Compliance that keeps AI-washing investigations-and D&O premiums-in check

Risk Management: Compliance is your best defense against AI-washing claims

Insurers are warning clients: AI-washing isn't just a PR problem. It's a claims problem. As regulators scrutinize inflated AI claims, carriers are starting to adjust D&O pricing and retentions-especially for firms that lead with "AI-first" messaging but lack governance to back it up.

The upside is clear. Strong compliance around AI disclosures can reduce investigation risk, limit class-action exposure, and earn underwriting credit. Treat AI statements like financial disclosures. Substantiate first. Market second.

What AI-washing looks like

AI-washing is overstating how much AI a company uses, how it works, or the business impact, typically to win investment or market share. Think: "proprietary AI" that's just an API, guaranteed accuracy with no testing data, or automation claims with no evidence.

Regulators have started to act. In 2024, the U.S. SEC charged two investment advisers for misrepresenting their AI use. The FTC has warned companies to keep AI claims truthful and supported. This is now live risk, not theory.

• SEC press release: charges related to "AI-washing"
• FTC guidance: keep your AI claims in check

Where the claims will come from

• Securities claims: Stock drops after "AI" promises don't materialize. Alleged misstatements in earnings calls, investor decks, or S-1s.
• Regulatory actions: SEC, FTC, state AGs, UK CMA, and others probing unfair/deceptive claims, disclosures, and risk controls.
• False advertising/competition: Lanham Act or consumer protection suits over inflated AI performance claims.
• Contract disputes: Missed KPIs tied to AI deliverables. SOWs that promised outcomes the tech couldn't meet.
• Bias and discrimination: If AI is used in hiring, pricing, or underwriting without controls or audits.

D&O, E&O, and cyber: what's actually covered

D&O: Securities suits and regulatory investigations tied to public statements typically land here. Watch for conduct/fraud exclusions (often triggered only after a final adjudication), prior knowledge, and insured vs. insured issues. Side A remains critical for non-indemnifiable claims.

E&O/professional liability: If AI is part of the service you sell, performance claims and deliverable failures can flow to E&O. Precise SOWs and disclaimers matter.

Media/advertising liability: Deceptive marketing claims may route here depending on wording. Cyber rarely picks up deceptive acts.

Underwriting heat map: what carriers will ask

• Do you have an AI use inventory across products, ops, and marketing?
• Who owns AI governance (board committee, exec sponsor, RACI)? How often do they meet?
• Disclosure controls: Legal/compliance review of AI claims in press releases, sales decks, earnings scripts, and filings.
• Evidence files: Testing, validation, and measurement for any performance or accuracy stats marketed externally.
• Third-party AI and data rights: Contracts, indemnities, audit rights, and IP/data provenance checks.
• Model risk management: Change control, versioning, monitoring, kill switches, human override, and incident playbooks.
• Fairness and privacy: Methods, metrics, and remediation plans. Independent reviews where high-impact.
• Training: Marketing, sales, IR, and exec teams trained on AI claim substantiation and approval routes.

Compliance as premium defense

Underwriters price uncertainty. Reduce it. Build a repeatable "AI disclosure control" process that mirrors financial reporting discipline. Require documented substantiation before any external AI statement goes live.

Anchor procedures to recognized frameworks so you're not inventing from scratch. Many firms map their program to NIST's AI Risk Management Framework and keep clean evidence trails for audits and renewals.

Practical checklist for insureds

• Create a cross-functional AI Claims & Disclosures Committee (Legal, Compliance, Product, Data Science, IR, Marketing).
• Stand up an AI claims register: every AI-related statement, where it appears, who approved it, and the evidence behind it.
• Set substantiation standards: testing protocols, statistical baselines, and acceptable confidence ranges for any performance claim.
• Control vendor statements: ban unvetted "powered by AI" claims in sales decks and partner marketing.
• Refresh disclaimers in product UIs and materials; explain limitations and human oversight where relevant.
• Run pre-mortems for AI launch announcements: "If we're challenged, what evidence do we present tomorrow?"
• Document board oversight: minutes, dashboards, risk decisions, and remediation tracking.

Practical checklist for insurers and brokers

• Add an AI supplement to D&O and E&O applications covering governance, disclosure controls, and testing evidence.
• Offer schedule credits for verified controls (e.g., independent model reviews, formal AI disclosure workflows).
• Clarify wording around deceptive acts, conduct exclusions, and severability to avoid punishing clean directors for one bad actor.
• Coordinate media/E&O/D&O wordings to reduce gaps for marketing-driven claims.
• Flag change-in-risk clauses tied to material AI product launches or major marketing campaigns.

Documentation that wins claims

• Marketing approval logs showing Legal/Compliance sign-off.
• Testing reports that back any quantitative claim (accuracy, lift, automation rate), with dates and data lineage.
• Vendor diligence files: licenses, indemnities, privacy and IP assurances.
• Incident records and corrective disclosures when errors were found.
• Board and committee packs showing oversight and escalation.

Red flags that trip exclusions

• Knowing misstatements (internal emails contradicting public claims).
• Back-dated validations or missing raw test data.
• Side letters promising performance guarantees outside the SOW.
• Failure to notify carriers of a regulatory inquiry within the policy's time limits.

Next 30 days: moves that cut risk and cost

• Freeze new AI claims in public materials until Legal/Compliance sets a review standard.
• Build a one-page AI disclosure policy; socialize it with Marketing, Sales, IR, and Product.
• Inventory every AI reference on your website, investor deck, and sales collateral; remove or revise anything without evidence.
• Run a tabletop exercise for an AI-washing investigation: who leads, what evidence you produce, how fast you respond.
• Brief your broker and carriers on your program. Ask about credits tied to verification or third-party reviews.

The takeaway

AI-washing attracts regulators, plaintiffs, and higher premiums. A clear disclosure workflow, backed by testing and board oversight, changes the conversation with both investigators and underwriters. It's cheaper to verify claims now than to defend them later.

If your team needs focused upskilling on AI topics across roles, see curated options by job function here: Complete AI Training: Courses by Job.