April | 2026 | HR & Benefits Update

$17M IBM Settlement Adds DOJ False Claims Act Liability To Risks For Using DEI Practices

April 20, 2026

The $17 million False Claims Act settlement with technology giant IBM by announced April 10, 2026, using affirmative action or other disfavored diversity, equity and inclusion (“DEI”) practices creates added risks for federal government contractors and grant recipients beyond those U.S. businesses as a whole already face under the Trump Administration “merit based” interpretation and enforcement of federal Civil Rights laws as prohibiting DEI or other discriminatory decision making.

In the face of the IBM and other agency investigations and enforcements under the new merit based civil rights policy, all US businesses, generally, and government contractor specifically should seek the advice of qualified legal counsel on their potential exposure and options for mitigation of their exposure under the Trump merit based Civil Rights law interpretation and enforcement policy.

Affirmative Action & Other DEI Practices Under Attack

Government and private DEI practices have faced increasing challenges under a series of Supreme Court rulings that interpret the 14th Amendment as prohibiting affirmative action and other government required or applied race based hiring and other preferences except where adopted and tailored to redress a proven specific past discrimination harm. See e.g., Students for Fair Admissions v. President and Fellows of Harvard College, 600 U.S. ___ (2023); Adarand Constructors, Inc. v. Peña, 515 U.S. 200 (1995); Ricci v. DeStefano, 557 U.S. 557, 579–80 (2009). While the Court rulings since as early as 2009 indicated racial or other DEI preferences were allowed only to redress a past history of discrimination, federal regulators and many courts applied these holdings in a manner that presumed or required little evidence of specific discrimination to uphold DEI practices. Consequently, federal regulations and enforcement encouraged if not required broad adoption of these practices for decades.

The Supreme Court cast the dye for change with its ruling in Students for Fair Admissions, that race-conscious admissions programs at Harvard University and the University of North Carolina violated the Equal Protection Clause and, as applied to recipients of federal funds, Title VI of the Civil Rights Act of 1964 (42 U.S.C. § 2000d). Rejecting the universities’ diversity rationales as insufficiently measurable and not narrowly tailored, the Supreme Court in Students for Fair Admissions ruled that racial classifications are presumptively invalid and must meet strict scrutiny with clear endpoints and individualized consideration to overcome that presumption of invalidity. Its holding and reasoning as applied to the facts leave little room for legal defense of DEI practices in education, government contracting, employment and other practices historically using DEI strategies absent a specific remedial justification tied to proven discrimination. See also Ricci v. DeStefano, 557 U.S. 557 (2009).

President Trump reacted to the Students for Fair Admissions and other Supreme Court rulings banning DEI policies in a series of Executive Orders upon beginning his second Presidency. See, Exec. Order No. 14148, Ending Radical and Wasteful Government DEI Programs and Preferencing, 90 Fed. Reg. ___ (Jan. 20, 2025); Exec. Order No. 14149, Restoring Merit-Based Opportunity and Ending Illegal Discrimination, 90 Fed. Reg. ___ (Jan. 20, 2025); Office of Mgmt. & Budget, Memorandum M-25-13, Initial Guidance Regarding President Trump’s Executive Order on Ending DEI Programs (Jan. 21, 2025); U.S. Office of Personnel Mgmt., Guidance on Implementation of Executive Orders Eliminating DEI Programs in Federal Workforce (Jan. 2025); U.S. Dep’t of Justice, Memorandum on Civil Rights Enforcement and Prohibition of Race-Based Preferences (Jan. 2025); U.S. Dep’t of Defense, Directive on Removal of Diversity, Equity, and Inclusion Training and Programs (Feb. 2025); U.S. Dep’t of Educ., Dear Colleague Letter, Application of Federal Civil Rights Laws to Race-Conscious Policies Post-SFFA (Feb. 2025).

Upon taking office, President Trump in his January 21, 2025 Executive Order 14173, Ending Illegal Discrimination and Restoring Merit-Based Opportunity (“EO 14173”) directed federal agencies to interpret and enforce the Civil Rights Act as requiring merit-based decisions without application of preferences for diversity, equity and inclusion,” (“DEI”), “affirmative action” or other favoritism to particular groups.

In Executive Order (“EO”) 14173, President Trump announced his interpretation of the equal protection and opportunity provision of the 14th Amendment of the U.S. Constitution, the Civil Rights Act of 1964 (“Civil Rights Act “), Section 1557 of the Patient Protection and Affordable Care Act of 1996 (“Section 1557”) and other federal civil rights laws as guaranteeing “merit-based” decision-making and prohibiting DEI, affirmative action and other non-merit-based race, sex, religious, national origin preferences. Consistent with this merit-based construction, President Trump ordered all federal agencies “to terminate all discriminatory and illegal preferences, mandates, policies, programs, activities, guidance, regulations, enforcement actions, consent orders, and requirements” and “to enforce our longstanding civil-rights laws and to combat illegal private-sector DEI preferences, mandates, policies, programs, and activities.”

On April 23, 2025, President Trump followed up on EO 14173 by ordering all federal agencies to stop treating disparate impact as a viable theory of liability in discrimination matters in Executive Order on Restoring Equality of Opportunity and Meritocracy.

In response to these directives, federal agencies abandoned decades of regulations and enforcement practices that encouraged if not required DEI practices to enforce a merit based decision making interpretation of federal civil rights laws that prohibits affirmative action and other DEI practices.

In response to President Trump’s Executive Orders, for instance, the Office of Federal Contract Compliance Programs (“OFCCP”) has abandoned regulations that for decades required federal contractors to demonstrate their affirmative action requirements effectiveness with a merit-only decision policy. See, Exec. Order No. 14173, Ending Illegal Discrimination and Restoring Merit-Based Opportunity, 90 Fed. Reg. 8633 (Jan. 21, 2025); U.S. Dep’t of Labor, Directive to OFCCP to Cease Enforcement of E.O. 11246 Affirmative Action Requirements (Jan. 24, 2025); Office of Federal Contract Compliance Programs, Director Catherine Eschbach, Letter to Federal Contractors Regarding Compliance with Executive Order 14173 and Wind-Down of Affirmative Action Programs (June 27, 2025); Office of Federal Contract Compliance Programs, Invitation to Voluntarily Report Compliance with Executive Order 14173 (2025).

Additionally, for employers generally, the Equal Employment Opportunity Commission (“EEOC”) revised its guidance to reflect that Title VII of the Civil Rights Act of 1964 (42 U.S.C. § 2000e-2) prohibits race-based employment decisions except in narrow circumstances, reinforcing a shift toward race-neutral strategies. See, e.g., Equal Employment Opportunity Commission, What You Should Know About DEI-Related Discrimination at Work (updated 2023–2024) (explaining that Title VII prohibits employment decisions motivated by race, even when framed as DEI initiatives). Meanwhile, the EEOC and the DOJ also sought to educate employees suffering job detriment from their employers’ DEI practices about their potential claims by jointly publishing a one-page technical assistance document, “What To Do If You Experience Discrimination Related to DEI at Work.”These actions are heightening Civil Rights discrimination risks for all employers for current or past DEI practices.

The DOJ’s weaponization of the FCA adds another significant DEI-derived risk for healthcare, education and government contractors. As reflected by a series of high profile agency actions initiated against educational and health care organizations using DEI practices announced in conjunction with or following President Trump’s DEI Executive Orders, federal health care and educational organizations participating in federal programs and federal government contractors face much greater risks from use of DEI practices beyond the general exposure of employers under the revised EEOC interpretation and enforcement policies. While initially these DEI enforcement policies targeted education and health care organizations participating in programs funded or managed by the Department of Education , the Department of Health and Human Services, or both, the IBM settlement makes clear these enforcement policies and risks now apply to federal government contractors and grant recipients as a whole.

Federal Government Contractor & Grant Recipient DEI False Claims Act Exposure

The first settlement announced by DOJ under the Civil Rights Enforcement Initiative announced in May, 2025, the IBM settlement with DOJ confirms DOJ is pursuing government contractors for using DEI practices under the False Claims Act (“FCA”).

On May 19, 2025, DOJ announced it would prosecute government contractors and other federal funds recipients under the Civil Rights Fraud Initiative for knowingly violating federal Civil Rights laws by using affirmative action, diversity, equity and inclusion, or other non-merit based (“DEI”) employment or other business preferences.

DOJ further clarified in subsequent guidance that DEI programs involving preferential treatment may violate statutes such as Title VI and Title VII, and that false certifications of compliance with those statutes may satisfy core FCA elements, including falsity and materiality. See, U.S. Dep’t of Justice, Guidance to Recipients of Federal Funding Regarding Unlawful Discrimination (July 2025).

DOJ takes the position that certain DEI programs expose federal contractors and grant recipients to liability under the FCA where those entities certify compliance with federal civil rights laws while maintaining practices the government views as involving unlawful race- or sex-based preferences.

In the Civil Rights Fraud Initiative announcement, DOJ stated that entities receiving federal funds that “knowingly violate[] federal civil rights laws” may be liable under the FCA because such violations can render certifications of compliance false and material to the government’s payment decisions. See U.S. Dep’t of Justice, Justice Department Establishes Civil Rights Fraud Initiative (May 19, 2025).

Government contractors targeted by DOJ for False Claims Act prosecution under its Civil Rights Enforcement Initiative face serious consequences as Civil Rights Act compliance is a condition of participation in federal programs. Since compliance with these requirements is a prerequisite to eligibility to bill or receive federal funds under federal programs, DOJ contends that billing the federal government or receiving funds under programs subject to these terms of participation for periods that the contractor are Grant recipient had DEI or other non-merit based practices constitutes making a false claim in violation of the False Claims Act.

Since announcing its FCA initiative, DOJ has encouraged whistleblower (qui tam) actions and signaled it was conducting active investigation and enforcement against federal funding recipients whose DEI policies allegedly conflict with federal nondiscrimination requirements of 31 U.S.C. §§ 3729–3733. See also U.S. Dep’t of Justice, Civil Division Memoranda on Civil Rights Enforcement and FCA Application (2025).

IBM Settlement Confirms DOJ FCA DEI Enforcement

The IBM settlement secured under DOJ’s Civil Rights Fraud Initiative confirms DOJ is pursuing government contractors for DEI practices.

On April 10, 2026 (publicly reported mid-April), DOJ announced that IBM agreed to pay approximately $17 million to resolve allegations that it violated the FCA by certifying compliance with federal anti-discrimination requirements in its government contracts while allegedly maintaining DEI practices that the government contended were discriminatory on the basis of race or sex. See U.S. Dep’t of Justice, IBM Pays $17 Million to Resolve Allegations of Discrimination Through Illegal DEI Practices (Apr. 10, 2026).

The DOJ IBM prosecution and resulting settlement reflect DOJ treats DEI programs as prohibited discrimination that can create FCA exposure where tied to contractual compliance obligations.

In its IBM prosecution, DOJ asserted that federal contractors must certify compliance with Title VII and related Federal Acquisition Regulation clauses as a condition of payment, and that knowingly maintaining noncompliant practices can render those certifications false and actionable under the FCA.

While IBM did not admit liability in the settlement, the DOJ sent a strong message to other government contractors to act to mediate their own exposure by repotting IBM received credit for cooperation, including early disclosures and remediation measures such as modifying or terminating the challenged programs.

As demonstrated by the announced IBM settlement, sanctions for False Claims Act violations are harsh. Along with potential criminal consequences for intentional or knowing violations, civil violations of the False Claims Act can result in treble damages and significant penalties, program exclusion or both.

Act Proactively To Mitigate Risks

The IBM settlement and other federal agency investigations and prosecutions sends a strong warning to Federal government contractors and federal grant recipients specifically and U.S. businesses generally to take proactive steps to mitigate their very real risk that their past and current DEI or other non-merit based employment and other policies.

With FCA enforcement now added to the employment discrimination enforcement risk government contractors face for challenged DEI practices, government contractors also must recognize their government contractor status puts them at a high risk of scrutiny due to the reporting and audit protocols used with government contracts and grants. When weighing the likelihood that their past or current practices will trigger scrutiny, government contractors are reminded that current and past certification and reporting facilitate the ability of DOJ and OFCCP to identify targets for enforcement under this new interpretation and enforcement of Civil Rights laws while sanctions secured through enforcement return significant revenue to federally constrained budgets.

Consequently, businesses generally and government contractors specifically should seek the assistance of qualified legal counsel to assess and mitigate their risk from past or current DEI initiatives in light of heightened litigation risk and federal agencies’s interpretation and enforcement of new Civil Rights merit based enforcement position. Organizations are encouraged to keep in mind that the sensitive nature of this investigation and analysis makes it critical that organizations conduct this analysis and their options for mitigation of liability within the scope of attorney. Client privileged to protect sensitive conversations and analysis from discovery.

If you have questions about or need assistance with these and other risk management or compliance concerns, contact the author.

For More Information

We hope this update is helpful. For more information about the or other health or other employee benefits, human resources, or health care developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

A Fellow in the American College of Employee Benefits Counsel and Board Certified in Labor and Employment Law by the Texas Board of Legal Certification, Cynthia Marcotte Stamer has more than 35 years experience, advising plan sponsors, fiduciaries, service providers and others about fiduciary responsibility and other employee benefit plan design, administration, risk management and compliance. i

Ms. Stamer is a Martindale-Hubble AV-Preeminent (highest/top 1%) practicing attorney recognized as a “Top Woman Lawyer,” “Top Rated Lawyer,” and “LEGAL LEADER™” in Health Care Law and Labor and Employment Law; among the “Best Lawyers In Dallas” in “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law recognized for her experience, scholarship, thought leadership and advocacy on health and other employee benefits, insurance, healthcare, workforce, HIPAA and other data and technology and other compliance in connection with her work with health care and life sciences, employee benefits, insurance, education, technology and other highly regulated and performance-dependent clients.

Ms. Stamer has more than 35 plus years of experience advising and representing, employers, employee benefit plans and their fiduciaries and administrators, their administrative services, technology and other business associates and other vendors, managed care and insurance, health care and other clients about these and other workforce, employee benefits, internal controls and other operations and compliance concerns.

Ms. Stamer is nationally sought out for her decades of leading-edge experience in the design, sponsorship, administration, and defense of health, severance, savings retirement and other employee benefit, workforce, insurance, healthcare, data and technology, and other operations to promote legal and operational compliance, reduce regulatory and other liability, and advance other operational goals. This experience includes decades of work on ERISA, Internal Revenue Code and other related labor and employment, insurance, corporate and securities, data privacy and security, licensing and other laws. She also sought out for her extensive speaking and publications on these and related concerns.

Along with her decades of legal and strategic consulting experience, Ms. Stamer also contributes her leadership and experience to many professional, civic and community organizations including current or previous service as Employee Benefits Group Chair and a Substantive Groups Committee Member for the ABA Real Property Trusts and Estates (“RPTE”) Section and Chair of its Welfare Plan, Fiduciary Responsibility and Plan Terminations Committees; Chair of the ABA International Section International Employment Law Committee; Chair and Vice Chair of the ABA Tort Trial and Insurance (“TIPS”) Section Medicine and Law Committee, Vice Chair of its Employee Benefits and Worker’s Compensation Committees; and Chair of the ABA Intellectual Property Section Law Practice Management and Special Technologies Committees; ABA Joint Committee on Employee Benefits (“JCEB”) Council Representative and Scribe for its annual agency meetings with the Department of Health and Human Services; International Section Life Sciences Committee Chair; Health Law Section Managed Care & Insurance Interest Group Chair; Vice Chair, Tax Section Fringe Benefit Committee Chair, and in various other ABA leadership capacities. Ms. Stamer also is a former Southwest Benefits Association Board Member and Continuing Education Chair, SHRM National Consultant Board Chair and Region IV Chair, Dallas Bar Association Employee Benefits Committee Chair, former Texas Association of Business State, Regional and Dallas Chapter Chair, a founding board member and Past President of the Alliance for Healthcare Excellence, as well as in the leadership of many other professional, civic and community organizations. She also is valued and celebrated for her decades of policy advocacy and charitable, pro bono, community and other service and leadership to promote understanding and strengthening health care, workforce, saving, disability, aging and retirement and other key policies and challenges through her PROJECT COPE Coalition For Patient Empowerment initiative and many other pro bono service involvements locally, nationally and internationally.

Ms. Stamer is the author of many highly regarded works published by leading professional and business publishers, the ABA, the American Health Lawyers Association, and others. Ms. Stamer also often speaks and serves on the faculty and steering committee for many ABA and other professional and industry conferences and conducts leadership and industry training for a wide range of organizations.

For more information about Ms. Stamer or her health industry, health and other benefits, workforce and other experience and involvements, see the Cynthia Marcotte Stamer P.C. website or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press™

Solutions Law Press™ provides health care, insurance, human resources and employee benefit, data and technology, regulatory and operational performance, and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education. These include extensive resources on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press™ resources or training.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general information and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstances at the particular time. No comment or statement in this publication is to be construed as legal advice or admission. Solutions Law Press and its authors reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often evolves, subsequent developments that could change the currency and completeness of this discussion are likely. Solutions Law Press and its authors disclaim and have no responsibility to provide any update or otherwise notify anyone of any fact or law-specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2026 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press.™ For information about licensing for republication, please contact the author directly. All other rights reserved.

Comments Off on $17M IBM Settlement Adds DOJ False Claims Act Liability To Risks For Using DEI Practices | Affirmative Action, board of directors, Civil Monetary Penalties, Civil Rights, compliance, Corporate Compliance, EEOC, Employers, Employment, Employment Discrimination, Employment Policies, Government Contractors, government employer, government plan, health Care, Health Care Fraud, health insurance marketplace, health plan, HR, Human Resources, LEP, LGBT, Medicare Advantage, OFCCP, OFCCP, Race Discrimination, Retaliation, Risk Management, school, Schools, Sex Discrimination, Supreme Court, Whistleblower | Tagged: Corporate Compliance, Department of Justice, Employer, Employers, Employment, employment discrimination, false claims act, government contractor, Government Contractors, Health Care Provider, Human Resources, Labor Department, National Origin Discrimination, OFCCP, Whistleblower | Permalink
Posted by Cynthia Marcotte Stamer

Managing Evidentiary Consequences Of AI Use

April 8, 2026

Human resources and other business leaders, using or allowing workforce members to CHAT-GPT or other artificial intelligence (“AI”) tools to research, make decisions or to support other activities should ensure that their organizations and their teams understand and manage the resulting evidentiary consequences and responsibilities these activities create.

In today’s AI age, Human Resources directors and other business leaders in increasingly are encouraged to turn to AI tools for a quick understanding of the law, drafting of documents, and a host of other human relations and business functions traditionally performed with the assistance of legal counsel. Although AI tools can be valuable under the right situations and properly used, the use of AI tools, along side of or as a substitute for legal advice obtained within the scope of attorney client privilege can carry a number of inherent risks and challenges. Human Resources and other leaders and their organization should carefully evaluate and manage these consequences before using AI.

AI Searches May Be And Create Evidence

AI prompts, outputs, and related metadata often qualify as discoverable electronically stored information (“ESI”) in litigation, regulatory audits, and enforcement proceedings.

Under the Federal Rules of Civil Procedure, discoverable information includes electronically stored information (ESI”) relevant to claims or defenses. See Fed. R. Civ. P. 26(b)(1); 34(a)(1)(A). Once litigation is reasonably anticipated, organizations must preserve relevant ESI under Federal Rules of Civil Procedure. See e.g.,Hoffer v. Tellone, 128 F.4th 433 (2d Cir. 2025).

AI searches and other interactions and the information and other outputs they produce generally qualify as ESI for purposes of the Federal Rules of Civil Procedure, Federal Rules of Evidence, (hereafter collectively the “Federal Rules”) and comparable federal and state litigation procedural rules.

Likewise, federal and state regulatory and enforcement agencies tend to consider AI and other ESI evidence covered by document retention and discovery rules.

Where applicable, these Federal Rules and agency rules generally include AI and other ESI evidence organizations must preserve, identify, and subject to discovery or other production like traditional evidence in litigation and agency audits and investigations.

ESI evidence generally includes any data stored in electronic form—such as emails, texts, spreadsheets, social media, and Internet of Things (“IoT”) data. As broadly construed by the courts, courts already long have admitted:

Internet search histories;
Internal chats and Slack messages;
Draft documents; and
Deleted files.

AI searches are simply the next evolution of this evidence category. AI records and information considered ESI can include;

AI prompt histories;
Generated outputs;
Embedded AI-assisted drafts;
Platform logs (if accessible); and
Other records.

Organizations that fail to fulfill requirements for AI or other ESI early identification, data authentication and other requirements of Federal Rule of Evidence 902, the requirements of Federal Rule of Civil Procedure 37(e) regarding lost evidence, or other applicable requirements to preserve and produce ESI may result in sanctions, adverse inferences, and penalties under the Federal Rules. Similarly, organizations may incur evidentiary sanctions, regulator penalties, and other adverse consequences for failing to identify, retain and produce ESI from AI or other sources in government audits and investigations. Common sanctions include:

Monetary sanctions;
Evidence preclusion;
Adverse inference jury instructions; and
Other authorized sanctions.

See, e.g., Jones v. Riot Hosp. Grp. LLC, 95 F.4th 730 (9th Cir. 2024) (affirming dismissal as sanction for intentional destruction of ESI); Maziar v. City of Atlanta, No. 1:21-cv-02172, 2024 WL 197561 (N.D. Ga. June 10, 2024) (denying summary judgment and awarding fees based on loss of text messages); McBride v. Moore, No. 2:23-cv-02904, 2024 WL 1136429 (C.D. Cal. Feb. 23, 2024) (denying sanctions where ESI not shown lost or duty not triggered). Gregory v. State of Montana, No. 22-____ (9th Cir. 2024) (reversing sanctions imposed outside Rule 37(e); emphasizing Rule 37(e) as exclusive remedy for ESI spoliation); DR Distribs., LLC v. 21 Century Smoking, Inc., 513 F. Supp. 3d 839 (N.D. Ill. 2021) (recognizing financial prejudice from spoliation and awarding fees); Bistrian v. Levi, 448 F. Supp. 3d 454 (E.D. Pa. 2020) (Rule 37(e) provides exclusive framework for ESI spoliation); Fast v. GoDaddy.com LLC, 340 F.R.D. 326 (D. Ariz. 2022) (failure to preserve mobile device data warranted sanctions).

These and other related cases alert organizations that AI and other modern data sources are squarely within ESI. Courts treat AI, texts, mobile data, and app-based communications as discoverable ESI.

The precedent reflects that the best opportunity to position your organization to show the reasonability of the actions taken is through the existence and enforcement of policies before and during the use of the AI tool.ESI preservation obligations depend on foreseeability, control, and access to data. When deciding the consequences of the unavailability or failure to produce ESI, the determination regarding failure to take “reasonable steps” is fact-intensive. Of course, the failure to retain the documentation will be particularly likely to be found unreasonable where the party was under a statutory, regulatory, ethical, contractual, or other pre-existing obligation to preserve the evidence.

Also, courts require proof of intent to deprive before imposing the most severe adverse inference or dismissal sanctions, a lack of proof of intent to deprive the request requesting party of evidence does not mean there will not be consequences for the non-producing party. Negligent failure to retain and produce ESI and other evidence still carries consequences. Even without bad faith, courts may impose curative measures, fees, or evidentiary limitations.

Similarly, the U.S. Department of Justice Securities and Exchange Commission Department of Health and Human Services Office for Civil Rights Equal Employment Opportunity Commission and other federal and state government agencies are increasingly sophisticated in digital evidence collection.

Among other things, organizations should be prepared to routine and produce documentation and data obtained, utilized, or otherwise interacting with AI tools and it’s associated meta-data and other components to respond to litigation and regulatory request for a broad range of data and information. Optimally the data captured and retained should include, but it’s not necessarily limited to:

AI usage policies;
Employee and other agent AI interaction records;
Evidence of AI and other relevant governance and training; and
Data protection controls.

Consequently, failure to govern, identify, preserve and produce AI-generated and AI-assisted records appropriately can expose organizations to spoliation sanctions, adverse inference instructions, regulatory penalties, loss of privilege protections, and expanded liability exposure.

In recognition of the possibility that AI tool interactions may give rise to obligations to retain and produce ESI evidence created as a consequence of that interaction, or organization should work with legal counsel to develop an administer appropriate practices to monitor, identify, retain, manage, and where necessary produce this ESI evidence.

AI Tools Create Evidence

Beyond considering and meeting documentation and other evidently protection, preservation, and production responsibilities, organizations and their human resources and other leaders need to recognize that the use of the tool itself and its outputs creates evidence that may give rise to legal opportunities, risks, and obligations for the organization.

Organizations should keep in mind that the use of AI tools creates legal evidently risks because AI tools typically generate synthesized responses (not just links) that often incorporate user inputs into outputs that may reflect user intent, knowledge, biases and opinions, and decision-making. This often makes AI interactions particularly valuable evidence for:

Intent (e.g., “how to terminate employee without legal risk”) Knowledge (awareness of compliance obligations) State of mind (deliberate vs. negligent conduct);
Knowledge (awareness of compliance obligations);
State of mind (intentional, willful, or deliberate vs. negligent conduct)

The potential risks of this and other evidence is heightened by the fact that the evidence created may arise not only from the actions taken by the user of the AI tool, but also may be inherently built into the design of the AI tool itself or the databases or other reference materials that it accesses, not all of which may be transparent to the user or the organization that employs the user. These risks are further heightened when the AI tool use is not conducted internally within the organization by its employee, but rather is a tool utilized by a consultant or other third-party provider conducting activities of a sensitive nature on behalf of the organization, such as a recruiting company, investigation, company, or other service provider.

These unique characteristics of AI make it advisable that organizations recognize and manage potentially heightened exposures that employee or other agent use AI tools can produce for the organization in a wide range of sensitive areas.

Examples of queries that can become “smoking gun” evidence include but are not limited to:

In employment or other workforce administration searches, AI queries such as “How to terminate employee with medical condition,” ‘How to avoid claims when, terminating older, disabled, complaining, injured or other employee with protected status, or the like can be evidence of discriminatory or other adverse intent;” or “How to beat a union organizing campaign;”
Compliance & Regulatory searches such as “How to structure payments to avoid reporting requirements,” “HIPAA penalties for disclosure; searches about compliance or looking for compliance loophole; searches where company researched sanctions for noncompliance in areas involved in litigation or enforcement; or searches on risk management that could be evidence the organization saw but chose not to follow rules or standards or otherwise looked for or acted to circumvent compliance or disregarded interpretations less favorable to chosen challenged course of action;
Litigation or Other Defense Strategy searches or tools such as “How to defeat a whistleblower claim,” “Ways to minimize damages in lawsuit” “Protecting your assets from IRS or in bankruptcy,” “How to conceal” or How to hide” orthe like can harm the organization’s interest by showing adverse intent, willfulness, or other motive or state of mind;
Litigation case law, enforcement, argument drafting, or other actions that could reveal or provide insight on sensitive litigation strategies or their strengths or weaknesses;
Financial & Tax searches such as “Aggressive tax strategies unlikely to be audited,” or “contract terms to reclassify employee to contractor,” “Structure transaction to avoid disclosure” or the like; and
Other searches or tool uses that could reflect improper, intent, or document improper activities, such as how to hide evidence, how to create a bomb, how to poison somebody or that creates a record of conduct such as edits to revise data or documentation in reports or records, where the changes are tracked and retained.

Given these other risks, organizations should carefully consider and manage these and other risks when deciding whether, when, how and what AI tools their organizations allow their people to use, who gets to use what tools, designate and train those authorized to use these tools appropriately, and design and implement appropriate tools to track, capture, retain and manage these records of AI use and their implications. Optimally, the planning should identify and work to manage the creation and preservation of evidence and related AI ESI required or otherwise helpful to meet, applicable, regulatory, contractual, statutory, or other requirements in a manner that minimizes the creation of evidence that could call into question the compliance or other appropriateness of the organizations actors.

Privilege and Confidentiality Risks

Asking AI tools to answer legal questions or provide guidance in legal advice obtained within the scope of attorney. Client privilege also can enhance the exposure for the organization and it’s actors because of the implications of that Youts on the availability of attorney-client privilege for the activities and information obtained. Using AI tools and output also can have implications on the ability of an organization to protect legal advice and work product developed and shared within the scope of attorney privileges from discovery in judicial or regulatory actions. Organizations need to recognize risk to the confidentiality of legal advice or work product that entering sensitive legal questions or information into public AI tools not specifically designed and used outside the scope of the attorney-client relationship to avoid creating problematic evidence, disclosing discussions or work product that otherwise might qualify for protect against discovery in litigation or agency proceedings under the attorney-client privilege or attorney work product rules, or both.

Searches conducted by organization employees, consultants, or other agents or representatives about the law, strategies, or legal risks and consequences without or outside the scope of an attorney-client relationship generally can be discovered and used as evidence. Consequently, organizations should regulate the use by officers, directors, compliance officers, human resources directors, consultants, non-legal investigators and auditors and others of AI tools, internet or other searches to investigate the law or legal strategies independent of or outside the scope of attorney-client privilege.

Particularly risky scenarios include:

In-house counsel, Human Resources, risk management or compliance staff using public AI tools;
Employees seeking legal guidance outside approved channels;
Consultants, contractors, and other vendors use of AI in performing tasks or tools;
Embedded AI in software or other tools; or
Uploading contracts, PHI, or proprietary data into AI systems.

Additionally, organizations and others communicating or working with legal counsel on behalf of the organization within the scope of attorney-client privilege to design strategies or investigate or defend actions generally should not use AI tools to conduct their own legal research or analysis without authorization and direction of the legal counsel to avoid forfeiting attorney-client privilege and work product protections.

If the required confidentiality is preserved, the attorney-client privilege and work product privileges rules can protect confidential communications between a client and its attorney and work product prepared for risk management, defense or other purposes of the legal engagement against disclosure in litigation or other proceedings in many circumstances. However these protections are lost if the communication or work product is disclosed to or discussed with third parties outside the attorney-client relationship. Entering factual information, conducting legal searches, or using AI tools outside the attorney-client relationship, not specifically designed to preserve confidentiality, or both to draft or evaluate legal documents, research, drafts, or strategies generally is considered a third party disclosure that can waiver or undermine the privilege for the specific information input to the AI tool as well as potentially related communications or work product.

For these and other reasons, organizations and individuals generally should resist the temptation to use AI tools to evaluate legal strategies, advice or work product.

Trade Secret, HIPAA and Other Data Privacy and Use Exposures

Human Resources and other leaders also must keep in mind their organization’s responsibilities to respect other organizations, intellectual property, to safeguard the confidentiality and security of data, and their organization’s need to protect its own intellectual property.

AI tool enthusiasts promote AI tools as substitutes for legal advice and other paid services. While asking AI to write a “free” policy or contract may seem a great way to save legal or other consulting, licensing or other costs, human resources and other leaders and their organizations must keep in mind that not all data, information and resources obtained through a ChatGPT or other AI search is shareware. Most nongovernmental data bases, contractual firms, tools, templates and other materials accessed through AI searches are or incorporate materials owned or subject to copyrights or other intellectual property protections of third parties. Unlicensed use of these resources can expose their organizations to copyright and other intellectual property infringement liability.

Furthermore, human resources and other executives choosing to use materials drafted using AI tools or otherwise acquired off of the Internet or other sources without legal advice to recognize that acquired materials and resources may not be currently compliant, appropriately tailored to their use, or contain other deficiencies for utilization in their organizations. These deficiencies can arise from a number of sources. For one thing, the queries input by the user may not be sufficiently tailored to adequately represent all of the material considerations necessary to tailor he organizations, questions, and the AI response to the needs of the organization. Also, because AI databases often times include a broad range of historical data, AI responses may rely upon outdated, legal or operational presumptions incorporated into these historical policies when they no longer are appropriate for use in your organization. Additionally, the response of AI may draw from a wide range of sources, including many of which may be sample policies not drafted by qualified individuals with adequate expertise to fully understand the legal and operational implications of the policy and properly draft a policy appropriate for use in the organization, acquiring the form or materials off of the Internet.

Beyond suitability of the information where tool obtained through the AI search itself, unlicensed use of the response, may expose your organization to liability for violating other organizations or authors, intellectual property rights. AI searches can and often do access and incorporate data and other resources protected by third party copyright,trade secrets, HIPAA or other confidentiality, or other safeguards. Accordingly, accessing or using data bases, sample language or forms, or other materials without proper licensing or attribution may trigger liability to individuals and organizations for breaches of these intellectual property rights.

A separate concern arising from the use of AI tools in HR and other business operations to evaluate, formate or otherwise process sensitive data also creates potentially serious risks when theof these tools involves allowing the AI tool to access or uploading the confidential or other sensitive information into the tool. Human resources and other leaders must exercise care not to share inappropriately and to help their organizations use policies and processes to prevent their people’s use of AI tools to avoid violating statutory, regulatory or contractual confidentiality requirements, compromising confidential information, their own or business partner’s trade secrets, proprietary information and other intellectual property, or both.

Furthermore, uploading or sharing trade secrets, Health Insurance Portability and Accountability (“HIPAA”) protected health information, confidential employee, tax or other regulated information, trade secrets or other confidential or sensitive data into AI tools or searches without proper controls may itself breach of HIPAA, trade secret, federal or state privacy laws (e.g., biometric, consumer data laws) or other statutory, regulatory, ethical or contractual data privacy or confidentiality obligations. Additionally, allowing AI tools to access and interact with electronic data or systems frequently triggers data and systems security obligations under HIPAA, the Fair and Accurate Credit Transactions Act, Equal Employment Opportunity and other Human Resources and benefits data, electronic crimes, federal and state government contract, and a broad range of international, federal and state cybersecurity laws and regulations, and other government and private contractual and program participation, statutes, and regulations.

Given these concerns, organizations should avoid using AI tools that require uploading customer, financial, sales, or other data or information that the organization considers its own trade secrets or proprietary information into AI data bases or tools that do not adequately safeguard the ownership and confidentiality of that information.

AI Tool Hallucinations and Other Output Deficiency Risks

AI tools and the output they produce are not always reliable. Among other things, certain AI tools are known to:

Lack the ability to distinguish between more and less credible information sources;
Create plausible-sounding but entirely fabricated facts, news articles, legal authorities, or academic citations;
Create biased, false, incomplete, or inaccurate responses when models lack complete training data, are subjected to biased data, have limited context, ir under other circumstances;
Create false positives such as I dentifying a threat (e.g., in fraud detection) that is not actually present.
Fail to detect a real threat (e.g., in medical imagery) or report other false positives;
Fabricate non-existent, fake information or other incorrect or inaccurate information; and
Engage in hallucinations or other errors

The quality of the response, at best, often varies based on the quality and precision of the question asked. Lack of experience and careful structuring of the questions and inquiries made, lack of specialized knowledge necessary to structure the inquiry to be tailored to the specific needs at hand, and other limitations and concerns about the searches can undermine the accuracy, completeness and relevance of the AI tools output. Accordingly, response obtained by AI tools, often are unreliable and must be validated by a person experienced and skilled. The validation process should be conducted in such a matter that it preserves evidence that changes and responses are made based on thoughtful and reasonable determinations that the evidence obtained was not applicable or reliable, to minimize susceptibility to claims that decisions and actions were cherry picking based on improper intent rather than appropriate quality assurance processes. Organizations allowing the use of the tools and the individuals utilizing them need to understand and appropriately manage the very operational, legal in other risks of these deficiencies and error errors when utilizing AI tools.

Adopt And Enforce AI Policies To Manage AI Tool Use Responsibilities and Risks

Considering these and other responsibilities, human resources and other leaders and their organizations should use care to decide when, how, why, and by whom it allows AI tools to be used in or on behalf of its organization and provide appropriate steps to manage those uses in the resulting ESI to fill its legal obligations and manage its legal and operational risks. Because this process of itself could be evidence impacting, the organizations, legal exposures, organizations generally should work with qualified legal counsel within the scope of attorney-client privilege to work define and enforce policies and practices, to promote the organization’s legal and operational interests and manage the resulting legal obligations.

The author of this update, Cynthia Marcotte Stamer has decades of experience advising and representing governmental and private entities, AI and other technology, workforce and other legal and operational compliance, risk management and other operational and enforcement matters. If you have questions or need advice or help evaluating or addressing these or other compliance, risk management, or other concerns, contact her.