Corporate Boards Face Mounting Litigation and Insurance Risks Over AI

Artificial intelligence is moving deeper into everyday corporate operations and investor messaging, bringing a massive governance headache for corporate directors and officers. According to Lawrence Fine, the management liability coverage leader at WTW, companies are currently running into a highly familiar pattern of regulatory risk and litigation—but it is wrapped around an entirely unfamiliar, fast-moving technology.

The core exposures tied to AI closely resemble earlier waves of securities and corporate governance litigation. What makes the current environment significantly more difficult for corporate boards is the sheer speed of AI adoption, a heavily fragmented regulatory landscape, and the uncomfortable reality that many directors still lack a detailed understanding of how these systems actually function.

The Litigation Landscape and “AI Washing”

Directors and officers remain exposed to the traditional mix of securities class actions, derivative litigation, and regulatory investigations. AI has simply created a new pathway for these established claims. If a company suffers a business loss, a regulatory fine, or a stock drop tied to an AI misstep, the resulting shareholder lawsuits will follow the exact same playbook used in the non-AI world.

Right now, the bulk of this early litigation centers on “AI washing,” a practice where companies either overstate their technical capabilities or artificially exaggerate the role AI plays in their daily operations. Lawsuits are also increasingly targeting executives for failing to adequately disclose the risks associated with adopting—or failing to adopt—new AI tools. A recent analysis published by Willis titled “More Buzz Than Sting” reviewed these emerging securities class actions and found they are progressing through the courts in a highly conventional manner.

The real danger on the horizon is operational failure. Fine noted that large-scale claims arising from actual malfunctions, AI hallucinations, or severe underperformance have not fully hit the courts yet, but they are inevitable as organizations become heavily dependent on automated systems. When those failures lead to physical harm, massive financial losses, or major compliance breaches, corporate defendants will face a severe “black box” problem: directors and officers will be forced to explain what went wrong with a technology they fundamentally do not understand.

Emerging Gaps in Insurance Coverage

Despite the rising risks, insurers have not successfully pushed broad AI exclusions into the Directors and Officers (D&O) market. While some carriers briefly considered introducing broad exclusions for private company D&O coverage, the market largely backed away. On the public company side, there is almost no appetite for AI-specific exclusions because D&O coverage is heavily tied to securities litigation, and policyholders would immediately demand carve-backs to preserve that core protection.

The most critical coverage gap emerging right now is regulatory fines and penalties. Standard D&O policies generally do not cover these costs, which is a massive concern for multinational companies navigating stringent new frameworks like the EU AI Act.

Cyber insurance is facing an even more complex evolution. Many existing cyber policies are triggered strictly by security breaches or improper data collection. If a regulatory dispute or lawsuit arises simply from how a company is using an AI model—without any accompanying data breach—traditional cyber policies may not respond. Financial lines insurance, particularly crime and fidelity coverage, will also need to evolve to address these shifting parameters.

Navigating the Regulatory Whipsaw

Beyond the insurance hurdles, boards are facing intense governance pressure from lawmakers pulling in opposite directions. In the United States, there is a distinct philosophical disconnect between the federal government’s relatively pro-development stance and the aggressive regulatory efforts being drafted at the state level.

This dynamic creates a regulatory whipsaw for companies trying to comply with multiple conflicting rules, all while multinational firms must simultaneously adhere to the EU, which currently enforces the most evolved body of AI regulations globally.

To survive this landscape, boards can no longer treat AI oversight as a standard IT issue. Companies need to recruit directors with genuine technical expertise and keep outside advisers close to monitor the rapidly shifting legal terrain. Most importantly, boards must strictly separate their operational AI governance from their disclosure controls. A company must ensure that its external investor communications accurately reflect the actual internal practices and risks of the AI systems they deploy, keeping the disclosure risk entirely distinct from the substantive risk of the technology itself.