Introduction
As the year-end reporting season approaches [1] [5], companies must exercise caution in their representations of AI capabilities to avoid misleading investors [2]. The SEC has intensified its focus on AI and cybersecurity disclosures, emphasizing the importance of accurate and truthful statements to maintain investor trust and comply with regulatory standards.
Description
Companies must exercise caution in their representations of AI capabilities [2], especially as the year-end reporting season approaches [1] [5], to avoid misleading investors [2] [5], as emphasized by the SEC [2]. The agency has acknowledged the significant impact of AI on industries and financial markets [5], intensifying its focus on disclosures related to AI and cybersecurity [1]. Recent enforcement actions highlight the SEC’s commitment to addressing materially misleading statements, with four companies recently charged for such violations. Misstatements regarding AI usage or performance can erode investor trust and lead to regulatory scrutiny and enforcement actions [2].
The percentage of 10-K filings discussing AI has surged from 12% in 2020 to 45% in 2024 [3], with a notable increase in the Risk Factors section. Over 20% of companies also mention AI in their Business section [3], yet many do so without providing sufficient context, raising concerns about the authenticity of their claims [3]. SEC Chairman Gary Gensler has emphasized the importance of truthful disclosures regarding AI use [3], but the SEC’s inquiries into AI claims have been minimal [3], with only one inquiry made among nearly 1,900 comment letters in 2024 [3]. This lack of scrutiny raises concerns that the investing public may be misled by AI claims that have not been adequately substantiated.
To align with SEC expectations [2], companies should provide detailed contextual information about AI applications [2], clearly articulate material risks associated with AI [2], and ensure that all claims about AI capabilities are accurate and evidence-based [2]. This includes disclosing who developed the AI technology [5], whether it is proprietary or sourced from third-party vendors [5], as this information is crucial for assessing risks and dependencies [5]. Companies must avoid “AI-washing,” which involves overstating AI’s potential or misleading investors regarding its applications. Additionally, as companies prepare their cybersecurity and AI disclosures [4], they should be particularly vigilant regarding ransomware incidents and potential brand damage from generative AI.
Disclosures must encompass material risks related to AI [5], such as reliance on third-party providers [5], potential algorithmic biases [5], discrimination risks [5], and compliance with emerging regulations [5]. Companies utilizing AI should clearly describe its use, impact [4] [5], risks [2] [3] [4] [5], and benefits in their risk factor disclosures [4]. Recent enforcement actions underscore the critical nature of adhering to regulatory standards and highlight the importance of truthful and specific AI-related claims. For instance [2] [5], Global Predictions [2] [5], Inc. misled investors by promoting unsubstantiated AI-driven forecasts [2] [5], while Delphia (USA) Inc [2] [5]. faced scrutiny for failing to deliver on promised AI capabilities [2]. These cases emphasize the necessity for transparency in AI disclosures to maintain investor trust and mitigate regulatory risks [2].
Navigating the SEC’s evolving expectations for AI and cybersecurity disclosures is crucial for maintaining investor trust and avoiding regulatory pitfalls [5]. As companies prepare for year-end reporting, it is vital to ensure that their disclosures are accurate [5], comprehensive [5], and aligned with SEC guidance [5]. Recommendations for improving AI disclosures include defining AI in the context of its application [3], detailing the use of external tools [3], and discussing the data and computational resources involved in AI initiatives [3]. Financial markets are increasingly valuing exposure to AI [3], indicating a pressing need for the SEC to enhance its scrutiny of registrants making AI-related claims [3].
Conclusion
The SEC’s heightened focus on AI and cybersecurity disclosures underscores the critical need for companies to provide accurate, comprehensive [5], and truthful information. Misleading statements can erode investor trust and lead to regulatory scrutiny [2]. As AI becomes increasingly integral to business operations, companies must ensure their disclosures align with SEC expectations to maintain investor confidence and avoid potential enforcement actions.
References
[1] https://www.law.com/corpcounsel/2025/01/13/ai-disclosures-under-the-spotlight-sec-expectations-for-year-end-filings/
[2] https://www.jdsupra.com/legalnews/ai-disclosures-under-the-spotlight-sec-1783439/
[3] https://www.linkedin.com/pulse/where-sec-comment-letters-ai-william-floyd-phd-cpa-lizee/
[4] https://www.jdsupra.com/legalnews/securities-snapshot-4th-quarter-2024-2995534/
[5] https://www.bakerdonelson.com/ai-disclosures-under-the-spotlight-sec-expectations-for-year-end-filings
