Risk and Litigation

Whitepaper - Law: AI Risk and Litigation

The rapid integration of artificial intelligence (AI) into business operations has transformed industries, from healthcare and finance to manufacturing and retail. However, this advancement brings significant legal risks and litigation challenges. Businesses have to  navigate a complex landscape of evolving regulations, potential liabilities, and disputes arising from AI's use. The Institute for Responsible AI emphasizes the need for governance frameworks that prioritize fairness, transparency, and accountability to mitigate these risks, particularly in areas like intellectual property (IP), product liability, and societal impacts. This whitepaper explores current topics and areas of law where AI intersects with business, highlighting key risks and strategies for compliance.

Intellectual Property Risks

AI technologies, especially generative AI models, raise critical IP concerns. Businesses using AI to create content, such as images, text, or code, face risks of infringing copyrights, patents, or trade secrets. Training AI on vast datasets often involves scraping protected materials without permission, leading to claims that AI outputs violate existing rights. For instance, companies may inadvertently produce works that are substantially similar to copyrighted materials, exposing them to infringement lawsuits.

Patents present another challenge: AI-generated inventions may not qualify for protection if courts determine that only humans can be inventors. Trade secret risks arise when AI systems expose confidential information during deployment or through data leaks. To manage these, businesses should conduct IP audits of AI training data, secure licenses for datasets, and implement clear policies on AI-generated content ownership.

Privacy and Data Protection

AI relies on large volumes of personal data for training and operation, amplifying privacy risks under laws like the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the US. Businesses face litigation if AI systems process data without consent, leading to breaches or unauthorized surveillance. Facial recognition AI, for example, has triggered lawsuits over biometric data collection without proper disclosure.

Emerging trends include risks from AI-driven profiling, where algorithms infer sensitive information like emotions or health status, potentially violating privacy rights. Companies need to adopt privacy-by-design principles, perform data impact assessments, and ensure transparency in AI data usage to avoid fines and class actions.

Liability and Tort Claims

AI systems can cause harm through errors, malfunctions, or unintended outcomes, leading to product liability or negligence claims. If an AI tool in autonomous vehicles or medical diagnostics fails, businesses may be held accountable under tort law for foreseeable risks. The opacity of AI "black boxes" complicates proving fault, as it is hard to trace decision-making processes.

In 2026, litigation is expected to rise around AI vendor contracts, where unclear terms on liability allocation expose companies to disputes. Businesses should negotiate indemnity clauses in AI contracts, maintain detailed documentation of AI development, and consider insurance tailored to AI risks.

Bias and Discrimination

AI algorithms can perpetuate biases from training data, resulting in discriminatory outcomes in hiring, lending, or criminal justice. This exposes businesses to claims under anti-discrimination laws like Title VII in the US or equivalent EU directives. For example, AI in recruitment may favor certain demographics, leading to class action lawsuits.

Regulatory scrutiny is increasing, with enforcement actions targeting opaque AI decisions. Companies need to audit algorithms for bias, use diverse datasets, and implement human oversight to reduce risks.

Regulatory Compliance

Global regulations are tightening to address AI risks. The EU AI Act, effective in stages through 2026, classifies AI by risk levels: prohibited (e.g., social scoring), high-risk (requiring assessments), and minimal-risk (with transparency rules). Non-compliance can result in fines up to 6% of global turnover. US businesses operating in the EU must comply, even if based outside.

In the US, there is no comprehensive federal AI law, but executive orders and state regulations (e.g., Colorado's AI Act) focus on high-risk uses like consumer protection. Trends in 2026 include increased enforcement on AI transparency and bias. Businesses should map AI systems to regulatory categories, conduct conformity assessments, and engage legal counsel for cross-border compliance.

Antitrust and Competition

AI can enable anti-competitive practices, such as algorithmic price-fixing or market dominance through data monopolies. Regulators are examining how AI mergers concentrate power, as seen in FTC reviews of tech acquisitions. Litigation may arise if AI tools facilitate collusion among competitors.

Businesses should review AI pricing models for compliance with antitrust laws and monitor data-sharing practices.

DISCUSSION OF RELEVANT CASE LAW

This sub-section reviews key court cases illustrating AI-related legal risks. These precedents shape business strategies and highlight the need for proactive risk management.

· Andersen v. Stability AI Ltd., No. 3:23-cv-00201 (N.D. Cal. 2023, ongoing as of 2026): Visual artists sued Stability AI, alleging copyright infringement through the use of their works to train AI image generators without permission. The case explores fair use defenses and the legality of training data scraping, influencing how businesses handle AI model development.

· The New York Times Company v. Microsoft Corp. and OpenAI, Inc., No. 1:23-cv-11195 (S.D.N.Y. 2023, ongoing): The Times alleged that OpenAI's models infringed copyrights by reproducing articles verbatim. This case addresses AI's memorization of training data and potential liability for outputs, prompting businesses to evaluate data sources.

· Thaler v. Vidal, 43 F.4th 1207 (Fed. Cir. 2022, cert. denied 2023): The court ruled that AI cannot be listed as an inventor on patents, as inventorship requires human contribution. This impacts businesses patenting AI innovations, requiring clear documentation of human roles.

· In re Clearview AI, Inc. Consumer Privacy Litigation, No. 1:21-cv-00135 (N.D. Ill. 2021, settled 2024): Clearview faced class actions for scraping facial images without consent, violating biometric privacy laws like Illinois' BIPA. The settlement highlights risks in AI data collection, urging businesses to secure consents.

· FTC v. Rite Aid Corporation (FTC enforcement action, 2023): The FTC banned Rite Aid from using facial recognition AI for five years due to bias causing false matches and discrimination. This case underscores regulatory risks for biased AI in retail, emphasizing the need for fairness testing.

· Tremblay v. OpenAI, Inc., No. 4:23-cv-03223 (N.D. Cal. 2023, ongoing): Authors claimed OpenAI's ChatGPT infringed copyrights by training on their books. The court's partial dismissal clarified limits on fair use, guiding businesses on AI content generation.

These cases demonstrate that AI litigation often centers on IP, privacy, and bias, with courts increasingly demanding transparency. Businesses aligned with the Institute for Responsible AI's principles might be able to reduce exposure by prioritizing Responsible AI practices.