In 2025, companies rapidly expanded their commercialization of AI and use of AI across increasing business functions. Companies face many questions regarding the evolving technology, including questions related to data collected and used in connection with AI, including potential privacy and infringement issues, as we discussed in our alert last year.4 Buyers and potential targets must also consider the regulatory and other implications of companies’ expanded internal deployment of AI. A few more common issues are highlighted below.5 Shadow AI, Privacy Leakage, and Governance Expectations Companies are finding that internal risk also can arise from “shadow AI,” i.e., employees using AI tools without formal approval from the company. Organizations may lack visibility into what tools employees are using, what information is being ingested by these tools, and how external systems handle 4 See MoFo Client Alert, M&A in 2024 and Trends for 2025, mofo.com/resources/insights/250109-m-a-in-2024-and-trends-for-2025. 5 For guidance and information about the latest and most significant developments in AI, including links to laws, regulations, and regulators by jurisdiction, visit MoFo’s Artificial Intelligence Resource Center, mofo.com/artificial-intelligence. 6 See MoFo Privacy Minute, Do You Know What AI Tools Are Installed on Your Company’s Systems?, Sept. 12, 2025, mofo.com/resources/insights/250912-a-mofo-privacy-minute-do-you-know. 7 See MoFo Insight, 5 Ways to Address the Legal Risks of Employee AI Use, in Law360, Oct. 15, 2025, mofo.com/resources/insights/251015-ways-to-address-the-legal. 8 See, for example, MoFo Insight, AI Compliance Tips for Investment Advisers, Oct. 2025, mofo.com/resources/insights/251015-ai-compliance-tips-for-advisers. 9 See MoFo Insight, Antitrust, Algorithms, and AI: Increased Scrutiny, and Unanswered Questions, in Mealey’s Litigation Report (Apr. 2025), mofo.com/resources/insights/250401-antitrust-algorithms-and-ai-increased. or retain that data.6 Companies also have to contend with a growing patchwork of laws requiring various notice and opt-out rights for individuals whose personal data might be subject to AI tools. Buyers should pressure test whether targets have adequate internal governance structures, including whether they provide permitted tools with permitted use cases, maintain inventories of AI systems, and implement technical and security safeguards.7 Heightened Requirements for Regulated Industries Companies operating in regulated industries—such as financial services and healthcare—face elevated expectations for responsible AI use. These organizations must understand how AI systems influence regulated activities, evaluate the accuracy and reliability of AI‑assisted decisions, and maintain appropriate human oversight. Regulators increasingly expect documentation demonstrating how AI tools operate, how they use data, and how associated risks are identified and managed.8 Increased Antitrust Scrutiny on Use of AI Tools Enforcers and litigants have increasingly focused on the extent to which companies may be able to use AI to entrench market positions or expand market power or otherwise may try to control access to data or other inputs on which AI is dependent. For example, U.S. agencies have signaled continued interest in whether algorithmic pricing systems can facilitate parallel conduct or tacit coordination, especially where multiple market participants rely on the same or similar tools, those tools rely on non-public information, or where the internal workings of those tools are otherwise opaque.9 This translates to increased focus on how internal pricing or decision-support AI tools function and how outputs are generated, and the practices and transparency of 1. Heightened Focus on Internal AI Use by M&A Targets 40 Morrison Foerster
RkJQdWJsaXNoZXIy NTU5OTQ5