Business 1 February 2026 10 min read

AI Generated Your Content. You're Still Liable.

Your marketing team uses ChatGPT to draft content. It includes a claim that is not quite true. The content goes live. A regulator notices. Who is liable? Not the AI. Here is why executive accountability for AI-generated content is the governance gap most UK businesses have not closed, and what it actually costs to fix.

MM
Mark McNeece Founder, 365i
Executive reviewing AI-generated content on a laptop in a modern boardroom with concern
At a Glance 10 min read
  • UK directors have non-delegable fiduciary duties under the Companies Act 2006; AI does not shift legal responsibility for published content.
  • 23% of UK businesses were using AI by late 2025, but 80% had no governance plans for their AI use, according to the ONS.
  • FCA, ASA, ICO, and Trading Standards can all take enforcement action over AI-generated content errors, with GDPR fines up to £17.5 million.
  • Many Professional Indemnity and D&O insurance policies have quietly added exclusions for generative AI claims since 2024.
  • The "4-Eyes" rule (named sign-off on every AI output) costs nothing and closes the biggest governance gap immediately.

Generative AI has given businesses an extraordinary capability. Marketing teams draft campaigns in minutes. Finance teams produce investor summaries at speed. Legal teams condense contracts with a prompt. The productivity gains are real, and the businesses adopting AI well are pulling ahead.

But there is a gap that separates the businesses using AI effectively from those building up hidden exposure: governance. The organisations getting this right are not the ones avoiding AI. They are the ones that have extended their existing quality controls to cover it.

The good news is that the governance framework AI content requires is not new. It is the same discipline that financial reporting, product safety, and customer communications already demand. The leaders who recognise this are turning a regulatory question into a competitive advantage.

The Accountability Illusion

Generative AI has made content creation extraordinarily fast. According to the Office for National Statistics, 23% of UK businesses were using AI technology by late September 2025. But here is the uncomfortable truth that most of those businesses have not confronted: 80% still had no active governance plans for their AI use.

That gap between adoption and accountability is where the opportunity lies for leaders who close it first.

The speed and fluency of tools like ChatGPT, Gemini, and Claude create what I call the "accountability illusion." The content reads well. It sounds authoritative. It arrives so quickly and so polished that the instinct to check it properly fades. You start trusting the output because it looks trustworthy.

That is the accountability illusion, and it is the reason governance matters.

Delegation Without Absolution

Corporate executives in a boardroom discussing documents with digital screens showing content review processes
The businesses getting AI governance right are extending existing boardroom disciplines to a new context.

In 2022, FCA Chief Executive Nikhil Rathi made the position unambiguous:

"The responsibility for algorithms and AI stops with the human leaders at the top of firms."

Nikhil Rathi, CEO, Financial Conduct Authority, Rolling Regulation Forwards (2022)

When I first read that line, my reaction was: finally, someone has said the quiet part out loud. In thirty years of building software for government agencies, banking and insurance, I have seen the same pattern repeat. A new technology arrives. People assume it shifts accountability. It never does. The person who signs off is the person who is responsible. That was true for outsourced code in the 1990s, and it is true for AI-generated content today.

Under the Companies Act 2006, directors have fiduciary duties, including the duty of care and the duty to exercise reasonable skill and judgement. These duties are, as UK law firm Gunnercooke LLP puts it, "non-delegable." You cannot transfer them to an AI system. You cannot transfer them to a junior employee who was told to "just use ChatGPT." The buck stops with the directors.

Think of an AI tool as you would a new, enthusiastic intern. Capable. Fast. Occasionally brilliant. But you would never let an intern publish your annual report without checking it. The same logic applies.

The "Almost Right" Problem

The real danger of AI-generated content is not that it produces obvious nonsense. It is that it produces content which is almost right.

A product description that overstates a capability by 10%. A blog post that cites a statistic which existed once but has since been corrected. An investor update that uses phrasing which, while technically not false, creates a misleading impression. Research suggests that AI writing quality can vary dramatically between model versions, and even the companies building these tools acknowledge the problem.

"Almost right" content is harder to catch than outright fabrication. It passes the skim-read test. It satisfies the reviewer who is under pressure and checking quickly. And it is precisely the kind of content that triggers regulatory action, because it looks deliberate rather than accidental.

AI Content Risk Scenarios for UK Businesses
Scenario Regulator Potential Consequence
AI writes a financial promotion with misleading claims FCA Enforcement action under Consumer Duty
AI generates an advert with unverifiable product claims ASA Ad banned, public ruling, reputational damage
AI publishes inaccurate personal data about a customer ICO GDPR breach, fines up to £17.5M or 4% of turnover
AI overstates product capabilities to close a sale Trading Standards Potential fraud under Economic Crime Act 2023

The Regulatory Reality

Illustration of interconnected UK regulatory bodies including FCA, ASA, ICO, and CMA with oversight connections
UK regulators are applying existing rules to AI-generated content. No new legislation is needed for enforcement.

Guy Parker, Chief Executive of the Advertising Standards Authority, has been equally direct:

"Advertisers who harness AI can't abdicate responsibility for the creative content that it produces."

Guy Parker, CEO, ASA, AI and Ad Regulation

That quote landed differently for me than Rathi's did. Parker is not talking about financial services firms with compliance departments and legal teams. He is talking about advertisers, which includes every small business that runs a Facebook ad, writes a Google Ads description, or publishes a promotional blog post. The reach of this principle is far wider than most business owners realise.

The UK does not have a single "AI Act" like the EU. Instead, existing regulators are applying existing rules to AI outputs. The latest example: the government brought AI chatbots under the Online Safety Act in February 2026, with Ofcom enforcing illegal content duties. Here is the broader picture:

  • FCA (Financial Conduct Authority): The Consumer Duty means if AI content leads a customer to a poor financial outcome, the firm is liable. "Technology is not an excuse for poor outcomes."
  • ASA (Advertising Standards Authority): If AI generates a photo that misrepresents a product, or a claim that cannot be substantiated, existing advertising codes apply in full.
  • ICO (Information Commissioner's Office): AI hallucinations that generate false information about real people constitute a GDPR breach. The right to rectification applies regardless of whether the inaccuracy was created by a human or a machine.
  • EU AI Act: For UK businesses serving EU customers, Article 50 (effective August 2026) introduces transparency obligations for AI systems that interact directly with users and for synthetic media such as deepfakes. Content written with AI assistance under human editorial control is not caught by the labelling requirements, but AI outputs that could be mistaken for human-created content are.

The common thread? No regulator cares how the content was created. They care about what it says and whether it harms the consumer. The medium of creation, whether human, AI, or a monkey with a typewriter, does not change your obligations.

The Governance Opportunity

Clean modern illustration of a governance framework checklist with approval stages and review checkpoints
AI content governance uses the same disciplines businesses already apply to financial reporting and compliance. The framework is simpler than you think.

Here is where the opportunity opens up. Most businesses using AI have not yet established basic governance, which means any organisation that does will immediately differentiate itself. Of the businesses using AI, the vast majority have no:

  • Written AI usage policy
  • Content sign-off chain that accounts for AI-generated material
  • Audit trail of what was generated, by whom, and what was changed
  • Staff training on AI limitations and hallucination risks
  • Insurance review to confirm AI content is covered

This is not primarily a technology problem. It is a governance problem. And governance is a leadership capability that most executive teams already possess. The skills required to oversee AI content are the same skills applied to financial reporting, regulatory compliance, and quality management. If your business is using AI to create any content that reaches customers, investors, or the public, then AI governance belongs on the board agenda, where the relevant expertise already sits.

The debate about AI writing often focuses on whether the output is "good enough." That misses the point entirely. The question is not whether AI can write well. The question is whether you have a process to catch the times when it does not, and whether someone specific is accountable when it slips through.

What You Can Actually Do

The good news: closing the governance gap does not require enterprise budgets or compliance teams. Here are practical steps, starting with what costs nothing.

Quick Wins (Free)

  • The "4-Eyes" rule: No AI-generated content leaves the business without sign-off by a named person. Not "someone checks it", but a specific individual who accepts responsibility for that piece of content.
  • Label your AI use internally: Require staff to mark any draft that used AI assistance. This is not about surveillance. It is about ensuring reviewers know to check more carefully.
  • Vendor contract review: Check your AI provider's terms. Most shift liability for outputs entirely to you. Microsoft Copilot, ChatGPT, and Gemini terms all place responsibility for content accuracy on the user. This matters even more now that AI platforms are expanding into regulated workflows like legal and financial services.

Structured Steps (Modest Investment)

AI Content Governance Costs for UK SMEs
Action Estimated Cost What You Get
AI usage policy (legal review) £1,000 – £3,000 Clear rules for staff, liability boundaries defined
AI governance audit £500 – £1,500 Gap analysis of your current AI content workflows
Director AI literacy training £100 – £300 per person Board can ask the right questions and challenge assumptions
Insurance review (PI/D&O) £0 (broker conversation) Confirm whether AI-generated content claims are covered

One point on insurance that too few businesses have considered: by 2026, many Professional Indemnity and Directors & Officers policies have quietly added exclusions for claims arising from generative AI. If you have not explicitly checked, assume you are not covered.

The Board-Level Reframing

The businesses that will navigate this well are the ones that reframe AI content governance not as a compliance burden, but as a leadership capability. The same disciplines that govern financial reporting, product safety, and customer communications apply directly to AI-generated content. This is not a new skillset. It is an existing one applied to a new context.

Organisations that build this capability now will move faster with AI, not slower. When your team knows the review process and the boundaries, they can use AI tools with confidence rather than hesitation. Governance does not inhibit AI adoption. It accelerates it, because people produce better work when they have clear frameworks.

If your website is your shopfront, and for most UK businesses, it effectively is, then the content on it carries the same weight as the words your salespeople speak. A professionally designed website with professionally managed content is not just better marketing. It is better governance.

AI is an extraordinary tool. We use it extensively at 365i, for research, for drafting, for code. Every piece of content that goes out under our name has been reviewed, verified, and signed off by a human. That is not because we distrust AI. It is because governance and quality are what allow us to use AI boldly, knowing that every output meets the standard our clients expect.

Frequently Asked Questions

Is the AI liable if it generates incorrect content?

No. AI has no legal personality in UK law. The company publishing the content and its directors bear full responsibility, exactly as they would for content written by an employee. The tool used to create the content does not change who is accountable for it.

Do I need an AI usage policy for my business?

If your staff use AI tools to create any content that reaches customers or the public, yes. A written AI usage policy sets expectations, defines sign-off processes, and provides evidence of governance if a regulator investigates. A solicitor can draft one for £1,000–£3,000.

What fines can UK businesses face for AI-generated content errors?

Fines depend on the regulator. GDPR breaches (via the ICO) can reach £17.5 million or 4% of global turnover. FCA enforcement actions have no upper limit. ASA rulings do not carry fines directly but can result in ads being banned and significant reputational damage.

Does GDPR apply to AI-generated content?

Yes. If AI generates inaccurate information about an identifiable person, that constitutes inaccurate personal data processing under GDPR. The data subject has the right to rectification, and the ICO can take enforcement action regardless of whether the inaccuracy was created by a human or a machine.

Does my AI provider indemnify me for content errors?

Generally, no. Most AI provider terms of service (including OpenAI, Google, and Microsoft) shift liability for output accuracy to the user. Some offer limited IP indemnification for copyright claims, but not for factual errors, misleading content, or regulatory breaches.

Does the EU AI Act apply to UK businesses?

The EU AI Act has extraterritorial reach, so if your AI outputs affect EU consumers, certain obligations apply regardless of where your business is based. However, Article 50's transparency and labelling requirements specifically target AI systems that interact directly with users (chatbots, virtual assistants) and synthetic media (deepfakes, AI-generated images or video presented as real). Blog posts, marketing content, and other material written with AI assistance under human editorial control do not require labelling. The broader accountability principle still applies: if AI-assisted content makes inaccurate claims that harm EU consumers, existing consumer protection law covers that regardless of the AI Act.

Does my business insurance cover AI content claims?

Check your policy carefully. Many Professional Indemnity and Directors & Officers insurance policies added exclusions for generative AI claims during 2024-2025. Contact your broker to confirm coverage and discuss whether a specific AI liability endorsement is needed.

How can a small business implement AI content governance?

Start with the "4-Eyes" rule: require a named person to sign off all AI-generated content before publication. Add internal labelling so reviewers know which drafts used AI. Review your vendor contracts. These steps cost nothing and close the biggest governance gaps immediately.

Sources

Use AI Boldly. Govern It Well.

At 365i, we use AI extensively and govern every output rigorously. The result is content that moves fast and stands up to scrutiny. Whether it is your website, your blog, or your AI visibility strategy, we build the kind of digital presence that earns trust.

Talk to Us About Your Website
Tags:
AI Governance AI Content Executive Accountability FCA ASA ICO EU AI Act Corporate Governance UK Business AI Risk
Continue Reading

More Articles

Sean Hamilton: The Full Lockerfella Interview
Web Design 30 Apr 2026

Sean Hamilton: The Full Lockerfella Interview

The unedited post-launch conversation between Mark McNeece and Sean Hamilton about the Lockerfella build. Trust, area pages, AI Discovery Files, prices, and the locksmith version of mission control. The primary source behind the case study.

18 min read Read
He Asked for a Proper Locksmith Website. He Got Mission Control.
Web Design 30 Apr 2026

He Asked for a Proper Locksmith Website. He Got Mission Control.

Sean Hamilton wanted a website that "looked proper". He didn't ask for schema, AI Discovery Files, or 18 unique area pages. He didn't need to. Inside the Lockerfella build, the case study that turned a one-line brief into a 100/100/100/100 PageSpeed locksmith site cited in AI search within ten days of launch.

11 min read Read
Google's March 2026 Core Update Hits AI Content Hard. Here's Where the Line Is.
SEO 28 Mar 2026

Google's March 2026 Core Update Hits AI Content Hard. Here's Where the Line Is.

Google rolled out its first core update of 2026 yesterday, the third algorithm change in four days. More than half of monitored sites are seeing ranking shifts. The update targets scaled AI content but rewards AI-assisted pages built on original expertise. Here's the five-minute audit that tells you which side of the line your content is on.

9 min read Read