What Boards Are Discussing Now — And What Risks & Regulatory Trends Are Next

In the fast-changing world of governance, boards must be agile and forward-looking. From new laws to tech disruption, several topics are climbing the priority list. Whether a public company, state body, or charity, boards investing in strong governance now are better placed for what’s ahead. Here are what many boards are wrestling with today—and what they expect over the next 12-24 months.

Key Issues Boards Are Tackling Today

1. Gender Balance & Board Diversity
   Irish regulations now require listed companies to meet gender-balance targets on boards by 30 June 2026, particularly for non-executive directors. The EU (Gender Balance on Boards of Certain Companies) Regulations 2025 (S.I. No. 215/2025) transpose EU Directive 2022/2381 into Irish law.
   Boards are therefore reviewing their recruitment practices, succession planning, skills matrices, and establishing measurable objectives for diversity.

2. Corporate Sustainability Reporting & ESG Disclosure
   The EU’s Corporate Sustainability Reporting Directive (CSRD) has been transposed into Irish law (through the European Union (Corporate Sustainability Reporting) Regulations 2024). Companies in scope must now make more detailed annual disclosures on ESG matters, not just financial but environmental, social, governance factors.
   Boards are working on enhancing ESG oversight, integrating sustainability into risk frameworks, and ensuring reliable data & assurance around non-financial reporting.

3. Updated Corporate Governance Code
   A new Irish Corporate Governance Code (2024) is now in effect for many listed companies. It has more detailed obligations, greater alignment with EU norms, more rigorous expectations around board evaluations, skills, committees, transparency, etc.
   Boards are adapting to its provisions—especially around external board evaluation, disclosures, internal controls, risk and compliance oversight.

4. The Companies (Corporate Governance, Enforcement and Regulatory Provisions) Act 2024
   This Act introduces a number of changes to the Companies Act 2014, many aimed at stronger enforcement, more transparency, and modernising practices. For example: enabling virtual or hybrid general meetings, relaxing some procedural burdens, updating execution of deeds, and other governance-administration improvements.

5. AI / Technology Governance & Algorithmic Risk

   • The EU AI Act is phasing in (entered into force 2 August 2024) with more obligations coming until about 2026. Boards must classify AI systems by risk, comply with obligations especially for high risk systems (including those used in HR, decision-making, etc.).

   • In Ireland, 15 authorities have been named to enforce the AI Act, and a National AI Office will be established by August 2026 to coordinate oversight.

   • Recent research shows many governance professionals are concerned over AI’s impact on reporting accuracy, ethics, bias, and that many boards lack clear AI strategies or oversight structures.

6. Cybersecurity, Data Privacy & Digital Risk
   As cyber threats multiply, boards are being pushed to strengthen oversight of cybersecurity risk, resilience, and ensuring compliance with data protection laws (GDPR etc.). Also, under new EU laws like the Cyber Resilience Act, products and services will have to meet higher standards for security across their lifecycle.

7. Stakeholder Expectations & ESG / Social License
   Stakeholders (investors, customers, employees, civil society) increasingly expect boards to demonstrate not only compliance but transparency, ethics, climate and social responsibility. Climate risks, human rights, supply chain issues, diversity, inclusion—all are visible now.

What Boards See Coming in the Next Year

Looking ahead, many boards expect that the following issues will increase in importance or become more pressing:

More robust enforcement of AI regulation With the EU AI Act and Ireland’s National AI Office, companies will face more scrutiny of AI system deployment, high-risk categories, transparency, bias & liability. Boards will need to ensure policies, risk assessments, oversight, and whistleblowing for AI etc are in place.

Greater liability for AI and digital systems E.g. revised EU Product Liability Directive expands into software, standalone software / AI components. Boards will need to understand exposure & ensure adequate insurance, risk mitigation.

Increased regulatory burdens from ESG / Sustainability / Climate Disclosures More sectors will come into scope for CSRD; pressure for better assurance of ESG data; climate-transition plans; more scrutiny by investors & regulators.

Demand for diversity beyond gender Diversity of background, race, skills, lived experience, digital / AI expertise; boards will be expected to have diversity of thought and competencies as well as demographic diversity.

More thorough board risk oversight, especially digital / supply chain / geopolitical risk Issues such as supply chain disruption, climate risk, energy costs, global political instability, foreign investment regulation etc. Boards will need to enhance risk management frameworks.

Cybersecurity regulation catch-ups More disclosure required; regulation possibly mandating certain cyber resilience measures; more audits of security; regulatory expectations to have continuous monitoring, incident response, recovery plans.

More stakeholder activism & accountability Shareholders / markets will push harder for transparency and impact metrics; reputational risk will be greater; whistleblower regimes, climate litigation etc more common.

Innovation / regulatory sandboxes & anticipatory governance As authorities try to keep up, there may be more sandbox or pilot regulation to test AI, data sharing, privacy frameworks etc. Boards need governance foresight and adaptability.

Implications for Boards & Directors

Given these trends, boards should be thinking about the following strategic and practical responses:

• Ensuring board skill sets and composition include expertise in AI, data/privacy, ESG, climate risk, cybersecurity. Gaps in these areas are governance risk.

• Developing or updating governance frameworks, policies and codes of conduct around AI, digital ethics, data protection, supply chain risk etc.

• Putting in place robust evaluation and oversight of AI systems: risk categorisation, transparency, reporting, audit trails.

• Enhancing risk management: scenario planning (climate, cyber, geopolitical), regular review of stress tests, business continuity preparedness.

• Ensuring that non-financial reporting (ESG, DEI etc) has reliable data, third-party or assurance oversight, and clear governance responsibility.

• Staying ahead of regulatory changes (company law, governance codes, AI regulation, product liability) to avoid compliance gaps.

• Investing in ongoing CPD / training for board members so they understand new risk areas, regulatory obligations, technology trends.

• Embedding culture: transparency, ethics, stakeholder engagement, diversity of thought and background—not just ticking boxes.

Ireland-Specific Legislative & Regulatory Changes to Watch

• Implementation of the EU AI Act in Ireland: detection, oversight by competent authorities, obligations for high-risk AI systems.

• Gender Balance on Boards Regulations 2025 (EU directive implementation) requiring 40% non-executive directors from under-represented sex in certain listed companies by mid-2026.

• Companies (Corporate Governance, Enforcement and Regulatory Provisions) Act 2024: many amendments commenced, enforcement strengthened, provisions around virtual/hybrid shareholder meetings, execution of deeds etc.

• The Irish Corporate Governance Code 2024 and Euronext Dublin Listing Rules revisions, including new expectations for board evaluations, skills oversight, reporting etc.

Take-Home Messages

• Governance is no longer about simply avoiding failure; it’s about anticipating risk and embedding adaptability.

• Boards that act proactively now — building governance structures, policies, skills — will avoid costly surprises later.

• A continuous governance journey (not a one-off evaluation) is essential: regulation, technology, stakeholder expectations will not pause.

• Investing in training, evaluation, oversight and data integrity around non-financial metrics will be increasingly important.

📩 Contact Lionheart Governance Consultants at fiona@lionheart.ie or visit www.lionheart.ie to begin the conversation.

#LionheartLearning #ModernConsulting #GovernanceExcellence #PatrickDownes #governanceLeadership #ProfessionalDevelopment