Governing Risk, Accountability & Legal Exposure:
​​​​​​​What Could Go Wrong with AI?

For many years, legal and compliance functions have been defined by their ability to manage risk and ensure accuracy. However, as artificial intelligence becomes embedded across legal workflows and business decision-making, these expectations are being reshaped. Legal leaders are now operating in an environment where speed, technological capability, and evolving risk frameworks are redefining how legal value is delivered. 

On May 27, 2026, Law.com hosted the webinar Governing Risk, Accountability & Legal Exposure: What Could Go Wrong with AI?, as part of the General Counsel Conference Africa series. The session brought together senior legal and compliance leaders to explore how organisations can manage the risks and responsibilities associated with AI adoption. 

Moderated by Caroline Byrne, Associate Editor at Law.com, the discussion featured Lynelle Bagwandeen, Group Company Secretary at Naspers and Prosus; Yurika Pistorius, Chief Compliance Officer at VALR; and Andréa Campbell, Corporate Counsel at Microsoft. The panel offered a cross-section of perspectives spanning governance, compliance, and legal technology. 

The conversation focused on six key themes: managing AI risk and hallucinations, balancing speed and risk appetite, governance and oversight, confidentiality and data protection, bias in AI systems, and practical lessons for legal leaders. 

• AI risk is inevitable - but manageable: 

AI introduces a new category of legal risk, but one that cannot be eliminated. Instead, organisations must accept its presence and focus on mitigation. A central challenge is the phenomenon of AI hallucinations - where systems produce outputs that are fluent and convincing but factually incorrect. As Andréa Campbell explained, these issues often arise when models lack sufficient context or are not grounded in reliable data sources. To address this, legal teams are increasingly focusing on ensuring that AI tools are properly configured - pointing them to verified sources, applying clear data governance principles, and limiting access to sensitive information. However, technology alone is not enough. The panel repeatedly emphasised that human oversight remains essential. AI must be treated as an assistant rather than an authority, with legal professionals responsible for verifying outputs and ensuring their accuracy. 

• From legal certainty to risk-based thinking: 

The discussion highlighted a fundamental shift in mindset. Legal professionals - traditionally trained to prioritise certainty and precision - are now operating in environments where some degree of uncertainty is unavoidable. Organisations must define their risk appetite and implement mitigation strategies across people, processes, and systems. Lynelle Bagwandeen noted that applying a clear risk matrix - assessing whether an output is internal research or a document intended for external use - can help determine the appropriate level of scrutiny. This approach enables organisations to operate at speed while maintaining control, recognising that not all outputs require the same level of validation. 

• Governance frameworks are essential - but must be practical: 

Governance emerged as a central pillar of the discussion, but the panel cautioned against over-engineering frameworks. Andréa Campbell highlighted the importance of establishing clear principles aligned to widely recognised standards such as accountability, transparency, fairness, and privacy. At a minimum, organisations should ensure that: 

• Risk assessments are conducted before deploying AI: 

Ownership and accountability are clearly defined, and ongoing monitoring and testing are embedded into workflows. However, governance must be pragmatic. As Yurika noted, overly complex policies can hinder innovation. Instead, organisations should focus on clear, high-level frameworks that enable teams to operate within defined boundaries while still encouraging experimentation. 

• Human expertise remains the critical control: 

Across all topics, one message was consistent: AI does not replace legal professionals - it reinforces the importance of their expertise. Lynelle described AI as an ‘assistant’ or ‘junior analyst’, whose outputs must be tested, challenged, and interrogated. Rather than accepting answers at face value, lawyers should actively engage with the output - requesting counterarguments, exploring alternative interpretations, and stress-testing conclusions. 

• Data, confidentiality, and unintended exposure: 

Using AI in contexts such as litigation, arbitration, or internal meetings raises complex questions around privilege, confidentiality, and data protection. Improper use can lead to unintended exposure of sensitive information or undermine legal privilege. 

 - Several practical safeguards were discussed, including: 

 - Restricting the use of AI tools for high-risk matters 

 - Ensuring data is properly labelled (public, confidential, highly confidential) 

 - Limiting access to approved, enterprise-grade tools 

 - Establishing clear audit trails and governance controls 

• Bias is embedded - mitigation requires active management: 

Another key theme was bias. The panel agreed that AI systems inherently reflect the biases of their training data and developers. Managing bias requires both technical and human intervention. Best practices discussed include: 

 - Using multiple data sources and models to validate outputs 

 - Comparing responses across different AI tools 

 - Requesting alternative perspectives or viewpoints 

 - Continuously testing and refining models 

Ultimately, bias cannot be eliminated, but it can be identified and managed through rigorous processes and critical engagement. 

The webinar concluded with a series of practical takeaways for general counsel and legal teams. Andréa Campbell emphasised the importance of curiosity and adaptability, encouraging legal professionals to develop a growth mindset and actively engage with new technologies. Lynelle Bagwandeen stressed the need to move from ‘AI anxiety’ to active participation, urging legal leaders to experiment with tools, build internal capabilities, and contribute to shaping AI-enabled workflows. Yurika Pistorius closed with a powerful reminder that technology cannot replace oversight. Effective risk management still depends on the alignment of people, processes, and systems - and the presence of individuals willing to challenge outputs and intervene when necessary. 

As organisations continue to integrate AI into their workflows, legal leaders will need to balance innovation with responsibility, speed with scrutiny, and automation with human judgment. The conversation around governing AI and managing legal risk will continue at the General Counsel Conference Africa on September 4, 2026, in Johannesburg.