AI Compliance by Industry
AI risk exposure varies dramatically by industry. Each guide covers common AI use cases, liability areas, relevant policy types, and typical compliance gaps specific to your sector.
Education & EdTech
Schools, universities, EdTech platforms, and learning management providers that deploy AI for admissions screening, student assessment, academic proctoring, and personalized learning. These firms face regulatory scrutiny because AI in education affects access to educational opportunities — education is explicitly listed as a consequential decision domain in multiple state AI laws alongside employment, healthcare, and housing.
Financial Services & Fintech
Banks, credit unions, investment firms, fintech companies, and financial advisors that deploy AI for credit decisioning, underwriting, portfolio management, fraud detection, and customer engagement. These firms face overlapping state AI obligations and federal financial regulations (ECOA, FCRA, Dodd-Frank), creating a layered compliance environment where state AI laws add requirements on top of — not in place of — existing federal frameworks.
Healthcare Providers & Health Tech
Hospitals, physician practices, telemedicine platforms, and health technology companies that deploy AI for clinical decision support, patient triage, diagnostic assistance, and patient communication. These firms operate under heightened regulatory scrutiny because AI errors can directly affect patient safety and health outcomes, and because healthcare is explicitly listed as a high-risk decision domain in multiple state AI laws.
HR & Recruiting Firms
Staffing agencies, recruiting firms, and HR technology providers that use AI for candidate sourcing, resume screening, interview analysis, and employment decision support. These firms face heightened regulatory scrutiny because AI in hiring directly affects individuals' economic opportunities.
Insurance Brokers
Insurance brokers and agents increasingly use AI for underwriting support, client risk assessment, claims triage, and policy recommendation — work that sits squarely inside their professional duty of care. The exposure runs two ways. First, the brokerage's own AI use creates errors-and-omissions (E&O) risk: an AI-suggested coverage gap, a misclassified risk, or a chatbot that misstates policy terms can become a negligence claim. Second, brokers must understand the AI exclusion endorsements now appearing in the policies they place — Verisk's CG 40 47 and Berkley's PC 51380 both apply broadly to AI-related claims, including unsanctioned "shadow AI" use that the insured may not even know about. The NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers (adopted December 2023 and issued by many states since) sets the expectation of a documented AI governance program, while state unfair-trade-practices and rating laws constrain how AI may influence pricing, eligibility, and claims decisions.
Law Firms
Law firms use AI for legal research, document review, contract analysis, drafting, and client intake — uses that intersect directly with the rules of professional conduct. ABA Formal Opinion 512 (July 2024) confirms that the duty of competence (Model Rule 1.1, Comment 8) requires lawyers to understand the benefits and risks of the generative AI tools they use, while the duty of confidentiality (Model Rule 1.6) constrains submitting client information to AI systems that may retain it or train on it. The risk is not theoretical: in Mata v. Avianca, a federal court sanctioned lawyers who filed AI-hallucinated case citations, and a growing list of courts now require disclosure or certification of AI use in filings. Beyond the ethics rules, AI errors in research or drafting create direct malpractice exposure — and most lawyers' professional liability policies do not yet contemplate AI-specific risk.
Marketing Agencies
Marketing and creative agencies use AI across content creation, image and video generation, client-facing chatbots, and audience targeting — often embedding AI output directly into client deliverables. That creates layered exposure. The FTC has made clear under Section 5 of the FTC Act that deceptive AI claims and undisclosed AI-generated endorsements are enforceable "unfair or deceptive practices," and its 2024 "Operation AI Comply" sweep signals active scrutiny of AI-washing. Generative output carries IP risk: under Thaler v. Perlmutter, a purely AI-generated work is not copyrightable, so a deliverable the agency believes it "owns" may carry no protectable rights for the client, and image models can reproduce protected material from training data. Client-facing chatbots add contractual risk — in Moffatt v. Air Canada, a tribunal held the company liable for its chatbot's misstatements. Most agency E&O and CGL policies were never priced for these exposures, and AI exclusion endorsements are now narrowing what they cover.
Real Estate & Property Management
Real estate brokerages, property management firms, proptech platforms, and real estate investment companies that deploy AI for property valuation, tenant screening, listing optimization, and client engagement. These firms face regulatory scrutiny because AI in housing directly intersects with fair housing obligations, and algorithmic bias in property valuations or tenant screening can produce discriminatory outcomes at scale.