Skip to main content
June 06, 2025 פרסום בתקשורת

Unpacking Legal Exposure in AI

Related Professionals
Andrew (A.J.) Tibbetts
Capabilities
Intellectual Property & Technology Innovation & Artificial Intelligence Venture Capital & Emerging Technology
Offices
Boston

Unpacking Legal Exposure in AI

Interest in artificial intelligence surged in 2022 and continues to grow, with new tools being developed and deployed by law firms and clients to streamline operations, enhance productivity, and create new products and services. Like all tools, AI systems bring benefits and risks; appreciating these risks is crucial to prevent them from becoming realities. Risks vary widely across domains and use cases, requiring tailored evaluations and policies for each company or department. A broad survey of AI risks can help lawyers effectively identify and mitigate hazards.

One overlooked non-legal hazard is the often fundamental misalignment between what users believe AI can do and what it can reliably achieve. These perception gaps frequently underlie regulation or litigation. Even experienced users sometimes misapply AI technologies, creating liability. For example, years ago, radiologists double-checking AI-assisted diagnostic tools were found deferring to the AI’s plausible but incorrect output, too often second-guessing their own correct judgment. Human-in-the-loop systems cannot prevent harm when user trust in AI is miscalibrated. Similarly, users must understand where an AI tool is designed to function well and where it will not. One study found that a health AI tool that excelled with adult populations performed poorly with pediatric populations. Misuse of tools outside design limits can create risks for users, patients, and vendors. In addition to assessing whether an AI tool complies with specific regulations or other risks addressed below, lawyers should question whether users genuinely understand the system’s intended capabilities and boundaries, and whether they are or will be operating outside those limits.

These fundamental misunderstandings set the stage for more specific risk categories, particularly in the regulatory landscape. Many, when considering regulations and statutes governing AI, think first of the recent wave of new state, federal, and international laws specifically addressing AI. Companies deploying AI should understand the “high risk” AI definitions across jurisdictions and how they can avoid that regulatory category or what they must do if operating within it. Laws may impose requirements for human oversight, transparency and disclosure, impact and bias assessments, technical documentation, and regular auditing—with substantial penalties for non-compliance. Specific regulations now target areas like large language models, foreign use of AI, and export controls. Model developers and hardware vendors face a rapidly shifting compliance landscape requiring regular reassessment.

While these AI-specific laws and regulations merit careful attention, a comprehensive risk assessment must also consider traditional legal frameworks that apply to products, including those incorporating AI. For example, a technology company faced litigation alleging its automated resume review system caused discrimination, with the judge ruling (with EEOC support) that dismissal was inappropriate because the company assumed responsibilities traditionally held by employers. The case continues. Another case involved defamation claims tied to output from an AI tool that incorrectly associated a real person’s name with illegal activity. The case is AI-related, but the suit centered on traditional defamation principles. Traditional legal concepts like implied warranties of merchantability or fitness for particular purposes remain relevant to AI-driven systems (including those that leverage AI models obtained from others). Questions about whether AI-generated works can be copyrighted, whether AI-assisted inventions qualify for patent protection, and whether training data usage constitutes fair use are all being tested in courts based on pre-AI intellectual property principles. Comprehensive privacy laws such as CCPA and GDPR also apply with respect to AI technologies, with transparency, data minimization, data subject rights, and breach notification, obligations being of note.

New AI statutes have emerged at the state level, federal agencies have focused on establishing rules and enforcement priorities around safety and accuracy (including across user populations, through bias mitigation), transparency and disclosure, security of information, and human involvement in key decision-making (including through ensuring human understanding of AI suggestions). Written regulation was coupled with regulation-by-litigation, where violations of common trade principles were met with enforcement actions. “AI washing,” where companies inflate claims about AI usage or performance, has also been a target. However, 2025 saw federal AI regulation rolled back, leaving uncertainties about future approaches. Given similarities between AI regulation between the first Trump administration and the Biden administration, new regulation may be substantively similar to prior regulation, but that remains to be seen. Issues of bias, discrimination, and equity fundamentally relate to questions of product accuracy and proper functioning. Risk may be mitigated even if future regulation focuses more on “accuracy” than on “bias.” Ethical guidelines, though subjective, can help forecast regulatory priorities. The regulatory uncertainty may now be coupled with uncertainty over the future of state action: As of this writing, the domestic policy bill being debated in Congress includes a proposed 10-year moratorium on state AI regulation.

This uncertainty reinforces the importance of contractual provisions as a lawyer’s customary risk-management tool, while also raising the importance of careful review of vendor contracts to determine attendant risks. Given regulatory uncertainty in some jurisdictions coupled with strict compliance responsibilities in others (particularly in connection with “high risk” uses), contracts should carefully delineate responsibility for ensuring ongoing regulatory compliance. Any usage restrictions on how models can be used, modified, or retrained, including surrounding high risk uses, should be detailed. Of course, liability allocation between vendors, users, and potentially affected third parties must be precisely defined. Data rights provisions can clarify ownership of input data, output data, and insights derived from the system, and contract reviewers may want to verify that appropriate licenses exist for all data used in training or system operation, and that confidentiality protections prevent sensitive information from being incorporated into models or revealed in outputs. Where personal information is included, appropriate data protection terms should also be included.

As AI integrates into business operations across sectors, lawyers who can guide clients through this risk landscape will provide invaluable counsel, combining an understanding of the technology’s capabilities and limitations with knowledge of both emerging AI-specific regulations and traditional legal frameworks that apply to AI implementations in new ways.

LINKS 

Read “Unpacking Legal Exposure in AI,” authored by Andrew (A.J.) Tibbetts for Lawyers Weekly. (subscription) 

You May Also Be Interested In:
27 October 2026 - 29 October 2026 Event
19th Annual International IP Crime Conference
Bangkok, Thailand
October 21, 2026 - October 23, 2026 Event
2026 ChIPs Global Summit
Los Angeles, United States
October 14, 2026 Event
Advanced Internet of Things 2026: Deeper Dive, Practical Wisdom
San Francisco, United States