All new technologies carry risk when introduced on an enterprise level, and artificial intelligence (AI) is no exception.
Directors and officers may find themselves in the crosshairs should negative repercussions arise from the use of such tools. To be prepared for the potential regulatory scrutiny or claims activity that comes with the introduction of a new technology, it is imperative that boards carefully consider the introduction of AI, and ensure sufficient risk mitigation measures are in place.
AI benefits and challenges
Across every sector, AI tools are redefining businesses’ ways of working by streamlining processes and increasing productivity. This technology has promised to facilitate enhanced customer services and is responsible for the creation of new products and employment opportunities.
But despite its many potential benefits, AI also brings new challenges for businesses, and risks to be managed. Although threats will vary from sector to sector and depend on where the tools are being deployed, they can include risks such as harm to a businesses’ customers, or financial losses incurred directly by a business itself.
Customers can be impacted by incorrect advice, biases arising out of AI training, and privacy exposures – reducing trust and accountability. While businesses can be directly impacted by operational failures, mis-selling, system errors, or poor decision making.
Disclosing AI use
Companies’ disclosure of their AI usage is another potential source of exposure. Amid surging investor interest in AI, companies and their boards may be tempted to overstate the extent of their AI capabilities and investments. This practice, known as ‘AI washing’, has led to a number of securities class action lawsuits in the US, arguing that investors have been misled. There has also been enforcement actions taken by the Securities Exchange Commission (SEC).
Just as disclosures may overstate AI capabilities, allegations companies have understated their exposure to AI-related risks have also been brought, with a derivative suit against DoubleVerify’s executives a key example. Claims are not limited to a business’ own use of AI, and can stem from competitors, suppliers, customers, and bad actors’ use of the technology.
Cybersecurity risks or flawed algorithms leading to reputational impact, competitive harm, or legal liability are all potential consequences of poorly implemented AI. Furthermore, exposure to use of AI “deepfake” technology by third parties is increasingly resulting in theft of companies’ money.
Growing regulatory activity, such as the EU AI Act, approved by European Parliament in 2024, is pushing for transparency and is amplifying the scrutiny of businesses’ AI use.
An emerging risk for directors and officers
Ultimately, responsibility for AI implementation rests with the Board. While operational ownership may sit with management, there is increasing scrutiny on whether directors themselves understand the risks and oversee the controls in place, rather than relying solely on technical roles, such as a CISO.
Demonstrating Board level ownership and understanding will be critical in reassuring D&O insurers that AI-related risks are being actively managed. Allegations of poor AI governance procedures or claims for AI technology failure, as well as misrepresentation, may be alleged against directors in the form of a breach of the directors’ duties. Such claims could damage a company’s reputation and result in a derivative claim.
Key AI risks for directors and officers include:
Non-disclosure claims – un- or under-disclosed use of AI or inadequate disclosure of its risks.
Negligence claims – including allegations of discrimination, bias, invasion of privacy, and redress for employees, customers, or other third parties who have suffered damage as a result of AI failure.
Product liability/breach of contract claims – including failure to ensure that an AI product that caused harm was free from defects.
Misrepresentation claims – if AI is used to generate reports, such as financial disclosures, directors may be held personally liable for misrepresentations or inaccuracies.
Competition claims – if AI is used to recommend transactions in price sensitive securities, or to set the price of goods or services sold by a business, Boards must make sure that the AI is not relying upon inside information, or causing the company to coordinate its prices with competitors in an anticompetitive manner.
Insurance risk – if a business suffers loss due to an AI failure, and it does not have adequate insurance, can directors be criticized by stakeholders for failing to arrange adequate insurance coverage?
Board-level considerations for AI
A vast majority of companies have already introduced AI into their operations, and directors may lean on AI to help form their decisions. Presently, corporate law generally requires that directors remain natural persons who retain responsibility for decisions taken in the company’s name. Therefore, delegation to an AI system potentially increases liability, rather than removing it. Ultimately, the obligation to supervise and exercise judgment remains with the Board.
However, despite its challenges, AI can be a manageable risk. An organization must set up best practices and keep governance, compliance protocols, and legal frameworks up to date as AI technology evolves.
Likely considerations for directors and officers include:
What is the decision-making process for adopting new technologies?
What is the right amount of capital investment to make in AI, recognizing that such investments are costly?
How will the company track use of AI and any resultant cost efficiencies?
How are customer attitudes towards AI and automation evolving?
To what extent are competitors adapting and deploying AI?
Are adequate cybersecurity measures in place to protect against AI-related vulnerabilities?
Are transparent procedures in place to respond to AI issues and mistakes?
Have staff been appropriately trained to use and manage AI, and are they equipped with the necessary resources to do so effectively?
Have external statements relating to AI use and associated risks been tested to confirm they reflect the true position?
Has appropriate insurance cover been purchased to protect against AI-related losses?
Boards, in consultation with in-house and outside counsel, may consider setting up an AI ethics committee to consult on the implementation and management of AI tools. This committee may also be able to help monitor emerging policies and legislation in respect of AI. If a business doesn’t have the internal expertise to develop, use, and maintain AI, this may be actioned via a third-party. An AI ethics committee may also be able to address the management processes for AI bias, intellectual property, cyber risks, and data privacy.
How do underwriters assess AI-related risk?
D&O underwriters are actively monitoring AI adoption across all industries as they increasingly perceive it as an emerging and rapidly evolving area of risk – paying close attention to how companies deploy and oversee AI within their operations. As disclosures (or the lack thereof) often form the basis of securities fraud allegations, boards should expect AI-related governance and disclosure to be within the scope of D&O underwriting discussions.
Are exclusions on the horizon?
Speculation has grown in recent years that insurers will move to specifically exclude AI-related risks. However, currently, there are no signs that either the UK or the broader market intends to restrict cover or adopt AI-specific exclusions.
For the near future, it is expected that current D&O wordings will continue to respond to AI-related claims. Presently, D&O underwriters are certainly cognizant of AI risk, but the focus primarily remains on governance: how well boards understand, oversee, control, and disclose their organization’s use of AI and exposure to external risk-factors.
Best practice: addressing risks now
It is imperative that directors treat AI as they would any other emerging enterprise risk. Directors should assess the introduction of AI within their business, oversee its implementation, take advice where appropriate from experts, and ensure transparent disclosure at all times.
Where organizations fail to adequately recognize and address the associated issues, AI becomes a material risk, and this is where the Board’s exposure to litigation stems from.
For further advice on how Lockton can help your business secure appropriate D&O insurance, visit our Management Liability (opens a new window) page.
