HOW USEFUL WAS THIS POST? RATE, LEAVE A COMMENT REQUESTING CHANGES, AND WE’LL AMEND ACCORDINGLY.
From AI in clinical trials to deepfakes, this edition of Risk Wrap highlights six developments shaping compliance, governance, and insurance exposure across high‑risk industries.
AI in Clinical Trials: Growing Cyber Exposure and Data Governance Concerns
AI is increasingly used in clinical trial operations. Contracts with vendors must address the cybersecurity and operational risks that follow.
Key risks include:
- An expanded attack surface: Using AI systems in clinical trials can increase exposure and create additional entry points into sponsor or site environments.
- Data leakage and unauthorized disclosure: AI systems can increase the risk of clinical trial data being leaked, especially if it’s retained, transmitted externally, or used within multi-tenant environments.
- Hallucinated or inaccurate outputs: AI-generated content may contain fabricated or inaccurate information that could end up in trial documentation.
- Lack of auditability: Certain AI tools may not provide sufficient audit trails or documentation about how outputs were generated, making validation and regulatory review more difficult.
Here are a few contractual considerations:
- AI-specific contractual clauses: Agreements increasingly contain provisions addressing the use of AI, including allocation of responsibility for its errors. There’s currently no standardized approach, and provisions vary depending on the nature of the technology, its associated risks, and its intended use cases.
- Human oversight obligations: Contracts may include provisions on human review or validation. Instead of relying on high-level language alone, these requirements may be reinforced through monitoring, validation, and audit provisions.
- Representations and warranties: Contracts should clearly address representations regarding AI model performance, data provenance, vendor oversight, and intellectual property.
- Indemnification provisions: Agreements should consider indemnification obligations relating to data privacy or cybersecurity breaches, bias claims, unauthorized use of trial data, IP infringement, and claims resulting from AI-related impact on subject safety or trial conduct.
Implications for brokers and their clients:
- Consider obtaining biotech insurance that safeguards against claims related to IP, data integrity, and other risks.
- Consider obtaining robust cyber and third-party cyber insurance to address risks like data breaches, ransomware incidents, unauthorized access, network security failures, and the costs associated with incident response, forensic investigations, and regulatory inquiries.
- Firms providing AI systems may consider tech E&O insurance to address claims resulting from system failures.
Source: Clinical Leader (May 15, 2026). Contracting For AI In Clinical Trials: Cybersecurity, Monitoring, And Risk Allocation (Part 3).
Emerging insurance industries mentioned: Biotechnology Insurance.
Lines of business mentioned: Cyber Liability Insurance, Tech E&O Insurance.
DEA Cannabis Registration Process Sparks Fear of Self-Incrimination
Now that the order to reschedule cannabis has been issued, state-licensed cannabis firms must register their operations with the DEA to become Schedule III compliant. Part of the process is creating suspicion, as applicants are essentially forced to admit to breaking federal law.
Section 4 of the DEA’s Medical Marijuana Dispensary Information Submission form asks whether anyone who will be involved in the firm’s operation or ownership has previously manufactured, distributed, or dispensed any controlled substance without DEA registration. (Of course, that applies to the majority of firms since they had been operating under state law until now.) Companies that answer “yes” have to give the names of any individuals involved along with a “brief explanation”.
Some companies may have been wondering whether this question is designed to get them to admit to illegal drug trafficking. As a result, the Cannabis Business Times reached out to the DEA for clarification.
Allegedly, the DEA stated that they recognize that “historically, federal law limited the circumstances under which marijuana-related activities could be conducted under a DEA registration. As a result, many applicants may not have previously operated under a DEA registration, even if they were operating pursuant to state law.”
They added that “Answering ‘yes’ to this question does not result in an automatic denial of a DEA registration” and that “applications are reviewed on a case-by-case basis, consistent with applicable law.”
Implications for brokers and their clients:
- Consider D&O coverage to help protect executives against claims arising from regulatory scrutiny.
- Consider errors and omissions insurance to address compliance-related claims associated with other personnel.
- Investigate dedicated cannabis insurance that provides robust coverage against the sector’s key risks.
Source: Cannabis Business Times (May 15, 2026). DEA Says Red-Flag Question on Schedule III Application ‘Not Intended…as a Categorical Barrier’.
Emerging insurance industries mentioned: Cannabis Insurance.
Lines of business mentioned: Directors and Officers Liability Insurance, Errors and Omissions Insurance.
The Divergence of EU and US Crypto Regulation Continues to Challenge Stablecoin Firms
Regulatory clarity for stablecoins has finally emerged, but the EU and US have adopted fundamentally different frameworks. The approach to licensing, custody, and compliance under MiCA and the GENIUS Act differ significantly, so compliance in one jurisdiction may not satisfy requirements in the other.
For example, a stablecoin that complies with the GENIUS Act might not meet MiCA’e e-money token requirements. Likewise, a custody agreement that’s compliant with MiCA’s segregation standards operates within a different framework from the US’ fragmented state-level regulations.
One key development to look out for is the GENIUS Act’s provision for regulatory passporting. This could allow issuers from jurisdictions with comparable frameworks to access US markets without creating separate US entities. However, it may be a long time until this is implemented.
Neutral jurisdictions that operate beyond US and EU regulation are becoming strategically important in avoiding conflicting requirements. Swiss-regulated infrastructure, for example, can interface with entities from both regions without being tied into either framework.
Implication for brokers and their clients:
- Investigate digital asset insurance that covers risks linked to custody infrastructure, wallet security, and breaches across multiple jurisdictions.
- Consider dedicated fintech insurance that helps cover the financial fallout from regulatory challenges.
- Fintech firms operating in the digital asset sector may benefit from partnering with insurers that have expertise across both financial services and crypto regulation.
Source: Fintech Weekly (May 15, 2026). Why Crypto’s Regulatory Gap Is Now an Institutional Problem.
Emerging insurance industries mentioned: Digital Asset and Web3 Insurance, Fintech Insurance.
Gen AI Firms Under Pressure as Deepfake Claims and Wrongful Death Lawsuits Continue to Rise
US-based generative AI companies are increasingly navigating product liability claims while regulation remains uncertain. The most common claims are about wrongful death, and plaintiffs often allege negligence, failure to warn, and the intentional design of systems that are manipulative or create emotional dependency.
Lawsuits relating to deepfakes and non-consensual intimate imagery are increasing. Companies face allegations of failing to implement adequate safeguards that would prevent the large-scale creation of these materials, like training data filtering, red-teaming, and image classifiers.
State AI disclosure laws are in place to help prevent these issues. However, they’re facing constitutional scrutiny. For example, California’s Generative AI Training Data Transparency Act has been challenged for violating the First Amendment on the grounds of compelled speech. It also allegedly violates the Fifth Amendment for forcing disclosure of trade secret information without compensation.
Federal regulation is headed in a different direction. Current proposals favor a “minimally burdensome national standard” over a patchwork of state laws, while also exploring protections relating to child safety, content moderation, and intellectual property rights.
Implications for brokers and their clients:
- Review existing product liability insurance to confirm the inclusion of AI-related risks.
- Review tech E&O policies to confirm coverage applies where inadequate safeguarding results from the malfunction of AI functionality.
- While regulation evolves, investigate D&O insurance to protect executives against claims linked to AI governance and disclosure practices.
Source: JD Supra (April 22, 2026). AI meets the gavel: Key legal battles and regulatory trends in the United States.
Lines of business mentioned: Product Liability Insurance, Tech E&O Insurance, Directors and Officers Liability Insurance.
SEC Signals Potential New Rulemaking Around Blockchain-Based Financial Infrastructure
At the Special Competitive Studies Project AI + Expo, SEC Chair Paul Atkins said new rulemaking and guidance around blockchain-based financial infrastructure is being considered. This includes rules related to on-chain trading systems, automated clearing mechanisms, and yield-generating crypto applications.
Atkins emphasized uncertainty around crypto vaults, stating that the SEC should clarify how the Securities Act, Advisers Act, and other securities laws apply to these products.
He also referred to the fact that protocols can now execute trades, manage collateral, route liquidity, settle transactions, and automate trading strategies within one system, and how this structure doesn’t easily fit into the SEC’s existing categories for brokers, exchanges, transfer agents, and clearing agencies.
He suggested that the Commission may review the rules around instant settlement and scenarios where counterparty risk is managed algorithmically and called for the CLARITY Act to be passed quickly.
Implications for brokers and their clients:
- Consider obtaining robust D&O insurance to safeguard leadership against decisions while SEC treatment of crypto infrastructure remains uncertain.
- Firms operating automated trading, settlement, or staking platforms may consider E&O insurance, where regulatory uncertainty creates exposure around operational conduct.
- Investigate business interruption insurance in case regulatory action causes operational disruption.
Source: Crypto Times (May 11, 2026). SEC Chair Flags ‘Crypto Vaults’ as Next Regulatory Frontier, Backs CLARITY Act.
Lines of business mentioned: Directors and Officers Liability Insurance, Errors and Omissions Insurance, Business Interruption Insurance.
Virginia Firms Face Ongoing Uncertainty as Deepfake Legislation Stalls
Virginia is currently without sufficient legislation to manage the threat of deepfakes. Under House Bill 2124, the proposed legislation on “synthetic digital content”, this includes:
- Fabricated or altered video or images.
- AI-generated or cloned voice recordings.
- Any digital content intended to create the false impression that an individual engaged in conduct that never happened.
The bill included a reenactment clause stipulating that approval be granted during the 2026 legislative session. However, the reenactment didn’t take place.
The proposed bill would have:
- Included deepfakes within the scope of defamation law.
- Created a new Class 1 misdemeanor for using deepfake technology as part of fraud-related offenses.
- Enabled individuals depicted in deepfakes to bring civil actions and recover damages, legal fees, and other relief.
- Established a legislative work group that would study enforcement challenges and make suggestions about future regulation.
Until any progress is made, companies must refer to existing defamation and fraud laws, which brings considerable uncertainty as they weren’t developed with AI in mind.
Implication for brokers and their clients:
- Consider media liability insurance to protect against claims related to defamation.
- Consider cyber liability insurance to cover scenarios where the creation of synthetic content is the result of a cyberattack.
- Verify whether existing crime insurance policies cover AI-related risks.
Source: JD Supra (May 11, 2026). Deepfakes in Virginia: What Businesses Need to Know (and Why It Matters Now).
Lines of business mentioned: Media Errors and Emissions Insurance, Cyber Liability Insurance, Crime Insurance.
