Agenda recently interviewed Avi Gesser on the legal risks associated with generative AI tools, whether company boards need AI experts, and which board committee should be responsible for overseeing AI risk and compliance. Here are some of the relevant quotes:

“AI has lots of beneficial commercial uses, but it can also create reputational risks, operational risk, and legal risks. For generative AI, these include privacy, IP, cybersecurity, and contractual risks if confidential data is being shared with the tool.”

“If these tools are being used to generate information that is being shared with customers, or is being used to make decisions about customers, you also need to consider bias, transparency, and quality-control risks.”

“Some of the more specific legal risks include the possibility of confidential information
or trade secrets being shared through generative AI, as well as regulators’ scrutiny.”

“The Federal Trade Commission has warned companies not to exaggerate what
their algorithm can do and announced that it would pursue false advertising claims related
to AI.”

“While companies planning on using AI do not necessarily need an AI expert on their
boards, directors should probably consider having AI risk and governance as a periodic
board agenda item.”

“AI can reside with the full board; an existing committee, like audit or technology; or a newly formed committee dedicated to AI. Additionally, other companies have decided
to place responsibility over AI with whichever committee is responsible for cybersecurity.”

“However, if a board is concerned that it does not have the necessary expertise to oversee
AI opportunities and risks, it should consider having some board members receive AI training. They should also consider assigning management responsibility over AI risk and regulatory compliance to a particular member of management or a management committee, to help facilitate proper oversight,”

The full article can be read here.


Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at