HOW USEFUL WAS THIS POST? RATE, LEAVE A COMMENT REQUESTING CHANGES, AND WE’LL AMEND ACCORDINGLY.
From AI in clinical trials to deepfakes, this edition of Risk Wrap highlights five developments shaping compliance, governance, and insurance exposure across high‑risk industries.
AI in Clinical Trials: Growing Cyber Exposure and Data Governance Concerns
AI is increasingly used in clinical trial operations. Contracts with vendors must address the cybersecurity and operational risks that follow.
Key risks include:
- An expanded attack surface: Using AI systems in clinical trials can increase exposure and create additional entry points into sponsor or site environments.
- Data leakage and unauthorized disclosure: AI systems can increase the risk of clinical trial data being leaked, especially if it’s retained, transmitted externally, or used within multi-tenant environments.
- Hallucinated or inaccurate outputs: AI-generated content may contain fabricated or inaccurate information that could end up in trial documentation.
- Lack of auditability: Certain AI tools may not provide sufficient audit trails or documentation about how outputs were generated, making validation and regulatory review more difficult.
Here are a few contractual considerations:
- AI-specific contractual clauses: Agreements increasingly contain provisions addressing the use of AI, including allocation of responsibility for its errors. There’s currently no standardized approach, and provisions vary depending on the nature of the technology, its associated risks, and its intended use cases.
- Human oversight obligations: Contracts may include provisions on human review or validation. Instead of relying on high-level language alone, these requirements may be reinforced through monitoring, validation, and audit provisions.
- Representations and warranties: Contracts should clearly address representations regarding AI model performance, data provenance, vendor oversight, and intellectual property.
- Indemnification provisions: Agreements should consider indemnification obligations relating to data privacy or cybersecurity breaches, bias claims, unauthorized use of trial data, IP infringement, and claims resulting from AI-related impact on subject safety or trial conduct.
Implications for brokers and their clients:
- Consider obtaining biotech insurance that safeguards against claims related to IP, data integrity, and other risks.
- Consider obtaining robust cyber and third-party cyber insurance to address risks like data breaches, ransomware incidents, unauthorized access, network security failures, and the costs associated with incident response, forensic investigations, and regulatory inquiries.
- Firms providing AI systems may consider tech E&O insurance to address claims resulting from system failures.
Source: Clinical Leader (May 15, 2026). Contracting For AI In Clinical Trials: Cybersecurity, Monitoring, And Risk Allocation (Part 3).
Emerging insurance industries mentioned: Biotechnology Insurance.
Lines of business mentioned: Cyber Liability Insurance, Tech E&O Insurance.
Gen AI Firms Under Pressure as Deepfake Claims and Wrongful Death Lawsuits Continue to Rise
US-based generative AI companies are increasingly navigating product liability claims while regulation remains uncertain. The most common claims are about wrongful death, and plaintiffs often allege negligence, failure to warn, and the intentional design of systems that are manipulative or create emotional dependency.
Lawsuits relating to deepfakes and non-consensual intimate imagery are increasing. Companies face allegations of failing to implement adequate safeguards that would prevent the large-scale creation of these materials, like training data filtering, red-teaming, and image classifiers.
State AI disclosure laws are in place to help prevent these issues. However, they’re facing constitutional scrutiny. For example, California’s Generative AI Training Data Transparency Act has been challenged for violating the First Amendment on the grounds of compelled speech. It also allegedly violates the Fifth Amendment for forcing disclosure of trade secret information without compensation.
Federal regulation is headed in a different direction. Current proposals favor a “minimally burdensome national standard” over a patchwork of state laws, while also exploring protections relating to child safety, content moderation, and intellectual property rights.
Implications for brokers and their clients:
- Review existing product liability insurance to confirm the inclusion of AI-related risks.
- Review tech E&O policies to confirm coverage applies where inadequate safeguarding results from the malfunction of AI functionality.
- While regulation evolves, investigate D&O insurance to protect executives against claims linked to AI governance and disclosure practices.
Source: JD Supra (April 22, 2026). AI meets the gavel: Key legal battles and regulatory trends in the United States.
Lines of business mentioned: Product Liability Insurance, Tech E&O Insurance, Directors and Officers Liability Insurance.
SEC Signals Potential New Rulemaking Around Blockchain-Based Financial Infrastructure
At the Special Competitive Studies Project AI + Expo, SEC Chair Paul Atkins said new rulemaking and guidance around blockchain-based financial infrastructure is being considered. This includes rules related to on-chain trading systems, automated clearing mechanisms, and yield-generating crypto applications.
Atkins emphasized uncertainty around crypto vaults, stating that the SEC should clarify how the Securities Act, Advisers Act, and other securities laws apply to these products.
He also referred to the fact that protocols can now execute trades, manage collateral, route liquidity, settle transactions, and automate trading strategies within one system, and how this structure doesn’t easily fit into the SEC’s existing categories for brokers, exchanges, transfer agents, and clearing agencies.
He suggested that the Commission may review the rules around instant settlement and scenarios where counterparty risk is managed algorithmically and called for the CLARITY Act to be passed quickly.
Implications for brokers and their clients:
- Consider obtaining robust D&O insurance to safeguard leadership against decisions while SEC treatment of crypto infrastructure remains uncertain.
- Firms operating automated trading, settlement, or staking platforms may consider E&O insurance, where regulatory uncertainty creates exposure around operational conduct.
- Investigate business interruption insurance in case regulatory action causes operational disruption.
Source: Crypto Times (May 11, 2026). SEC Chair Flags ‘Crypto Vaults’ as Next Regulatory Frontier, Backs CLARITY Act.
Lines of business mentioned: Directors and Officers Liability Insurance, Errors and Omissions Insurance, Business Interruption Insurance.
Virginia Firms Face Ongoing Uncertainty as Deepfake Legislation Stalls
Virginia is currently without sufficient legislation to manage the threat of deepfakes. Under House Bill 2124, the proposed legislation on “synthetic digital content”, this includes:
- Fabricated or altered video or images.
- AI-generated or cloned voice recordings.
- Any digital content intended to create the false impression that an individual engaged in conduct that never happened.
The bill included a reenactment clause stipulating that approval be granted during the 2026 legislative session. However, the reenactment didn’t take place.
The proposed bill would have:
- Included deepfakes within the scope of defamation law.
- Created a new Class 1 misdemeanor for using deepfake technology as part of fraud-related offenses.
- Enabled individuals depicted in deepfakes to bring civil actions and recover damages, legal fees, and other relief.
- Established a legislative work group that would study enforcement challenges and make suggestions about future regulation.
Until any progress is made, companies must refer to existing defamation and fraud laws, which brings considerable uncertainty as they weren’t developed with AI in mind.
Implication for brokers and their clients:
- Consider media liability insurance to protect against claims related to defamation.
- Consider cyber liability insurance to cover scenarios where the creation of synthetic content is the result of a cyberattack.
- Verify whether existing crime insurance policies cover AI-related risks.
Source: JD Supra (May 11, 2026). Deepfakes in Virginia: What Businesses Need to Know (and Why It Matters Now).
Lines of business mentioned: Media Errors and Emissions Insurance, Cyber Liability Insurance, Crime Insurance.
