How the review works
Claim review method
Version 1 · May 2026
Every review extracts AI-related claims from a public product page or pasted text, classifies each claim by type and evidence burden, then returns an evidence-burden note, evidence requests, buyer questions, and wording boundaries. Evidence burden level reflects how much evidence the claim would require to support — it does not determine whether the claim is true, false, legal, illegal, compliant, or fraudulent.
What the tool checks
The tool is designed for public AI product claims — statements on product pages, landing pages, marketing copy, or case studies that describe what an AI product does, how accurate it is, whether it replaces human work, what compliance standards it meets, or how much value it delivers.
It does not check private documents, confidential materials, internal strategy, or non-public claims. It is not a fact-checking or lie-detection service.
Claim types
The first version classifies six high-evidence-burden claim types. Most AI product claims fit one of these patterns.
| Claim type | Typical language | Evidence to support it |
|---|---|---|
| Accuracy / Performance | "98% accurate, human-level, outperforms experts" | Test set, sample size, evaluation scope, false-positive and false-negative rates, third-party validation |
| Automation / Replacement | "Fully automated, replaces lawyers, no human review needed" | Human involvement boundary, failure handling, task scope, risk controls |
| Compliance / Safety | "Fully compliant, bias-free, secure by design" | Framework scope, audit or assessment source, deployment conditions, customer responsibility, stated limitations |
| ROI / Outcome | "Cut costs by 80%, 10x revenue, guaranteed results" | Sample, industry scope, calculation method, baseline, stated limitations |
| First / Only / Best | "First, only, best, most advanced in its category" | Market definition, comparison set, time frame, evidence source |
| Vague AI-powered | "AI-powered, AI-native, agentic AI" | AI role in the workflow, model or rule scope, user-visible benefit, human review present or absent |
Traceability path
Each reviewed claim should connect the claim wording to a signal, the signal to an official source card and section reference, and that source context to evidence requests and buyer questions. If no specific source card matches, the receipt says so.
Evidence burden levels
Evidence burden level shows the support a claim would need and the wording risk it carries. It is not a verdict on truth, legality, or compliance. A High rating means the claim requires substantial evidence to support — not that the claim is false or that the company is acting fraudulently.
Low
The claim is specific and bounded. Scope is stated. No absolute or high-burden language detected. Still worth reviewing against source evidence.
Medium
The claim is broad or vague. AI usage, applicable scope, or context is not explained clearly. A vendor should be able to clarify quickly.
High
The claim uses absolute language, numeric accuracy, compliance assertions, human-replacement language, ROI guarantees, or uniqueness claims. These carry a high evidence burden and warrant specific documentation before relying on them.
Note on Compliance / Safety claims
Claims referencing GDPR, HIPAA, SOC 2, ISO 27001, EU AI Act, NIST AI RMF, or similar frameworks are assessed as High evidence burden when the public page reviewed does not supply the certification body, audit period, scope boundaries, or other verifiable details — because this tool cannot access private certification files, signed audit reports, or restricted compliance documentation.
If the public page already states the specific audit firm, audit period, scope (named systems or covered roles), and customer configuration responsibility, the burden for that claim may be rated Medium. High means the public evidence is insufficient for a buyer to verify the claim independently — not that the certification does not exist.
If you represent the company and have supporting documentation not visible on the reviewed page, submit the auditor name, certificate link, or audit period via Corrections so we can note it in the receipt context.
What a review returns
Each Claim Receipt includes:
- Claim text — the original statement extracted or submitted
- Claim type — which of the six categories it falls into
- Evidence burden level — Low, Medium, or High support needed for the wording
- Evidence signals — specific language patterns that raise the evidence burden
- Why it may be vague or overstated — the specific reason the claim's evidence burden is rated at that level
- Evidence needed — what documentation would support the claim
- Buyer questions — questions to ask the vendor before relying on the claim
- Wording boundary — the scope and evidence conditions a buyer should look for before relying on the claim
- Source URL — where the claim appeared, if provided
- Checked date — when this review was generated
- Method note — which version of this methodology was used
- Disclaimer — scope of the output
Method limits
- Reviews are based on the text provided or scraped from a public URL at check time. Pages change; this tool does not monitor for updates.
- The tool cannot access paywalled pages, authenticated dashboards, PDFs, images, or screenshots.
- If a page has no obvious AI-related claim, the tool will say so rather than forcing a result.
- Text input is limited to 5,000 characters. Very long marketing copy should be trimmed to the most specific claims before pasting.
- URL reading checks only public HTML or plain text. If the source response is too large, the receipt notes that only selected readable excerpts or the first readable part were checked.
- Output is generated by a language model and may misclassify, miss claims, or produce incomplete evidence lists. Human review is always needed before acting on results.
- Evidence burden level is not a legal, compliance, investment, procurement, or purchasing conclusion. It reflects evidence burden and wording risk only.
Allowed sources
Cases and reviewed examples on this site use only official or high-confidence sources: regulator enforcement actions, settlements, official research reports, mainstream media coverage of official cases, and public company pages with source URL, date, and context.
Anonymous allegations, single-post social media claims, second-hand summaries without original sources, and user-submitted accusations without review are not used.
Signal catalog v2026-05-30
Each review maps detected claim language to one or more signals from this catalog. Signals determine which official sources apply, what evidence is needed, and what a buyer should ask. A signal match raises the evidence burden — it is not a finding about any specific company, and it is not a verdict on truth, legality, or compliance.
Accuracy / Performance
| Signal | Evidence burden | Evidence that changes the assessment | Source | Source section |
|---|---|---|---|---|
| Numeric accuracy without disclosed benchmark scope | High | Independent benchmark report naming dataset, content types, AI model versions tested, sample size, and false-positive and false-negative rates at the stated threshold. | FTC | Complaint ¶12-15: unsubstantiated accuracy representations |
| Detector accuracy without benchmark design or task scope | High | Benchmark dataset source, human and machine text categories, generator model coverage, discriminator models tested, AUC or Brier score, threshold selection, and false positive and false negative rates. | NIST | NIST GenAI Pilot Study: evaluation framework for text-to-text discriminator tasks |
| Safety-sensitive detection claim without item-level rates or field conditions | High | Detection rates by item type; false positive and false negative rates at the intended sensitivity setting; field test conditions; staffing and throughput assumptions; comparison methodology against alternatives. | FTC | Proposed settlement: prohibits misrepresentations about detection rates, false alarms, speed, and labor costs |
| Performance or detection claim from controlled tests without disclosed real-world field conditions | High | Test environment description including location type, throughput rate, equipment configuration, and staffing assumptions; comparison between controlled-test and field-deployment performance; false-alarm and missed-detection rates under deployment conditions; statement of conditions under which stated performance may degrade. | FTC | Proposed settlement: prohibits misrepresentations about detection rates, false alarms, speed, and labour costs based on non-representative test conditions |
| Independently verified or validated accuracy claim without naming the validator, method, or scope | High | Name of the independent validator or auditing body; written methodology describing what was tested, how, and under what conditions; scope boundary of the validation; date of validation and version of the product or model validated; any limitations or conditions noted by the validator. | FTC | Complaint ¶12-15: accuracy representations must be supported by competent and reliable evidence; FTC requires substantiation at the time of the claim |
| AI-assisted or AI-enhanced content without clear boundary between AI-generated and human-authored portions | High | Written disclosure of which portions of the content were AI-generated, AI-assisted, or human-authored; description of the human review process applied to AI outputs; confirmation that no AI-generated content is presented as independent human testimony without disclosure. | FTC | Rule: prohibits presenting AI-generated content as entirely human-authored; disclosure of AI contribution required |
| AI accuracy or reliability claim without disclosed hallucination rate, fabrication rate, or factual error rate | High | Disclosed hallucination or fabrication rate measured on a representative task set; benchmark design including content types, prompts, and evaluation criteria; human evaluation method used to identify factual errors; deployment conditions under which the rate was measured; rate disaggregated by task type or content domain. | NIST | NIST GenAI Pilot Study: evaluation framework requires characterising error types including false completions, hallucinations, and fabricated citations alongside accuracy figures |
| AI performance or capability claim citing third-party research published in 2022 or earlier that may have been superseded, retracted, or no longer applicable as current evidence | Medium | Date and version of the cited research; confirmation that the study has not been retracted or substantially revised since publication; comparison of the cited study against current benchmark standards or successor evaluations; explanation of how the cited methodology applies to the current product version. | FTC | Substantiation requirement: evidence supporting a claim must be current and applicable at the time the claim is made; outdated or superseded research does not constitute competent and reliable evidence |
Automation / Replacement
| Signal | Evidence burden | Evidence that changes the assessment | Source | Source section |
|---|---|---|---|---|
| AI positioned as replacing a qualified professional role | High | Written task-scope definition listing which tasks the AI handles; documented handoff and escalation path; user notice showing when professional oversight is required. | FTC | Order: prohibits deceptive AI lawyer claims; required user notice about limitations |
| AI automation rate claim without disclosed human-agent ratio or human-assisted baseline | High | Disclosed ratio of AI-handled versus human-assisted interactions; definition of 'automated' covering how partial human involvement is counted; time period and sample size for the stated rate; trend data showing how the ratio has changed over time. | SEC | SEC: AI automation metrics must accurately reflect the ratio of AI-driven versus human-assisted processing |
| 'Fully automated' or 'no human review needed' without stated boundary | High | Task-scope definition listing which steps are fully automated vs. human-reviewed; documented failure and escalation protocol; rollback process for failed automated decisions. | FTC | Complaint: unsubstantiated full-compliance automation claims without human review disclosure |
| AI agent described as acting fully autonomously without human oversight, task boundary, or escalation path | High | Written task-scope definition listing which decisions the AI makes independently versus which require human approval; documented failure detection and escalation protocol; user notice explaining when and how human oversight is triggered; defined boundary conditions under which the agent stops and requests human input. | FTC | Order: requires disclosure of AI limitations, task scope, and when human review is required |
| 'End-to-end automation' or 'automates your entire workflow' claim without defined boundary or handoff disclosure | Medium | Documented workflow map identifying which steps are fully automated, which require human review, and which are human-only; exception and error handling protocol; defined scope of input types and edge cases covered by the automation; disclosure of steps excluded from end-to-end coverage. | SEC | SEC: automation scope and human-agent ratio must be accurately and fully disclosed |
Compliance / Safety
| Signal | Evidence burden | Evidence that changes the assessment | Source | Source section |
|---|---|---|---|---|
| Compliance claim without framework scope or audit method | High | Specific framework version and success criteria covered; audit method and test scope; documented list of criteria requiring human review; deployment and customer configuration preconditions. | FTC | Order: $1M settlement, prohibits unsubstantiated WCAG compliance claims |
| AI or LLM output accuracy/safety check claim without disclosed standards, thresholds, or review method | Medium | Named accuracy or safety standard or rubric applied to outputs; threshold or pass/fail criteria; sampling or monitoring method; human-review or escalation path when checks fail; scope limits and known failure modes. | NIST | MEASURE: performance and safety testing must be context-specific; capability claims must be scoped to tested conditions |
| 'Bias-free' or zero-bias claim without subgroup performance data | High | Subgroup performance breakdown by demographic group; sample size and training-data documentation; false positive and false negative rates by group; deployment conditions under which bias metrics were measured. | FTC | Complaint: zero gender or racial bias claim without subgroup testing evidence |
| Testimonials or reviews without disclosure of AI generation, compensation, or collection method | High | Written disclosure of collection method and timing; confirmation reviewers received no compensation or incentive; confirmation that no AI generation or enhancement was used; reviewer relationship disclosed. | FTC | Rule: prohibits AI-generated reviews presented as authentic; effective October 2024 |
| HIPAA-compliant AI claim without disclosed Business Associate Agreement coverage or covered entity role | High | Written confirmation that the vendor acts as a Business Associate under HIPAA; signed BAA availability or sample BAA; defined scope of e-PHI the system creates, receives, maintains, or transmits; covered entity types and use cases within scope. | HHS/OCR | BAA requirement: vendors creating, receiving, maintaining, or transmitting e-PHI on behalf of a covered entity must execute a Business Associate Agreement |
| HIPAA compliance claim without disclosed e-PHI risk analysis or security safeguard scope | High | Documented risk analysis scope covering the AI system and its e-PHI data flows; implemented administrative, physical, and technical safeguards; most recent risk analysis date; incident response and breach notification procedures. | HHS/OCR | HHS/OCR Guidance on Risk Analysis: covered entities and BAs must conduct and document an accurate and thorough assessment of potential risks to e-PHI |
| EU AI Act compliance claim without Article 13 transparency documentation | High | Published Article 13 transparency documentation including intended purpose, performance limitations, known risks, and human oversight measures; Annex III high-risk classification basis or explanation why the system is not classified as high-risk; documented post-market monitoring plan. | EU Parliament | Article 13: transparency and information provision obligations for providers of high-risk AI systems |
| AI system marketed to high-risk use cases without EU AI Act Annex III classification disclosure | High | Written statement of Annex III classification status and basis; Article 9 risk management system documentation; Article 13 transparency declaration; CE marking or notified body audit report for applicable high-risk systems. | EU Parliament | Article 6: classification criteria for high-risk AI systems; Article 9: risk management system requirements |
| General-purpose AI interacting with users without EU AI Act Article 50 disclosure | Medium | Written description of how the system informs users they are interacting with AI at the start of each interaction; disclosure mechanism (on-screen label, audio signal, or equivalent); confirmation that the disclosure is not suppressed for any user tier or session type. | EU Parliament | Article 50: transparency obligations for general-purpose AI interacting with natural persons |
| ISO/IEC 42001 certified or compliant AI claim without disclosed certification scope or body | High | Name of the accredited certification body; defined scope statement showing which AI systems and processes are covered; certificate number and expiry date; current surveillance audit status; statement of whether the certification covers the specific product or service being purchased. | ISO | Clause 4: organisational context and AI system purpose; Clause 9: performance evaluation and internal audit |
| Solely automated AI decision without Article 22 GDPR safeguards disclosure | High | Disclosure of Article 22 rights to affected individuals; documented conditions under which solely automated decisions are made (consent, contract, or statutory authorisation); meaningful explanation of the logic involved; written process for obtaining human review of automated decisions. | EDPB | Section III: safeguards, meaningful information about the logic, and right to obtain human review |
| GDPR-safe or GDPR-compliant AI claim without stated lawful processing basis | High | Stated Article 6 lawful basis for all personal data processed; Article 9 basis if special-category data is processed; DPIA completion status and scope for high-risk processing; documented data retention and deletion procedures. | European Parliament and Council | Article 6 and 9: lawful basis for processing personal data including special-category data |
| SOC 2 Type II certification claimed without disclosed audit period, scope boundary, or certifying body | High | Name of the AICPA-accredited CPA firm that issued the certification; audit period start and end date; defined scope statement listing the systems, services, and data flows covered; applicable Trust Service Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy); confirmation of whether the certificate covers the specific product or service being purchased. | AICPA | AT-C Section 205: examination engagements require defined subject matter, criteria, and report boundaries. |
| General-purpose AI model capability claim without Article 51 systemic risk classification or GPAI compliance disclosure | High | Disclosed GPAI model classification status under Article 51 (systemic risk or non-systemic); compute threshold and training data documentation; model evaluation results and adversarial testing methodology; cyber-security policy; serious-incident reporting mechanism; relevant GPAI code of practice adherence. | EU Parliament | Article 51: GPAI models with systemic risk must conduct model evaluation, adversarial testing, and report serious incidents |
| AI tool claiming to automatically achieve accessibility compliance without audit scope or exception list | High | Specific WCAG version and success criteria covered by automated remediation; documented list of criteria that require human review or manual implementation; named accessibility audit firm and most recent audit report; known limitations and exceptions by content type or technology stack; customer implementation requirements for the compliance claim to hold. | FTC | Complaint: unsubstantiated claims that AI widget automatically achieves full WCAG and ADA compliance without human review |
| 'Secure by design', 'enterprise-grade security', or 'bank-grade encryption' AI claim without penetration test or audit scope | Medium | Third-party penetration test report summary (tester identity, scope, most recent date); list of implemented security controls by threat category; network, application, and data-layer security boundaries; disclosure of known residual risks; customer configuration requirements for the stated security level to apply. | ISO | Clause 6.1: risk assessment; Clause 8.4: AI system lifecycle security controls and verification |
ROI / Outcome
| Signal | Evidence burden | Evidence that changes the assessment | Source | Source section |
|---|---|---|---|---|
| ROI or cost-savings claim without baseline, cohort, or measurement-window definition | High | Customer outcome distribution showing median and percentile range, not only top-performer results; baseline and measurement-period definition; cohort definition specifying which customers are included and excluded; cost basis and any required customer investment; attribution methodology showing how the outcome is linked to the AI feature specifically. | FTC | Complaint: deceptive earnings and business-growth claims linked to AI features; settlement required outcome-distribution disclosure |
| Earnings or income claim without customer outcome distribution or workload disclosure | High | Full customer outcome distribution (including customers who did not achieve stated results); actual time and effort required from the customer; complete cost basis including all fees and dependencies; documented attribution showing which portion of results is attributable to the AI component versus other factors. | FTC | Case: AI-boosted income and passive-investment claims without customer outcome distribution, workload disclosure, or cost basis |
| ROI or savings figure from a single customer case study without typical or median outcome disclosure | High | Customer outcome distribution including median, 25th percentile, and 75th percentile results; description of the customer and deployment conditions from which the cited figure was taken; statement of how typical or atypical the cited result is relative to the customer base; timeframe and measurement method for the cited outcome. | FTC | Complaint: deceptive earnings and business-growth claims linked to AI features; settlement required outcome-distribution disclosure not just top-performer examples |
| 'Live in X minutes' or 'deployed in X days' AI claim without baseline or scope definition | Medium | Customer environment and prerequisite assumptions for the stated timeline; typical implementation timeline across the customer base; scope of what is included in the stated deployment (which modules, integrations, or configurations); disclosure of tasks outside the stated timeline that customers must complete independently. | FTC | Case: unsubstantiated speed and ease-of-use claims; results require workload and prerequisite disclosure |
| 'Saves X hours per week' or 'X% more productive' AI claim without task scope, control condition, or attribution methodology | High | Task scope and worker type used to measure the stated gain; control condition or before/after design showing the same task performed without the AI; attribution analysis separating the AI component's contribution from other workflow changes; sample size and statistical confidence; conditions under which the gain was or was not observed. | FTC | Substantiation requirement: outcome claims must be backed by competent and reliable evidence including defined task scope and measurement methodology |
| Comparative outcome claim against competitors without baseline, cohort, or measurement method | High | Named comparison set of alternatives evaluated; measurement method and metric definitions; baseline or control condition; time period and customer cohort used; disclosure of how typical the result is across deployments. | FTC | Substantiation requirement: outcome and comparative claims require competent and reliable evidence including defined comparison set and measurement method |
| AI cost-reduction or savings claim that does not disclose implementation, integration, onboarding, or ongoing maintenance costs | Medium | Full cost basis including implementation, integration, and onboarding fees; ongoing maintenance and support costs; any required customer-side engineering or IT resources; net savings calculation after deducting all direct and indirect costs; timeline for cost recovery and break-even under typical customer conditions. | FTC | Disclosure requirement: any material conditions required to achieve the stated result must be clearly disclosed |
| Guaranteed AI outcome, ROI, or results claim without disclosed conditions, scope, or failure definition | High | Defined conditions under which the guarantee applies; precise definition of what constitutes fulfillment of the guarantee; customer outcome distribution showing the guarantee is met for typical, not only top-performing, customers; clear disclosure of remedy or process when the guarantee is not met; exclusions or prerequisites that must be satisfied. | FTC | Substantiation requirement: guarantees must be backed by evidence that the stated outcome is achievable under the conditions the buyer will experience |
| 'X times faster' or 'handle X times more volume' AI efficiency claim without defining task type, input conditions, or throughput measurement | High | Task type and input characteristics used in the efficiency measurement; system configuration and load conditions during testing; comparison baseline clearly defined (manual process, prior software version, or competitor); median result across a representative customer or test set, not only best-case measurements; conditions under which the gain does not apply. | FTC | Complaint: deceptive business-growth and efficiency claims linked to AI features without scope, conditions, or distribution disclosure |
| AI outcome or performance claim expressed as a future result, without evidence that the vendor had reasonable grounds for that prediction at the time of the claim | High | Evidence that existed at the time the claim was published, not retrospectively: controlled pilot study or A/B test results showing the claimed outcome; representative customer outcome dataset with conditions disclosed; methodology for the projection, including assumptions, baseline, and confidence interval; date and version of the supporting evidence; conditions under which the predicted outcome does not apply. | ACCC | ACL section 4: a representation about a future matter — including predicted AI outcomes, promised savings, or claimed performance — is taken to be misleading unless there are reasonable grounds for making it at the time of the claim |
First / Only / Best
| Signal | Evidence burden | Evidence that changes the assessment | Source | Source section |
|---|---|---|---|---|
| 'First', 'only', or 'best' without scope definition or comparison basis | High | Scope definition used to support the claim; comparison method and alternatives considered; point-in-time reference; independent validation that no prior comparable offering existed. | SEC | SEC: Global Predictions made false 'first regulated AI financial advisor' claim without scope definition |
| 'Only provider' or 'no alternative' claim without defined market scope or comparison date | High | Defined market scope (product category, geography, regulatory class) used for the uniqueness claim; date on which the market survey or comparison was conducted; methodology for identifying and evaluating alternatives; disclosure that the claim applies only within the stated scope. | SEC | SEC: uniqueness claims require scope definition and evidence that no comparable offering existed |
| 'Leading', 'most advanced', or 'state-of-the-art' AI claim without cited benchmark or independent evaluation | Medium | Named benchmark or head-to-head evaluation comparing the product against identified alternatives; independent evaluation source; version and date of comparison; scope limitations. | SEC | SEC: comparative claims require a defined comparison scope and evidence basis |
| First-in-market or 'we pioneered' AI claim without stated time frame or defined market scope | High | Defined time frame during which the 'first' status applied; market scope definition including product category, geography, and regulatory classification used; evidence that no comparable offering existed within the stated scope at the stated time; disclosure that the first-to-market status may no longer apply. | SEC | SEC: Global Predictions made false 'first regulated AI financial advisor' claim without temporal or market scope definition |
| 'Best-in-class' or 'top-performing' AI claim without named comparison methodology or measurement scope | High | Named benchmark or evaluation framework used for the comparison; list of alternatives included in the comparison set; measurement scope and conditions; independent or third-party confirmation of the ranking; version and date of the comparison; disclosure that results may differ outside the stated conditions. | FTC | Complaint ¶12-15: comparative accuracy and performance claims require named methodology, comparison set, and scope disclosure |
Vague AI-powered
| Signal | Evidence burden | Evidence that changes the assessment | Source | Source section |
|---|---|---|---|---|
| 'AI-powered' or 'AI-driven' used without explaining function | Medium | Explanation of what AI specifically does in the product; what input the AI processes; what output it produces; how performance compares to a non-AI version; what human oversight is involved. | ASA/CAP | Report recommendation: explain what AI does, how it works, and user-visible benefit |
| AI targeting or data-collection claim without disclosed data source or collection method | High | Documented data source and collection method; technical description of what data the AI actually processes; independent verification or audit of the stated targeting mechanism; user disclosure of how their data is collected and used for targeting. | FTC | Complaint: unsubstantiated 'active listening' AI targeting claims without disclosed data source |
| 'Proprietary AI' or 'our own AI' claim where the underlying model is an undisclosed third-party LLM | Medium | Disclosure of whether the AI component uses a proprietary model, a fine-tuned third-party model, or an unmodified third-party API; if third-party, identification of the model provider and model version; description of any fine-tuning, training data, or proprietary layers added; statement of what is and is not proprietary about the AI component. | UK CMA | Transparency: developers relying on third-party foundation models should disclose the underlying model where it is material to the buyer |
| 'AI agent' claim without defined task scope, failure modes, or human escalation path | Medium | Written task scope listing the specific tasks the AI agent handles reliably versus those requiring human confirmation; documented failure modes and conditions under which the agent will not act; human escalation protocol specifying what triggers human review and how it is requested; known limitations and edge cases outside the agent's reliable scope. | FTC | Order: requires task-scope disclosure, limitation notice, and defined conditions requiring human review |
| AI-generated reports, analysis, or recommendations without human review or accuracy limitation disclosure | High | Disclosure that the output is AI-generated and not independently verified by a human expert; description of the human review process applied to AI outputs before delivery; documented accuracy limitations and known error rates for the output type; statement that outputs should not be relied on as a substitute for qualified professional review. | FTC | Rule: AI-generated content presented as authoritative requires disclosure of generation method and human review status |
| AI product performance or accuracy claim that attributes foundation model capabilities to the vendor product without distinguishing what the product itself adds | Medium | Disclosure of which AI capabilities come from the underlying foundation model versus the vendor's own product layer; product-specific performance evaluation showing results in the buyer's task context, not the foundation model's benchmark conditions; description of what the vendor's product adds beyond the foundation model API; any fine-tuning or customisation applied and its measurable effect. | UK CMA | Foundation model capabilities: AI product claims must distinguish between what the underlying foundation model does and what the developer's product adds |
| AI agent task completion or automation rate claim without defining which tasks are counted, what constitutes success, and how failures are handled | High | Task taxonomy listing which task types are included in and excluded from the stated completion rate; definition of what constitutes a completed versus failed task; sample of tasks used in measurement with input and output examples; failure handling protocol showing what the agent does when a task exceeds its scope; human escalation rate and conditions. | NIST | MAP and MEASURE: AI performance claims must be scoped to tested conditions; failure modes and out-of-scope tasks must be characterised |
| AI decision or scoring claim without disclosed explainability mechanism, audit trail, or human review path | Medium | Description of the explainability mechanism available to affected individuals and to the buyer's compliance team; whether a decision audit trail is maintained and for how long; human review or appeal process for AI decisions; confirmation of compliance with applicable explainability requirements (UK GDPR, EU AI Act, ECOA / adverse action notice requirements). | UK ICO | Explainability: individuals must be able to understand AI decisions in a meaningful way; organisations must be able to demonstrate how decisions are made |
| AI product claimed to continuously learn or improve over time without disclosing what data trains the model and how user data is handled | Medium | Description of what data is used for model updates or fine-tuning; whether user data is shared across customers in the training process or kept separate; data retention and deletion policy for training inputs; privacy impact assessment or equivalent disclosure; opt-out mechanism for users who do not consent to data use for training; evidence that the claimed improvement is measurable and has been observed. | UK ICO | Continuous learning: where AI systems learn from user or operational data, the data use, training scope, and privacy safeguards must be disclosed |
| AI marketing creates a misleading overall impression of capability or autonomy, even if individual statements are technically accurate in isolation | Medium | A plain-language description of what the AI component actually does, distinct from what it is branded as; disclosure of human-in-the-loop requirements, override mechanisms, or conditions where automation does not apply; evidence that the overall marketing context does not overstate autonomy or capability beyond the product's actual function; third-party or independent assessment of whether the overall impression matches actual product behavior. | Competition Bureau Canada | Section 74.01(3): general impression test — the general impression conveyed by a representation, as well as its literal meaning, must be taken into account when assessing whether a representation is misleading |
| AI product claims current, real-time, or up-to-date knowledge without disclosing training data cutoff date or knowledge boundary | Medium | Disclosed training data cutoff date or knowledge boundary; description of any retrieval-augmented or real-time data sources used to supplement static training data; domains where outputs may be outdated and by how much; process for updating or retraining the model to extend the knowledge cutoff. | NIST | GOVERN 1.2 and MANAGE 4.2: AI developers should document and disclose training data provenance and temporal boundaries that affect output reliability in time-sensitive domains |
| AI product attributes capabilities of a named or referenced foundation model version without confirming which version is actually deployed | Medium | Confirmed identity and version of the foundation model or AI component actually deployed in production; date or version at which the referenced capability claim was measured; disclosure of any gap between the model version used for capability demonstration and the version deployed to customers; version-specific benchmark or evaluation results rather than headline model-family results. | UK CMA | Transparency: AI product developers should disclose the exact foundation model version deployed and confirm that capability claims apply to the specific version in production, not a newer or different version |
Evidence sources
Evidence signal assignments and claim type judgments are grounded in official enforcement actions, regulator guidance, and government research reports. Signal mapping version: 2026-05-30. Active and superseded sources are shown here because historical source cards may still explain a matched signal. Use current source text where a superseded source has been replaced.
| Source | Publisher | Year | Status | Claim types | Last reviewed |
|---|---|---|---|---|---|
| FTC v. Workado LLC — Final Order | FTC | 2025 | Active | Accuracy / Performance | 2026-05-24 |
| FTC v. DoNotPay Inc. — Final Order | FTC | 2025 | Active | Automation / Replacement | 2026-05-24 |
| FTC v. accessiBe Inc. — Final Order | FTC | 2025 | Active | Compliance / Safety | 2026-05-24 |
| FTC v. IntelliVision Technologies Corp. — Final Order | FTC | 2025 | Active | Compliance / Safety, Accuracy / Performance | 2026-05-22 |
| ASA/CAP: AI as a Marketing Term Report | ASA/CAP | 2024 | Active | Vague AI-powered | 2026-05-22 |
| NIST 2024 GenAI Pilot Study — Text-to-Text Evaluation Overview and Results | NIST | 2025 | Active | Accuracy / Performance | 2026-05-22 |
| SEC v. Delphia (USA) Inc. and Global Predictions Inc. | SEC | 2024 | Active | First / Only / Best, Accuracy / Performance | 2026-05-24 |
| FTC Final Rule: Banning Fake Reviews and Testimonials | FTC | 2024 | Active | Compliance / Safety | 2026-05-24 |
| FTC v. Evolv Technologies Holdings, Inc. — Proposed Settlement | FTC | 2024 | Active | Accuracy / Performance | 2026-05-22 |
| FTC v. Air Ai Technologies, Inc. | FTC | 2025 | Active | ROI / Outcome | 2026-05-28 |
| FTC v. Automators LLC | FTC | 2023 | Active | ROI / Outcome | 2026-05-24 |
| FTC v. Cox Media Group — Action re: 'Active Listening' AI Targeting Claims | FTC | 2026 | Active | Vague AI-powered | 2026-05-24 |
| EDPB Guidelines on Automated Individual Decision-Making and Profiling (WP251rev.01) | EDPB | 2018 | Active | Compliance / Safety | 2026-05-23 |
| GDPR — Regulation (EU) 2016/679: Articles 22 and 35 | European Parliament and Council | 2016 | Active | Compliance / Safety | 2026-05-23 |
| SEC v. Presto Automation Inc. — AI Automation Disclosure Case | SEC | 2025 | Active | Automation / Replacement | 2026-05-24 |
| HHS/OCR Guidance: Be Aware of Misleading HIPAA Marketing Claims (archived) · Current primary text → | HHS/OCR | 2013 | Superseded | Compliance / Safety | 2026-05-25 |
| EU AI Act — Regulation (EU) 2024/1689: Transparency and High-Risk AI Requirements | EU Parliament | 2024 | Active | Compliance / Safety | 2026-05-25 |
| ISO/IEC 42001:2023 — AI Management System Standard | ISO | 2023 | Active | Compliance / Safety | 2026-05-24 |
| Australian Consumer Law — Misleading and Deceptive Conduct and False Representations | ACCC | 2011 | Active | Accuracy / Performance, ROI / Outcome, Vague AI-powered, First / Only / Best, Automation / Replacement | 2026-05-28 |
| Competition Act — Deceptive Marketing Practices (Sections 74.01–74.09) | Competition Bureau Canada | 2026 | Active | Accuracy / Performance, ROI / Outcome, Vague AI-powered, First / Only / Best, Automation / Replacement | 2026-05-28 |
| Keep your AI claims in check (archived) · Current primary text → | FTC | 2023 | Superseded | ROI / Outcome, Accuracy / Performance, Vague AI-powered | 2026-05-28 |
| AI Risk Management Framework (AI RMF 1.0) | NIST | 2023 | Active | Vague AI-powered, Accuracy / Performance, Automation / Replacement, Compliance / Safety | 2026-05-28 |
| AI Foundation Models: Initial Review — Update Paper and Technical Update Report | UK CMA | 2024 | Active | Vague AI-powered, First / Only / Best, Accuracy / Performance | 2026-05-28 |
| Guidance on AI and Data Protection | UK ICO | 2023 | Active | Vague AI-powered, Compliance / Safety | 2026-05-28 |
| AICPA SOC 2 — Statement on Standards for Attestation Engagements No. 18 (SSAE 18) | AICPA | 2017 | Active | Compliance / Safety | 2026-05-29 |