AI updates: A round up of recent issues for lawyers

This insight covers recent developments in AI regulation, governance and enforcement that may be of interest to lawyers.  These developments demonstrate a varied approach in New Zealand (and internationally) to responding to and addressing AI-related risks and issues.  The absence of a cohesive and binding AI regulatory framework in New Zealand means that lawyers and their clients are responsible for developing their own governance approaches.

New Zealand Supreme Court issues contempt warnings over AI-hallucinated citations

New Zealand’s Supreme Court has issued at least two warnings to self-represented litigants this year over filings containing AI-hallucinated case citations.  The Court warned that “reliance on false citations, including the unverified outputs of AI applications, may in serious cases amount to obstruction of justice or contempt of court."

While the warning in this case was directed at self-represented litigants, the implications for legal practitioners and in-house teams are clear: unverified AI-generated research carries serious professional and legal risks.  This underscores the importance of verification processes for AI-generated research.

New Zealand Law Commission commences automated decision-making review

On 21 April 2026, the Minister of Justice (Hon Paul Goldsmith) asked Te Aka Matua o te Ture | the Law Commission to review legal issues related to the use of automated decision-making (ADM) by government.  The review was prompted by the absence of any overarching law, standards or guidance on how government agencies should use ADM in a legally compliant and consistent manner.  Commission President Dr Mark Hickford has noted that the current environment results in a siloed approach among agencies to identifying and mitigating legal risk, leading to inconsistencies between departments, risks of poor practice and Crown liability, and unnecessary risk aversion that can discourage responsible innovation.

The Commission will develop a coherent legal framework to guide agencies in identifying and mitigating legal risk when using ADM tools, including those relying on AI.  Work is expected to commence around mid-2026.  Unlike Australia, which has introduced mandatory ADM disclosure obligations under 2024 amendments to its Privacy Act 1988 (Cth) (that take effect from December 2026), New Zealand has no equivalent statutory framework.

New Zealand Ministry for Regulation publishes AI guidance for regulators

On 27 May 2026, Regulation Minister David Seymour released AI guidance for New Zealand regulators focused on how to utilise AI to raise productivity.  The guidance identifies AI as best suited to low-risk uses such as triaging and prioritising cases, or validating data against clear rules, and emphasises that humans must remain responsible for judgment, legal interpretation and accountability.

The guidance is non-binding and operates on an opt-in basis.  New Zealand remains without standalone AI legislation.

Minister of Justice: AI regulation will not precede public sector reform

Minister for Digitising Government Hon Paul Goldsmith has stated that the Government will not wait to design any AI regulations before proceeding with public sector reform.  Speaking in the context of Budget 2026, Goldsmith indicated that AI would serve as a “multiplier” for government efficiency.  

Pinsent Masons referred to SRA after AI-generated misleading correspondence

UK Insolvency and Companies Court Judge Mullen handed down a judgment on 22 May 2026 finding that a junior solicitor at Pinsent Masons used AI to draft two misleading emails containing hallucinated information, which were sent to the High Court during insolvency proceedings.  The judge found the solicitor had effectively outsourced the thinking process to AI, and that two supervising solicitors had failed to adequately check the work.

Pinsent Masons self-referred the relevant matter to the Solicitors Regulation Authority and has subsequently implemented further safeguards.  The judge determined that the self-referral, alongside the published ruling, was a sufficient sanction.  The case confirms that AI use falls within lawyers' existing duties of competence and supervision.

Australia publishes guidance on using AI in cyber defence

On 27 May 2026, the Australian Cyber Security Centre (ACSC) published guidance on “Opportunities for AI in cyber defence,” aimed at Chief Information Security Officers and senior security leaders.  The guidance outlines how organisations can use AI to strengthen cyber security while managing the risks of AI adoption, mapping AI use in cyber defence to the six Information Security Manual functions: Govern, Identify, Protect, Detect, Respond and Recover.

The ACSC warns that AI may lower technical barriers for less experienced threat actors and shorten the time between vulnerability discovery and exploitation.  This follows on from ACSC joining cyber agencies from the United States, Canada, New Zealand and the United Kingdom in publishing joint Five Eyes guidance titled “Careful Adoption of Agentic Artificial Intelligence Services", the first coordinated multi-government guidance addressing the cyber security risks of autonomous AI systems.

Australia and UK sign AI cooperation memorandum
On 25 May 2026, Australia and the United Kingdom signed a Memorandum of Understanding on AI safety and security (MoU).  Under the MoU, the UK AI Security Institute and the Australian AI Safety Institute will collaborate on tracking developments in frontier AI, including its potential use in cyber-attacks and its role in strengthening defences.

The MoU provides for shared intelligence on AI capabilities and collaboration on evaluation methodologies and supports Australia’s National AI Plan and signals that AI safety standards are increasingly being coordinated among allied nations.  For organisations deploying frontier AI systems, these arrangements are likely to inform evaluation standards and safety benchmarks in both jurisdictions.

UK to introduce AI regulatory sandboxes and reduce "unnecessary risk aversion"

The King’s Speech on 13 May 2026 made it clear that the UK Government intends to pursue a targeted, sector-led approach to AI regulation.  It will, however, introduce legislation to "reduce the burden of unnecessary regulation through innovation" (ie the Regulating for Growth Bill).  The Bill would give the government the power to temporarily reduce regulations in a controlled sandbox environment.  This would enable new AI products and regulatory reforms to be tested in live market environments before being embedded into law.  There is also a proposed new statutory power for government ministers to strategically steer regulators towards a focus on growth and reduce "unnecessary risk aversion".  

Simplification of the EU AI Act

In the European Union, there has been a provisional agreement to implement target amendments to the EU AI Act.  The intent of the reform is to streamline and simplify the legislation.  As part of this, the timelines for some of the AI Act implementation dates have shifted, eg high-risk AI systems' compliance with the AI Act has been pushed out to 2 December 2027 (from 2 August 2026).