Legal advisers are flagging three immediate AI risks for colleges: data‑privacy and third‑party vendor exposure; discrimination and bias in algorithmic decision‑making; and rapidly shifting policy and contractual liabilities. The analysis urges institutions to audit data flows tied to AI vendors, update vendor contracts for access control and liability, and review admissions, hiring and student‑conduct policies that increasingly incorporate automated reviews or predictive analytics. Experts recommend trustees demand a cross‑functional AI governance framework that includes legal, privacy, IT security, and academic leaders. That framework should map high‑risk uses (e.g., student evaluation, predictive analytics for admissions or retention), require impact assessments, and set escalation protocols for regulatory or enforcement actions.