by Vanessa Alvarez Castillo , a Lead Advisor at KOMPASSIUM
A month ago, I attended the launch of a national report in Spain that surveyed over 160 board members from listed companies, multinationals, and family businesses. The focus was on how boards are responding to the rise of disruptive technologies like artificial intelligence, quantum computing, and cybersecurity threats. The conclusions were striking, though not entirely surprising.
The data showed progress. In just two years, the number of boards with a dedicated technology committee rose from 4% to 14%. Another 14% have created technology advisory boards, and 50% of directors believe such structures should exist. Yet the number that stayed with me was this: 79% of directors believe AI will significantly impact their company’s strategy, yet most boards still lack the structures—or even the shared language—to govern this transformation effectively.
And this isn’t a uniquely Spanish issue. It’s a global one.
From Awareness to Structure: The Real Divide
Across many markets, there’s growing awareness that technological disruption is real. But awareness doesn’t automatically lead to capability. In the UK, for example, the National Cyber Security Centre (NCSC) has developed a Cyber Governance Code of Practice designed to help boards clarify roles and accountability around cyber risk. It promotes strategic oversight, metrics for assurance, and board-level ownership. But its adoption is voluntary, and many directors are still stuck with the same underlying questions: What belongs to the board, and what should be left to management?
Contrast this with the European Union’s NIS2 Directive, which is more prescriptive. It imposes legal obligations on directors in 18 critical sectors, including mandatory supply chain due diligence and cross-border coordination. Still, implementation varies widely, and the reality on the ground is often more ambiguous than the regulation suggests.
Having started my career in Latin America, I’ve seen yet another layer to this conversation. There, many boards operate with limited formal governance frameworks—often relying on tight executive relationships, deep local knowledge, and a lot of instinct. It gets you far, just not all the way.
That’s why the Spanish report felt so globally relevant. It’s not just about structures—it’s about our shared ability to turn recognition into readiness.
Reskilling the Boardroom: Not Just an IT Issue
In the past few weeks, I’ve had the opportunity to participate in several programs for board members—sessions on digital transformation, one on quantum computing, and another on how the board’s role is evolving in the digital era. The message across them was clear: reskilling is no longer optional at the board level.
It’s no longer enough to “get a report” from the CIO or ask a few strategic questions during an annual offsite. Boards must have fluency, not expertise, to engage meaningfully with the technologies reshaping their industries.
At the Forbes AI Summit 2025 in Madrid, Carme Artigas—Co-Chair of the UN AI Advisory Body—put it bluntly:
AI is no longer a tool. It’s a geopolitical force. Power no longer lies in ideology, but in infrastructure, data control, and ecosystems of trust.
Europe is leading the way on regulation, with the AI Act, Data Act, and NIS2. But the challenge now is making sure that leadership in governance doesn’t become a lag in innovation. Several speakers at the summit pointed to this tension: between protecting fundamental rights and remaining globally competitive. It’s not an easy balance. But boards can’t afford to stay on the sidelines of that conversation.
One phrase really stuck with me:
“AI is not more dangerous than human decision-making—it’s just faster.”
The risk lies not in the technology, but in our hesitation to define purpose, ethics, and accountability before the tipping point arrives.
So, What Happens After the Euphoria of 1,000 Pilots?
We love innovation—the demos, the pilot programs, and the endless decks full of “use cases.”
I’ve been there—more than once—watching entire teams discuss dozens of potential applications while the people running day-to-day operations look confused or overwhelmed. The link between those flashy slides and the actual business, either in the short term or at the execution layer, is often vague or non-existent at best.
It’s easy to fall in love with the concept of transformation. But the hard part comes after the pilot, when we need to decide what to keep, what to scale, and what to stop—and how to measure the impact beyond internal excitement.
This is where governance stops being a structure and starts being a capacity.
- A capacity to translate signals into decisions.
- A capacity to confront dilemmas, not just efficiencies.
- A capacity to ensure that, in the rush for innovation, we don’t lose sight of what makes a company coherent and accountable.
In our previous Kompassium article, “Governance: When Everything Changes, Who Gets to Decide?”, we explored this exact tension: how clarity, deliberation, and role design become strategic, not just operational.
This past month has only confirmed it.
From Signals to Systems
We often say, “Technology is just a tool.” But in today’s business context, technology is the environment—the layer in which everything else unfolds.
Boards don’t need to be tech experts. But they do need to ask better questions:
- Do we have the right signals—and the right decision structures—to respond to them?
- Are we relying on instinct, or are we building alignment and visibility into decision-making?
- Do we know what good governance looks like when decisions need to be fast, complex, and accountable?
At its best, governance is not just compliance.
It is collective intelligence under pressure.
And in a world shaped by technological acceleration, geopolitical realignment, and societal shifts, that may be our strategic asset of all.
