Corporate Governance 2026

PUERTO RICO Law and Practice Contributed by: Fernando J. Rovira-Rullán and Andrés I. Ferriol-Alonso, Ferraiuoli LLC

• contractual liability and indemnity exposure aris - ing from third-party AI vendors and outsourcing arrangements. Enforcement and claims may be brought by regula - tors (including, where applicable, US federal agen - cies with jurisdiction over Puerto Rico operations), by counterparties under contract, and by private plaintiffs (including consumers, employees and shareholders). As with other enterprise risks, director/officer expo - sure is typically mitigated through documented board oversight, clear policies and controls, diligent vendor management, and incident response planning. 8.4 Key Disclosure Requirements for AI Use For Puerto Rico private companies, there is gener - ally no standalone, jurisdiction-wide requirement to publicly disclose AI strategy, governance or controls. Disclosure obligations are instead typically driven by

(i) sectoral regulation (eg, regulated financial institu - tions and healthcare providers), (ii) contractual dis - closure requirements imposed by private lenders, and (iii) general consumer protection considerations where AI is used in customer-facing products or marketing. Where a Puerto Rico-based issuer is subject to US federal securities laws (or otherwise prepares public disclosure documents), AI-related disclosure analysis is generally framed under existing disclosure concepts (material risks, material trends/uncertainties, inter - nal controls, cybersecurity and incident disclosure, and truthful/non-misleading statements), rather than under a dedicated “AI disclosure” rule. In practice, companies increasingly describe AI use cases and associated risks at a high level, and focus on avoid - ing overstatements regarding performance, safety and controls, particularly in light of enforcement and litiga - tion risk tied to misleading disclosures.

588 CHAMBERS.COM

Powered by