JAMS AI Rules: Taming Discovery in Cyber Disputes

A data-breach dispute once turned on a contained record: firewall logs, an incident-response report, a few custodial mailboxes. Artificial intelligence has unsettled that order. When a breach implicates an AI system - a fraud-scoring engine, a chatbot that mishandled personal data, a model trained on records later exfiltrated - the evidence is no longer a fixed set of documents. It is unstructured chat logs, telemetry, model outputs, training corpora, and configuration files, scattered across vendors and jurisdictions.

Two traits of these systems compound the problem beyond ordinary electronically stored information (ESI). First, they move. A model that learns continuously will not return the same output tomorrow that it returned on the day of the incident, so the inquiry shifts from what a document records to what state the system was in at the moment that matters. Second, they are opaque. Deep-learning models behave as black boxes, and a dispute over why a system acted as it did - whether it leaked data, discriminated, or failed to flag an intrusion - can demand the architecture, the training data, and the settings, not merely the logs those components emitted.

For a neutral charged with resolving such a dispute, the immediate hazard is scope. Each side demands everything because no one can say in advance what is material, and the cost of preserving and combing a live AI environment can dwarf the sum genuinely in controversy.

JAMS published its AI Dispute Resolution Rules to meet precisely these conditions. They are not a new body of substantive law. They are a procedural overlay that lets the parties and the neutral handle AI evidence on its own terms, rather than forcing it through a process designed for paper.

Three mechanics carry the most weight in breach work. The rules contemplate a technically conversant arbitrator or discovery referee who can build discovery protocols around the particular technology in dispute. They allow the appointment of neutral experts fluent in both the legal and technical dimensions of AI, so that questions of data provenance and model explainability surface early instead of being fought over late. And they install proportionality and confidentiality as governing principles, letting the neutral weigh the burden of producing a model or its training data against the relevance and sensitivity of what is sought.

The common thread is competence at the point of decision. A judge assigned a docket may have no grounding in machine learning; under these rules, the parties can select a neutral who does. That single choice reshapes how efficiently the fights over search terms, custodians, scope, and the systems themselves get resolved.

The keenest risk in an AI breach dispute is the one most easily missed at the start: the evidence can erase itself. A model that retrains, a logging pipeline that rolls over, a vendor that cycles its infrastructure - any of these can quietly destroy the state of the system as it stood at the time of the disputed event. By the time a party drafts a preservation demand in conventional ESI language, the relevant snapshot may already be gone.

Addressed early, this is a tractable engineering task: freeze the model weights, capture the configuration, preserve the inference logs and the pertinent slice of training data, and document the chain of custody for each. Addressed late, it hardens into a spoliation fight that no volume of motion practice can repair, because the underlying state is unrecoverable.

A neutral operating under the JAMS AI Rules can convene the parties at once to define what must be preserved and how, before the system has moved on. That early intervention is often the framework's highest contribution - not a ruling, but a timely instruction that keeps the evidence from disappearing.

There is a second sense in which these rules govern AI: they discipline how the parties and their experts deploy AI within the dispute itself. Counsel increasingly lean on generative tools to summarize productions, draft submissions, and parse technical records. Left unchecked, that practice invites fabricated citations, leaked confidential data, and findings no one can reproduce.

A neutral can fix expectations at the first conference - where AI assistance is permitted, what must be disclosed, and how confidential material is walled off from outside models. The same proportionality and confidentiality principles that bound discovery of an AI system also bound the AI tooling used to litigate over it. In breach matters, where the data at issue is the very sensitive material that must never be fed into an unvetted model, this internal governance is not housekeeping; it is risk management.

The neutral's posture is the familiar one: hold the scales level. The aim is neither to bless nor to ban the technology, but to ensure that whatever AI touches the record does so transparently and verifiably.

The very features that make AI disputes punishing in litigation - technical opacity, runaway scope, sensitive data, unsettled law - are the features that reward a chosen neutral and a private forum. A party cannot select its trial judge, but it can agree to a neutral fluent in both eDiscovery and AI, and that agreement compresses the costliest phase of the case.

In mediation, a technically credible neutral can do what a generalist cannot: separate real technical disagreement from posturing, pressure-test each side's account of what the system did, and narrow the matter to the points that actually carry the exposure. Parties settle more readily when the person in the middle can tell a hard technical question from an inflated one.

In arbitration, the same fluency yields faster, better-reasoned rulings on scope, search terms, and proportionality - and, where precedent is thin, more defensible decisions on the merits. The law around AI is still taking shape; a neutral who understands the systems can reason from first principles rather than wait for case law to arrive.

Used well, the JAMS AI Rules offer counsel for policyholders, insurers, and claims professionals a path through AI-entangled breach disputes that is faster, less costly, and more confidential than the alternative. That is the working promise of structured, technically competent neutrality.