← Back to HAQQ Blog

AI Hallucinations in Law: 1,313 Court Cases, 496 Attorneys, $55K in Sanctions

By HAQQ Legal AI · · 45 min read · Ai-legal-tech

The definitive global report on AI hallucinations in law. 1,313 court proceedings, 496 attorneys sanctioned, $55,597 in fines. Five enforcement tracks across 106 countries.

Executive Summary

Generative AI has entered the world's courtrooms. It has not arrived quietly. As of April 2026, researchers have documented 1,313 court proceedings in which AI-generated content — fabricated cases, invented citations, false quotes from real judgments — was submitted to courts and tribunals. Of those, 496 involved licensed attorneys. Financial sanctions have reached $55,597 in individual matters — a 10× increase from 2024's first sanctions.

Across the United Kingdom, Singapore, Canada, Australia, Argentina, the EU, Korea, Italy, Norway, France, and the United States, a convergent legal and regulatory framework is forming around a single principle: the professional duty to verify AI output before it reaches a court is absolute, non-delegable, and already being enforced.

The core finding: the hallucination crisis exposes a structural mismatch between general-purpose AI and the evidentiary demands of legal practice. The judicial and legislative response has converged on one architectural requirement: AI systems used in legal work must produce outputs traceable to verified primary sources, jurisdiction-aware, and auditable. That is not a training instruction. It is a design specification.

Five enforcement tracks now operate simultaneously. The first four were documented in earlier versions: professional conduct liability, EU AI Act compliance liability, consumer protection enforcement, and GDPR/data protection liability. A fifth track has now emerged: EU Product Liability Directive 2024/2853 (October 2024), which for the first time imposes strict product liability on developers of AI-enabled defective software products, without requiring fault.

An entirely new regional corpus has emerged from Argentina. Between August and November 2025, multiple Argentine provincial appellate courts independently sanctioned lawyers for submitting AI-hallucinated citations in litigation. Argentina's courts reached the same doctrinal conclusions as London, Singapore, and Vancouver, through independent reasoning. The hallucination crisis is now documented in Latin America at appellate level.

Part I: The Intelligence Picture — Quantitative Analytics

The 11× Sanction Escalation

Sanction trajectory: $5,000 (2023) → $55,597 (2025) = 11× escalation in 18 months. The entire framework from first judicial decision (February 2024) to supervision liability (November 2025–March 2026) spans 22 months. The legislative layer followed within 12 months. The consumer protection enforcement track emerged independently within the same window. Argentina's appellate courts joined the judicial enforcement corpus in August–November 2025 without any international coordination mechanism.

The Jurisdictional Spread of Enforcement

The primary enforcement axis — London, Singapore, Vancouver, Sydney, and now Buenos Aires — spans the common law world and reaches into civil law jurisdictions. All binding judicial standards through March 2026 in the common law world come from apex courts. The EU, Korea, and Denmark are building the statutory layer. Italy has created an entirely separate consumer protection enforcement track. Argentina demonstrates the civil law world's independent judicial convergence.

Court Tier Analysis: Apex-Level Framework

Zero of the primary decisions come from a lower or first-instance court. The framework is established at the highest available level in each jurisdiction: Divisional Court (UK), High Court (Singapore), Supreme Court (British Columbia), Federal Court (Australia), provincial appellate courts (Argentina). The CJEU's automated decision-making jurisprudence and the Austrian VwGH's application of it gives the GDPR track binding authority across all 27 EU member states.

The Supervision Liability Shift

Both [2026] UKUT 81 (UK) and [2026] SGHC 49 (Singapore), decided four months apart in different jurisdictions, independently moved liability from the individual who generated the hallucination to the supervision chain. The two decisions are consistent with each other, despite being reached independently.

The new rule: a supervisor who fails to check a junior's AI output is more culpable, not less, than the junior who generated it.

Part II: The Primary Legal Record

The Foundational UK Case: R (Ayinde) v Haringey [2025] EWHC 1383

Freely available generative artificial intelligence tools, trained on a large language model such as ChatGPT are not capable of conducting reliable legal research. Such tools can produce apparently coherent and plausible responses to prompts, but those coherent and plausible responses may turn out to be entirely incorrect.

The court defined 'authoritative sources' specifically: the Government's database of legislation, the National Archives database of court judgments, the official Law Reports, and the databases of reputable legal publishers. This list is, in effect, a description of what a verified legal AI corpus looks like.

The Supervision Landmark: UKUT 81 (IAC) [2026]

This three-judge Upper Tribunal decision establishes four interlocking standards: supervision liability (supervisors more culpable than juniors), client confidentiality breach when uploading to open-source AI, a new procedural statement of truth requirement, and regulatory referral as standard consequence.

Uploading confidential documents into an open-source AI tool, such as ChatGPT, is to place this information on the internet in the public domain, and thus to breach client confidentiality and waive legal privilege.

Singapore: Dual Personal Costs — Tan Hai Peng v Tan Cheong Joo [2026] SGHC 49

Decided 37 days before this report. Justice S Mohan imposed personal costs orders against both Mr Sidhu (the junior who generated the content) and Mr Goh (the partner who signed without checking). The supervising partner's defense — 'time pressures and his workload' — was rejected.

Generative artificial intelligence is reshaping the legal profession in a manner that can fairly be described as nothing less than a sea change. While the technological advances that GenAI has engendered is not in itself unwelcome, its integration into legal practice demands a commensurate evolution in professional responsibility.

The Argentine Corpus: Latin America's Independent Convergence

Between August and November 2025, multiple Argentine provincial appellate courts independently developed and applied a doctrine on AI hallucination in legal practice. The corpus was retrieved from AR/SAIJ — Argentina's national juridical database — and represents the first documented Latin American appellate enforcement.

Si bien el uso de chatbots de inteligencia artificial generativa constituye una herramienta que puede ser válidamente empleada en el trabajo cotidiano, sus resultados deben necesariamente ser cotejados siempre toda vez que se verifica la existencia de las denominadas alucinaciones.

Translation: 'While the use of generative AI chatbots constitutes a tool that can be validly employed in daily work, its results must necessarily always be verified, given the existence of what are called hallucinations.' The modifier 'siempre' (always) forecloses any argument of selective verification.

The Argentine standard may be more demanding than the Anglo-Commonwealth one. The UK and Singapore standards require verification; the Argentine standard additionally requires a 'duty to know the limitations' of AI tools — a distinct and potentially broader obligation. Argentina's 14 documented cases include a conviction annulment where a judge used AI to assess evidence without disclosure — a due process violation.

CJEU: Automated Decision-Making Under GDPR Article 22

The CJEU has resolved the doctrinal question in two landmark judgments. C-634/21 (December 2023): where a party 'based its decision to a decisive degree' on an automated probability value, the creation of that value constitutes automated decision-making under Art. 22 — even if a human takes the formal final decision. C-203/22 (February 2025) confirmed and expanded this to insurance risk assessment AI.

A legal AI system that generates litigation risk scores or compliance assessments — which a lawyer relies on 'to a decisive degree' — falls within Art. 22. The human who receives the AI output does not provide a safe harbor. This obligation is effective NOW under existing GDPR.

Part III: The EU AI Act — 16 Weeks to Full Enforcement

The EU AI Act (Regulation 2024/1689 — 594,453 characters) classifies legal research AI as high-risk under Annex III. The derogation requires the AI system to perform 'a narrow procedural task' or 'improve the result of a previously completed human activity.' General legal research AI meets none of these exemptions.

Maximum penalties: €30 million or 6% of global annual turnover for prohibited AI use; €20 million or 4% for other high-risk violations. The EU has been building this framework since 2017 — 9 years of legislative signal.

Part IV: The Consumer Protection Track

Italy's AGCM opened proceedings PS12942 against DeepSeek and PS12968 against Mistral AI for an identical allegation: inadequate disclosure of hallucination risk as an unfair commercial practice under the Italian Consumer Code.

DeepSeek would not have informed in a sufficiently clear, immediate and intelligible manner that users of its AI models might encounter what in technical jargon is called 'hallucinations': situations in which the AI model generates outputs containing inaccurate, misleading or invented information.

A generic English-only disclaimer ('AI-generated, for reference only') was found legally inadequate. Both the genericness of the language and the linguistic inaccessibility for Italian-speaking consumers were grounds for inadequacy.

Italy Garante: The World's Most Active AI GDPR Enforcer

Italy's Garante has built the most extensive AI enforcement record of any national DPA. Seven decisions between 2022 and 2025: ChatGPT ban (March 2023 — first Western DPA action against a generative AI LLM, invoking GDPR Art. 5(1)(d) accuracy principle), Clearview AI €20M fine, Replika companion AI order, DeepSeek ban (days after launch), ClothOff deepnude emergency order, and comprehensive Deepfake guidelines.

The right to correct AI-fabricated information about a person was formally established in Italian data protection law in 2023. AI hallucination about individuals is itself a GDPR violation, independent of any security breach or unauthorized access.

FTC Consumer Protection: The US Parallel

The FTC has built a parallel enforcement record under Section 5 of the FTC Act. Key actions: DoNotPay ('the world's first robot lawyer' — AI legal capability misrepresentation, consumer refunds ordered), Rite Aid (discriminatory AI facial recognition hallucination = unfair practice, 5-year ban), Air.ai (AI identity deception in calls), and Content at Scale AI (accuracy overclaiming).

The FTC record confirms that failure to accurately represent AI limitations is actionable under FTC Act §5 regardless of whether the US Congress enacts comprehensive federal AI legislation.

US Federal AI Governance Battle

Trump EO 14365 (December 2025) represents the most aggressive federal intervention into state AI regulation in US history: an AI Litigation Task Force to challenge state AI laws, state law evaluation targeting 'onerous' disclosure requirements, and funding conditionality for non-compliant states.

The congressional response includes four competing vectors: the Algorithmic Accountability Act (HR 5511 — mandatory AI impact assessments for legal services), the American AI Leadership and Uniformity Act (HR 5388 — 5-year state AI law moratorium), the States' Right to Regulate AI Act (S 3557 — blocks federal funds for EO 14365), and the AI Civil Rights Act (HR 6356 — individual rights against algorithmic discrimination).

The US federal AI governance landscape is in active conflict between executive deregulation and congressional accountability. For legal AI operators, the prudent response is to align with EU and Italian standards.

California & Texas: State-Level AI Laws

California's AI Transparency Act (BPC §22757) requires disclosure when AI generates content, creating a de facto US equivalent to EU AI Act Art. 50. Texas enacted H.B. 149 (January 2026) establishing a state AI governance framework with OECD-aligned definitions and explicit preemption of local AI regulations — paralleling EO 14365's logic at the state level.

Netherlands & Greece: GDPR Accuracy Enforcement

The Dutch DPA (May 2025) treats AI hallucination about individuals as a category-one GDPR violation under Art. 5(1)(d). Human review is mandatory before dissemination of AI-generated personal data. The right to rectification (Art. 16) applies to AI-generated false information. Greece's HDPA Decision 15/2024 confirms that individuals retain erasure rights against AI systems processing their personal data.

Part V: The Five-Track Enforcement Framework

Track 1 — Professional Conduct: targets individual lawyers and supervisors through costs orders, regulatory referrals, and statement of truth amendments. Active in UK, Singapore, Canada, Australia, Argentina.

Track 2 — AI Act High-Risk Compliance: targets AI deployers in EU-facing legal work through conformity assessment obligations. Maximum penalty €30M. Full enforcement in 16 weeks.

Track 3 — Consumer Protection: targets AI developers who fail to disclose hallucination risk. Active proceedings against DeepSeek and Mistral AI (Italy), plus FTC enforcement (US). No specific harm required.

Track 4 — Data Protection / GDPR: targets organizations training legal AI on court decisions containing GDPR Article 9/10 personal data, plus operators of AI risk-scoring systems under Art. 22. Garante enforcement record (7 decisions) plus Netherlands and Greece DPA guidance.

Track 5 — Product Liability (NEW): EU Directive 2024/2853 imposes strict liability for defective AI software products — without requiring proof of fault. Reversal of burden of proof. Member state implementation deadline: December 2026.

Part VI: The Architecture Divide

Stanford University's empirical study (Journal of Empirical Legal Studies, 2025) documented error rates of 69–88% for general-purpose LLMs on legal queries, 34%+ for Westlaw AI-Assisted Research, and 17%+ for Lexis+ AI. Their conclusion: 'lawyers may find themselves having to verify each and every proposition and citation, undercutting the stated efficiency gains.'

A tool that requires complete verification of every output has zero net efficiency. The architecture divide is not a product feature — it is the difference between a system structurally capable of compliant legal work and one that cannot be made compliant regardless of how carefully it is used.

The Ten Obligations Now in Force

Conclusion: Five Tracks, One Standard

The shift this report documents is from plausibility to verifiability as the operative standard for AI in legal practice. Courts in London, Singapore, Vancouver, Canberra, and Buenos Aires — through independent routes — have all arrived at the same place: an AI output that cannot be traced to a verified primary source has no place in a court document.

Regulators in Rome, Oslo, Paris, Amsterdam, and Athens; the CJEU in Luxembourg; the Austrian VwGH in Vienna; the European Parliament in Strasbourg — all have added further layers, each operating at a different level of the supply chain and at a different enforcement tempo.

Twelve Findings

That is five architectural requirements. And all five are already the law.

Methodology