AI AND BUSINESS RISK: WHAT COMPANIES SHOULD KNOW ABOUT THE FTC’S NEW AI ACCURACY FOCUS
Artificial intelligence is no longer a future issue for businesses. Companies are already using AI tools to write marketing content, answer customer questions, analyze documents, screen applicants, manage workflows, summarize data, generate sales leads, draft contracts, recommend products, detect fraud, and make operational decisions. At the same time, AI vendors are aggressively marketing their products as faster, smarter, more accurate, more objective, and more cost-effective than traditional tools.
That creates a growing legal risk: what happens when the AI does not perform the way the company promised?
The Federal Trade Commission’s new proposed policy statement on AI accuracy is an important reminder that AI may be new technology, but the legal rules around false or misleading business claims are not new. The FTC is signaling that companies may face consumer-protection liability when they market AI systems as accurate, objective, useful, reliable, or suitable for certain tasks, while the system’s actual behavior is inconsistent with those claims.
For businesses, the practical lesson is simple: do not oversell what AI can do, do not hide how AI is being used, and do not rely on vendor hype without reviewing the legal, operational, and reputational risks.
THE FTC’S NEW AI ACCURACY FOCUS
In July 2026, the FTC announced that it is seeking public comment on a proposed policy statement addressing AI accuracy. The policy statement focuses on the FTC Act’s prohibition against unfair or deceptive acts or practices, particularly where companies market AI systems in a way that leads consumers to expect accuracy, objectivity, or usefulness, but the systems are allegedly designed or steered in ways that undermine those expectations.
The FTC’s concern is not limited to one type of AI tool. The issue can arise with large language models, AI chatbots, automated decision systems, recommendation tools, AI-powered marketing platforms, customer-service systems, AI detection tools, legal-tech products, financial tools, recruiting tools, educational platforms, healthcare-support tools, and other AI products used in business or consumer-facing settings.
The FTC’s proposed statement focuses heavily on AI companies that market their systems to the public. However, ordinary businesses that adopt AI tools should also pay attention. A company does not need to be an AI developer to create risk. A business may create legal exposure by making claims about an AI-powered service, using AI in a customer-facing process without appropriate disclosure, relying on an AI vendor’s claims without verification, or allowing employees to use AI tools in ways that affect customers, applicants, patients, tenants, consumers, or business partners.
WHY THIS MATTERS FOR ORDINARY BUSINESSES
Many companies treat AI as a productivity tool, not a legal risk. That is a mistake. AI can affect advertising, contracts, privacy, employment, consumer protection, intellectual property, confidentiality, cybersecurity, and regulatory compliance.
For example, a marketing agency may advertise that its AI tool generates “fully compliant” ad copy. A healthcare-related business may use AI to summarize patient communications. A financial-services company may use AI to recommend products or screen leads. A staffing company may use AI to rank applicants. A law-adjacent service may claim that AI can replace professional review. A retailer may use a chatbot to answer questions about refunds, pricing, warranties, or product safety. A software company may claim its AI tool is accurate, neutral, or unbiased.
Each of those statements can become legally significant. If the AI output is wrong, incomplete, misleading, biased, inconsistent, or not actually supported by testing, the company may face claims that it misled customers or failed to disclose material limitations. The risk increases when consumers reasonably rely on the AI system to make decisions involving money, health, employment, education, housing, legal rights, or personal safety.
AI ACCURACY IS NOT JUST A TECHNICAL ISSUE
Businesses often think of AI accuracy as a technical problem. From a legal perspective, it is also a representations-and-disclosures problem.
The FTC is concerned with what consumers are led to believe. If a company markets an AI tool as accurate, objective, neutral, professional-grade, expert-level, compliant, secure, or suitable for a particular purpose, the company should be prepared to substantiate those claims. It should also disclose important limitations clearly and prominently.
A small disclaimer buried in terms of service may not be enough if the company’s advertising, website, sales materials, product demos, onboarding documents, or customer communications create a stronger impression that the AI tool can be relied upon. The overall “net impression” of the marketing matters. If customers are told that the AI system is reliable, but important limitations are hidden in fine print, the company may still face deception risk.
This is especially important because many AI tools are probabilistic. They can produce confident but incorrect answers. They may hallucinate facts. They may change outputs after model updates. They may perform well in one context but poorly in another. They may rely on incomplete training data. They may be affected by prompts, guardrails, retrieval systems, third-party integrations, or user behavior. They may also produce different results depending on settings the customer does not understand.
A business using AI should not assume that “the vendor said it works” is enough.
THE DIFFERENCE BETWEEN HALLUCINATIONS AND MISLEADING CLAIMS
The FTC’s proposed policy statement recognizes an important distinction. Not every incorrect AI output automatically creates liability. AI systems may make mistakes because of technological limits, resource constraints, or ordinary performance failures. The legal issue becomes more serious when a company misrepresents the system’s capabilities, conceals known limitations, or markets the system in a way that causes users to rely on it for purposes it is not actually fit to perform.
In other words, the problem is not simply that AI can be wrong. The problem is telling customers that AI is reliable in ways the company cannot prove, or failing to disclose that the AI has been designed, steered, limited, or modified in ways that conflict with user expectations.
For businesses, this means accuracy risk must be managed before the product is sold, before the AI tool is deployed, and before employees begin relying on it in customer-facing operations.
AI “OBJECTIVITY” CLAIMS ARE ESPECIALLY RISKY
Many companies describe AI as objective, neutral, unbiased, data-driven, or free from human error. Those claims may sound attractive from a marketing perspective, but they can create legal exposure.
AI systems are built, trained, configured, prompted, and deployed by humans and organizations. Their outputs may reflect data limitations, model design, system instructions, business rules, compliance settings, moderation filters, or vendor decisions. If a company claims an AI tool is objective or neutral, it should be able to explain what that means, how it was tested, what limitations exist, and whether the claim is accurate in the context where the tool is being used.
This matters in areas such as employment screening, lending, insurance, housing, education, healthcare, law, professional services, and consumer finance. In those industries, inaccurate or misleading AI claims can create exposure not only under the FTC Act, but also under sector-specific statutes, state consumer-protection laws, discrimination laws, privacy laws, and contract obligations.
BUSINESSES SHOULD REVIEW THEIR MARKETING LANGUAGE
The first place businesses should look is their own marketing. Companies should review websites, sales decks, proposals, advertisements, social media posts, product descriptions, software demos, onboarding documents, contract language, and customer-service scripts.
Risky phrases may include claims that an AI system is “100% accurate,” “fully compliant,” “unbiased,” “guaranteed,” “expert-level,” “lawyer-grade,” “doctor-level,” “human replacement,” “risk-free,” “automatic,” “independent,” “neutral,” “error-free,” or “always up to date.” Even softer claims can create risk if they imply capabilities the company cannot substantiate.
A safer approach is to describe AI tools precisely. Businesses should explain what the tool does, what it does not do, whether human review is required, what data sources are used, what limitations exist, and whether outputs are recommendations rather than final decisions.
The goal is not to scare companies away from AI. The goal is to align the company’s public claims with what the technology can actually support.
VENDOR CONTRACTS NEED TO CATCH UP
Many businesses use third-party AI tools without carefully reviewing the vendor agreement. That can be dangerous. If an AI tool creates a customer-facing error, exposes confidential information, violates privacy obligations, generates infringing content, or produces misleading output, the business may be the one facing the customer, regulator, or lawsuit, even if the vendor caused the problem.
AI vendor contracts should address accuracy, performance standards, permitted uses, prohibited uses, data rights, confidentiality, cybersecurity, model training, retention of prompts and outputs, intellectual property ownership, indemnity, limitation of liability, audit rights, compliance obligations, human review requirements, and notice of material model changes.
Businesses should also ask whether the vendor uses customer data to train models, whether prompts are stored, whether outputs can be reproduced, whether the vendor provides audit logs, whether the model may change without notice, and whether the vendor makes any representations about accuracy or suitability for regulated uses.
A standard software agreement may not be enough for AI deployment.
INTERNAL AI POLICIES ARE NOW A BUSINESS NECESSITY
Many AI risks arise because employees begin using AI tools informally. An employee may paste confidential client information into a public chatbot. A manager may use AI to screen applicants without approval. A marketing employee may publish AI-generated claims without fact-checking. A sales team may tell customers that an AI tool can do more than it actually can. A customer-service department may rely on chatbot answers that are wrong or inconsistent with company policy.
Businesses should adopt internal AI policies that define which tools may be used, what information may be entered, who must review AI outputs, what uses are prohibited, and when legal or management approval is required. The policy should be practical, not theoretical. Employees need clear rules they can follow.
At minimum, businesses should prohibit employees from entering sensitive personal information, trade secrets, confidential client information, protected health information, financial account information, immigration documents, litigation materials, or proprietary business information into unapproved AI tools. Companies should also require human review before AI-generated content is sent to customers, published publicly, used in employment decisions, used in legal or compliance contexts, or relied upon for high-risk business decisions.
HIGH-RISK USES REQUIRE EXTRA REVIEW
Not all AI use carries the same risk. Using AI to brainstorm a blog title is different from using AI to deny a job applicant, recommend medical care, draft legal advice, approve a loan, evaluate insurance risk, or communicate binding refund policies to a customer.
Businesses should identify high-risk AI uses and require additional safeguards. These may include human review, testing, validation, bias review, documentation, customer disclosures, appeal procedures, audit logs, and legal review. High-risk uses should not be deployed casually simply because the technology is available.
A company should ask: Who is affected by this AI output? What happens if the output is wrong? Is the customer likely to rely on it? Does the output affect legal rights, money, health, employment, housing, safety, immigration, or access to services? Is a human reviewing the result? Can we explain how the decision was made? Do our contracts and disclosures accurately describe the system?
If the answer to those questions is unclear, the AI use should be reviewed before deployment.
DISCLOSURES MUST BE CLEAR AND MEANINGFUL
Disclosures are important, but they must be clear, prominent, and accurate. A company cannot rely on vague fine print while marketing an AI tool as reliable or expert-level everywhere else.
Good disclosures explain the role of AI in the process, the limits of the tool, whether human review occurs, whether outputs are recommendations or final decisions, and whether the user should independently verify results. For consumer-facing tools, the disclosure should appear where the customer will actually see it, not only in terms and conditions that few people read.
Disclosures should also be consistent. A company should not tell customers in marketing materials that the AI is highly accurate while telling them in legal terms that the company takes no responsibility for the accuracy of any output. Inconsistent messaging can create both legal risk and customer distrust.
AI RISK IS ALSO CONTRACT RISK
Companies using AI in business operations should review their own customer contracts. If a business provides services using AI, its contracts should clarify whether AI may be used, whether human review is included, what warranties are and are not made, who owns deliverables, whether the customer may rely on outputs, and what limitations apply.
For professional services businesses, this is especially important. Clients may assume that all work was personally reviewed by a human expert. If AI is materially involved, the business should consider whether disclosure is necessary or appropriate. The answer may depend on the industry, the type of work, the contract, ethical rules, confidentiality obligations, and customer expectations.
Businesses should also review indemnity provisions, limitation-of-liability clauses, confidentiality terms, data-processing obligations, cybersecurity requirements, and intellectual property provisions to make sure AI-related risks are addressed.
PRACTICAL STEPS BUSINESSES SHOULD TAKE NOW
Businesses do not need to stop using AI. They do need to use it carefully. The first step is to identify where AI is already being used within the company. Many owners and executives do not realize how many employees are using AI tools informally.
Next, the company should review marketing claims and customer-facing language for accuracy. Any claim about AI performance, accuracy, neutrality, objectivity, compliance, expertise, or reliability should be supportable. If the company cannot prove the claim, the language should be revised.
The company should also review vendor agreements before relying on AI tools in important workflows. If the vendor agreement disclaims all responsibility for accuracy, prohibits certain uses, allows the vendor to train on company data, or limits remedies to a small refund, the business should understand that risk before deployment.
Finally, the company should adopt an internal AI use policy, train employees, require human review for important outputs, preserve records where needed, and create a process for reporting AI errors or customer complaints.
CONCLUSION
The FTC’s new AI accuracy focus is a warning to businesses: AI innovation does not eliminate traditional legal obligations. Companies still must be truthful in advertising, careful in customer communications, accurate in contracts, responsible with data, and realistic about what their tools can do.
For many businesses, the greatest AI risk is not the technology itself. It is the gap between what the company says the technology can do and what the technology actually does.
At Elkhalil Law, P.C., we help businesses evaluate legal risk, review contracts, update policies, and protect themselves as new technologies change the way companies operate. AI can be a powerful business tool, but it should be used with clear contracts, accurate disclosures, careful governance, and a realistic understanding of legal exposure.

