UK Trends and Developments Contributed by: Amélie Chollet, Hannah Curtis and David Dennis, CMS
ferring infringement risk to an organisation. Even sophisticated AI suppliers may have trained their systems using datasets that include copyright- ed materials, patented methods or confidential information without proper authorisation, creat- ing contamination risks. Furthermore, contracts frequently lack clarity about who owns insights, innovations or other outputs generated when proprietary data is processed through a third- party AI system, leading to uncertain output ownership. The AI methods themselves may incorporate patented algorithms or techniques, creating potential patent infringement liability that could extend to products. Additionally, using third-party AI for proprietary research creates risks that an organisation’s valuable research directions could be incorporated into the AI sys- tem – and potentially exposed to competitors using the same service, resulting in competitive intelligence leakage. These IP concerns are par- ticularly significant in life sciences, where patent landscapes are complex and IP often represents the core value of an organisation. Why Traditional Risk Management Falls Short: The AI Blind Spot The examples above illustrate a fundamental problem: AI does not just create new risks – it breaks the traditional risk categories that legal departments have relied on for decades. When an AI system causes harm, is it a product defect, a service failure, a data breach or regulatory non- compliance? Often, it is all of these simultane- ously, creating cascading exposures that tradi- tional risk frameworks fail to capture. This creates a dangerous blind spot for in-house legal teams. The risk assessment methodolo- gies that have served the life sciences industry well are suddenly inadequate when applied to AI-enabled operations. Traditional risk registers, which typically categorise risks as discrete, man-
ageable issues, struggle to capture the intercon- nected, evolving nature of AI-related exposure. Consider the implications: when a company reports to the board that “data protection risk is managed through our privacy compliance pro- gram”, is it accurately representing the risk land- scape if AI systems are processing patient data in ways that challenge fundamental privacy prin- ciples? When the company assures leadership that “product liability is covered by our insurance and quality systems”, does that assessment hold when algorithmic decision-making creates new forms of causation and liability theories that courts are still developing? The Compounding Effect: Why AI Risk Multiplies Rather Than Adds Up What makes AI risk particularly insidious is its tendency to compound rather than simply accu- mulate. A single AI deployment can simultane- ously create regulatory exposure across multi- ple jurisdictions, generate novel product liability theories, trigger data protection obligations and raise IP infringement issues – all while evolving in ways that make the risk profile itself a moving target. This compounding effect means that traditional risk mitigation strategies may provide false com- fort. Contractual liability caps become mean- ingless when regulatory enforcement actions bypass private law remedies. Insurance cover- age designed for traditional product defects may not respond to AI-specific claims. Due diligence processes focused on static risk assessment fail to account for systems that learn and change post-deployment. The result is a risk landscape where legal depart- ments may be underestimating their organisa- tion’s exposure while simultaneously providing
143 CHAMBERS.COM
Powered by FlippingBook