XFactorAI has warned that enterprises could face a wave of AI-related legal action by 2027, with CEO John Margerison arguing that many boards still misunderstand where liability sits when they deploy third-party AI tools.
His intervention centres on a familiar assumption in boardrooms: that if an AI system causes harm, legal responsibility rests mainly with the vendor that built it. Margerison argues that this is too simplistic, and that businesses signing those contracts are often exposing themselves to legal risk they have not fully examined.
He pointed to the US case Mobley v. Workday as an example of how that exposure can widen. The age discrimination case focused on Workday’s AI hiring algorithm, but dozens of companies using the tool were also named as co-defendants. In Margerison’s view, the court’s willingness to treat Workday as an “agent” of those companies shows how deployers can be drawn into claims they may have expected the vendor to absorb.
That warning comes against a regulatory backdrop that is becoming more crowded and more active. According to figures cited in the release, AI mentions in global legislative proceedings have grown ninefold since 2016, rising 21.3% in 2024 alone, while 145 AI laws were enacted in the US last year. Margerison argues that governance gaps inside enterprises are widening as that legal environment tightens.
Preparedness, he said, is particularly weak. The release cites research showing that only 3% of compliance professionals believe their organisation is prepared for AI regulation as things stand, a figure Margerison says leaves many businesses poorly equipped for the volume of disputes and enforcement action he expects to follow.
John Margerison, CEO of XFactorAI, said: “There’s a common misconception that, should AI agents cross legal lines, the enterprises that deploy them are off the hook. Boards often assume that vendors take the fall, but that’s a misunderstanding that I think will land them in legal hot water as early as next year.
“None of the fixes are difficult, they just aren’t particularly popular. Businesses should name one accountable owner for AI governance, not a committee or working group, who can be asked to their face what went wrong. And they must take a hard, honest look at the tools they already run, asking the questions that never came up at signing.
“AI regulation is accelerating, so boards must be aware of the risks and make these changes now. Otherwise, legal fees, regulatory fines and reputational damage could be only a few months away.”
His proposed response is straightforward: appoint a single owner for AI governance, audit existing tools, and revisit the assumptions built into vendor agreements before disputes emerge. As more decisions, rankings, and recommendations move into production systems, the legal question is no longer confined to model developers alone.
You must be logged in to post a comment.