AI Washing: The New Greenwashing — How the SEC’s Emerging Technologies Unit Is Rewriting the Compliance Landscape

• Home
• Insights
• Publications
• AI Washing: The New Greenwashing - How the SEC's Emerging...

AI Washing: The New Greenwashing - How the SEC's Emerging Technologies Unit Is Rewriting the Compliance Landscape

The U.S. Securities and Exchange Commission's creation of the Cybersecurity & Emerging Technologies Unit (CETU) marks a decisive shift in how regulators approach artificial intelligence. What began as marketing optimism has become a regulated space with real enforcement teeth. CETU's mission includes investigating AI fraud, AI-themed scams, cybersecurity deception, and false or misleading statements about emerging technologies.

Central to this new landscape is the emergence of AI washing-the practice of overstating, exaggerating, or inventing the capabilities of artificial intelligence systems. Much like greenwashing, which misrepresents environmental sustainability, AI washing misrepresents technological sophistication.

The parallels are striking, and the regulatory consequences are becoming equally severe.

AI Washing vs Greenwashing: Two Sides of the Same Misrepresentation Coin

For more than a decade, regulators have pursued companies for greenwashing-false environmental claims used to attract investors or customers. Now, AI washing is emerging as the next major frontier.

What they have in common

Depending on the jurisdiction, both AI washing and greenwashing can involve:

• Overstated claims in marketing or disclosures;
• Lack of supporting evidence;
• Appealing to investor sentiment (sustainability, innovation, ESG, "AI-powered" solutions);
• Failure to disclose limitations or risks;
• Pressure from competitive markets fuelling exaggeration;
• Whistleblower-driven investigations;
• Material misrepresentation under securities law;
• Misleading advertising under competition law.

AI washing is even more problematic

AI washing can involve:

• Claims about algorithms, automation, or risk modelling that investors rely on;
• Statements about cyber or operational resilience tied directly to AI performance;
• Undisclosed manual processes masked as AI;
• AI-themed fraud schemes targeting retail investors;
• AI systems that, if misrepresented, create cybersecurity or privacy liabilities.

Put simply, if greenwashing misleads about sustainability, AI washing misleads about capability - and capability goes directly to value, risk, and governance.

Regulators understand this and they are expanding their toolkits accordingly.

CETU: The SEC's Enforcement Response to AI Washing

CETU is charged with investigating:

• Misleading AI disclosures
• AI-driven deception and online scams
• Cyber intrusions and stolen credentials
• Crypto and blockchain fraud
• False or incomplete disclosures about cybersecurity incidents
• Promotional overstatements of "AI-driven" financial strategies

Building on the SEC's first AI-washing enforcement actions in 2024, CETU represents a shift in U.S approach: if you claim AI capability, you must prove it.

UK, EU, and Canada Comparison

United Kingdom

AI washing is addressed indirectly through:

• FCA's rule that communications must be clear, fair, and not misleading;
• ASA/CMA enforcement against misleading technology claims; and
• Crackdown on finfluencers promoting "AI trading bots".

European Union

The EU AI Act introduces:

• Transparency and documentation obligations;
• Risk-based categorisation for AI systems; and
• Administrative fines for misleading statements or incomplete information.

Canada

The Canadian Securities Administrators (CSA) have explicitly warned against AI washing while Canada's earlier proposed federal Artificial Intelligence and Data Act (AIDA) legislation if revived will impose AI risk-governance obligations similar to those under the EU's regime.

Across all regions, regulators are converging on one expectation: evidence-based AI claims.

How Companies Can Combat AI Washing (and Greenwashing): Essential Steps

Greenwashing and AI washing have taught regulators that misrepresentation is rarely a one-off mistake-it's a system failure. To address both, companies must implement structural, ongoing and verifiable controls.

The necessary steps include:

1. Evidence-Based Claims

• Keep technical documentation that substantiates every AI or sustainability claim;
• Ensure claims can be backed up by internal records, testing data, audits, and model validation.

2. Cross-Functional Sign-Off

AI claims require review from:

• Engineering;
• Forensics;
• Legal;
• Marketing;
• Compliance;

If any of these groups cannot verify a claim, it should not be made or published.

3. Avoid Superlatives Without Proof

Words such as proprietary, cutting-edge, predictive, automated, sustainable are red flags when not supported by measurable evidence.

4. Maintain Documentation of Limitations

Just as companies must disclose environmental limitations in their disclosures, AI disclosure must include:

• Known risks;
• Data constraints;
• Accuracy limitations; and
• Required human oversight.

5. Ensure Governance In Place Before any Whistleblower Complaint

The worst time to implement a governance scheme is after a whistleblower incident. At a minimum companies should be undertaking today if they haven't done so already:

• AI risk assessments;
• Disclosure controls;
• Audit trails;
• Document retention protocols;
• Board reporting; and
• Crisis-response plans.

These frameworks will serve as both actual governance structures as well as powerful defence evidence if regulators scrutinise corporate systems and behaviour.

How Forensic Restitution and McMillan LLP Help Companies Navigate This Landscape

Regulators expect companies to demonstrate not just compliance, but due diligence. A combined forensic + legal review and reconstruction of corporate systems is now essential.

Here is how firms like Forensic Restitution and McMillan assist:

1. Evaluating Whether AI Claims Are Accurate

A forensic consultant can undertake the following:

Technical Verification

• Review code, data flows, and model behaviour;
• Determine which processes truly use AI;
• Distinguish human-driven steps from automated functions.

Operational Verification

• Examine logs, testing documents, user flows;
• Identify internal inconsistencies;
• Compare internal communications to public statements.

Financial Impact Assessment

• Determine whether misstatements influenced revenue, pricing, or investor decision-making.

This is the same methodology used in greenwashing investigations-substantiate or refute claims using evidence, not narratives.

2. Advising on a Path Forward When Claims Are Overstated

When a claim goes too far (intentionally or not), legal counsel and forensic consultants together develop a management and corrective strategy.

Legal Counsel role:

• Assess materiality;
• Advise on internal or external investigations and related reporting;
• Determine whether disclosure or restatement is required;
• Manage communication with regulators, media and stakeholders;
• Maintain privilege where appropriate;
• Prepare for regulatory inspections and investigations;
• Advise on D&O liability risk and protection; and
• Advise on whistleblower exposure and risk.

Forensic Consultant role:

• Document the factual reality of the technology;
• Provide independent verification;
• Develop remediation and internal-control enhancements;
• Assist in reconstructing decision pathways to show good-faith efforts;

Working together legal counsel and forensic consultants help companies avoid the two most damaging outcomes:

1. Reputational hit;
2. Regulatory enforcement, and
3. Being perceived as intentionally deceptive, which can be worse than the technical failure itself.

3. Building a Framework That Withstands Whistleblower Scrutiny

Every whistleblower allegation prompts the same questions from regulators:

1. What happened?
2. Who knew what and when?
3. What did the company do to verify its claims?
4. What governance existed at the time?

The legal-forensic team ensures the company has clear, defensible answers to these and related questions. Pre-emptive actions in this regard can include:

• AI and environmental-claim disclosure policies;
• Model validation protocols;
• Document retention standards;
• Audit trails showing who approved each claim;
• Board oversight frameworks;
• Third-party verification (for high-risk statements);
• Periodic reviews of marketing, investor materials, and whitepapers; and
• Internal whistleblower channels that capture issues early.

These structures provide the organisation with a credible record of due diligence-critical if a whistleblower makes a complaint or publicizes a failure or perceived failure.

Why This Matters: AI Hype Is Becoming a Legal Liability

The lessons from greenwashing are clear:

• When markets reward bold claims, companies exaggerate.
• When companies exaggerate, regulators follow.
• When regulators follow, systems and documentation become everything.

With CETU, the SEC has declared that AI representations are now a matter of securities integrity, not marketing flair. The EU, UK, and Canada will be moving in the same direction. In this environment, companies must prioritise accuracy, governance, and provability.

Conclusion: The Path to Compliance Runs Through Verification, Governance, and Documentation

AI washing is not a temporary trend-it is the next major enforcement theme in global regulation. A forensic firm like Forensic Restitution provides the technical and evidentiary backbone and a law firm like McMillan provides the regulatory and governance advice.

Together, they help you:

1. Verify the accuracy of your AI and sustainability claims;
2. Correct and remediate overstated or inaccurate statements;
3. Build a defensible framework that can protect against the consequences of a whistleblowers and provide a defensible position to the regulator;

This approach does more than merely prevent sanctions and damage -it builds trust, enhances credibility, and positions companies as responsible leaders in a rapidly evolving AI landscape.

by Ralph Cuervo-Lorens and Dave Oswald

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2026