This week taking a more global look at corporate governance and its implications for boards and management. I am looking at stories from the US, Brussels, Tokyo and more.

1. US – Political and regulatory heat on proxy advisors & ESG

Story 1 – White House executive order targeting proxy advisors

Region: US

Topic(s): Regulatory/Legal; Activism & Capital Markets; ESG

What happened: President Trump issued an executive order directing the SEC, the FTC, and the Department of Labor to scrutinize proxy advisors (notably ISS and Glass Lewis) for alleged “politically motivated” use of ESG and DEI factors, and to review rules and antitrust issues around their influence on shareholder voting.

Why it matters:

·      Raises the stakes around how boards respond to ESG- and DEI-related proposals—both management and shareholder-sponsored.

·      It may reshape how investors get voting guidance and increase scrutiny of how boards communicate rationales for ESG strategies.

·      Expect more political polarization around ESG-related disclosures, particularly for US-listed companies with global investors.

Link: Reuters,

Story 2 – Cyber protections in US defense bill

Region: US

Topic(s): Cybersecurity; Regulatory/Legal; Geopolitics & Supply Chain

What happened: The FY2026 US defense authorization bill includes an extensive cyber package, with new mandates and programs to strengthen cybersecurity for critical infrastructure and improve information sharing; it should pass Congress shortly.

Why it matters:

·      The passage indicates continued escalation of cyber as a national‑security and board-level issue, not just an IT problem.

·      The results will likely cascade into tougher expectations for incident reporting, resilience testing, and board oversight of cyber risk — even in non-defense sectors.

What boards should do now:

·      Confirm which parts of your business are in scope of critical‑infrastructure or defense‑adjacent rules.

·      Ensure a board or committee formally owns cyber oversight and receives regular threat briefings.

Link: Akin - a Global Law Firm

Story 3 – Shareholder activism and executive pay pressure

Region: US / Global

Topic(s): Succession & Compensation; Activism & Capital Markets; Culture & Conduct

What happened:

·      The Conference Board and other analyses show activism campaigns in US markets surged to record levels in 2024 and remain elevated, with >300 campaigns in 2025.

·      Large investors such as Norway’s Norges Bank voted against pay packages at Microsoft and previously Tesla, signaling a systematic pushback on outsized or weakly‑aligned executive compensation, even when overall shareholder support is high.

Why it matters:

·      Pay design is under scrutiny —especially around performance linkage, dilution, and windfalls.

·      Activists are increasingly targeting human capital, diversity, and culture themes, not only capital allocation.

Link: The Conference Board + The Times of India

2. EU/UK – Sustainability rollback, cyber liability & tougher internal controls

Story 4 – EU significantly scales back CSRD & CSDDD scope

Region: EU

Topic(s): ESG; Regulatory/Legal; Geopolitics & Supply Chain

What happened: EU legislators reached a deal to “simplify” the Corporate Sustainability Reporting Directive (CSRD) and Corporate Sustainability Due Diligence Directive (CSDDD). Thresholds for coverage are raised so that only “very large” companies (e.g., >1,000 staff and €450m turnover for CSRD and >5,000 staff and €1.5bn for CSDDD) are in scope, removing a large majority of companies from coverage and dropping mandatory climate‑transition plan requirements.

Why it matters:

·      Large EU and non-EU multinationals remain heavily impacted, but mid-caps may temporarily fall outside mandatory reporting - at least at the EU level.

·      Investors warn that weaker mandatory disclosure makes it harder to identify genuine low-carbon and human‑rights leaders, pushing the verification burden back onto voluntary frameworks and investor due diligence.

This does not mean smaller companies are off the hook;  global supply chains will still feel pressure, as large in-scope firms push ESG expectations down to suppliers.

Link: National Law Review

Story 5 – Germany’s NIS2 implementation makes cyber a board‑liability issue

Region: EU (Germany focus)

Topic(s): Cybersecurity; Regulatory/Legal; Audit & Controls

What happened: Germany’s new BSI Act implementing the EU NIS2 Directive took effect, expanding cyber rules to tens of thousands of “essential” and “important” entities and explicitly linking management‑body responsibilities to cyber preparedness, with supervision and sanctions grounded in the law.

Why it matters:

·      Directors face an ever-expanding scope with more explicit duties to oversee cybersecurity and can be held liable for failures.

·      Boards must ensure cyber risk is integrated into enterprise risk management, incident response, and board education—not treated as a silo.

Link: Greenberg Traurig

Story 6 – UK Corporate Governance Code: internal controls and board accountability

Region: UK

Topic(s): Audit & Controls; Board Composition & Governance; Culture & Conduct

What happened: Updates to the UK Corporate Governance Code (including Provision 29) and related guidance will require boards of premium‑listed companies to attest to the effectiveness of internal controls, with increased expectations for direct access between internal audit and the board and more robust risk management oversight, effective for financial years ending from late 2026.

Why it matters:

·      This moves the UK closer to a “Sarbanes‑Oxley‑lite” regime—personal and reputational risk for directors if internal controls are weak.

·      Internal audit’s independence and access will be more central; audit committees will need more technical expertise and time.

Link: BDO

3. Asia – Stewardship codes and AI/tech governance

Story 7 – Japan revises stewardship code and sharpens governance expectations

Region: Asia (Japan)

Topic(s): Board Composition & Governance; Activism & Capital Markets; ESG

What happened: Japan’s Financial Services Agency revised the Stewardship Code in 2025 to enhance collaborative engagement, transparency on beneficial ownership, and effective investor‑company dialogue. These reforms, together with governance changes, are driving a major M&A rebound in Japan and a more activist investor stance.

Why it matters for boards:

·      Boards at Japanese and Japan exposed companies should expect more engagement on capital efficiency, cross‑shareholdings, and strategy.

·      International investors will increasingly benchmark governance practices against the revised code and expect concrete evidence of responsiveness.

Link: ACGA Asia

Story 8 – Global AI regulatory tightening, with growing coverage in Asian markets

Region: Global (incl. EU/US/Asia)

Topic(s): AI/Tech Governance; Regulatory/Legal; Cybersecurity

What happened: A recent global AI regulatory update summarizes rapid developments across major markets, including EU AI Act implementation steps, US federal and sectoral guidance, and emerging frameworks or consultations in multiple Asian jurisdictions. Boards are urged to align AI governance, risk assessment, and disclosures with this shifting landscape.

Why it matters:

·      AI is now formally showing up in risk‑oversight disclosures for nearly half of large public companies, triple last year in some analyses.

·      Boards must treat AI strategy, ethics, and resilience as a standing agenda item, not an innovation side‑project.

Link: Eversheds Sutherland + Harvard Law Forum

4. Africa – Continental principles

Story 9 – African Principles and Guidelines on Corporate Governance launched

Region: Africa (pan‑African)

Topic(s): ESG; Board Composition & Governance; Culture & Conduct

What happened: The African Union and partners released the African Principles and Guidelines on Corporate Governance, a continent-wide framework designed to align governance practices with sustainable development, accountability, and transparency goals across both public and private entities.

Why it matters:

·      Signals that African regulators and policymakers are converging on higher governance standards, including expectations around stakeholder engagement and responsible business.

·      Multinationals operating in Africa should anticipate alignment or referencing of these principles in national reforms, especially in state-owned and regulated sectors.

Link: African Peer Review Mechanism (APRM)

5. Cross-border: Executive incentives and deal-driven pay

Story 11 – Anglo American drops merger-linked bonus plan after investor backlash

Region: EU/UK (global investors)

Topic(s): Succession & Compensation; Activism & Capital Markets; Culture & Conduct

What happened: Anglo American abandoned a multimillion-pound bonus scheme for top executives tied to completing its proposed $50bn merger with Teck Resources, following sharp opposition from major shareholders and proxy advisers, who argued that guaranteed payouts for transaction completion broke with performance-based norms.

Why it matters:

·      Highlights growing investor resistance to one-off “deal bonuses” that may misalign pay and performance or be seen as rewarding size over value.

·      Boards globally can expect closer scrutiny of how they incentivize management around strategic transactions, restructurings, and “transformational” deals.

Link: The Guardian

B. Bigger Governance Trends Emerging This Week

1. Regulatory retrenchment vs. resilience in ESG – The EU’s move to narrow CSRD/CSDDD contrasts with continued investor demand for robust sustainability data and with codes like King V that deepen ESG integration. Expect a voluntary + investor-driven ESG regime layered on top of lighter regulation. Reuters

2. Cyber and AI as core board fiduciary issues – Germany’s NIS2 implementation, US cyber provisions in defense legislation, and global AI rulemaking all converge on one message: boards must be visibly in charge of digital risk and AI ethics, not just informed by management. Greenberg Traurig

3. Activism is more structured and more personal – Campaign volume remains historically high, with pay, capital allocation, strategy, and sometimes leadership diversity firmly in the crosshairs. Investors are consistently objecting to compensation they see as poorly structured, even at high-performing companies. The Conference Board

4. Internal controls and assurance are moving center stage – The UK’s evolving internal controls regime, Germany’s cyber‑control focus, and global moves toward mandatory assurance on sustainability data are all pushing boards towards a more hands-on oversight role for controls across financial, cyber, and ESG domains. BDO

 SME Leadership Recap – Practical Implications

Even where the laws technically hit only large caps, SMEs sit well in the blast radius through supply chains, financing, and customer expectations.

1. ESG and reporting (EU & Africa)

You are not off the hook, while you may be out of the scope of CSRD/CSDDD, your large customers and lenders aren’t, so these requirements impact you, too. Expect:

·       More ESG questionnaires and contract clauses on climate, human rights, and supply‑chain due diligence.

·       Requests for basic emissions, workforce, and ethics metrics, plus remediation plans.

Actions to get ahead:

• Map your top 10 customers and identify which ESG regimes they are likely to be subject to.

• Create a one-page ESG fact sheet (headline policies, metrics, and key initiatives).

• Identify 3–5 high-risk suppliers and implement simple due‑diligence questions and contractual expectations. (NOTE: monitor for M&A activity to ensure the subsequent entity remains aligned with expectations).

2. Cybersecurity (US, EU/UK, Asia)

• NIS2 and US cyber legislation will push cyber requirements onto SMEs providing essential services or critical‑infrastructure components, most likely by updated contract requirements.

• Customers will increasingly demand evidence of basic controls: MFA, patching, backups, an incident response plan, and possibly third-party assessments.

Actions now:

• Appoint a named executive owner for cyber (even if part-time).

• Maintain a short incident playbook and test it once per year.

• Implement a tabletop exercise to build and flex response muscle within the organization.

• Ensure supplier/IT contracts include security expectations and data‑breach notification duties.

3. AI/Tech governance

• Smaller firms are adopting AI tools. As AI rules mature, customers and regulators will ask how you govern AI use, especially for sensitive data or automated decisions.

• Expect questionnaires about training data, bias controls, data protection, and human-in-the-loop review.

Actions now:

• Create a simple AI use policy (where you will/won’t use AI, data restrictions, review checkpoints).

• Keep an inventory of AI tools and use cases across the business.

• Create a template of responses to expected AI usage questionnaires to make answering them easier and more consistent.

4. Executive pay and incentives

• SME boards and founders are not immune to investor scrutiny; PE, VC, and family councils increasingly benchmark pay against governance norms.

• Tie variable pay to a mix of financial, strategic, and culture/ESG metrics, not just revenue.

How Dr. LouAnn Conner Can Help

Dr. LouAnn Conner can support boards, SMEs, and investors in turning these weekly signals into a practical governance advantage by:

• Board & committee education: Tailored briefings and workshops on AI governance, cyber oversight, ESG regulation (US, EU/UK, Asia, Africa), shareholder activism, and evolving codes such as King V, UK Code changes, and Japanese stewardship reforms.

• Governance diagnostics: Rapid reviews of board charters, committee mandates, risk frameworks, and internal‑control structures to identify gaps against emerging expectations in each region.

• Strategy‑linked ESG and AI roadmaps: Helping leadership teams connect sustainability, AI, and cyber initiatives to enterprise strategy and capital allocation, rather than treating them as compliance exercises.

• Compensation and incentives alignment: Working with boards, founders, and investors to align executive pay, deal incentives, and long‑term value creation with governance best practices and stakeholder expectations.

• Ownership‑type specific programs:

  • For VC portfolio companies – scalable governance playbooks that don’t slow growth.

  • For PE‑backed operators – governance and risk frameworks embedded into value‑creation and exit planning.

  • For family‑owned enterprises – succession, family governance, and board‑professionalization support that respects legacy and values.