What Nonprofit Boards Need to Do After Adopting an AI Policy

By Courtney Reeve  ·  May 2026  ·  AI Governance

​

Your board adopted an AI policy. Someone got it on the agenda – no small thing. There was a real conversation. People had questions, and some of them were hard. The board voted, and now there's a document.

So: what does the board do next?

This is the question most governance resources don't answer. The assumption built into most AI policy guidance is that adoption is the finish line. In practice, adoption is the moment governance work actually begins, because a policy that no one is actively overseeing isn't being governed.

After adopting an AI policy, a nonprofit board has four responsibilities: Communicate, Implement, Oversee, and Review. Together they are the difference between a policy that governs and one that simply exists. Here's what each one asks of the board.

Communicate

Communicate means the staff who have to follow the policy actually know it exists and understand what it asks of them. This sounds obvious, and it's also the step that quietly fails most often.

A policy can pass a clean board vote and still never reach the people whose daily work it's meant to govern. It gets filed, mentioned once in a staff meeting, and assumed. Six months later, half the team couldn't tell you what the policy says about the tools they're using every day.

The board's role here isn't to run the staff rollout; that's the ED's job. But the board does have a fair question to ask: how do we know staff understand this policy well enough to follow it? Was it walked through, or just sent around? Is there someone people can go to when a real situation comes up that the policy doesn't obviously cover? A policy that lives in a folder usually points to a communication gap, not bad faith. Closing that gap is the first thing that turns a vote into something real.

Implement

Implement means practice actually follows the policy, and that someone in the organization owns making that true. A policy changes nothing on its own. What changes things is the distance between what the policy says and what staff are actually doing getting smaller over time, because someone is accountable for closing it.

The board's job isn't to manage how staff use AI day to day. That's the ED's job. But the board does have a governance responsibility adjacent to it: holding the ED accountable for that gap. Conflating the two is where boards either over-reach or under-function. Over-reach looks like board members asking operational questions about specific staff AI decisions. Under-function looks like a board that approved a policy and never asked whether it changed anything.

The right question for a board to ask isn't "how is staff member X using AI?" It's "are staff making AI decisions consistent with the policy, and if not, what's the plan?" That's a governance question, and it belongs in the boardroom.

The AI Governance Policy Suite from Fine Point Consultants provides tools for each of these steps, from a practice guide for staff to an annual AI report template for the board.

Oversee

Oversee means the board stays engaged with how AI is being used after the vote, instead of letting it drop off the agenda. The most common pattern I see after a board adopts an AI policy is that AI simply disappears from board discussion. The vote happened, the question was handled, everyone moves on. That's the opposite of oversight.

In practice, ongoing oversight doesn't require a lengthy AI discussion at every meeting. What it requires is a standing expectation: the ED provides a brief AI update at regular intervals, and the board treats that update as a governance item rather than a formality. What tools are in use? Has anything changed since the last conversation? Are there decisions that need board input? The goal is a board positioned to respond when something changes – because something will change. AI is not a settled domain, and a board that engaged only once isn't equipped to weigh in when new questions surface.

Oversight at this level depends on a kind of literacy boards sometimes assume they can skip. Board members don't need to become AI experts; that framing sets an impossible standard and misunderstands what governance requires. What they do need is enough working literacy to ask useful questions and to recognize when an answer isn't adequate. Can they tell when a risk is being underweighted? Can they ask whether the policy still covers what the organization is actually doing with AI? That literacy is governance-adjacent, not technical. It's the ability to ask "how do we know?" and "what happens if this goes wrong?" with enough grounding to make the conversation useful – and it often starts with a single focused conversation between the board chair and ED, walking through the policy together and naming what questions remain open.

Review

Review means the policy gets revisited on a regular cycle and updated as AI and the organization change, annually at a minimum. AI governance is a recurring practice, not a one-time achievement, and that means the policy itself needs a review cycle, not just a reaction when something goes wrong.

Annual review of the AI policy should be a standing governance expectation, built into the board calendar the way financial audits and strategic plan check-ins are. It doesn't have to produce major changes every year. But it has to happen, with real input from staff and genuine board engagement rather than a rubber stamp. The question driving the review: does this policy still reflect how we want to govern AI, given what we know now that we didn't know when we adopted it? That's a different question than "is the policy technically accurate?" It requires honest conversation about what's changed – in the organization, in the technology, and in the risks.

Getting to a policy was the first governance decision. Communicating it, implementing it, overseeing it, and reviewing it are the ongoing practice that makes it real.

Most organizations are still building this. The sector is early, and that's an honest read – not a criticism. But early doesn't mean off the hook. AI is already inside most nonprofits, whether the governance infrastructure is in place or not.

The boards that will be best positioned a year from now are the ones treating adoption as the beginning of the conversation, not the end of it.

For context on where your organization likely sits in this process, the companion piece to this article maps the four stages of nonprofit AI governance and helps you identify where you are now: Four Stages of Nonprofit AI Governance →

​

Frequently Asked Questions

What should a nonprofit board do after adopting an AI policy?

After adopting an AI policy, a board should ensure the policy is communicated to staff, assign responsibility for implementation and ongoing monitoring, and establish a regular review cycle — at minimum annual. The policy is a governance foundation, not a one-time deliverable.

What is the difference between an AI policy and AI governance?

An AI policy is a written document that defines how the organization will use AI. AI governance is the ongoing practice of oversight, implementation, and review that makes the policy real. A board that has adopted a policy but does nothing further has a document — not governance.

How often should a nonprofit board review its AI policy?

At minimum annually — but boards should build a standing expectation for the ED/CEO to provide brief AI updates at regular meetings. If significant changes occur in the technology, in staff AI use, or in the regulatory environment, a review should happen sooner.

Who is responsible for AI governance in a nonprofit?

AI governance is a shared responsibility. The board is responsible for oversight — setting policy, asking the right questions, and ensuring accountability. The executive director is responsible for implementation — ensuring the policy is followed, staff are informed, and the board stays current on AI use across the organization.

​

Courtney Reeve is the founder of Fine Point Consultants, a governance and strategy consultancy. She works with nonprofit boards and executive directors on board design, AI governance, and organizational strategy. finepointconsultants.com