, whether in concrete terms or more broadly. The strategy category also served as a catch-all for vague statements indicating a company’s awareness of AI and how it may come into contact with their corporation. Given this definition, it is not surprising that this category was the most common with 28 of the 30 companies showing some awareness of AI in relation to their business.
Board Oversight was the next most common category to mention AI, however the number of companies disclosing was significantly lower at 15. This category included mentions of Board responsibilities, mentions of the Board coming into contact with AI topics (commonly through outside expert presentations) evidence that AI was mentioned at a Board or committee meeting, or reference to Board directors on the Board with AI skills. There were not significant examples of governance frameworks in place to oversee and mitigate risks caused by AI.
Risk Management emerged as the third highest-scoring category, with 11 out of 30 companies disclosing some mechanisms in place to integrate AI into their risk management process. This category included evidence that the management of AI risks is integrated into the broader corporate risk management framework, mention of safeguards in place to manage AI, or information on how such risks are assessed. 55% of those companies reported on risk management within their 10-K, most likely due to the inclusion of a standardized “Risk Factors” section where companies disclose significant risks they are facing. 18% of companies disclosed risk mitigation in their Proxy Statement and 27% disclosed it in their Corporate Sustainability Report, where disclosures tended to be more robust and include considerations for vulnerable groups such as customers and commitments to develop and ensure responsible AI usage.
Sector Comparison
From the 30 companies analyzed, we also wanted to examine any conclusions or differences across sectors. We used the Industry Classification Benchmark’s (“ICB”) classification of supersectors to look at how different sectors reported on AI topics. We focused on the supersectors, or groups of similar supersectors, for which there was a sufficient number of data points. The following graph presents a comparison of the average number of categories each group of companies disclosed on.
The Technology, Media & Telecommunications (TMT) sector performed particularly strongly, disclosing across nine categories on average. The Banks, Insurance and Financial Services sector also fared well, disclosing across six categories on average and the Healthcare sector reported on four categories. However, Industrial Goods and Services and Consumer Retail sector lagged behind with only three disclosure categories on average. The latter two often detailed some high-level mention of risks stemming from AI regulation but disclosed little on AI specific risks and what mechanisms were in place to continually monitor or respond to them.
The sectors with the most natural congruences to AI usage, TMT and Financial Services, were more advanced in their current reporting on AI, an expected finding given the increasing levels of data scrutiny faced by these sectors. Specifically, within TMT, several of the companies analyzed received shareholder proposals related to AI and therefore disclosed more information in their Proxy Statements to demonstrate responsiveness to shareholder concerns. For further information on shareholder proposals related to AI, see FTI Consulting’s analysis of the topic from September 2024 here.4
Comparison with Europe
In comparing AI disclosure practices between U.S. and European companies, results showed that both regions demonstrated the highest level of disclosure in Strategy, with a total of 93% of U.S. companies and 100% of European companies providing information. Approximately the same proportion of companies in both the U.S. and Europe reported on an AI Policy, Board Oversight and Risk Management.
However, the proportion of European companies disclosing Senior Leadership, Knowledge Development, AI Usage and Chair or CEO Statements was higher. When it came to the disclosure of AI usage, European companies outpaced the U.S., with 84% disclosing their use of AI compared to 40% in the U.S.
Although European Annual Sustainability Reports are subjected to different reporting requirements, for most categories the differences between the two regions was not as dramatic as expected. Despite the lack of an AI-specific regulation in the U.S. to drive reporting requirements, the presence of large tech companies in the U.S. significantly contributed to the higher levels of disclosure observed. In the U.S., three companies from the TMT sector disclosed information across more than nine categories, highlighting how a few companies in a sector known for AI-use drove high disclosure results. In comparison, Europe saw more companies with average disclosure rates consistently across sectors. However, due to the market dominance globally of the U.S. high-performers, we expect their disclosure will be viewed as best-in-class, and will continue to set the reporting standard globally.
Focus on Select Disclosure Topics
Within the defined categories, the two key areas we believe companies should focus on to best prepare for future integration of AI into their operations are Board Oversight and Knowledge Development.
Ensuring appropriate top-down risk management efforts are in place will best prepare companies to foresee and mitigate potential risks. Knowledge Development is a key piece of preparation: as the demand for AI increases, employers will need to invest in skills training to ensure their workforce, leadership teams and Boards are equipped to transition successfully into new roles and responsibilities. Considering this, we further analyze these two topics for key findings and recommendations and provided robust examples to illustrate well-developed disclosure across the selected topics.
Board Oversight
Illustrative Example: UnitedHealth Group
“The Audit and Finance Committee has oversight of the Company’s artificial intelligence framework, including oversight of the Company’s governance mechanisms to monitor, identify, and mitigate potential risks associated with the deployment of artificial intelligence.”5
Within Board Oversight, company disclosure most often fell into the Board Responsibilities sub-category. Director AI skills was the second most disclosed category, with seven companies having at least one director with AI skills. Six companies disclosed having a Board Committee with AI responsibilities. These six companies assigned oversight for AI risks to an already existing committee, generally the audit committee or the committee charged with overseeing ESG topics which may be a special ESG committee or the nominating and governance committee, with no evidence of new Board-level committees being created for this responsibility specifically. Often companies would disclose one or two Board members with previous AI experience that would be involved in the committee efforts.
Illustrative Example: Intel Corp
“… brings senior leadership, industry and IT, emerging technologies and business models, and information security expertise to the Board from executive experience … leading the software development segment of a multinational technology company that focuses on e-commerce, cloud computing, digital streaming and artificial intelligence.”6
Some companies would disclose directors’ AI skills as a mechanism through which to showcase enhanced oversight. This type of disclosure typically focused on skills related to AI and emerging technologies as well as its growing impact, including the intersection of human capital and technology. Across the Board, director AI skills were coupled with other technology or cybersecurity skills. For example, one of Intel Corp’s director biographies effectively underscored their role related to technology and AI, with a particular focus on the role the individual played in adoption.
Knowledge Development
Companies did not widely disclose efforts to upskill via trainings, industry collaborations or the involvement of outside experts. Of the companies that did disclose, employee AI training was the most popular, with seven companies disclosing efforts made. Only two companies disclosed some type of Board-level training and no company disclosed senior leadership training in place. companies disclosed some type of Board level training and no company disclosed senior leadership training in place.
Lack of Board or Senior Leadership Training: Despite upper management being responsible for the overall direction of the company and risk-mitigation, there were very few disclosed endeavors at AI education. While certain executives and directors will have already developed certain specialties within their career, understanding AI at a high-level should inform their decisions regarding how their company engages with AI usage, particularly considering the ethical questions it raises.
Quantitative Metrics Amongst Employee Trainings: The AI employee training programs disclosed were split among companies who provided quantitative goals they were trying to reach in terms of employees trained versus those which mentioned learning programs employees could participate in without reporting measurable goals.
Little Evidence of Industry Collaboration: Very few companies disclosed participating in industrywide efforts on AI. This is perhaps due to the arms race companies find themselves in to deploy the most innovative, new technology most efficiently across their operations. While some companies may perceive a need to protect their emerging technology as it develops, industry collaboration will be important to set appropriate AI standards and protections. For example, The Travelers Cos Inc. provides well-developed disclosure around industry collaboration with different universities.
Illustrative Example: The Travelers Cos Inc.
“In joint projects with UConn, the Travelers Data & Analytics team is focused on artificial intelligence, machine learning techniques, and statistical modelling. Together with KSU, we applied theoretical concepts to real-world AI problems and co-authored four research papers on using AI in a responsible manner while reducing potential classification errors.”7
Best Practices
The companies that had the most effective AI disclosure showed evidence of considering AI and its relationship to the company through many lenses: this included policies setting the direction of company usage, high-level oversight, knowledge development, Key Performance Indicators (KPIs) and risk management.
Policy
Having an AI policy is necessary to set an overarching framework for AI’s development and how it will or will not be used. The policy supports the development of effective roadmaps that integrate ethical issues into AI considerations. IBM’s policy was well-developed and particularly illuminative, detailing the purpose of AI and the framework for further technological development.
Illustrative Example: IBM
“IBM’s Principles for Trust and Transparency are the guiding values that distinguish IBM’s approach to AI ethics. They include:
1. The purpose of AI is to augment human intelligence;
2. Data and insights belong to their creator; and
3. New technology, including AI systems, must be transparent and explainable.
These principles are supported by five pillars of trust that IBM developed to guide the responsible adoption of AI technologies: explainability, fairness, robustness, transparency, and privacy.”8
Key Performance Indicators
Disclosing KPIs showing actual, concrete examples of AI usage can prevent companies from AI-washing and allows them to monitor and evaluate AI’s use throughout the organization.
Illustrative Example: Microsoft Corp
“We are bringing those same benefits to nearly 75 million consumers who have subscribed to Microsoft 365. AI will further enhance our ability to help make customers more productive. We have announced that our Microsoft 365 Copilot offering, which brings together next-generation AI with business data in the Microsoft Graph, all within the applications that millions of people use every day, will be generally available to customers on November 1, 2023.”9
Risk Management
Having procedures in place to monitor AI implementation and frequently check AI’s usage throughout the organization will help to identify problems early on.
Illustrative Example: Amazon
“Our commitment to developing AI and ML in a responsible way is integral to how we build our services, engage with customers, and drive innovation… For example, in November 2022, we launched AWS AI Service Cards, a transparency resource to help customers better understand our AWS AI services… AI Service Cards are a form of responsible AI documentation that provides customers with a single place to find information on the intended use cases and limitations… for an AI service or feature.”10
Audits
The use of third-party auditors can help ensure systems are working efficiently and recognize software problems such as recurrence of hallucinations or promoting certain biases through data pulls. Using outside auditors also ensures the results are independent and can be verified.
Illustrative Example: Amazon
“Credo AI, a company that specializes in responsible AI, has performed a third-party evaluation, which supports that Rekognition performs well across demographic attributes.”11
Conclusion & Recommendations
When there is no consensus or governmental regulation in place it can be difficult for companies to know what AI disclosure should look like. However, ESG frameworks and data security and privacy risk mitigation frameworks developed over the last five years may provide a useful template for effective reporting and disclosures. Risk mitigation for AI could look similar to these other areas, which have now become necessities for companies.
Companies should continue to evolve Proxy Statements and Annual Report disclosures around AI. The Proxy Statement is not only a legal document, but strategic communications content that serves as the primary tool shareholders rely on to annually assess the frameworks put in place by companies to protect their investments. This document is a key channel for the company to communicate to stakeholders and illustrate its readiness to face future challenges. Evolving disclosure may help companies to ward off shareholder proposals which can be costly and distract management from other responsibilities. Additionally, disclosure will put shareholders at ease and fortify trusting relationships that can ensure shareholders believe in the company’s risk mitigation efforts and keep them by your side throughout company changes.
We offer several key recommendations for company executives and Board members to take into consideration:
Policy
Develop a robust AI policy aligned with the company’s long-term business strategy. Provide transparent disclosure on guiding principles for AI, including how the AI strategy is developed, implemented and overseen in the Proxy Statements, as well as the Corporate Sustainability Reports, where appropriate. This should show an integrated, firm-wide approach to avoid certain siloed behaviors.
Senior Leadership
Clearly define AI leadership roles, cross-functional teams and specific responsibilities. Establish clear organizational structures and reporting lines that demonstrate how AI governance integrates into existing frameworks and covers all AI use cases.
Knowledge Development
Training programs will be necessary and should span all organizational levels, backed by quantitative metrics and qualitative information. Show how training is tailored for different roles, levels and AI use-cases, including mechanisms for incorporating external expertise and ensuring continuous learning for future readiness.
Corporate Responsibility
Consider labor upskilling and aligning the organization with global efforts like the Just Transition, which advocates for transitioning the economy in a way that is as fair and inclusive as possible to everyone concerned, creating decent work opportunities and leaving no one behind. In 2024, the number of Just Transition shareholder proposals increased, with 60% of these proposals noting the company’s use of AI in their supporting statements. Some of these proposals were concerned with the impact of AI on the workforce, particularly with autonomous vehicles and automated sorting facilities. As companies continue to integrate AI to increase efficiencies and capabilities across operations, they will need to consider how this impacts their overall workforce and what disclosures they should provide to address any concerns.
Learn more about AI governance recommendations and disclosure tips, as well as an overview of AI governance and disclosure practices among leading European companies, in the original study by FTI Consulting and Trinity College Dublin.
Appendix
Below is the list of companies in the U.S. Dow Jones Industrial Average and their associated sectors. Findings from this study were based on the analysis of these companies.
References
[1] Jonathan Neilan, Arnaud de Cheffontaines, Peter Reilly, Thomas Krammer, Arnaud Cave, “AGM Voting Trends Report,” FTI Consulting (October 17, 2024), https://fticommunications.com/agm-voting-trends-report/.
[2] “Decoding AI Disclosure – How Europe’s largest companies report on Artificial Intelligence,” FTI Consulting & Trinity Corporate Governance Lab (November 25, 2024), https://fticommunications.com/decoding-ai-disclosure/.
[3] Id.
[4] Arnaud Cave, Niamh O’Brien, Andrea Hearon, “Unveiling Key Trends in AI Shareholder Proposals,” FTI Consulting (September 4, 2024), https://fticommunications.com/unveilingkey-trends-in-ai-shareholder-proposals/.
[5] “2024 Proxy Statement,” p.14, UnitedHealth Group (April 22, 2024), https://www.unitedhealthgroup.com/content/dam/UHG/PDF/investors/2024/2024_proxy_statement_final.pdf.
[6] “2024 Proxy Statement,” p.27, Intel Corp (last accessed January 8, 2025), https://d1io3yog0oux5.cloudfront.net/_d368fdc0b27b80bcc02e2a0a7f816ed5/intel/db/956/9016/file/426889%281%29_48_Intel_NPS_WORKIVA_WEB_READY_spread.pdf.
[7] “Sustainability Report 2023,” p.102, The Travelers Cos Inc. (last accessed January 8, 2025), https://sustainability.travelers.com/iw-documents/sustainability/Travelers_SustainabilityReport2023.pdf.
[8] “2024 Notice of Annual Meeting and Proxy Statement,” p.29, IBM (last accessed January 8, 2025), https://www.ibm.com/annualreport/assets/downloads/IBM_Proxy_2024.pdf.
[9] “Notice of Annual Shareholders Meeting and Proxy Statement 2023,” p.33, Microsoft Corp (December 7, 2023), https://www.sec.gov/Archives/edgar/
data/789019/000119312523259247/d356108ddef14a1.pdf.
[10] “Notice of 2024 Annual Shareholders Meeting and Proxy Statement,” p.40, Amazon (May 22, 2024), https://s2.q4cdn.com/299287126/files/doc_financials/2024/ar/Amazon-com-
Inc-2024-Proxy-Statement.pdf.
[11] Id, p.38.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates or its other professionals.
FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.
FTI Consulting is an independent global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes: financial, legal, operational, political and regulatory, reputational and transactional. FTI Consulting professionals, located in all major business centers throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges and opportunities. ©2025 FTI Consulting, Inc.
All rights reserved. fticonsulting.com
