Most supervisory board members at German companies cannot assess whether an AI investment makes strategic sense, whether the cybersecurity strategy is adequate, or whether a cloud contract harbours hidden risks. Out of twelve typical board members, none usually has hands-on technology experience. It’s akin to a finance committee operating without financial expertise.

In a world where technology decisions determine competitiveness – and even survival – a board without technological literacy represents a strategic risk. NIS2, the EU AI Act, and the CSRD render oversight responsibilities more explicit – and expose the competence gap more clearly than ever before.

The Competence Gap in Numbers

Heidrick & Struggles reports that only 12 percent of supervisory board members in the DAX-40 have a technology background. In contrast, 27 percent of Fortune 500 boards do. An MIT study confirms that companies with technologically competent boards demonstrate 38 percent higher digital maturity.

The consequences are measurable: such companies don’t necessarily spend more on technology – but they spend better. They detect misallocations earlier, challenge vendor recommendations more critically, and set more realistic expectations for transformation initiatives.

The blind spot becomes especially dangerous in three areas: AI strategy (investment volumes in the hundreds of millions), cybersecurity (mission-critical yet technically complex), and cloud transformation (long-term dependencies that are difficult – if not impossible – to reverse).

Why Technology Competence Cannot Be Delegated

The most common excuse: “We have a CIO for that.” This reflects a fundamental misunderstanding of the supervisory board’s role. Its mandate is to oversee management – not to trust it blindly.

NIS2 holds executives personally liable for cybersecurity shortcomings. The EU AI Act requires risk management at the executive board level. If a supervisory board cannot assess whether an AI system qualifies as high-risk, the essential control function fails.

A supervisory board without technology competence is like an audit committee without financial expertise. Twenty years ago, that was normal. Today, it’s unthinkable. The same evolution is imminent – and urgent – for technology.

Three Models to Boost Tech Competence

Model 1: Targeted Board Appointments. At the next vacancy, deliberately seek candidates with proven technology experience – e.g., former CTOs, CIOs, or founders of technology companies.

Model 2: Digital Advisory Board. A consultative body of three to five technology experts who regularly brief the supervisory board. Annual cost: €50,000-€150,000.

Model 3: Board Education. Structured upskilling programmes for existing board members. Institutions including IMD, INSEAD, and the University of St. Gallen offer specialised board-level technology curricula.

The optimal approach combines all three: short-term use of advisory support and education, medium-term targeted appointments at the next vacancy.

What Investors Expect

BlackRock has explicitly addressed board-level technology competence in its Stewardship Expectations. ISS incorporates technology governance into its evaluation frameworks. For listed companies, supervisory board technology competence is thus becoming a question of capital market valuation.

For mid-sized companies, this trend flows through banks: lenders are increasingly integrating corporate governance quality – including technology oversight – into their risk models. The German Corporate Governance Code is expected to explicitly list technology competence as a diversity criterion in its next revision.

Frequently Asked Questions

Header Image Source: Unsplash / Dylan Gillis