Smart Companies: Company & board members liability in the age of AI

Artificial Intelligence, although at its infancy, is progressing at a fast pace. Its potential applications within the business structure, have led economists and industry analysts to conclude that in the next years, it will become an integral part of the boardroom. This paper examines how AI can be used to augment the decision-making process of the board of directors and the possible legal implications regarding its deployment in the field of company law and corporate governance. After examining the three possible stages of AI use in the boardroom, based on a multidisciplinary approach, the advantages and pitfalls of using AI in the decision-making process are scrutinised. Moreover, AI might be able to autonomously manage a company in the future, whether the legal appointment of the AI as a director is possible and the enforceability of its action is tested. Concomitantly, a change in the corporate governance paradigm is proposed for Smart Companies. Finally, following a comparative analysis on company and securities law, possible adaptations to the current directors’ liability scheme when AI is used to augment the decisions of the board is investigated and future legal solutions are proposed for the legislator.


Introduction
After the Industrial Revolution, innovation has been one of the main drives of the economy. General purpose technologies, starting from the steam engine, electricity, and the internal combustion engine to computers, shaped the economy and society. One of the most important general-purpose technologies of our era is artificial intelligence (hereinafter, "AI") and machine learning, and it is expected to disrupt the current business models in the coming years. 1 Algorithm-driven companies 2 have managed over the years to maintain their market position, disrupt traditional industries, and create new business models. 3 At the same time, firms outside the tech industry have been exploiting the potential of smart algorithms in an effort to reinvent themselves and maintain their competitive advantage, 4 suggesting that the use of AI is organisationally important for the success and relevance of a company. Specifically, incorporating AI throughout the value chain can provide real-time market information and analysis shaping R&D strategies and the delivery of products and services in a direct, fast, and inexpensive manner. 5 Furthermore, more and more studies estimate that the time when AI will enter the boardroom is not far. 6 This is already feasible to some extent, since, although AI is still at AI or because the nature of the decisions demands a rapid response and the analysis of a significant amount of data. Progressively, this reliance on the decisions of the AI can come on a more official manner, when such an instruction is included in the articles of association or in a shareholders' agreement. The reasons for this might be the trust of the shareholders to the consistency and accuracy of the decisions made by the algorithm or the recognition of its use as standard business practice. In this case, again the board is the one making the final decision, but the AI's decision coincides with the final one. Theoretically, at this stage the board does not have to check the lawfulness of the decision, as long as it appears to be the correct one and it follows it in good faith. However, it may have to continue checking the fairness of the AI's decision. It should be noted, nonetheless, that at this stage, the human factor is still not eliminated. The board will be able to deviate from the decision of the AI if it recognises that the decision of the AI is for some reason faulty; for instance, because of a malfunction, or because it is unfair.
These two hypotheses will be used to examine the possible adaptation of the current accountability mechanisms for smart companies; companies using AI in the decision-making process of the board of directors. The regulatory recommendations proposed below are in accordance with the principle-based approach that seems to be followed by the Commission in relation to AI. 13 Nonetheless, as AI evolves, a third stage of AI involvement in the business decision-making process can emerge. It is possible that in the future, AI will be able to autonomously run a company on its own, without any human intervention. 14 The current legal framework, as it will be discussed briefly in Section 4.1, does not allow an AI to be appointed in the board of directors and subsequently to make managerial decisions for the company. Nonetheless, this legal barrier does not discourage academics from discussing the possibility of companies being owned and run by an AI, making relevant the discussion of whether automated actions carried out by the AI can be enforceable. 15 However, while scholars highlight the future need of company law and corporate governance to adapt their standards and accountability mechanisms when AI is used in the decision-making process, the way to do so has not been yet explored. 16 At the same time, AI researchers are exploring the potential of the combination of AI and blockchain technology, to create a new type of organisation, an AI Decentralised 13 See for instance, European Commission, Report from the Commission to the European Parliament, the Council and the European Economic and Social Committee, Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics, 19 February 2020, COM(2020) 64 final, https://ec.europa.eu/info/publications/commission-report-safety-andliability-implications-ai-internet-things-and-robotics-0_en, where clarifications and adaptations of the current legal framework are proposed. 14 Artur Kiulian, "Decentralized Artificial Intelligence Is Coming: Here's What You Need To Know", Forbes, January 11, 2018, accessed April 3, 2020, https://www.forbes.com/sites/ forbestechcouncil/2018/01/11/decentralized-artificial-intelligence-is-coming-heres-what-you-needto-know/#a7afe43146dc. 15  Autonomous Organisation (hereinafter, "DAO"). 17 The decentralised infrastructure of a DAO, and the resources offered by blockchain technology, together with AI to make the decisions for the token holders, in its simplest form, will first ensure the necessary quorum. On a more complex level, the AI DAO could be the one managing the funds of the organisation and deciding their distribution, hence creating, and executing smart contracts. For instance, the AI after analysing data regarding consumer preferences and market trends, will be able to decide and subsequently release and distribute funds for advertising or for the company's next R&D project. 18

Behavioural economics & directors' decisions
One of the biggest arguments against AI is the unpredictability of its decisions. 19 However, in the widely praised book Homo Deus, writer Yuvan Noah Harari explains that human decisions, are also utterly random; "a combination of predetermined biochemical events and subatomic accidents". 20 Similarly, modern behavioral economics agree that humans do not behave according to the model of perfect rationality of the game and agency theory or that of the Econ. 21 Contrary to the rationality of the acting agent advocated by the expected utility theory, humans are irrational when they make risky decisions; decisions with uncertain outcomes. The uncertainty of outcome is intrinsic in every choice made, even the ostensibly certain ones. 22 According to prospect theory, 23 applicable to the decisions made by the board of directors, the way the possibility of losses and gains, as outcomes of the decisions, is perceived is biased, since firstly, it depends heavily on the company's financial status quo or goals. Secondly, when there is no possibility of loss, directors will be prone to a risk aversion decision. On the contrary, however, when there is a possibility of loss, the directors tend to follow the riskier business decisions to avoid even the smallest certain loss. 24 In other words, the directors will be more focused on avoiding losses than achieving gains.
However, the board of directors, as a collective decision-making body, is considered able to tackle the problem of bounded rationality. 25 The collection and storage of information, based on the diverse expertise and experience of the boards is more effective, and with a well-structured governance, the costs of communication and manipulation of the information can be minimised. Nonetheless, from a behavioral perspective, the idea that the board of directors as a corporate governance mechanism, is able to circumvent the pitfalls of bounded rationality, 26 does not take into account the special conditions that develop in the boardroom, such as power relationships and individual preferences, which may ultimately affect the directors' decisions. 27 Furthermore, humans are by nature, inconsistent in the way they make decisions that have uncertain outcomes. Irrelevant factors such as their current mood, health state or even the weather, affect their decisions. 28 At the same time, humans tend to be biased on a general, social or cognitive level. For instance, executives, can be overoptimistic or overconfident or, even so, their decisions might be a product of an anchor effect. 29 The variability of the decisions is, of course, limited when strict rules apply. 30 However, that is not the case when it comes to board of directors. Executives are free to make decisions, formed merely by company guidelines, business practices, personal experience, and by general law principles. Thus, the decisions made by executives may differ from decisions made by their peers regarding similar subjects and with the same information given, or even, from their own previous decisions. This opinion follows the principle of satisfying behaviour, as a behavioural-theory aspect of corporate governance. According to the idea of satisfying behaviour, boards only make satisfactory decisions based on immediate problems that arise. 31 The weakness of this decision-making process appears when the short-term company's goals cannot be met. Additionally, although more visible in big business deals, these inconsistent judgment calls, even the minor ones, can lead to a loss of a profit when viewed on an annual basis.
On the contrary, AI is, by definition, more consistent. In other words, even the simplest algorithm, provided the same information, will reach the same result, at any given time. As it has been showcased in different studies already since the 1980s, simple statistical algorithms were 10 per cent more accurate and consistent in their decisions than professionals. 32 Consistency, along with AI's ability to diagnose and analyse a large amount of data quickly, allows AI to make decisions that require a significant amount of time and due diligence by the board. Of course, this alone does not mean that the system will be error-free. Three types of pitfalls and inherent limitations of AI have been identified. 33  will affect or somehow tarnish the decision itself. 34 Secondly, deep neural networks  have millions of connections which, combined, form the decision made by the AI,  but it is impossible to trace it back. 35 At the same time, the statistical based truths  on which the system runs, make it particularly difficult to verify whether it functions properly. 36 Thirdly, and closely connected with the previous drawbacks, detecting, and concomitantly, correcting possible errors of the system will prove to be a difficult task. 37 In other words, although imperfect, AI can make optimal decisions, in other words, it can provide the best alternative in a given situation. Optimal decisions, in conjunction with consistency, prove to be useful tools for companies and their boards. 38 Notwithstanding, the intuitive intelligence of the directors in making judgments remains paramount for the company, as it encompass the directors' imagination, creativity and experiences. 39 It is the element that makes the directors adaptable to new unpredictable and equivocal situations, such as taking into account and balancing the interests of different stakeholders, an area in which the AI may be lacking. 40 As it was concisely asserted in an article written by Professor Eric Brynjolfsson and research scientist Andrew McAfee, "over the next decade, AI won't replace managers, but managers who use AI will replace those who don't". 41 In other words, the analytical and intuitive processes of the directors are essential for the company but when the aim is an optimal decision, they are not enough 42 . However, as will be discussed in Section 3.2, this new level of information and insight provided to the directors requires redefining their role, the standards of care, and potentially, their liability. 43

Data strategy and governance recommendations
Integrating AI within the business structure and throughout the value chain requires prior development and deployment of sufficient strategies and governance models.
Firstly, companies wishing to use AI in the boardroom should put in place an adequate data strategy. Sufficient data, historical and operational, about the company and the board's decisions, the relevant market and the current regulations should be 34 Will Knight, "Biased Algorithms Are Everywhere, and No One Seems to Care", MIT Technology Review, July 12, 2017 , accessed April 4, 2020, https://www.technologyreview.com/s/608248/biasedalgorithms-are-everywhere-and-no-one-seems-to-care/, and Stephen Buranyi, "Rise Of The Racist Robots -How AI Is Learning All Our Worst Impulses", The Guardian, August 8, 2017, accessed April 4, 2020, https://www.theguardian.com/inequality/2017/aug/08/rise-of-the-racist-robots-how-ai-islearning-all-our-worst-impulses. 35 Supra note 2, 10. 36 Ibid. 37 Ibid. 38 Ibid. 39 As mentioned by Carl Jung, intuitive intelligence, as an irrational function is the human ability of processing information deeply and based on sensation and perception. See C.G. Jung, "Psychological Types", Bollingen Series XX, Volume 6 (New Jersey: Princeton University Press, 1971). collected, "cleansed", 44 and should be ready to use. This step is intrinsic since this data will be the basis of the AI's learning and will subsequently affect its decisions. 45 At the same time, the algorithm itself should be clearly developed. The objectives of the AI should be identified, and their importance should be quantified. 46 Additionally, negative side effects in the environment where AI is functioning should be foreseen and avoided. When AI is launched, it will be able to autonomously access and analyse available data. 47 Thus, it is necessary that techno-regulation measures are put in place to limit the data that the AI can collect. 48 For instance, by hardcoding legal safeguards in the algorithm, compliance with Regulation (EU) 2016/679 (hereinafter, "GDPR") can be ensured, while at the same time, in case the AI has been licensed and it is used by two competitors, the AI can be prohibited from using data of one competitor to make decisions for the company. Especially for managerial decisions, a balance should be struck between short-term profits and the company's sustainability. AI as a human creation, is prone to error and subject to the will of its creator. 49 Thus, the goals and the decisions made by the AI should comply with the rules set by business norms, corporate governance and company law, and this can be ascertained through the principles of disclosure and transparency, already existing in corporate governance.
In accordance with the corporate governance principles, a company should disclose material information, in a sufficient and comprehensive manner. Based on that principle, besides financial information and commercial objectives, companies are encouraged to voluntarily disclose information regarding the company policies and the board of directors. Since the AI will be used in the decision-making process of the board and concomitantly the suggestion made by the AI may be followed and finalised by the board of directors, it can be argued that the use of AI in the boardroom consists of material information, and thus, the company should inform the stakeholders that it is using an AI to augment the decisions of its board.
Secondly, regarding the goals of the AI, a scheme similar to the transparency principle embedded in the GDPR, 50 specifically in Recitals 39 and 42, regarding the purposes of data processing can apply. Specifically, the company should clearly present the goals entrenched in the AI, and their legal basis in a transparent and sufficient manner, of course, without compromising the company's competitive position. By 44 "Data cleansing or data cleaning or data scrubbing is the process of altering data in a given storage resource to make sure that it is accurate and correct" definition from Technopedia, accessed March 26, 2020, https://www.techopedia.com/definition/1174/data-cleansing. 45  making public the goals of the AI, first the company's compliance with the set company and governance rules is ascertained, while the stakeholders are informed about the nature of the situations and the type of decisions where AI will be used.
Thus, instead of what has been argued in academia, 51 the source code of the AI and its value as an intangible asset; as an intellectual property right or as a trade secret, will remain undisclosed. At the same time, the proposed scheme takes into account the features of machine learning. 52 Specifically, one of the reasons why the technology is efficient is because of its deep learning networks, with millions of connections. This complex structure concomitantly formatting the decision of the AI, makes it impractical, even impossible, to trace back, explain, or test following a black-box logic, 53 the algorithmic decision. 54 Thirdly, the company concisely and efficiently should outline the measures that it takes to ensure the proper function of the AI and subsequently protect the stakeholders. For this scheme, §80 (2) of the German Wertpapierhandelsgesetz (hereinafter "WpHG"), regarding algorithm-based trading by securities companies, can be used. In particular, the company should put in place risk-averse mechanisms that will further ascertain that the AI is resilient, that causing damage to the stakeholders due to a system malfunctions can be avoided, and, finally, that the purpose of the use of the AI is in compliance with the current European and national laws.
For instance, a software verification process can be used to verify that the AI is functioning properly when it makes a decision. 55 This technique is already used in the field of aviation, which can facilitate the transparency scheme and strengthen the stakeholders' trust to the company deploying the AI in the decision-making process. 56 In total, the transparency regime described above, will be beneficial for the company. Due to the benefits coming from the use of AI in the boardroom, as well as, the excitement surrounding the technology, the company can attract new capital and, especially through the security mechanisms, gain trust from the market. 51 Supra note 46, 397. 52 Joshua A. Kroll, Joanna Huey, Solon Barocas, Edward W. Felten, Joel R. Reidenberg, David G. Robinson and Harlan Yu, "Accountable Algorithms", U. Pa. L. Rev., vol. 165, issue 633 (2017), https://scholarship.law.upenn.edu/penn_law_review/vol165/iss3/3, 660, where the writers describe why disclosing the source code is not a suitable solution for machine learning AI. 53 According to this process, AI is seen as a black box, which although the process followed within it cannot be traced, the correctness of the decisions can be tested by examining the inputs. This verification process, called auditing, in computer science, means "an independent evaluation of conformance of software products and processes to applicable regulations, standards, guidelines, plans, specifications, and procedures".

Corporate law recommendations
The board's role and functions differ significantly between civil and common law countries, as differences can be noticed also between jurisdictions. For instance, depending on the structure of the board, unitary or dual, the attributed duties and the subsequent liability regimes vary between Germany and the Netherlands, 57 which the follow the dual board structure and countries such as the UK (along with a majority of the Member States,) follow the unitary board structure. 58 In the present, the unitary board structure will be followed, as a model of corporate governance, and subsequently, when it comes to dual board structure, the duties of the management board will be examined.
Company law, recognizes the board of directors as the core body of an organisation, elected by the shareholders, or by the supervisory board, 59 and delegated to carry out the formal decision-making process related to the company's business affairs. 60 This decision-making function of the directors can be further classified into two categories: management, and monitoring. 61 The main managerial task of the board is to outline the company's business strategy and to handle important business issues, described in law, such as approving the annual financial statements of the company, appointing the members of the C-suite, deciding upon the share of dividends, and issuing the company's corporate governance statement, as well as, deciding upon extraordinary issues, such as mergers and acquisitions, related-party transactions, even -but not exclusively -the amendment of the articles of association.
However, after the famous The Structure of the Corporation by Professor Melvin Eisenberg, 62 the monitoring function of the board has risen to be one of its principal roles, especially after the economic scandals and crises. As a duty, closely related to the contemporary corporate governance model, the monitoring function of the board reflects the still predominant agency theory, and thus, it focuses on balancing the inherent conflicting interests arising from the separation of ownership and control, and, concomitantly, on avoiding the potential managerial shirking. 63 The abovementioned regulated duties of the board are complemented by a nexus of standards of behavior, which the directors should exhibit acting as fiduciaries. In particular, the directors when they deal with the company's affairs, should do so in good faith 64 . The compliance with this standard can be examined ex post by the courts.
Specifically, disregarding the differences between jurisdictions, the duty of care, as standard of behaviour is imposed on the board of directors, applicable both to 57 The dual board structure is also followed in Austria and Denmark, while countries as France, allow for the companies to choose between the dual or unitary structure. See Cristine A. Mallin, Corporate Governance, 6 th ed. (Oxford: Oxford University Press), 250-276. 58 Ibid. 59 In Germany, §84 of Aktiengesetz. 60 Supra note 26, 2. 61 Ibid. 3-6, where Bainbridge classifies the function of the board in three categories "management, oversight and service", where service is provided in the case of a diverse board, consisting also from independent members that can assist the board and the managers of a company with their expertise in sectors such as finance, politics and innovation. their management and monitoring responsibilities. The duty of care can be summed up as the duty of the director to exhibit the diligence that it is reasonably expected from a prudent businessman of his skill and knowledge, in that particular case, when managing corporate affairs. In other words, to act as a reasonable entrepreneur. However, the cases where the courts recognise a breach of the duty of care are rather scarce throughout different jurisdictions, since they abstain from qualifying what constitutes a reasonable business decision, and thus judge it on its merits. 65 Another reason for why there is a dearth of case law regarding the breach of duty of care is the business judgment rule, functioning as a safe harbour for the directors. Either explicitly stated in law, such as in Germany for the managing directors, 66 or through case law, as in the UK, 67 the Business Judgment rule formats the boundaries of the duty of care that a director should exhibit. Moreover, the Business Judgment Rule accumulates the predominant goal of corporate governance, as it formed through agency theory. The short-term proliferation of the shareholders, mandated by balancing conflicting interests within the company, formatted the duty of the directors.
Besides the de facto or de jure definition given to the business judgment rule, there are significant differences amongst jurisdictions. However, in its essence, the Business Judgment Rule acknowledges the risky environment in which the board functions and considers the ambiguous outcomes of the directors' decisions. Thus, for a director to be protected under the business judgment rule, hence, not to be held liable for a breach of the duty of care, he must make a satisfactory decision. For a decision to be satisfactory, it must be done in good faith, based on reasonably sufficient information and to the company's benefit, while the outcome of the decision, does not affect the liability of the director.
However, when AI is used in the boardroom to make decisions, the level of information that, even indirectly, the directors possess is no longer merely sufficient. Machine learning AI has the ability to analyse a prodigious amount of data, if not all the available information, and it reaches its decision based on that. Besides, this is what makes the decisions of the AI optimal. Thus, a powerful tool is given to the directors while at the same time, the construction of the business judgment rule is tested.
In this Section, the possible internal liability of the augmented board of directors will be examined. Specifically, based on the duties which burden the board of directors according to the set company law provisions, possible suitable accountability mechanisms will be scrutinised when AI is used in the boardroom. For this purpose, the two scenarios, presented in Section 1 will be used. First, the scenario where the AI assists the board of directors by making suggestions regarding the management and business strategy of the company, will be deployed and a possible liability scheme will be investigated. At this stage, the suggestion of the AI is taken into account, and it is finalised only after the board has reviewed the lawfulness of the AI's decision.
As it was mentioned above, as part of the directors' duties, and governed by the duty of care that they should exhibit, directors should at least generally monitor and supervise the people to whom they have delegated some powers or functions. Even though, only from a broad interpretation, as it will be mentioned in Section 4.1, the deployment of AI in the boardroom can be considered delegation of decision powers, some analogies can be drawn. Moreover, although these supervisory duties of the board are not clearly outlined in company law provisions and they depend heavily on the jurisdiction and subsequently on the board structure, it can be generally argued that the board has a duty to monitor the decisions made by the AI.
This monitoring process cannot take place ex ante. As it was discussed in Section 2, one of the inherent problems of AI is the inability of the user to accurately identify the information and the processes based on which the AI made its decision. Thus, the directors will not be required to trace back the decision, as this will be difficult, almost impossible, and time consuming, hence cancelling the advantages of using AI in the first place. On the contrary, what the directors are capable of monitoring, based on their skill and experience, is whether the decision of the AI fits the business practices and standards and whether it is in compliance with the current regulatory framework. 68 Additionally, a mechanism of "procedural regularity", facilitating the lawfulness check conducted by the board of directors has been proposed. 69 As part of an ex ante strategy, since the proposed techniques lie in the realm of techno-regulation, it has been suggested in academia to pre-install in the source code of the AI a cryptographic commitment mechanism to check the lawfulness of an automatic decision. 70 Cryptographic commitments are encrypted statements issued by the AI, after making the decision, that without stating all the information that were taken into account to form its decision, since this would have been impossible due to the complexity of the deep learning neural networks, they can ensure that when making the decision, the set relevant laws and regulations encoded in the algorithm were followed. At the same time, since the commitment is encrypted, the board alone will hold the decryption key, thus, preventing a third party from accessing or altering the commitment. Alterations will also not be possible by the board itself, since each commitment will be tied to a specific decision, with a certain issuance time and date. Moreover, these commitments, after the board has finalised the decision made by the AI, can become public by the company, to further ascertain the legitimacy of the board's decision.
Based on the above, in case the directors fail to reasonably check whether the decision of the AI is at first lawful, a breach of the duty of care will be recognised. This solution points out the fact that directors are still held accountable and they do not benefit from the business judgment rule, by claiming ignorance for not acting accordingly to their duty of care, even in cases where a third-party has been delegated to collect and review information in a specific case. 71 Furthermore, after examining how the directors' liability is formed in the first hypothesis, the second scenario of AI's use in the boardroom and, concomitantly, the suitable accountability scheme will be investigated. In the second stage of AI deployment in the decision-making process of the board, again the AI makes decisions, but the board of directors is bound to follow the suggestion made by the AI unofficially or officially based on the articles of association or on a shareholders' agreement.
In other words, in light of the second hypothesis, what is discussed is the development of a new standard of care. The board of directors, either directly from the articles of association or indirectly due to business practices or shareholders' agreements will be expected to follow the decision made by the AI. Subsequently, the board of directors can be held accountable for breaching the duty of care when it does not finalise the decision of the AI.
At this point, however, what has been said in Section 1 should be restated, when presenting the second hypothesis. The board is still in power, and thus, when it is deemed necessary, it can deviate from the AI's decision. However, the degree of monitoring the AI's decision is looser compared to the first hypothesis. Thus, instead of checking the lawfulness of the decision, the board should determine whether the decision is fair and reasonable. In other words, the board should not finalise the decision made by the AI when it is unfair or entirely unreasonable, for instance due to a malfunction. At this point, the social skills, the intuitive intelligence, and the creativity of the board should come into play.
Moreover, the board's responsibility to make fair decisions is not novel, but as it was mentioned above, as a general company law standard, the board of directors should conduct the company's business in an honest manner and in good faith, in the interest of the business and its shareholders, while being fair towards the relevant stakeholders. 72 Based on the human-machine collaboration on the decision-making process, it is only reasonable for the board of directors to be responsible for checking the morality and fairness of the AI decisions, since their objective and statistical nature cannot integrate humane elements. For instance, in the event that a company needs to reduce expenses, the AI may suggest layoffs as a cost-saving option. However lawful, this decision might be deemed unfair by the board when an alternative that will be as cost-effective as the one proposed by the AI may be available. For example, the board may decide that pay-cuts might be preferable, as it will save potential legal costs for wrongful termination of contract and a subsequent hit to the company's reputation.
Based on the above, even within the realm of the second stage, the board should check the fairness and reasonableness of the AI's decision, and if it is found unfair or completely absurd it cannot be followed. However, since in this hypothetical scenario finalising the AI's decision is part of the director's duty of care, to avoid breaching  72 Supra see note 26, 39-40. Based on law's mandate for fair decisions, the board should take into account the conflicting interests and strike a balance between them. Through this procedural fairness that can be ascertained through transparency, the decision of the board will also be fair and although to the company's interest it will be without bias, thus objective and reasonable.
it a similar to the available in corporate governance comply or explain approach can be deployed.
The comply or explain mechanism, firstly introduced in the Cadbury Report in 1992, and as stated in Article 20 of the Directive 2013/34, 73 is a core principle of corporate governance. It allows companies to deviate from the corporate governance codes set in place, as long as, they explain in their corporate governance statements the reasons for their decision. Based on the idea that one-size does not fit all the companies, the legislator has decided to provide this tool to the companies, allowing the market and the relevant stakeholders to decide whether this departure from the proposed governance model should be applauded or scrutinised. However, as it was stated in the 2014 Commission's recommendation, the quality of the explanations is of importance. 74 Following the requirements set in Section III of the Commission's recommendation, the board of directors should explain to the stakeholders in a comprehensive manner a) in what way it has decided to depart from the AI's decision; b) describe the reasons for not following the AI's decision; c) describe how the decision to deviate from the decision of the AI was taken; d) describe the decision followed instead and explain how this decision achieves the company's goals.
By doing so, the directors will have fulfilled their duty of care, hence, they will not be held accountable for not following the decision made by the AI. In practice, the abovementioned comply or explain mechanism, might be more relevant when the decision made by the AI is unreasonable, for instance due to a malfunction. On the contrary, when it comes to decisions made by the AI that are lawful but unfair to some stakeholders, the directors' risk-averse predisposition will probably lead them to eventually finalise the decision made by the AI. This, in conjunction with the fact that in this scenario, following the decisions made by the AI is part of the directors' duty of care, this might, disregarding the comply or explain scheme, expose them to liability lawsuits if they do not finalise the decision made by the AI.
Another issue stemming from the fiduciary duties burdening the directors when AI is used in the boardroom is how will the duty of loyalty be judged when the same AI is used by more than one company, and in particular, when the same AI is used by competitors.
Specifically, it is possible that the company deploying the AI is not the same as the developer. Moreover, as the use of AI in the decision-making process increases, it is reasonable to expect that AI will be offered as a service, similar to intellectual property licenses granted for software by the developer. For instance, that will be the case with IBM's boardroom-version of Watson 75 . Although it escapes the scope of the present, AI intellectual property licenses will prove to be significantly complicated, especially when the coding of the original algorithm and the code developed during the training of the algorithm are done by different entities. However, particularly when AI is licensed to a company to facilitate the decision-making process, it is reasonable to expect that the developer will either assign the related intellectual property rights on the AI or it will license the rights, by listing them exhaustively together with an allocation of any liability due to damages caused to third parties by the use of the AI. Of course, in both scenarios, it can be presumed that the developer will remain liable against the company in case there is a problem with the coding of the algorithm.
Furthermore, the duty of loyalty, more broadly stated in common law systems, 76 aims to cancel out conflicts of interest between the board and the company. In civil law jurisdictions, usually aspects of the duty of loyalty are addressed in company law provisions 77 . Although there is no uniformity in the way the legislator has decided to address the duty of loyalty between different jurisdictions even within the EU, it can be summarised as the directors' duty to act in good faith and to the interests of the company and to abstain from any action that may harm the company or hinder its objectives 78 . Of course, a duty of loyalty cannot be attributed to the AI, as it is not a legal person, nor it is possible to hold the directors liable for the AI using information of the company to learn and make decisions for a competitor, since it is not possible for them to trace back and determine the information which formed the AI's decision. Notwithstanding, to avoid competition law issues, such infringement of Article 101(1) TFEU for exchange of information between competitors, or securities law issues, such as insider dealing, 79 techno-regulation measures of data access limitations should be hardcoded in the algorithm to ensure that the AI will not access and use a competitor's information when making a decision.
In conclusion, the first accountability mechanism proposed can already be set in place based on the available technology and the current company law. On the contrary, the second proposed liability scheme requires a mass use of AI in the boardroom, that will concomitantly lead to a change in corporate governance and business practices. However, since the deployment of AI in the boardroom is expected to soar soon, it is reasonable to assume that first the duty of care of the directors will change and subsequently, their liability. Finally, regarding problems that may arise in the field of competition and securities law, when two competitors have licensed the same AI, technoregulation mechanisms can restrict the access of the AI to the private information of the company and its competitor. 76 E.g. in the Delaware General Corporation Law in Title 8, Chapter 1, §141 (e), where the general fiduciary duty of the board of directors is recognized. In the UK, before the Companies Act 2006 it was also broadly stated. 77 E.g. in Germany, a general fiduciary duty is recognized based on which the directors should be loyal to the company. As an expression of the general fiduciary duty of loyalty, and besides the related-party transactions limitations, an expression of the duty of loyalty can be found in § 88 AktG regarding the duty of non-competition. In Greece Article 23 regarding non-competition and Article 23(a) regarding related-party transactions of the Law 2190/1920 for the Anonymous Company. In Italy the duty of loyalty derives from a general duty of acting in good faith in contractual obligations based on Articles 1175 and 1375 of Codice Civile, while the aspects of self-dealing and corporate opportunities are explicitly regulated in Articles 2391 and 2391(5) of Codice Civile, respectively. Also, in the UK, after the Companies Act 2006, the duty to avoid conflicts of interest in § 176, duty to not accept benefits from third parties in § 177 and the duty to declare interest in proposed transactions or arrangements in § 177 has been regulated. On the contrary, in the Netherlands, there is no provision regarding the aspects of the duty of loyalty. The courts decide upon cases regarding conflicts of interest based on a general duty of fairness and reasonableness based on Article 2:8(1) and on a general duty deriving from contractual obligations according to Article 2:9(1) of the Dutch Civil Code. 78 In this manner in Greece, Article 22(a) of the Law 2190/1920 for the Anonymous Company. 79 Article 3 eq. Directive 2014/57/EU of the European Parliament and of the Council of 16 April 2014 on criminal sanctions for market abuse (market abuse directive or "MAD").

Securities law recommendations
The regime of external liability of the board of directors is very limited. In particular, external liability is recognized only by securities law. However, the differences between EU and US are crucial to determine in which cases the board will be held liable against the investors.
In general, securities law aims in facilitating the transparency in the market by increasing the amount of information available. According to the efficient market hypothesis, originating in the US, but also present in the regulator's choices in the EU, when there is sufficient information in the market, the market price of the shares of a publicly traded company will be able to reflect this information. Thus, securities law, both in US and EU, through disclosure of material information regarding the company, mandatory or voluntarily, in the primary and secondary market, aims to assure "informationally efficient" stock prices, on which the investors can rely on 80 .
Besides the financial statements and the detailed information regarding the issuer and its shares in the prospectus, which follows the issuance of new securities, both in the US 81 and in the EU, 82 the disclosure of other relevant information, such as the management's report on future company's strategies and possible uncertainties, is encouraged. This information further enables the investor to estimate possible changes in the cash flow of the issuer-company 83 .
Although the abovementioned type of information is "softer", when the board is making its report, it must do so in good faith. In other words, if the predictions and plans discussed were not made in a reasonable manner; in good faith, on the basis of reasonably sufficient information and to the company's benefit, 84 the board of directors will be held liable, jointly and severally with the issuer-company 85 . This accountability mechanism reflects the need for transparency and information accuracy in the market, as seen in the US-developed fraud on the market theory, as a negative reflection of the efficient market hypothesis. According to the fraud on the market theory, 86 it is reasonable to assume that the investor-plaintiff relied on the flawed information available to make his investment decision. This legal presumption enables in the US, contrary to EU, securities fraud class actions. 87 Notwithstanding, both in the US and in Europe, that even when the directors are held liable, it has been noted that in practice, directors do not compensate the investors personally. 88 On the contrary, when it comes to securities fraud, the damages are covered by Directors' and Officers' insurances (D&O insurance), set in place by the company. Although highly debatable as a business practice, 89 one of the justifications proposed, besides market liquidity and market sanctions through reputational damages imposed to the directors, 90 is that in any case, the issuer benefitted from possible inflated prices created by the directors' false statements, making it reasonable for the company to cover the damage. 91 In the light of the above, in the present Section the liability of the board of directors based on securities law will be examined, when a fraudulent statement, in particular, a fraudulent director's report, based on the AI's analysis was included in the prospectus.
The ability of the AI to analyze a colossal amount of data and subsequently make statistical based decisions, as has been stated throughout the present, will be a useful tool for the decision-making process of the board. However, the possibility of an AI making a false decision remains possible. For this purpose, a distinction should be made when the fraudulent statement, and the concomitant damages to the investors, were caused due to a malfunction of the AI or not.
In the first scenario, three possible answers arise as to who will be held liable; a) the board members, b) the issuer company, or c) the developer of the AI, when he is different from the issuer. Of course, the possibility of the AI to be liable is not taken into account, since the AI is not recognized by law as a carrier of rights and responsibilities, hence, it does not profit, and, furthermore, the subjective element of scienter cannot be attributed to it.
Based on the above, regarding the possibility of the board members to continue being liable, a scheme similar to the one proposed in the Section 3.2, regarding the internal liability of the directors should be made. If the board, when generally checking the decision made by the AI, finalised the decision in good faith and reasonably presuming that this was a correct prediction for the company, it should not be held liable. This safe harbour is in compliance with the business judgment rule and similar to the exemption recognized in the US in Rule 175 of the Securities Act 1933. 92 Furthermore, regarding the third possibility, the answer should be negative. As it was mentioned, when there is an assignment or licensing of the AI, there will be an allocation of risk from the developer to the company-user regarding the liability of 87  the first for damages caused to third parties. Moreover, the antifraud provisions, both in the US and in the EU, refer to a numerus clausus of people that can be held liable, generally, the ones signing the prospectus. Opening the list and enabling investors to turn against the AI-developers will prove to be counter-effective, as it will require the investors to identify the developer of the AI, prove the malfunction and its causality link to the damages they suffered. Moreover, it will open the Pandora's Box for AIdevelopers and will expose them to unnecessary risk, while it will enable companies that manipulate the market to escape from the current accountability mechanisms, by using AI and claiming its malfunction.
A solution to the abovementioned problem can be given by the second alternative, according to which the company should be held accountable. The issuer is also the user and possibly the owner of the AI, either because it has developed the algorithm, or commissioned its development, or because it has acquired the license of using it. In any case, based on the issuer's data that the AI was trained on, the issuer is the one benefitting from the AI's decisions. Moreover, the issuer, based on the set laws, is already liable for any manipulation of the market, since it is benefitting from the inflated prices. Additionally, as it was stated in Section 3.1, as part of the proposed corporate governance transparency mechanism, the company deploying the AI should set risk-averse mechanisms that will further ensure that the AI can function properly.
Concomitantly, it is reasonable to argue that the issuer should be held liable and not the developer of the AI or the board of directors, provided that they reasonably trusted the correctness of the AI's decision. In other words, the reason why this accountability scheme is preferable, comes as an Occam's razor, since it maintains the causality link established by securities law between the issuer and the investor and it enables the remuneration of the investor by the company, instead of suggesting that the investor should claim the possible damages from the AI-developer. Furthermore, it acknowledges the inherent risk-averse business practices of the board which will subsequently lead them to follow the predictions made by the AI, as well as, the board's inability to fully test whether the decision is correct or wrong due to malfunction.
The abovementioned basis does exclude, in the event of damages caused due to poor programming, some sort of liability to burden the developer. However, although this escapes the scope of the present, it can be argued that developer's liability can be dealt with, first ex ante by developing ethics guidelines and safety-engineering practices for AI, and ex post based on the contractual relationships between the owner-company and the manufacturer.
Finally, the allocation of risk from the board of directors to the company proposed is not novel. As it was mentioned above, D & O insurances are heavily used in practice, making the issuer and its shareholders, accumulate the risk and cover the damages caused by the directors. 93 After examining the possible accountability scheme when a securities fraud takes place due to a malfunction of the AI, the potential liability regime will be examined in the simpler scenario when the prediction of the AI, incorporated in the report of the directors and subsequently in the issuer's prospectus, is merely false, possible due to wrong or unlawful inputs.
In this scenario, again as it was mentioned above, the board should not be held liable, if it proves that after reviewing the decision made by the AI, reasonably and in good faith believed that it was a correct and lawful prediction. Moreover, in the second scenario, there is no need to examine the possibility of the AI developer being accountable, since he cannot control the input after developing the algorithm. Thus, only the issuer's liability remains.
The answer pointing towards the issuer's liability is easier in this case. Although the fraudulent statement was produced by the AI, it was made for the issuer and it was included in its prospectus. Thus, the issuer should be held liable for securities fraud, also in this hypothesis.
In conclusion, the liability of the issuer, either generated by a malfunction of the AI or merely due to a false statement produced by it, can be covered in a similar manner as the one currently followed for the liability of the directors. Specifically, it is advised for the company deploying the AI in the boardroom, to be insured for potential liabilities caused by the AI's decisions. As it was mentioned throughout the present, AI should be considered a tool used by the company and its board to facilitate the decision-making process. Thus, the company as the user of the AI should be held accountable for any malfunction or discrepancy of the system.

Robo-directors
In this Section, we will discuss briefly the legal issues arising in the third stage of AI involvement in the business decision-making process. Specifically, whether the current corporate law framework allows for an AI to autonomously run a company without human involvement will be examined.

The personhood problem
Company law, disregarding of the differences between jurisdictions, recognises the board of directors as the core body of an organisation, elected by the shareholders and delegated to carry out the formal decision-making process related to the company's business or affairs. 94 The board has the authority to frame the company's policy, to manage and monitor the company's business. The importance of the board's decisions is highlighted by provisions within company law, giving power to the board to authorise and decide upon extraordinary situations, such as mergers and acquisitions, relatedparty transactions, and even -but-not exclusively -the amendment of the articles of association.
Although there are significant differences between jurisdictions, in general, there are more extended and uniform provisions, in civil and common law countries alike, regarding the board's role and liability. On the contrary, there is no uniformity regarding the board's composition, the duration of its term and the board member's qualifications. 95 Specifically, regarding the composition of the board and depending on the board structure, unitary or dual, requirements are established only to ensure the independence and impartiality of the board. In Germany and the Netherlands, where the dual structure is predominant, as part of the clear distinction between the functions of the supervisory and the management board, members of one board cannot be appointed to the other. In particular, no more than two previous members of the management board can be appointed later on the supervisory board. Similar 94 E.g. the Delaware General Corporation Law in Title 8, Chapter 1, §141 (a) states that "The business and affairs of every corporation organized under this chapter shall be managed by or under the direction of a board of directors". 95 Supra note 26. requirements regarding the independence of the board also exist in unitary board structures, either as a general clause or as an exhaustive list of criteria, as, for instance, in the Commission's Green Paper about Corporate Governance. 96 Nonetheless, if a general condition can be pinpointed regarding the composition of the board, in both unitary and dual board structures, that is the requirement for someone to be a natural person to be appointed in the board. The requirement applies both for the appointment as a member and as a representative of a legal persondirector. 97 The importance of a natural person being appointed in the board can be seen, for instance, in the UK Companies Act 2006, where it explicitly states that at least one natural person should be appointed on the board of a company. 98 Similarly, in § 6 (2) of German Gesetz betreffend die Gesellschaften mit beschränkter Haftung (hereinafter, "GmbHG") and § 76 (3) of the Aktiengesetz (hereinafter "AktG") only natural persons are allowed to act as directors. 99 Concomitantly, the natural person appointed, although not stated in company law provisions, should have the legal capacity to make decisions and conduct their business affairs. 100 The concept of natural person was first introduced in Roman law; persona. Etymologically, it derives from the word "prosopon" in Ancient Greek, meaning the face or mask used in Greek theatre. Based on the latter meaning, in Roman Law persona was not a synonym of human -homo. On the contrary, it was used to describe one of the many possible legal statuses -persons -that a Roman could have be identified as; unus homo sustinet plures personas. For instance, a Roman could have been for the law a mere citizen or pater familias, when his rights and responsibilities towards the family and the community were assessed. 101 Contemporary legislation, in different jurisdictions, uses the term natural person to distinguish human individuals from personae fictae. 102 For that purpose, usually the first Chapter of various Civil Codes is titled "Natural Person". 103 However, the provisions encapsulated in the Chapters do not give a definition of the natural person. On the contrary, the concept of the natural person in law has a technical function and connects the individual human being with certain rights and obligations while remaining detached from any philosophical correlations to what a human or a person is.
Furthermore, law may attribute certain descriptive or axiomatic qualities to the person. The main aspect of those legal fictitious concepts developed that attributes certain trades to the person is the reasonable man, as it evolved from the Roman pater familias. The reasonable man recognises a cluster of cognitive abilities to the individual which qualify him as reasonable and they derive from his general capability from being appropriately informed and aware of the social constructions. 104 These general attributed qualities may be further specified, depending on the provision or the field of law. Thus, besides the obstacles arising due to the lack of personhood, the law sets further requirements, closely linked to a human individual. For instance, as a fundamental principle, company law demands from the board of directors to conduct the company's business in good faith. 105 However, honesty, loyalty and good faith cannot be attributed to the utter logical and statistical decisions taken by the AI. Moreover, regarding those special cognitive abilities, company law asks from the directors of a company, when making a decision, to act as a reasonable entrepreneur. As a specific manifestation of the general standard of the reasonable man, a director should prove that he has exhibited the diligence that it is reasonably expected from a prudent businessman of his skill and knowledge, in that particular case, when managing corporate affairs. 106 Besides these objective standards, before the reform of 2006, in the UK, also subjective criteria regarding the particular director's skill and knowledge and experience were taken into account when examining the duty of care and the competence demonstrated by the director. 107 In other words, although in some jurisdictions the requirement of a natural person being appointed in the board of directors is not explicitly stated, within the roots of company law, and in particular, regarding director's duty of care, human qualities are embedded.
In the light of the above, in principle, an AI cannot be appointed as a company director. Of course, when the legislator was stating that a natural person should be appointed in the board of directors it was not taking into consideration the possibility of a legal person and much less of an AI being appointed in the boardroom. Moreover, even in jurisdictions such as the UK, where the requirement of a director being a natural person is more loosely stated, since the law merely mandates at least one of the members to be a natural person, the objective of the legislator was not, of course, to exclude an AI from entering the boardroom. On the contrary, the aim was to exclude corporate directors from monopolising the board seats, creating uncertainty. 108 However, the choice of the legislator has been scrutinised. 109 Notwithstanding the lack of personhood objects the lawful appointment of an AI, and much more its ability to vote, since it cannot be a carrier of rights and obligations, it does not have legal capacity, and, subsequently, it cannot be held liable. Additionally, the qualities of the board of directors, deriving from the duty of care, would have to be interpreted broadly to fit AI-based decisions.
Therefore, it will be proved impossible, based on current company law, for the board of directors to legally delegate some decisions to the AI; meaning in the manner of delegating certain tasks to third-parties that act in the name of, and for the directors. Although in some jurisdictions the law requires for the delegation of some of the directors' powers to a third party to be explicitly mentioned in the articles of association, 110 provided that it does not fall in the core managerial duties of the board, 111 a general requirement, not explicitly stated can be identified. The representative should be a person, meaning a natural person that acts individually or collectively with other representatives. However, a teleological interpretation based on the rationale behind the delegation of powers of the board; to ensure better organisation and function of the board, has been proposed to encompass the delegation of decision powers to the AI. 112 Furthermore, the reluctance of the law to grant some sort of legal status to the AI, can be drawn from the example of US law, regarding computers. Although a circular argument, the US law does not recognise the possibility of a computer system to act as an agent due to its lack of personhood. 113 That notwithstanding, law, even with a certain delay, tends to adapt to new societal needs. As with personae fictae, law has recognizsd limited rights and responsibilities to entities other than natural persons, which do not possess human intelligence and their own will. Historically, deriving from an economic and societal need to separate an organisation from its members, law recognised, almost in a heuristic manner, the separate artificial legal personality of corporations and attributed to them a bundle of rights, previously only held by natural persons. This acknowledgement allowed corporations to enter into contracts, own property, sue and be sued. 114 Furthermore, when the economic and business realities change, law tends to follow a more pragmatic approach. For instance, in the seminal case of Salomon v. Salomon in the UK, 115 the House of Lords, overruled the decision by the Court of Appeal, and recognised legal personality of a one-person company, although before it was not considered possible under the Companies Act of 1862. 116 Whether law is willing to adapt in the future, provided that the use of AI will increase and will lead to profound changes in business and societal standards, and accord a legal status to AI, remains to be seen. Worthy of note however, is the European Parliament resolution with recommendations to the Commission on Civil Law Rules on Robotics, in 2017. A suggestion was made for considering the granting of an electronic personality to robots "when they make smart autonomous decisions or interact with third parties independently". 117 This suggestion was widely scrutinised as a superficial understanding of the technology itself, since it only mentioned robots -the embodiment of AI and not smart algorithms and secondly, for being inappropriate, since the term personality was used to attribute legal status to robots. 118 As was stated in the UNESCO's Report Of COMEST On Robotics Ethics in 2017, the term 'person' cannot be used for nonhuman agents, since they do not possess human qualities "freedom of will, intentionality, self-consciousness, moral agency or a sense of personal identity". 119 Furthermore, besides the aforementioned arguments, the recommendation regarding the acknowledgement of an electronic personality could have not been implemented by the Commission itself. The power of determining a person, natural or legal, as well as the concomitant attributed rights and obligation lies with the national law of the Member States. It is only after this stage, for instance, that the EU citizenship for natural persons, 120 and the freedom of establishment within the Single Market for legal persons applies. 121 These concerns were taken into account by the Commission in its announcement, released in April 2018, where it outlined the main goals of the Commission regarding AI. 122 The establishment of a legal personality was not mentioned. More recently, in February 2020, the Commission published a White Paper, mapping the EU's approach to foster the European ecosystem of excellence and trust in AI, 123 and accompanied by the Report on Safety and Liability Aspects of AI, 124 examining the applicability of the Product Liability Directive, 125 as well as AI ethics guidelines. 126 Although more present nowadays due to the advancement of the technology and the legal concerns regarding liability, the discussion around the possibility of acknowledging a legal status to AI is not novel.
In 1992, Professor Lawrence B. Solum, examined in his essay Legal Personhood for Artificial Intelligences, whether personhood could be granted to AI , and more precisely, whether rights should be granted to the AI. 127 Of course, the theoretical exercise of Professor Solum was about highly intelligent -human-like AIs, fitting the description of Artificial General Intelligence (hereinafter "AGI"). According to AI scientists and futurists, AGI will have the ability to achieve general complex goals, like humans. Besides being the prime focus of the computer scientists in the 50s, and even described by Alan Turing before that, still the technology is very far from achieving an AGI-level or Singularity ;the development of an Artificial Superintelligence, which will surpass our limited but various human skills. Although Professor Solum does not reach a definite answer and he concludes that there are strong objections in recognizing some sort of legal personhood to super-intelligent agents, an affinity can be identified; regulators and academics can more easily visualise granting certain rights and legal to human-like AIs. 128 However, before answering whether AI can be granted some sort of personhood or legal status, the legislators should try to identify how the already existing technology affects business, the economy, and thus, the law.

AI-managed companies
In the field of company law, discussion in academia has risen regarding the possibility of an AI managing and, perhaps, owning a company.
According to the academic literature, the legal personality granted by law to a numerus clausus of organisations may provide an interface for the AI and a way to bypass the political and philosophical hardships of granting personhood to AI, and subsequently the problem of whether AI can be appointed in the boardroom . 129 Specifically, it has been proposed that in the event that the legislator decides not to take any action regarding the legal status of the AI, the possibility of a legal vacuum can be avoided by founding an organization which concomitantly will become memberlesswithout natural or legal persons as members -, allowing the AI to solely manage it. 130 This proposal is tested by examining whether certain types of organisations can allow an AI to practically control and manage the company, without the interference of the founders of the company and its subsequent shareholders. Namely, the possible existence of a memberless GmbH in Germany, a Limited Liability Partnership (hereinafter "LLP") in the UK, and a Limited Liability Company (hereinafter "LLC") in the US, has been examined, only to agree that based on the set company law requirements, these companies cannot exist indefinitely without members. 131 Furthermore, this theoretical exercise continues by examining whether the AI will be able through the legal person of the company to execute enforceable legal actions autonomously, after it has been founded by a natural or legal person .132 However, this will not be possible in the case of the GmbH. As it was mentioned in Section 3.2, a GmbH requires natural persons to act as directors. From that perspective, the board will always have to have a natural person acting as a director, regardless of whether this director will follow the decisions of the AI.
Moreover, in the UK, contrary to the requirement set out in the Companies Act 2006 regarding private and public companies, where at least one natural person needs to be appointed in the board, the more flexible LLP, due to its partnership nature, allows its members to form the LLP's governance structure based on their membership agreement. 133 Based on this agreement, which is not subject to specific publicity requirements, and the autonomy granted to the members of the LLP, the members can agree upon adopting the decisions made by the AI, as the LLP's decisions. A similar possibility can be granted by an operating agreement between the members of the LLC in the US.
Although the abovementioned examples fail to demonstrate how an AI can manage a company without human interference, they prove, first, that smaller and more flexible types of organization can tie the management of the company to the decisions made by the AI. Secondly, that the will and contractual freedom of the shareholders or the members of the organisation may be the way of bypassing the requirement set in company law that requires the directors to be appointed to be natural persons, either as members or representatives of a legal person. For instance, as the AI technology advances, and concomitantly, as its use in the decision-making process increases, in theory, the shareholders could either include in the articles of association or in a shareholders' agreement an obligation for the directors to deploy and follow the decisions made by the AI. 134 Notwithstanding, although the academics examining the abovementioned possibility they are doing so with the goal of granting some sort of legal status, or at least, a sense of legality to the autonomous actions of the AI, it is of greater importance to see whether autonomous actions of the AI can be enforceable.
For this question, the following scenario can be considered. A company has given a certain fund to the AI to manage and decide its distribution. The AI, after analysing the market trends and consumer preferences, decides upon the next R&D project of 131 Supra note 15, p. 122. 132 Supra note 127, 112, where Bayern calls this arbitrary legal status given indirectly to the AI as a "defacto private-law personhood". 133 Limited Liability Partnerships Act, c. 12, § 5(1) and supra note 11, p. 13. 134 For instance, in Germany and Italy, the shareholders can deviate from the articles of association in the shareholders' agreement, but they cannot deviate from mandatory provisions or provisions of public policy. Similarly, in the Netherlands when it comes to the standard requirements of the bylaws set by company law. In the UK more freedom is granted, allowing the shareholders to dictate the way that the director, exercising his duty for independent judgment, makes decisions. Similarly, in the US, with the limitation of not alleviating a director from his duties. For a comparative analysis, see IBA Guide on Shareholders' Agreements, available at: https://www.ibanet.org/LPD/Corporate_Law_Section/ Clsly_Held_Growing_Busi_Entprs/shareholderagreements.aspx. the company. Subsequently, the AI selects the best supplier for the material needed, hence, creating and executing contracts by releasing and distributing funds of the company.
Based on the abovementioned simplified example, the AI acts as a tool, especially delegated by the company to fulfill certain tasks that, for convenience, are automatically executed. However, whether this contract is legally binding for the company and the supplier should be examined.
According to Article 12, in conjunction with Article 8, of the United Nations Convention on the Use of Electronic Communications in International Contracts, 135 a contract concluded after the interaction of an automated system and a natural person or between automated systems, without human intervention, 136 is a valid and enforceable, based on the functional equivalent approach. 137 Moreover, any actions and contracts concluded automatically by electronic means are attributed to the person who programmed and initiated them, 138 since the computer system is merely a tool. 139 The above laws, in fact, they refer to automatic transactions and not to autonomous ones, performed by an AI. However, as a rule of thumb, the same reasoning can be followed when AI is used by a natural or legal person to enter in and perform valid and enforceable contracts that will legally bind its user. Notwithstanding, for the already existing laws to apply to AI-transactions, a broader understanding of the term of electronic agent or information systems might be needed. 140 In conclusion, the potential recognition of the enforceability of autonomous actions, and whether they fit in the current regulatory framework regarding autonomous transactions, should be considered by the legislator, along with the possibility of some limited form of legal agency being attributed to AI. 141 As the human-machine synergy is expected to increase in the future, the regulator should take a position to avoid scenarios where the technology will be used for companies and individuals to abuse or circumvent the law and its accountability mechanisms. Nonetheless, the above proposed approach might not be fitting in the future for cetain types of AI, whose actions cannot be traced back to a human individual. However, such intelligent machines do not yet exist.

Conclusion
AI, in the years to come, will become an essential part of the managerial and strategic judgments made by the board of directors, since it will provide the board with a fuller, timely and more objective insight.
However, the current legal standards and liability mechanisms available in the field of company and securities law, and corporate governance were drafted with human decisions in mind, making them, at first, estrange to an enhanced decisionmaking process facilitated by AI. Moreover, these accountability regimes are even less suitable when unfair or false decisions are made by the AI, and they are concomitantly followed by the board.
Corporate governance is a suitable instrument for an ex ante regulation of smart companies; companies that have augmented their board's decision-making process by using AI. By adapting the transparency principle, running throughout the corporate governance system, this will ensure that the companies deploying AI have efficiently informed the public about the use of the technology and the goals of the AI, while protecting the source code, security and compliance with the current regulatory framework can be ensured. At the same time, from a techno-regulation perspective, fundamental legal principles, such as the protection of data privacy, along with the relevant commercial law provisions, should be embedded in the algorithms original code. In that way, also the means by which the AI will achieve its set goals will be specific, limited, and lawful, and on the other hand, phenomena where the abilities of machine learning are used by a company to bypass the set laws can be avoided.
However, the main problem that legislators will face in regulating smart companies is to find a suitable mechanism to align the current company law with the use of AI, in an acceptable manner for all the stakeholders, while not diminishing the advantages of AI nor hindering innovation. For that purpose, a profound understanding, by the regulators, of the technology, its capabilities, limits and inherent problems should be ensured. In other words, acknowledging the possibilities provided by the use of AI in the decision-making process of the board of directors, as well as, the issues that can arise in the field of company and securities law, the legislator should try to enable and support the innovation arriving in this field by embracing a more dynamic regulatory framework, while taking into account the interests of the different stakeholders.
In this regard, the already existing laws and regulations should be examined to test if and how they can entail AI-facilitated decisions. This approach can silence the concerns of those fearing a strict and obsolete regulatory intervention regarding AI while bringing legal certainty. Additionally, a principles-based approach is rather suitable for when AI is being used in the boardroom, since the principles and standards of company and securities law, and corporate governance are embedded in the heart of modern Commercial Law.