NEW ZEALAND Law and Practice Contributed by: Graeme Quigley, Ashton Goatley and Erin Hickey, Webb Henderson
8.2 AI Use-Related Risks New Zealand law is not prescriptive as to which cor - porate bodies or functions must oversee AI govern - ance and AI use-related risks. Ultimately, as with all significant reputational, opera - tional and legal risks, the board of any entity will be accountable for AI governance and risks as part of its obligations under the Companies Act. For example, a director who fails to inform themselves about the risks and limitations of AI systems, or who uncritically relies on AI-generated outputs, may fall short of their duties discussed at 3.6 Legal Duties of Directors/Officers . It is therefore important for directors to embrace digital leadership at the governance level. Directors should avoid delegating responsibility for AI governance to management and committees without ensuring there is appropriate oversight. See 8.1 Board Oversight of AI for a discussion of the recent developments in AI regulation in New Zealand. 8.3 Liability Exposures Arising From AI Use In the absence of any AI-specific legislation, existing regulatory regimes and principles will apply equally to AI-related products, generated outputs, and auto - mated customer interactions. For example: • any representations regarding AI technologies (as with all representations) should at a minimum be accurate, properly substantiated, and not mislead - ing; • models or internal tools which are trained on personal information would require the appropriate consent from the subject of the information, or they could fall afoul of the Privacy Act; and • as companies look to AI software development tools, there is a risk that these systems could intro - duce security vulnerabilities resulting in unauthor - ised access to personal information in breach of the Privacy Act.
8.4 Key Disclosure Requirements for AI Use New Zealand has no AI-specific mandatory disclo - sure regime. Companies and issuers are not currently required by statute, regulation, or Listing Rules to dis - close AI use, strategy, governance, risks, incidents, or controls as a discrete matter. Material AI-related matters, including risks, incidents, or impacts on busi - ness, would just be covered to the extent they fall within existing disclosure frameworks (as if they were any other form of risk, applicable incident or impact). For example, product disclosure statements (akin to a prospectus) and their accompanying public dis - closures are, between them, required to contain all “material information” in relation to an offer of financial products to retail investors. Where information relating to AI use, strategy or risks is material to the issuer of the financial products, that information would need to be disclosed in that way.
552 CHAMBERS.COM
Powered by FlippingBook