AI Washing Under Fire: What UK Professional Services Need to Know About US and Canadian Enforcement

If you think AI compliance is someone else's problem — a concern for Silicon Valley giants or American regulators — think again. The enforcement wave now reshaping professional services firms in the United States and Canada is sending a clear signal to any organisation that uses, sells, or markets AI-powered tools. UK accountants, solicitors, HR consultancies, and marketing agencies would do well to pay close attention.

Here is what is happening, why it matters, and what your firm should be doing about it right now.

The US Enforcement Landscape: Federal Deregulation Does Not Mean No Rules

On the surface, the Trump administration's approach to AI looks permissive. Executive Orders 14179 and 14365 established an "innovation-first" policy, directing federal pressure — including DOJ litigation — at states attempting to impose their own AI regulations. The Federal Trade Commission recently vacated a 2024 consent order against AI writing tool Rytr, arguing that penalising speculative misuse places an unfair burden on innovation.

It would be a serious mistake, however, to read this as a green light for careless AI adoption.

The US Senate declined to include a proposed ten-year moratorium on state AI laws in the "One Big Beautiful Bill Act," leaving state-level enforcement firmly intact. California's SB 53 and AB 2013 impose transparency obligations around frontier AI and training data. Texas's Responsible AI Governance Act (TRAIGA) is live. Colorado's AI Act comes into force in June 2026. Any firm with US clients, US-facing operations, or US-based affiliates must navigate this patchwork — and it is only growing more complex.

More significantly for professional services firms in the UK, federal enforcement around AI marketing claims is intensifying, not retreating.

AI Washing: The Enforcement Priority No One Is Talking About Enough

The FTC's "Operation AI Comply" represents one of the most consequential enforcement initiatives in recent AI history. Working alongside the SEC and DOJ, regulators are actively pursuing companies that make false, exaggerated, or unsubstantiated claims about what their AI tools can do — and what financial returns those tools can deliver.

This is not theoretical. Executives at Nate Inc. and PGI Global are facing parallel civil and criminal charges for overstating AI capabilities to investors and clients. These are not cases where companies deployed AI negligently. They are cases where companies talked about AI in ways they could not substantiate.

The term for this is AI washing — and it sits at the intersection of consumer protection, securities law, and fraud. For UK professional services firms, the relevance is direct. If your marketing materials claim that your AI-powered advisory tool "eliminates errors," "guarantees compliance outcomes," or "delivers returns of X%," you are in territory where regulators — on both sides of the Atlantic — are paying close attention.

The FCA and ICO are watching these US enforcement trends. UK regulators may not yet have an equivalent of "Operation AI Comply," but they do have broad powers under existing consumer protection, financial promotion, and data protection frameworks. The direction of travel is clear.

Canada's Fragmented Compliance Picture Offers Another Warning

Canada's experience is instructive for a different reason. The federal Artificial Intelligence and Data Act (AIDA) died on the order paper when Parliament was prorogued in early 2025, leaving Canada without a comprehensive national AI framework. You might expect that to produce a regulatory vacuum. The opposite has occurred.

Provinces moved immediately to fill the gap. Quebec's Law 25 enforces strict obligations around automated decision-making transparency and privacy impact assessments. Ontario enacted Bill 194 for public-sector AI accountability and introduced requirements for employers to disclose AI use in hiring decisions. The Office of the Privacy Commissioner is actively investigating AI deployments — including an expanded inquiry into X Corp's Grok tool — using existing privacy legislation to hold companies to account.

The lesson here is one UK firms must internalise: the absence of bespoke AI legislation does not mean the absence of AI-related legal risk. The UK's own AI regulatory landscape remains sector-led and principles-based, but existing obligations under UK GDPR, the Equality Act, FCA conduct rules, and Solicitors Regulation Authority guidance already capture a significant portion of AI-related risk. Waiting for a dedicated AI Act before taking compliance seriously is not a defensible position.

The Hallucination Problem: A Direct Warning for Solicitors and HR Professionals

One development from the Canadian courts deserves particular attention from solicitors and HR consultancies. Canadian judges are now imposing personal cost awards and contempt show-cause orders against legal professionals who submit AI-hallucinated case law — citations that do not exist, fabricated by large language models and submitted to courts without adequate verification. Cases including Ko v. Li and Re Reza Khoshnik have made clear that the duty of technological competence is strict.

This is not a Canadian peculiarity. UK courts have already encountered instances of AI-generated citations. The Solicitors Regulation Authority has issued guidance on the responsible use of AI, and professional indemnity insurers are beginning to ask harder questions about AI governance within law firms. The professional and reputational consequences of submitting unverified AI outputs — in legal advice, HR assessments, or compliance documentation — are significant and growing.

Human oversight of AI-generated work is not optional. It is a professional obligation.

Four Things UK Professional Services Firms Should Do Now

1. Audit your AI marketing claims. Review every piece of client-facing material that references your AI tools or AI-enhanced services. Every claim about capability, accuracy, or outcome must be documentable and verifiable. If you cannot substantiate it, remove it. The standard being applied by US regulators — and increasingly being adopted by UK counterparts — is rigorous.

2. Build a vendor governance process. Do you know what data your third-party AI tools are trained on? Do your supplier contracts clearly allocate liability for data scraping, intellectual property infringement, or inaccurate outputs? If not, this is a gap that needs closing. Privacy impact assessments should be completed before deploying any new AI tool that processes client or employee data.

3. Mandate human-in-the-loop review. Establish written internal policies requiring human verification of AI-generated outputs before they are used in client work, submitted to any authority, or incorporated into advice. Document the review process. This is your primary defence against both professional liability and regulatory scrutiny.

4. Monitor state and provincial law as a leading indicator. California, Quebec, and Ontario are not your direct regulators, but they are reliable indicators of where enforcement is heading. What becomes mandatory there in 2026 has a pattern of influencing FCA, ICO, and SRA thinking within 12 to 24 months.

Take the Next Step With Ops Intel

The gap between firms that are managing AI risk proactively and those that are not is widening fast. Enforcement actions, judicial sanctions, and regulatory scrutiny are no longer hypothetical — they are active and escalating.

Ops Intel works with UK accountants, solicitors, HR consultancies, and marketing agencies to build practical, proportionate AI compliance programmes: from marketing claim audits and vendor governance frameworks to staff training and policy documentation.

If you are unsure whether your current AI practices would withstand regulatory scrutiny, now is the right time to find out — before a regulator does it for you.

Get in touch with Ops Intel today to book a compliance review.