How to Communicate AI Risks to Your Board (Not Just the Benefits)

AI systems require data to function, and nonprofits often work with highly sensitive information: donor financial details, beneficiary health records, client case notes, and vulnerable population data. When this information is fed into AI systems, whether commercial tools or custom applications, it creates new pathways for data exposure, unauthorized access, and privacy violations.

The risks extend beyond traditional cybersecurity concerns. Data provided to AI systems may be used to train models, shared with third parties, or stored in ways that violate donor expectations or legal requirements. Many nonprofits unknowingly violate data privacy principles by using free AI tools that harvest organizational data for commercial purposes.

Key questions for your board:

• Do we know which AI tools staff are using and what data is being shared with them?
• Have we obtained informed consent for using personal information in AI systems?
• Are we complying with data privacy regulations (GDPR, HIPAA, FERPA) in our AI implementations?
• What happens to our data if an AI vendor experiences a breach or sells to another company?

AI systems learn from historical data, which means they can absorb and amplify existing biases present in that data. For nonprofits, this creates particularly troubling scenarios. An AI system used to screen grant applications might favor organizations that have historically received funding, perpetuating inequitable access to resources. A tool assessing program eligibility might systematically disadvantage certain demographic groups based on patterns in past decision-making.

The challenge is that bias in AI systems is often invisible to users. Unlike human bias, which can sometimes be identified and corrected through training or oversight, algorithmic bias is embedded in the model itself. Staff may trust AI recommendations without recognizing that the system is making systematically unfair decisions. This is especially concerning for nonprofits that serve marginalized communities and have explicit equity commitments.

Key questions for your board:

• How are we testing AI systems for bias before deploying them in decision-making processes?
• Are we tracking outcomes by demographic group to identify potential discriminatory impacts?
• What processes exist for community members to challenge AI-driven decisions that affect them?
• Does our AI use align with our organizational equity commitments and values?

One of the most challenging aspects of AI governance is establishing clear accountability when systems make mistakes or cause harm. Traditional organizational structures assume human decision-makers who can be held responsible for outcomes. AI systems complicate this picture by introducing automated decision-making that may be difficult to explain, audit, or reverse.

By 2026, regulatory and funder expectations increasingly demand transparent chains of responsibility. When an AI system makes an error, organizations must be able to explain who was responsible for the data, who validated the model, who approved its deployment, and who is accountable for monitoring its performance. Many nonprofits lack these accountability structures, creating governance gaps that can lead to serious consequences.

There's also the challenge of explaining AI decisions to stakeholders. When a donor asks why they received certain communications, when a grant applicant wants to understand why they were rejected, or when a program participant questions an eligibility determination, organizations must be able to provide meaningful explanations. "The AI decided" is not an acceptable answer for accountability purposes.

Key questions for your board:

• Can we explain how our AI systems make decisions in language stakeholders can understand?
• Who is accountable when an AI system makes a mistake or causes harm?
• Do we have documentation trails showing who approved AI deployments and on what basis?
• Are we transparent with stakeholders about when and how we use AI in decision-making?

AI systems optimize for the metrics they're given, which can inadvertently shift organizational focus away from mission priorities. A fundraising AI optimized for donation volume might prioritize wealthy donors over grassroots community engagement. A program efficiency tool might recommend serving clients who are easiest to help rather than those with greatest need. These subtle shifts can gradually erode mission focus without anyone consciously deciding to change direction.

There's also risk of creating dependency on AI systems in ways that undermine the human relationships central to nonprofit work. Tools designed to enhance human capacity can inadvertently replace human judgment, reduce personal connection, or prioritize efficiency over empathy. This is particularly concerning for nonprofits whose value proposition is built on trust, understanding, and human dignity.

Key questions for your board:

• Are our AI implementations reinforcing or undermining our core mission and values?
• Have we clearly defined which decisions should always involve human judgment regardless of AI capabilities?
• How are we monitoring for unintended consequences that might shift us away from our mission?
• Are we tracking qualitative outcomes, not just efficiency metrics, in AI-enhanced programs?

Public perception of AI in nonprofits is complex and often skeptical. Research shows that 31% of donors say they would give less to organizations using AI without adequate transparency and safeguards. This isn't irrational fear, it reflects legitimate concerns about privacy, authenticity, and the appropriate role of technology in mission-driven work.

Reputational harm from AI incidents can be swift and severe. A data breach exposing donor information, a biased algorithm creating discriminatory outcomes, or AI-generated content that feels inauthentic can undermine years of trust-building. Unlike some business sectors where stakeholders may accept AI risks as trade-offs for convenience, nonprofit stakeholders often hold organizations to higher ethical standards and may be less forgiving of AI-related failures.

There's also the challenge of "AI-washing," where organizations overstate their AI capabilities or sophistication to appear innovative. When reality doesn't match the claims, credibility suffers. Conversely, being too opaque about AI use can create suspicion. Finding the right balance of transparency requires careful communication strategy.

Key questions for your board:

• How are we communicating our AI use to donors, funders, and community members?
• Do we have a crisis communication plan for potential AI-related incidents or failures?
• Are we prepared to respond to stakeholder concerns about AI authenticity and appropriateness?
• Have we assessed how AI use might affect trust with the specific communities we serve?

AI implementations carry significant operational risks beyond the technology itself. Many nonprofits underestimate the total cost of AI adoption, focusing on subscription fees while overlooking training costs, data preparation work, integration challenges, and ongoing maintenance. When AI projects exceed budgets or fail to deliver promised benefits, they can strain already limited resources.

There's also risk of creating dependency on AI vendors or systems that may not be sustainable long-term. When critical organizational functions become dependent on specific AI tools, vendor pricing changes, service discontinuation, or performance degradation can create serious operational disruptions. Nonprofits have less negotiating power than enterprise customers and may be particularly vulnerable to vendor decisions.

Implementation failures are common, with research showing that two-thirds of organizations struggle to scale AI initiatives beyond pilot phase. Failed AI projects waste resources, demoralize staff, and can create organizational resistance to future innovation. Understanding these risks helps boards set realistic expectations and ensure adequate support for successful implementation.

Key questions for your board:

• Do we have realistic understanding of total costs including training, integration, and maintenance?
• What's our backup plan if critical AI systems fail or vendors change terms?
• Are we allocating sufficient resources for successful implementation, not just procurement?
• How are we measuring whether AI investments are delivering expected value?

Request board approval for a written AI policy that establishes clear parameters for staff AI use. This policy should define which AI applications are permitted, which require approval, and which are prohibited. It should address data privacy, outline accountability structures, and establish processes for evaluating new AI tools before deployment.

The policy doesn't need to be complex or restrictive. Even a simple two-page document clarifies expectations, provides staff with guidance, and demonstrates to stakeholders that the organization takes AI governance seriously. As you can learn more about in our article on creating data governance policies for AI, the goal is to enable responsible innovation, not to block it.

Ask the board to designate where AI oversight sits in the governance structure. This might be an existing committee (often Finance or Audit) or a new AI Ethics Committee for larger organizations. The key is establishing clear responsibility so AI governance doesn't fall through the cracks.

Whoever has this responsibility should receive regular updates on AI initiatives, review risk assessments for major implementations, and ensure the organization's AI use aligns with mission and values. This creates a formal channel for ongoing governance rather than treating AI as a special project that bypasses normal oversight.

Many nonprofits approve AI tool purchases without approving the resources needed for responsible implementation: staff training, data preparation, integration work, and ongoing monitoring. Ask your board to approve budgets that reflect total cost of ownership, not just subscription fees.

This might include resources for training programs to build AI literacy, technical support for data governance, or external expertise for bias audits. Making these investments visible to the board clarifies that responsible AI adoption requires more than tool procurement, it requires organizational capacity building.

Not all AI applications carry equal risk. Work with your board to define which AI uses should be considered "high-risk" and require additional oversight, such as board approval before deployment. High-risk typically includes AI that makes decisions affecting people's access to services, uses sensitive personal data, or could create significant reputational harm if it fails.

Clear criteria help staff understand which initiatives need board involvement and prevent either excessive bureaucracy (approving every minor AI use) or insufficient oversight (deploying high-risk systems without board awareness). This risk-based approach focuses governance attention where it matters most.

Ask your board to approve a transparency framework that guides how you'll communicate about AI use to donors, funders, program participants, and other stakeholders. This might include adding AI use disclosures to your website, including AI information in annual reports, or creating processes for stakeholders to ask questions about AI systems that affect them.

Transparency commitments demonstrate accountability and can actually build stakeholder confidence rather than undermine it. When organizations are open about both AI benefits and limitations, stakeholders are more likely to trust that the technology is being used responsibly. You can explore more about this in our article on transparency about AI use with funders.

Request that the board establish a schedule for regular AI risk assessments, perhaps annually or when significant new AI systems are deployed. These assessments should evaluate whether existing risk mitigation strategies are working, identify new risks that have emerged, and recommend policy or practice updates.

Regular assessments ensure that governance keeps pace with technology evolution. AI capabilities change rapidly, and risk profiles shift as adoption expands. What was low-risk last year might be high-risk this year. Scheduled assessments prevent governance from becoming static while the technology landscape continues to evolve.