Companies that rush to signal AI adoption without clear governance or measurable outcomes are building the same kind of liability exposure that followed the COVID and cryptocurrency cycles, according to Denis Panariti (pictured), head of financial lines at Beazley Canada.
"As you create expectation, you create liability," Panariti said. "And potentially when that price comes back down, there's going to be a lot of shareholders that aren't happy about the outcomes."
He said the pattern is familiar. During COVID, companies pivoted overnight to capitalize on government funding and public demand – regardless of whether they had the capability to deliver.
"There are examples of junior mining companies that shifted their attention to making masks and ventilators and being suppliers of sorts," Panariti said.
The same dynamic played out with cryptocurrency.
"When blockchain and crypto captured headlines and retail investors’ attention a few years back, we saw a wave of public small-cap companies shift their attention and messaging to take advantage of the added interest in that space," he said.
Panariti said AI risks follow the same trajectory. With the federal government pledging more than $2 billion in new investment and earmarking $700 million specifically to help small and medium-sized businesses adopt AI, the incentive to signal adoption is strong – but the connection between spending and returns remains unclear.
"A lot of companies are throwing money at AI at this point, in anticipation of a return for the investment that's going into it," he said. "But we don't have a clear connection between the two. We're still figuring it out."
That disconnect sits squarely in the D&O space. Panariti said companies need to be transparent with investors and regulators about how they are using AI and what they expect it to deliver.
"Disclosure is key here," he said. "You want to be able to tell the street and regulators that you're using AI and then what kind of outputs you're expecting from it."
He said boards have a duty to oversee AI as an emerging risk, and the obligation is only growing as adoption accelerates. Directors need to be able to demonstrate that they understood the risks, asked the right questions and had the governance in place – not just that they approved a budget.
He said Canada's regulatory environment compounds the challenge. There is no unified framework for how AI is regulated in the country, and the patchwork that exists leaves companies operating in a grey zone where the rules are still being written.
"Without clear regulation comes a governance gap," he said.
That gap creates a secondary tension because the federal government is simultaneously trying to regulate AI and accelerate its adoption – making it both a rule-setter and a market participant.
"When a government is serving as both a regulator and a market participant, there will come a point where oversight of the technology and its offerings will have to be balanced," Panariti said.
The employment angle adds another layer of D&O exposure. Panariti said companies are increasingly using AI to screen job candidates, evaluate performance, and make workforce decisions – and the liability that follows a flawed or biased output falls on the board that authorized the tool.
"The idea that you're running it through a tool and trusting the output without some of that governance – that could be catastrophic," he said.
He said deployment of AI in workforce decisions needs the same board-level oversight as any other material business decision, with particular attention to whether the outcomes are discriminatory.
"You need that board oversight when dealing with those things so that deployment of these tools is ethical, fair, equitable," Panariti said. "So that you're not discriminating against the people that you're trying to shortlist for a position."
Panariti said the liability extends beyond internal decisions. When a company uses an AI tool to deliver a service to clients, the exposure follows.
He said the exposure is compounded by the tendency to treat AI outputs as inherently correct. When a model hallucinates or produces a flawed result, and a company acts on it without verification, the liability does not sit with the model. It sits with the people who chose to use it and the board that failed to govern it.
