Some annual reports now mention AI more than a hundred times. Most of the companies behind those reports cannot, if pressed, evidence the operational reality behind the rhetoric. The international law firm Hogan Lovells calls the gap “AI-washing” and warns it is following the same arc that greenwashing took into UK courts: marketing language outrunning operational truth, regulators sharpening their tools, and litigation funders building books of claims for when the AI premium in valuations starts to deflate. For UK boards, the question is not whether AI-washing exposure exists in their disclosures. It is how quickly they can audit it before someone else does.

Why this looks like greenwashing, only faster

The greenwashing parallel is not rhetorical. The legal infrastructure that handled climate disclosure claims — securities class actions under FSMA s.90 and s.90A, consumer protection enforcement, ASA rulings that feed downstream litigation — is the same infrastructure now turning towards AI claims. The difference is that AI rhetoric in corporate disclosures is denser, more central to strategic narrative, and more often tied to forecast revenue than ESG language ever was.

Strategic Reality: A 400% year-on-year increase in Fortune 500 companies citing AI as a material business risk (Arize AI, 2024) signals two things at once. AI is now load-bearing in corporate narratives, and the legal departments at those same companies have started to worry. UK-listed firms are following the same curve, with weaker disclosure controls around AI claims.

The critical numbers:

IndicatorReality
Hogan Lovells review of annual reports across manufacturing, digital services, paymentsWell over a dozen AI references per report; one report mentioned AI more than 100 times
Vectara hallucination leaderboard for market-leading models~3% structural hallucination floor — not a short-term teething issue
SEC settlement against Delphia and Global Predictions (2024)US$400,000 penalty for false claims about predictive AI capabilities that did not exist
UK failure to prevent fraud offenceIn force; the SFO has signalled it will “go hunting” for early cases
Arize AI 2024 survey400% YoY increase in Fortune 500 firms citing AI as a material business risk

The substantive point: the technology underpinning most AI claims is more probabilistic, more dependent on hidden human labour, and more limited than the boilerplate “AI-first” framing in annual reports suggests. The gap between the claim and the reality is where the litigation builds.

What AI-washing actually looks like

Hogan Lovells identifies three patterns that recur across sectors. Each maps to a different category of legal exposure.

The first is exaggeration. A legacy IT services firm bolts an API call to a foundation model onto an existing analytics product and now describes the result as “AI-driven insights”. A payments company licenses a third-party large language model, embeds it in customer support, and rebadges the operation as “agentic”. The branding shift outpaces any material change in the underlying product. When investors and customers price the company on the new framing, the gap between marketing and operational reality starts to matter.

The second is AI in name only. Products marketed as “autonomous” or “AI-powered” turn out to be hybrid systems with large workforces correcting outputs, validating data, and managing hallucinations. The unit economics are still labour-intensive, but the disclosure language hides that. When a customer buys a “scalable, low-touch AI solution” and gets a labour-arbitrage business with a model wrapper, the contractual exposure is straightforward.

The third is omitted limitations. Large language models hallucinate at a structural rate of around 3% (Vectara leaderboard, market leaders). They fabricate citations. They misattribute statements to identifiable individuals. Failing to disclose these limitations in high-stakes deployments — legal review, clinical decisions, financial advice — is not a communication oversight. It is a misrepresentation problem.

Reality Check: “Hallucination floor” is now a technical term of art with public benchmark backing. A company that claims its AI is reliable for high-stakes use without disclosing the hallucination rate is making a statement an expert witness can take apart in cross-examination. The “we didn’t know” defence is closing.

A fourth pattern is governance over-claim. Boards assert alignment with the EU AI Act, DORA, or “responsible AI” frameworks without an audit trail that would survive regulatory scrutiny. Or, conversely, they assert that these regimes do not apply when the technical reality of their deployments suggests they might. Both directions create the same exposure: a corporate statement that cannot be reconciled with operational truth.

The UK enforcement surface is wider than the SEC parallel suggests

UK boards face five enforcement channels that can be triggered by the same AI-related statement.

Securities and listing regimes. The Market Abuse Regulation and the FCA’s disclosure rules require regulatory information service announcements to be fair, clear, and not misleading. Describing a modest AI rollout as “transformational” is the kind of statement these rules are designed to catch. FSMA s.90 covers prospectuses; investors do not need to prove they relied on a specific statement to bring a claim. FSMA s.90A covers other published information — annual reports, interim results, RNS announcements — and requires reliance, which is harder to dispute in AI-heavy reports where AI is positioned as central to the equity story.

Consumer protection. The Digital Markets, Competition and Consumers Act prohibits misleading consumer practices. Products sold as “AI-powered” or “autonomous” must be substantiable on challenge. The Law Commission is examining a consumer class actions regime that could give this prohibition real procedural teeth.

FCA conduct expectations. AI-related claims in financial promotions and customer materials sit inside existing rules on clear, fair, and not misleading communications. The FCA’s tone is supportive of AI experimentation, but its expectations on governance, operational resilience, and the Consumer Duty apply regardless. Boards using AI in credit, fraud detection, or customer engagement should expect to be asked how the systems were tested and how they were described.

Criminal enforcement. The failure to prevent fraud offence is now in force. The Home Office guidance asks firms to assess fraud risk dynamically, taking emerging technologies into account. A generic anti-fraud policy that ignores AI-specific risks — deepfakes, synthetic invoices, internal pressure to over-sell AI capabilities — is unlikely to satisfy the reasonable prevention procedures defence. The SFO has said publicly it will “go hunting” for early cases.

Civil litigation. Misrepresentation, deceit, and breach of contract claims will follow the same fact patterns as the regulatory cases. A vendor that sold an “AI-powered” document review tool as near-autonomous, when the buyer later discovers a significant proportion of the review depends on human correction, has a misrepresentation problem and potentially a fraud problem. If the buyer onward-sold the tool to clients on the basis of substantial cost savings, the chain of exposure widens.

Critical Context: A single AI-related statement can trigger shareholder claims, customer disputes, and regulatory attention in parallel. The defendants are the same. The fact patterns are the same. The disclosure documents are the same. This is not five separate lines on the board’s risk register. It is one risk with five enforcement entry points.

StakeholderWhat they will scrutiniseWhen pressure intensifies
Institutional investorsAnnual report AI framing vs revenue attributionWhen the AI premium in valuations corrects
FCARNS announcements and customer-facing AI claimsAt supervisory visits and after market events
SFOVendor AI claims, internal incentives to over-sellActively hunting for early failure to prevent cases
Litigation fundersClass action viability around AI-heavy listingsAlready scanning disclosures for discrepancies
InsurersWhether AI losses were foreseeable or genuinely unexpectedAt policy placement and at the claim stage
Consumer protection enforcers”AI-powered” product claimsDMCCA active; consumer class regime in development

The success criteria for a board AI disclosure review are sharper than for most governance exercises. Every public AI claim must be evidenced. Every limitation that affects a high-stakes use case must be disclosed. The audit trail must survive a hostile cross-examination of a director who signed the document.

What boards should do in the next two quarters

The window for a quiet, board-led audit is short. The longer disclosures sit unaudited, the more material the corrective statement looks when it lands. A staged approach works for organisations at different maturity levels.

For organisations with significant AI in product or service (highest exposure):

  1. Commission an inventory of every public AI claim — annual report, prospectus, RNS, marketing site, sales deck, investor calls — against operational reality. Treat any gap as a disclosure issue, not a marketing one.
  2. Pull AI claims into the same disclosure controls as financial statements. Ownership of the claim should sit with a named function that can be challenged.
  3. Audit vendor AI claims with the same discipline. The failure to prevent fraud offence catches associated persons; a sales partner over-selling on the organisation’s behalf creates corporate exposure.
  4. Refresh the fraud risk assessment specifically for AI-enabled risks. The Home Office guidance expects this; a generic policy will not satisfy the defence.

For organisations with emerging AI deployments (moderate exposure):

  1. Map current and planned AI claims against the operational reality of the deployment. The cheapest moment to correct a claim is before it is published.
  2. Build a governance baseline: documented model selection, hallucination testing for high-stakes uses, vendor due diligence, customer-facing disclosure of AI limitations.
  3. Review D&O and professional indemnity policies for AI-specific exclusions and conditions. Insurers are tightening at placement.

For organisations exploring AI (lower current exposure):

  1. Set a policy now that public AI claims must be evidenced before they are made. The discipline costs nothing at this stage and gets expensive later.
  2. Treat any “AI-first” rebrand as a disclosure event requiring board-level sign-off.
  3. Watch the early SFO and FCA cases. They will set the operational standard.

Implementation Note: The most effective AI-washing audit treats the marketing site, the investor relations site, and the annual report as a single corpus. Most legal review focuses on the prospectus and the annual report. The discrepancies that fund class actions are usually in the marketing copy that nobody legalled.

Four risks boards are likely to miss

The obvious risks — false claims, omitted limitations — are visible enough to get attention. The harder ones are embedded in operational habits.

Internal incentives manufacture AI-washing. Bonus structures tied to “AI adoption” metrics push staff and sales partners to overstate AI capabilities in customer conversations. The Home Office guidance identifies internal pressure as a fraud triangle element. Mitigation: review incentive structures alongside disclosure controls, and require verification before AI capability claims can be used in sales contexts.

Insurance is quietly tightening. D&O and professional indemnity insurers are introducing AI-specific exclusions and asking detailed questions about AI governance at placement. A loss arising from a “known weakness” — hallucination, hybrid human-AI dependency — may not be covered if the insurer takes the view that the weakness was foreseeable and inadequately controlled. Mitigation: review policy wordings now and brief brokers on AI governance evidence before renewal.

The “agentic AI” branding gap is the next exposure surface. Much of what is marketed as “agentic” is standard model use with new packaging. The legal issue is not the use of the model. It is the gap between the autonomy implied by the branding and the operational reality. Mitigation: avoid “autonomous” and “agentic” language in disclosures unless the system genuinely operates without human oversight at the relevant decision points.

Greenwashing case law will be applied by analogy. UK courts have spent five years building doctrine on misleading ESG statements: what counts as a forward-looking statement, when reliance can be inferred from market context, how technical limitations should be disclosed. That doctrine will be applied to AI claims. Boards that assume AI is a clean legal slate are misreading the precedent base. Mitigation: brief the legal function on greenwashing case law as the operative starting point for AI disclosure risk.

Hidden Cost: An AI-washing claim does not just trigger a defence cost. It puts the AI strategy itself on hostile public record. Witnesses are deposed about how the AI actually works. Internal documents are disclosed. Competitors learn the operational reality. The reputational cost of the disclosure process is often higher than the eventual damages.

The audit is cheaper than the correction

AI-washing exposure is one of the few governance risks where the cost of acting now is genuinely a fraction of the cost of acting later. The audit is bounded. The correction is expensive. The litigation is worse. And the SFO has said publicly it is looking for cases.

Three factors will separate organisations that get this right from those that do not:

  1. Treating AI claims as disclosure, not marketing. Every public AI claim should pass through the same controls as a forward-looking financial statement.
  2. Evidence before language. Operational evidence — testing reports, governance frameworks, vendor due diligence — needs to exist before the corresponding claim appears in a public document.
  3. Insurance scrutiny on the AI question. Policy wordings, exclusions, and placement disclosures need to be reviewed against the organisation’s actual AI usage, not against a generic AI risk description.

Next steps for boards in the next 90 days:

  • Commission an inventory of public AI claims across all corporate communications channels
  • Pull AI claims into the same disclosure controls as financial statements
  • Refresh the fraud risk assessment for AI-enabled risks under the failure to prevent fraud offence
  • Audit vendor AI claims that the organisation may be exposed to as an associated person
  • Review D&O and professional indemnity policy wordings for AI-specific exclusions
  • Brief the legal function on greenwashing case law as the operative starting point for AI disclosure risk

Take Action: Resultsense helps UK boards translate emerging AI risk into practical disclosure and governance frameworks. For a conversation about how the AI-washing exposure surface applies to your business, get in touch.

The greenwashing wave took years to reach the UK courts at scale. The AI-washing wave is moving faster, has a denser enforcement infrastructure waiting for it, and will land with the failure to prevent fraud offence already in force. The boards that get ahead of it will not be the ones with the cleanest AI strategy. They will be the ones with the cleanest evidence that their AI claims are true.

Source citation

Source: AI-washing – when AI hype becomes a litigation risk — Hogan Lovells, published May 2026. Authored by Reuben Vandercruyssen, Lydia Savill, and Matt Steven.

Strategic analysis prepared by Resultsense — making sense of AI in the UK.