Lean Into AI
First, tell us a little about yourself
We value your privacy. By signing up, you agree to our Privacy Policy. Your data is protected and you can unsubscribe at any time.
Thank you!
Thank you for your interest in Lanai's AI Empowerment Platform. Our team will contact you within 24 hours to schedule your personalized demo of how we help enterprises transform AI experiments into success.
Oops! Something went wrong while submitting the form.
Company
Security
Solutions
Insights
Contact
Press
Get a Demo
Back
December 17, 2025

The devil of proposed SEC AI disclosure rule is in the details

Evan Schuman
CSO Online

The proposed rule from an SEC committee will force CIOs, CISOs, and other execs to analyze and report all manner of AI efforts — including its definition and decisions not to use AI for certain functions.

A US Securities and Exchange Commission committee has recommended a new rule that would mandate companies to analyze and report all AI efforts — including decisions to not use AI for some purposes.

Attorneys who have studied the proposal note that the AI rule — just like the SEC’s cybersecurity rule from about two years ago — won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of the SEC some 90 years ago, anything material has always required disclosure.

But they theorize that the SEC committee believes that many public-company boards and their senior executives don’t fully understand the scope and potential impact of their various AI efforts. The new rule would force those executives to create committees and to formally review all AI decisions, potentially unearthing material issues that would otherwise not have occurred to those executives.

Cybersecurity consultant Brian Levine, a former federal prosecutor who today serves as executive director of FormerGov, argues that this extra focus could make a significant difference for many enterprises.

“It will help focus people. It puts it in front of everyone who needs to be thinking about AI,” Levine said.

As for requiring companies to examine and disclose where they are either not using or where they might be underinvesting compared to rivals, Levine said that could help executives understand “that there is a risk that our implementation of AI may not keep up with stakeholders and competitors.”

The proposed rule comes from the SEC Investor Advisory Committee (IAC) and was discussed during the Dec. 4 IAC meeting.

Companies can write their own definitions of AI

Another controversial aspect of the proposed rule is that it fails to define AI, instead instructing companies to write their own definitions. Some legal experts have suggested that the committee didn’t literally want companies to evaluate all uses of AI, given that the technology dates back to the 1950s and exists in some form in just about every piece of software that businesses use. They more likely intended for such

Keep Reading
Company
Security
Solutions
Insights
Contact
Press
Get a Demo
About
CompanySecurityCareersPrivacy PolicyTerms of Use
Resources
Request a DemoContact usBlog
Copyright 2025 Lanai. All rights reserved.