Lawrence Fine (pictured), the management liability coverage leader at WTW, spent years advising companies and insurers on directors and officers liability issues before artificial intelligence became a boardroom priority. Now, as AI moves deeper into corporate operations and investor messaging, he said companies are confronting a familiar pattern of litigation and regulatory risk wrapped around an unfamiliar technology.
Fine, who works extensively on D&O claims and policy issues, said the core exposures tied to AI resemble earlier waves of securities and governance litigation. What makes the current environment more difficult is the speed of adoption, the fragmented regulatory landscape, and the reality that many directors still lack a detailed understanding of how AI systems actually function.
Fine said directors and officers remain exposed to the traditional mix of securities class actions, derivative litigation, and potential regulatory investigations. In many cases, AI simply creates another pathway toward those same claims.
“If there’s bad news and the stock drops, you’ll get a securities class action,” he said. “If there’s a significant cost to the company from a business decision - especially if fines and penalties are involved - all of this can lead to corporate derivative suits.”
He points to early AI-related securities litigation as evidence that courts are largely treating these matters like conventional disclosure disputes. Fine referenced a recent analysis published by Willis called “More Buzz Than Sting, which reviewed emerging AI-related securities class actions and concluded that the cases were progressing in a relatively typical fashion.
“The ‘More Buzz Than Sting’ framing probably applies here too,” he said. “It’s going to be the same kinds of cases we’ve seen in the non-AI world.”
Still, Fine said AI has introduced practical complications for corporate defendants because directors and officers frequently struggle to explain how the technology operates or why problems occur. That challenge can become particularly acute during litigation, regulatory inquiries, or disclosure disputes.
“Most directors and officers won’t understand the nuts and bolts of AI,” he said. “There’s a real potential black box problem when it comes to explaining what went wrong.”
To date, Fine said many of the early disputes have centered on so-called “AI washing,” where companies overstate their AI capabilities or exaggerate the role AI plays in operations. More recently, he said litigation has begun focusing on whether companies adequately disclose AI-related risks, including risks tied to adoption decisions or failures to adopt.
What has not fully emerged yet, according to Fine, are large-scale claims arising from operational failures involving AI itself. He said those disputes were likely to appear as organizations become increasingly dependent on automated systems. “What we haven’t seen yet - but will - are cases arising from actual improper use of AI, or malfunctions, hallucinations and/or underperformance of AI that lead to dangerous or expensive situations,” he said.
Fine compared the potential trajectory to major corporate events that historically generated securities and derivative litigation after operational failures caused significant financial losses or reputational damage. In the AI context, he said future claims could similarly stem from events involving physical harm, major compliance failures, or substantial financial penalties.
While insurers have explored AI-related underwriting changes, Fine said broad AI exclusions have not become widespread within the D&O market. He said one carrier had considered introducing a broad exclusion for private company D&O coverage before stepping back from the approach. “Most carriers have not gone that route,” he said.
On the public company side, Fine said the market has shown little appetite for AI-specific exclusions because D&O coverage for public companies remains heavily tied to securities litigation. Even where insurers attempt to introduce AI exclusions, he said policyholders and brokers would likely insist on carve-backs preserving securities claims coverage.
Instead, Fine identifies fines and penalties as the most significant emerging coverage gap, particularly under the recent EU AI Act. Standard D&O policies generally do not cover many forms of regulatory fines, creating concern for multinational companies navigating multiple jurisdictions. “The main gap on the D&O side is fines and penalties coverage,” he said.
Fine said some insurers had started developing AI-specific primary and umbrella products designed to address portions of that exposure. However, he added that cyber insurance potentially faced even greater challenges because many policies depended on specific coverage triggers tied to security breaches or improper data collection. “While cyber policies will still cover claims arising from security breaches and improper data collection, regardless of whether or not AI was involved, there is now the possibility of claims that arise simply from how a company is using AI or what it’s using AI for,” he said.
That issue has become increasingly important as regulators, particularly in Europe, impose restrictions on certain AI uses while subjecting other applications to heightened compliance obligations. According to Fine, many existing cyber policies are not designed to respond to those types of regulatory or operational disputes that go beyond privacy-related situations. It should also be noted that other types of financial lines insurance may also need to evolve, especially crime/fidelity insurance.
Beyond insurance concerns, Fine said boards face growing governance pressure as lawmakers pursue different approaches to AI oversight. He pointed to tensions between the federal government’s relatively pro-development stance and more aggressive state-level regulatory efforts.
“There’s a philosophical disconnect between the federal government’s position and some states,” he said. “That creates a potential whipsaw for companies trying to figure out how to comply with multiple, sometimes conflicting rules and regulations. And multinational companies need to be mindful of the EU, which currently has the most evolved body of AI regulations in the world.”
Fine said boards could not treat AI oversight as solely a technology issue. He recommended that companies add directors with meaningful technical expertise whenever possible and maintain close relationships with outside advisers capable of monitoring rapid legal and regulatory developments. He also stressed that disclosure controls deserved separate scrutiny from operational AI governance. Companies, he said, need to focus not only on how they use AI systems, but also on whether investor communications accurately reflected those practices and risks.
“Are you accurately disclosing all of the foregoing?” he said. “The disclosure risk is distinct from the substantive risk of what you’re doing with AI.”
