The operations manager had spent an afternoon running a client briefing through the firm’s AI tool. The language was cleaner, the structure was tighter, and several background statistics had been pulled in to strengthen the argument. The document landed in the client’s inbox before anyone checked the source on one of the referenced figures. The stat was wrong. The client noticed first.
This kind of incident is becoming more common in UK services firms, not because AI is uniquely unreliable, but because verification habits haven’t caught up with adoption pace. A 2024 Sage survey of UK small businesses found that 52% of respondents were concerned about AI producing inaccurate information. At the same time, 44% were already using AI tools for content or document drafting. That gap between concern and process is where errors live.
What does “AI-supported fact-checking” actually mean?
AI-supported fact-checking means using AI tools to help structure verification, locate sources to consult, and flag claims for review, while keeping a human in charge of what gets used and what gets discarded. The model suggests; the person decides. OpenAI’s own guidance on GPT-4 makes this explicit: the model can hallucinate facts and should not be relied upon for high-stakes factual decisions without independent verification.
The distinction between AI-assisted checking and AI-certified checking matters more than many owners have considered. AI tools can help you generate a list of claims in a document, suggest what sources to search, and cross-check a summary against an original document you provide. What they cannot reliably do is confirm whether a specific fact is accurate, whether a regulation is current, or whether a figure comes from a genuine source. Stanford HAI research found that GPT-4 produced false statements in a meaningful share of answers across domains, even when the model presented its response with full confidence.
The practical rule, drawn from both the UK Government AI Playbook and the Scottish AI Playbook, is to treat AI as a research assistant that can speed up your process, not as an authority you defer to. Its job is to identify what needs checking. Your job is to check it.
Why does getting this wrong actually cost a services firm?
A factual error in a client document, a regulatory reference that is out of date, or a fabricated statistic can each have real consequences for a services firm. The ICO’s guidance on AI and data protection is explicit: organisations using AI in ways that affect individuals must ensure accuracy and demonstrate human review. For regulated firms, the exposure is sharper still.
FCA-regulated firms must ensure that all client communications are clear, fair and not misleading. A client note that cites an AI-generated figure without verification risks failing that standard, regardless of how the error was introduced. UK law firm Pinsent Masons notes that professionals who rely on AI outputs without adequate supervision risk negligence claims if clients suffer loss as a result. The CMA has also signalled that consumer-facing businesses using foundation models must not present AI-generated information as authoritative without appropriate checks.
The reputational angle matters just as much. A fabricated citation or an incorrect regulation reference is the kind of mistake that gets remembered. In 2023, The Guardian documented instances of ChatGPT generating academic citations and case law references that did not exist. Journalists and lawyers spotted them. Some clients will, too.
Where in your day-to-day work does the risk show up?
For a 5-to-50 person services firm, the highest-risk AI outputs are the ones that leave the building. Client proposals, briefing notes, regulatory updates, and any written communication referencing legislation, figures, or professional guidance all carry fact-checking risk. The NCSC warns that generative AI can produce plausible but false content at scale, and that organisations need internal verification processes before relying on such outputs.
Internal uses carry lower risk but still matter. An AI-generated financial summary used to inform an investment decision, an HR document drafted with the help of a language model, or a prompt-generated board report can all contain errors that compound when acted upon without checking.
The most common places to build a verification step into your process are:
- Any factual claim about law, regulation, tax, or compliance
- Statistics, performance data, or financial projections used with clients
- Any reference to a specific case, publication, or research source
- Content that mentions an individual by name or role
The last point crosses into data protection territory. The ICO is clear that where AI is used in ways that process personal data or affect decisions about individuals, accuracy and human review are not optional.
When should AI help with checking, and when must a human be the final call?
AI can structure the fact-checking process but cannot complete it reliably. Ask AI to list the specific claims in a document, suggest official sources to consult, or compare a summary against an original source you paste in. These are preparation tasks. The final call on whether a fact is accurate and appropriate for client use is always a human judgement.
The Scottish AI Playbook is clear on this: AI-generated content should be verified using multiple sources for important information, and the verification is the human’s responsibility, not the tool’s. The UK Government AI Playbook recommends a named AI content owner who holds final sign-off on AI-assisted materials. For a small firm, that can be the founder or operations manager. The point is that someone specific is accountable, not just the team.
A useful practical trigger is the downstream consequence of the fact being wrong. If a client could make a financial decision, sign a contract, or rely on your expertise based on what your document says, it needs a human to verify it against an authoritative source before it goes anywhere. AI can generate the list of claims that need checking. A member of staff confirms each one from a named, dated source.
How does this connect to the governance your firm already needs?
AI fact-checking discipline sits inside the broader AI governance your firm is building anyway, not as a separate workstream. Your AI use policy, your data classification rules, and the named owner for AI-assisted work all need a fact-verification line. The UK Government AI Playbook frames this as AI quality assurance, and its core principles for government are directly reusable by a services SME.
Three areas of law are directly relevant. Under the UK GDPR accuracy principle, where AI processes personal data, accuracy is a legal requirement. The NCSC’s guidance on generative AI raises data security concerns about what goes into the prompt as well as what comes out. For firms serving EU clients, the EU AI Act’s human oversight requirements apply to deployers of general-purpose AI, including third-party tools such as ChatGPT or Microsoft Copilot.
The practical governance move is to define in your AI policy which categories of output require verification before use, specify at least two non-AI sources for anything that could affect a client or a decision, and document the date and name of whoever checked. The Scottish AI Playbook’s policy template is a good starting point. If a dispute arises, the log of who checked what is the evidence that your firm exercised reasonable care.
The starting point is a single decision: which categories of AI output in your firm require a fact-check before they leave the building? Write the answer down, name who is responsible, and document it in your AI policy. The prompt discipline, the source logging, the review cadence: all of it follows from that one clear rule.
