Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter
user icon Login
Become a free member

How have AI and deepfake threats changed the role of legal counsel, with Lander & Rogers Melissa Tan

AI is changing the cyber threat landscape dramatically, empowering cyber criminals and creating new vulnerabilities as companies rush implementation in the hope of speeding up productivity gains.

author profile
Daniel Croft
Fri, 06 Feb 2026 Digital Transformation
How have AI and deepfake threats changed the role of legal counsel, with Lander & Rogers Melissa Tan

As a result, Australia and the rest of the world is witnessing an explosion of new threats, with threat actors utilising AI for phishing, deepfakes and gaining access to sensitive systems.

On top of this, with such dramatic changes to Australian legislation and regulatory frameworks, it’s become even harder for businesses to keep secure against the changing threat landscape.

You’re out of free articles for this month

However, as Melissa Tan, Partner and Head of Cyber Insurance and Litigation at Lander & Rogers says, having legal counsel on your side can help businesses navigate regulatory and threat environments, ensuring they can continue to operate.

 
 

Having already spoken to Tan about the risks of AI implementation and how to mitigate them, Cyber Daily ran through the role of legal counsel in the everchanging threat environment, particularly when AI is involved.

“Legal counsel play a key and multi-faceted role in helping Australian businesses navigate the legal, regulatory and reputational risks that can arise from AI deepfake incidents,” she said.

“[As previously discussed], the laws governing AI-generated deepfakes can be complex and cut across various types of laws and areas including privacy, cyber security, defamation, consumer protection and criminal laws.

“Legal counsel therefore can provide guidance on a clear, structured, informed and defensible decision-making process when preparing for, responding to and mitigating AI deepfake incidents.”

All AI forms can create risks, from privacy, security, reputational, criminal and other areas, AI deepfakes alone are a common and unsophisticated threat that is rocking businesses in a number of ways.

Already we have seen the technology used in phishing scams, whether this be to steal large amounts of money or to gain network access for a business, it adds an additional element of realism and trust that make verification a much harder process.

Tan says it is therefore incredibly important to have appropriate governance frameworks and policies that are in line with Australian legislation and can protect your business but allow for the orginisation to maximise productivity. This is one of the many applications of legal counsel.

“To prepare for the legal risks associated with deepfake incidents, legal counsel play a key role in developing the appropriate governance framework and policies in line with Australian laws that address for example, the acceptable use of AI, how to monitor and detect AI-generated deepfakes and manipulated media, how suspected AI deepfake incidents can be escalated within for investigation and further action, and any disciplinary process for employees involved in perpetrating AI deepfake incidents,” she said.

“As part of the preparation, legal counsel would usually also have assessed the legal and regulatory action exposure to the business if an AI deepfake incident occurs impacting the business, its employees or customers, so that adequate controls and training of staff can be put in place beforehand. This can include updating contracts with employees and customers to specifically address AI-related risks including deepfakes.”

The good news is that while the evolution of AI threats is drastic, the solutions haven’t changed that much, and the same can be said for legal counsel response.

While they have new regulatory gaps to navigate and plans are different, an AI-powered threat response by legal counsel follows the same process as a traditional cyber incident.

Tan says that legal counsel remains part of the core incident response team “to provide guidance and ensure that a structured and legally defensible response aligned with the business's legal and regulatory obligations is in place.

As they would during any cyber incident, legal counsel will assess any privacy, notification or other legal obligations that AI deepfake incidents create, will manage communications with regulators and protect legal professional privilege.

“Finally, mitigation actions often involve a legal process to take action to lessen the severity of any reputational damage or risks arising from AI deepfake incidents,” Tan concludes.

“Legal counsel plays an important role advising on mitigation actions including takedown notices to the social media operator, search engine host, the website owner, or the domain host, search engine or platform reporting mechanisms and advising on the prospects of any defamation claims or privacy complaints and claims.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
Tags:
You need to be a member to post comments. Become a member for free today!

You have0 free articles left this month.
Register for a free account to access unlimited free content.
You have 0 free articles left this month.