AI risks for businesses in 2026: A commercial litigation perspective

Artificial intelligence is now firmly embedded in day-to-day business operations. In 2026, the legal risk for businesses often no longer stem from whether AI is used, but how it is used, supervised and evidenced. From a disputes perspective, we are already seeing claims and pre-action correspondence shaped, and sometimes distorted, by AI tools. Below are six key AI-driven risks facing UK businesses, and how they are likely to crystallise into commercial disputes.

Staff Using AI to Make Decisions — and Getting It Wrong

One of the most immediate litigation risks arises where staff rely on AI outputs to make commercial or operational decisions without adequate human oversight.

The legal position remains clear: AI systems are tools, not decision-makers. Responsibility for decisions continues to sit with the business deploying them. This is reinforced by the ICO’s guidance on AI and data protection, which stresses that organisations remain accountable for fairness, accuracy and lawfulness even where AI is used to support decisions[1].

From a disputes standpoint, problems typically arise where:

• AI-assisted decisions are treated as “objective” or definitive;
• staff lack sufficient training to interrogate outputs;
• AI is used outside its intended scope (for example, commercial risk scoring or contract interpretation).

In litigation, claimants may challenge such decisions on the basis that they were irrational, inadequately reasoned or procedurally unfair. Where AI reasoning cannot be explained or reconstructed, this becomes particularly problematic. Courts remain sceptical of “black box” decision-making, especially where contractual discretion or statutory duties are engaged.

Risk management advice:

Businesses are advised to:

• prohibit fully automated decision-making in legally sensitive contexts unless clearly lawful;
• require staff to record why an AI output was accepted or rejected;
• treat AI as advisory, not determinative;
• maintain audit trails capable of disclosure.

Failure to do so risks adverse inferences in litigation and regulatory scrutiny.

Staff Uploading Customer or Confidential Data into Open AI Tools

A second and rapidly escalating risk concerns employees inputting personal, customer or commercially sensitive data into public AI tools.

The ICO has made clear that uploading personal data into generative AI systems can constitute a data disclosure, with attendant UK GDPR obligations[2].

From a disputes perspective, data misuse claims often arise not from malicious intent, but from informal or unsanctioned use by staff seeking efficiency, otherwise known as shadow AI. The difficulty for businesses is evidential: once data is uploaded, tracing its use or retention is often impossible.

Where confidential information is involved, this can also give rise to claims for misuse of confidential information or claims for injunctive relief. Inputting confidential information into publicly available AI models such as Claude or Chat GPT can result in that information becoming public thereby destroying confidentiality.

For privileged advice, the destruction of confidentiality is likely to result in a loss of legal privilege[3]. The Courts and Tribunals Judiciary, Artificial Intelligence (AI) – Judicial Guidance (dated October 2025) states “you should treat all public AI tools as being capable of making public anything entered into them”. This indicates that the English Courts would consider that confidentiality may have been lost as soon as any privileged information is input into a consumer grade AI models[4]. Recent case law[5] confirms this position, with the Court finding that uploading confidential documents to a public AI tool, such as ChatGPT, waived legal professional privilege.

Risk management advice:

Businesses are advised to:

• implement explicit AI use policies prohibiting the upload of personal or confidential data;
• technically restrict access to public AI tools where possible;
• train staff on the litigation consequences of improper AI use and emphasize the importance of never uploading legal documents, or those that were created for legal advice into open-source public AI models;
• treat AI misuse incidents as potential disclosure events requiring early legal input.

Fraudulently Generated Images Used to Support Refund or Damage Claims

Retailers and manufacturers are increasingly encountering claims supported by AI-generated images purporting to show damaged goods. Reputable commentators have documented a sharp rise in such claims, particularly in consumer-facing sectors. (It is surprisingly easy to, for example, upload a picture of an intact set of glassware in its packaging and request an AI tool to make the glassware appear smashed in transit.)

From a litigation standpoint, these cases raise difficult evidential issues. AI-generated images can appear superficially authentic, and businesses face commercial pressure to resolve complaints quickly. However, where refunds or replacements are issued without scrutiny, exposure increases significantly. Some large retailers are counteracting this in turn by using AI tools to detect altered images and therefore reject invalid or suspicious claims.

Courts are alive to the problem of synthetic evidence, but there is as yet no settled UK case law specifically addressing AI-generated photographic fraud. Claims are therefore likely to proceed under existing fraud, misrepresentation and contractual principles.

Risk management advice:

Businesses are advised to:

• treat images as supporting, not determinative, evidence;
• implement secondary verification for high-value or repeated claims, including deploying AI checking tools to check the veracity of images wherever possible;
• retain metadata and audit logs where available;
• ensure fraud teams understand AI image risks.

A proportionate response is essential: overly burdensome verification may damage customer relationships, but blind acceptance creates systemic exposure.

AI-Generated Complaints and Legal Letters

Another emerging trend is the increasing volume of AI-generated complaints, grievances and pre-action correspondence. Employment and commercial practitioners have noted that such communications can be more aggressive, legally framed and sometimes factually inaccurate.  

In litigation, this creates two principal risks. First, businesses may overreact to the apparent legal sophistication of a letter that is, in substance, weak. Secondly, inaccuracies introduced by AI tools may harden positions unnecessarily, making early resolution more difficult.

There has been well-reported concern from courts worldwide about AI-generated legal content containing false citations or assertions, with judicial warnings issued against uncritical reliance on such material. Practitioners need to be alive to the risk that cases relied upon by the other side may be incorrectly understood or even entirely fabricated.

Risk management advice:

Businesses are advised to:

• assess substance over tone when responding to AI-generated correspondence;
• verify factual assertions carefully before conceding points;
• preserve early versions of complaints where discrepancies emerge;
• avoid assuming legal representation simply because correspondence appears technical.

AI Agents Purchasing Goods on Behalf of Businesses

The rise of so-called “AI agents” (agentic AI) capable of autonomously sourcing and purchasing goods presents novel contractual risks. Commentators have highlighted the legal uncertainty surrounding liability when AI systems transact without direct human input.  

Under English law, AI systems cannot be legal agents in their own right. Responsibility for their actions will be attributed to the business deploying them. However, disputes may arise as to authority, mistake, or contractual intention where purchases are made based on flawed parameters.

At present, there is limited judicial guidance on how courts will treat such disputes. Existing agency, mistake and product liability principles are likely to be adapted rather than replaced.

Risk management advice:

Businesses are advised to:

• limit AI purchasing authority through contractual and technical controls;
• clearly define approval thresholds;
• ensure suppliers understand the role of automated systems;
• retain the ability to unwind transactions promptly.

Environmental Concerns

As businesses accelerate their adoption of AI systems, they increasingly face ESG risks linked to the surging energy demands of data‑intensive models. Recent analysis shows that AI workloads are rapidly becoming one of the largest drivers of data‑centre electricity consumption, with projections that more than half of all data‑centre power use could be attributable to AI by 2028.

Yet despite this growing footprint, research highlights a significant governance gap: the vast majority of companies fail to assess the environmental impact of their AI systems, including energy usage and carbon emissions, when making deployment decisions. This combination of soaring energy requirements and weak organisational oversight elevates climate‑related risk, exposes businesses to scrutiny under sustainability reporting regimes, and raises the prospect that investors will increasingly expect companies to justify whether their AI systems are being powered by renewable or high‑carbon grids.

Risk management advice:

Businesses are advised to:

• have AI usage as a subject in environmental reporting;
• clearly define appropriate uses for AI to ensure staff understand the balance;
• be able and willing to explain AI use in the context of organisational values.

Our Advice:

From a commercial litigation perspective, AI risk is not about futuristic regulation, but about evidence, accountability and control. The English courts are unlikely to be sympathetic to businesses that deploy powerful tools without governance and then seek to disown the consequences.

In 2026, the businesses best placed to manage AI-driven disputes will be those that:

• treat AI as a risk-managed system, not a shortcut;
• embed legal oversight into AI deployment;
• document decision-making rigorously;
• respond proportionately but critically to AI-driven claims.

Where uncertainty remains early legal advice will be essential. Our advisors have expertise in data, data management and protection, regulatory oversight, and litigation – contact us today for a conversation about how we can support your AI implementation whilst balancing risk.

[1] What are the accountability and governance implications of AI? | ICO

[2] Guidance on AI and data protection | ICO

[3] In the recent US case of United States v Heppner documents created by the defendant using Claude were held not to be subject to attorney -client privilege and were not a work product.

[4] https://www.judiciary.uk/wp-content/uploads/2025/10/Artificial-Intelligence-AI-Guidance-for-Judicial-Office-Holders-2.pdf

[5] R(Munir) v Secretary of State for the Home Department [2026] UKUT 81