AI on trial: What regulators and judges really expect

Artificial intelligence isn’t just a boardroom topic anymore. It’s showing up in courtrooms, regulatory filings, and government orders. For legal, privacy, and compliance leaders, that reality should be a wake-up call. The question is no longer “can AI help?” It’s “will AI stand up when regulators and judges start asking hard questions?”

And those questions are already here.

Regulators Are Tightening the Screws

Across the globe, regulators are moving quickly to define how AI can—and cannot—be deployed. The EU AI Act, passed in 2024, introduces a sweeping risk-based framework and fines as high as 7% of annual revenue for violations. U.S. agencies are pushing in the same direction: the Federal Trade Commission has warned that AI vendors must be able to substantiate claims, and the Department of Justice has signaled that companies deploying high-risk AI systems are expected to maintain compliance controls as rigorously as they would for anti-bribery or antitrust laws.

Learn what's involved in compliance with the EU AI Act using our checklist.

Privacy authorities are no less aggressive. European regulators have already fined Clearview AI for unlawful scraping of biometric data. In the Middle East and Asia, new privacy laws explicitly call out AI systems as subject to transparency and human-oversight mandates. And U.S. states like Colorado and California have added AI-specific language to privacy regulations.

The throughline is unmistakable: if an AI system touches regulated data, its actions must be explainable, traceable, and reviewable.

Courts Are Demanding Accountability

Judges, too, are drawing lines. In Mata v. Avianca (2023), a New York federal judge sanctioned attorneys for submitting fabricated case citations generated by ChatGPT. The decision made international headlines, but the underlying principle was straightforward: courts will not tolerate AI outputs that can’t be verified.

Other examples echo this theme. Discovery disputes are increasingly turning on whether parties can demonstrate how AI-assisted review was conducted. Forensic investigators are expected to produce complete chain-of-custody records, not just final reports. In each case, the judiciary is signaling the same expectation: if AI is involved, its work product must be explainable and defensible.

Put differently, AI is no longer just a helper in the background. It is effectively becoming a participant in legal processes—and like any participant, its credibility will be challenged.

Why GenAI Falls Short

Against this backdrop, the limitations of generative AI become painfully clear. Large language models are optimised to produce fluent text, not to document how decisions are made. They can’t provide source mapping, they hallucinate facts, and they often require data to be shipped off to third-party cloud environments.

None of that holds up when regulators or opposing counsel demand answers. If you can’t show why a document was classified as privileged, or how personal data was handled under GDPR, a “the model said so” defense will collapse instantly.

This is why so many organisations experimenting with GenAI quickly run into a wall. The outputs may look impressive, but when the bar is admissibility, regulatory compliance, or defensibility, the system simply doesn’t meet the test.

The Case for Agentic AI

Agentic AI offers a path forward precisely because it is designed to satisfy these heightened expectations. Instead of producing opaque outputs, agentic systems pursue goals through defined, auditable steps. Every decision is logged. Every escalation to a human is recorded. Every agent action can be explained after the fact.

This architecture isn’t an academic exercise—it’s a direct response to what regulators and judges already demand:

• Explainability: The ability to show why a conclusion was reached.
• Auditability: A full record of inputs, actions, and outputs.
• Human oversight: Clear checkpoints where accountability remains with people, not machines.
• Compliance controls: Guardrails that keep data inside secure environments and aligned with privacy frameworks.

These aren’t optional features. They are the baseline requirements for AI to be trusted in legal and compliance workflows.

What Exterro Is Building

At Exterro, we see this every day in conversations with customers who operate under constant scrutiny. That’s why we’ve built Exterro Intelligence and Exterro Assist for Data to embody agentic principles from the ground up. Data never leaves the enterprise environment. Each agent’s actions are logged. Every output can be reviewed, challenged, and defended.

And this is just the beginning. The vision for Exterro’s agentic AI extends well beyond data classification or breach response. We see applications in discovery workflows, digital forensic investigations, data subject access requests, and regulatory reporting. Each is a use case where GenAI falls short—but where agentic AI can provide not just efficiency, but defensibility.

The Bottom Line

Regulators and judges aren’t asking whether AI is exciting. They’re asking whether it can be trusted. Can you prove how a decision was made? Can you show that data never left the secure environment? Can you defend the results in court or in a regulatory audit?

If the answer is no, the technology won’t survive scrutiny—no matter how impressive its outputs look in a demo.

That’s why the future of AI in legal, privacy, and compliance isn’t about chasing novelty. It’s about building systems that move from prompts to proof—systems designed to meet the standards of regulators, the expectations of judges, and the obligations of professionals working in risk-heavy environments.

Generative AI has shown us what’s possible. Now agentic AI must show us what’s defensible.

(Disclaimer: This article is part of a sponsored feature series. The content has been provided by the company, and Dataquest has no role in creating this content.)