21 May 2026
By Meg Jeynes, Solicitor, Litigation, Gilson Gray
The Future of Cyber and Data Disputes
Artificial intelligence (AI) is rapidly transforming the digital landscape, bringing significant opportunities for businesses, while also creating new legal and regulatory challenges. As organisations increasingly rely on AI-driven tools to process data, automate decisions, and increase productivity, disputes relating to cyber incidents and data use are evolving in both scale and complexity.
In Scotland, many of the legal issues arising from AI still sit within existing frameworks governing data protection, confidentiality, and cyber security. Laws such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 continue to apply where AI systems process or use personal data. However, the use of AI can introduce additional risks, particularly where automated systems make decisions based on data that may be inaccurate or biased.
Cyber incidents involving AI systems are also becoming more prominent. Businesses are increasingly using AI to detect and respond to cyber threats, but attackers are also using AI to conduct more sophisticated phishing campaigns and generate convincing fraudulent communications. When breaches occur, disputes may arise over issues such as who is responsible for security failures and compliance with regulatory obligations.
From a disputes perspective, AI can also affect how cyber and data-related claims are investigated and litigated. AI-assisted tools are increasingly used in document review and forensic analysis, enabling parties to process large volumes of digital information more efficiently. While these technologies can improve the speed and cost-effectiveness of the initial investigations, they also raise questions about transparency, accountability, and the reliability of automated analysis.
For Scottish businesses, the key takeaway is that AI does not sit outside the law. Businesses using AI systems should ensure that they are evaluating the credibility and reliability of sources, and that data management practices and cyber security controls are in place. Careful oversight of automated decision-making will help reduce the risk of disputes.
As the use of AI continues to expand, we can expect cyber and data disputes to evolve accordingly. Businesses operating in Scotland should remain alert to the legal implications of AI and take proactive steps to manage both the opportunities and the risks it presents.
For more information on our Litigation services please click here.
