CPS authorises charges after the felling of the historic Sycamore Gap tree.

Artificial intelligence (AI) poses a potentially serious cybersecurity threat to companies that have deployed it as part of their service or offer – not just through its use by criminals to perpetrate attacks – according to an expert in the field.

While the threat posed by bad actors using AI to deliver attacks has been widely discussed, Peter Garraghan, CEO and CTO of Mindgard, which provides cybersecurity for AI specifically, tells Verdict: “The problem we’re talking about here is cybersecurity threat against AI itself.”

Perhaps the most common and thus at-risk use of AI by companies is for customer service chatbots, which are increasingly prevalent and are typically tailored with company-specific data in the background.

Garraghan, who is also a chair professor of computer science at Lancaster University specialising in AI security and systems, founded Mindgard in 2022 after realising the potential severity of the issue around a decade ago.

“AI is not magic,” he says. “It’s still software, data and hardware. Therefore, all the cybersecurity threats that you can envision also apply to AI.”

By way of example, Garraghan gives the analogy of SQL injection – a technique via which vulnerabilities in a web application can be exploited by code inputted into fields in the likes of website login or contact forms. A similar approach called prompt injection can be used for public-facing AI applications. If not properly secured, AI tools can effectively be coaxed into giving out source code and instructions, business IP or even customer data.

Similarly, AI tools can be reverse-engineered in the same ways that other applications can be to identify vulnerabilities.

Of the gravity of the problem, Garraghan says: “We could envision even four or five years ago massive adoption, nation-state problems, disenfranchised people, organisations at risk. We need to think about this.”

Threats to AI applications

The potential for leaked data is likely to make any business take note, but the ease with which AI applications might leak data is alarming.

“There are cybersecurity attacks with AI whereby it can leak data, the model can actually give it to me if I just ask it very politely to do so,” explains Garraghan. This was exemplified in January when Gab AI, a platform launched by right-wing social media company Gab, was coaxed into revealing its instructions. OpenAI’s GPT platforms have previously revealed data upon which they are built too.

Garraghan continues: “There are other attacks where I can figure out what data it has and then reverse engineer it without even seeing it, or I can figure out how the AI can be bypassed or tricked, so I can get access to other systems from it. I think data leakage is definitely cross-cutting [of industries] – and that includes both externally facing and internally.”

Among the other significant threats he points to is model evasion, whereby input data is designed to manipulate or subvert the operation of the AI model.

“Let’s say I have some sort of document or face scanner for trying to identify someone’s identity,” he says. “If you know how the model works and some trickery, you can figure out how do I trick it so I can bypass detection or I can be misclassified. There are quite a few reported case studies of people doing financial fraud by tricking vision models, for example.”

Malicious commands hidden in audio prompts and the poisoning of data to deliver inaccurate responses are other threats Garraghan notes, and he adds that the overarching impact for businesses – as with other cyberattacks – can be reputational damage.

Who’s at risk and what can be done?

As with cybersecurity more broadly, there is naturally greater risk for industries in which the stakes are higher. Financial services and healthcare are two sectors, for example, which necessarily must be more secure than others.

Garraghan says: “There is a correlation here, which is that the more confidential and the more regulated you as an industry, the more at risk you are from AI – but also, from experience, the less they’re adopting. I don’t think they’re slower. Let’s say it’s because they have a lot of genuine risks to get through.”

In terms of tackling those risks within any company, though, he is clear that AI applications will require – or require now – their own layer of protection.

“You currently have cybersecurity tools, and they specialise in certain things,” says Garraghan. “You have a security posture management system, you have a detection response system, you have a firewall, you have very shift left in terms of design, code scanning – all these types of things. You’re going to need an AI equivalent to help with these. Those type of things specialises just in AI and machine learning and neural networks.

“You’re going to need a code scanner for neural networks, you’re going to need a detection response system for neural networks, you’re going to need a security-testing, red-teaming capability …  If you catch things upstream of problems, it is much easier to remediate and fix it as opposed to runtime. The best practice we encourage for organisations is whenever they build AI models, or wherever they purchase AI applications or services, before anything goes live, the more we can fix before it goes to production, it is so much easier to then identify what problems are to actually fix.”

In a nutshell, Garraghan’s take is as follows: “The best thing anyone can do in this space is replace the word AI with software or application. Yes, you need application testing and application threat detection, AI is no exception.”

The post In conversation: companies’ own AI applications are ‘a huge cybersecurity problem’ – expert appeared first on Verdict.

Microsoft will invest $1.7bn in Indonesia’s cloud and AI market. The money will also be used to build data centres. 

The investment was announced by Microsoft CEO Satya Nadella today (30 April) during a meeting with Indonesia’s President Joko Widodo. 

Nadella is visiting Indonesia to promote Microsoft’s generative AI technology and stated that its $1.7bn investment would help provide Indonesia with the latest AI infrastructure. 

“[Microsoft is] going to lead this wave in terms of AI infrastructure that is needed,” stated Nadella. 

Indonesia’s Minister of Communications, Budi Arie Setiadi, praised the investment and stated that he would be meeting with Microsoft to talk about future joint AI research and talent development. 

Nadella also committed to training 850,000 Indonesian citizens in AI by 2025. 

“This is (a breath of) fresh air for Indonesia as a country,” Setiadi told reporters outside Indonesia’s Ministry of Communication and Information. 

Setiadi stated that AI infrastructure could help Indonesia in its technological transformation. 

“This is not only about GovTech but also other aspects like agriculture, fisheries, business, and digital economy. The collaboration with Microsoft can greatly help our digital transformation,” he said. 

Nadella will visit Thailand and Malaysia after his trip to Indonesia to continue promoting Microsoft technology in Southeast Asia. 

In total, Nadella stated that Microsoft hopes to train over 2.5 million people in Southeast Asia in AI by 2025. 

By 2030, research and analysis company GlobalData forecast the total AI market to be worth over $1037bn globally. 

Companies will continue to ramp up their AI rollout throughout 2024, increasing the need for critical infrastructure like data centres. 

The post Microsoft invests $1.7bn in Indonesian cloud and AI market appeared first on Verdict.

The European Commission has claimed Meta failed to tackle disinformation and deceptive advertising on Facebook and Instragram and, today (30 May), announced a major investigation into the company’s compliance with Europe’s Digital Services Act (DSA).

The investigation comes amid concerns over disinformation in the lead-up to the European elections vote in June. 

The European Commission has raised concerns about misinformation originating from Russia, China, and Iran, as well as political parties in the EU trying to attract voters with deceptive advertising.

In a statement on Tuesday, EU digital chief Margrethe Vestager said: “We suspect that Meta’s moderation is insufficient, that it lacks transparency of advertisements and content moderation procedures.

“So today, we have opened proceedings against Meta to assess their compliance with the DSA.”

The DSA, which came into effect last year, holds Big Tech accountable for illegal and harmful content on its platforms and requires companies to do more to combat it.

If found to be non-compliant, companies including Meta can face fines of as much as six percent of global revenues. 

The EU investigation into Meta will focus on a Russia-based influence operation network which clones trustworthy media publications, according to Reuters, citing people familiar with the matter.

Meta exposed the operation in 2022. At the time, the company said it had blocked thousands of links connected to it. 

The Commission also highlighted Meta’s phasing out of disinformation tracker CrowdTangle without announcing a replacement.

A Meta spokesperson defended its moderation practices and claimed the company had a “well-established process for identifying and mitigating risks on our platforms.”

“We look forward to continuing our cooperation with the European Commission and providing them with further details of this work,” the spokesperson added.

The EU has given Meta five working days to return with remedial actions on the concerns raised.

The post Meta to face EU investigation over disinformation handling appeared first on Verdict.

If you’re up to the steps necessary for filing a personal injury lawsuit in New York your patience with the at-fault party’s insurance company is probably wearing pretty thin. 

You’ve sat through countless hours of negotiations without reaching an agreement; tempers are getting short and everyone involved in the process may be starting to lose their patience. Filing a lawsuit in civil court is usually the last step in a personal injury claim process. 

To help guide you through this process, this piece is going to take a closer look at the steps involved in filing a personal injury lawsuit in New York state.

How to File a Personal Injury Lawsuit in New York

There’s a process you need to go through if you’re seeking compensation for damages sustained. If you’re willing to accept the insurance company’s initial offer, you can skip all of the steps, including filing a lawsuit. 

Once you accept a settlement offer, the personal injury case is considered closed, and there aren’t any exceptions to this rule. This means that if your damages continue increasing after accepting the settlement, you can’t go back and refile a claim, and this also applies to your lawsuit. Your case will be dismissed by the court since you already settled with the insurance provider.

So, should you consider accepting an initial settlement offer? The answer typically depends on the severity of the accident. If there aren’t any injuries and you only want to repair a dented fender, accepting a check probably isn’t a bad idea. 

However, if injuries are present and/or vehicle damage is extensive, it’s usually a good idea to decline the initial offer. Wait until you’re finished calculating your damages before thinking about agreeing to an offer from the insurance company.

If you’re planning on moving forward with your personal injury claim, here’s a look at the steps you need to take. Hopefully, before you get to the step where you file a lawsuit in civil court, you’ve managed to reach an agreement with the at-fault party’s insurance company.

Pay Attention to the Statute of Limitations

The statute of limitations in New York for personal injury claims is typically two or three years, depending on the type of accident. 

If your damages stem from a car accident, you have three years to file a claim from the date of the incident. If your injuries are the result of an attack, your statute of limitations is two years. You have three years to file an injury claim if the incident is caused by someone’s negligence.

If you miss the statute of limitations deadline, you may not be able to file a claim for compensation with the insurance company, which also affects your ability to file a lawsuit. The courts will most likely reject your case since you missed an important filing deadline.

There are some exceptions to the statute of limitations, but most only apply in specific instances. For example, minors have an extended deadline. If your injuries leave you temporarily unable to participate in your case, the statute of limitations may also be extended.

Make an Immediate Appointment with a Physician

Going to the doctor is rarely anyone’s idea of a good time, but it’s a necessary step if you plan on filing a personal injury claim. After all, you need to provide proof your accident resulted in injuries. 

You can’t just claim you sustained injuries, the insurance provider will request proof before looking at your claim. The same is also true if your claim turns into a lawsuit, as the court is going to request your medical records.

Along with providing proof of your injuries, the visit to the doctor serves another purpose. Not all injuries are immediately apparent. Sometimes, it can take several days or weeks before you realize you’re injured, and soft tissue injuries are examples of this. 

These types of injuries often take a while to start displaying noticeable symptoms. Being proactive about your health is the best way of detecting any injuries.

Notify the Insurance Provider

When you’re injured in an accident in New York, you file a claim with the at-fault party’s insurance provider. After filing a claim, the next step is to start gathering evidence to support your case. This typically includes your medical records, property damage estimates, and an official accident report. You can pick up a copy of your accident report online or at any police station. 

Your report should be ready in about a week and there is a small fee to obtain a copy, which is also when you should start calculating your damages. These can include both economic and non-economic damages. Your non-economic damages are typically items like mental anguish, pain, and suffering, while economic damages are medical expenses, property repair and replacement costs, and even lost income.

As you’re calculating your total damages, you may receive a settlement offer from the insurance company. While it’s up to you if you accept the offer, the best advice is to wait until you know the full extent of your expenses.

Send a Demand Letter and Start Negotiations

If you haven’t retained legal representation, now’s the time to hire an attorney. Your attorney can send the settlement demand letter to the insurance company to start the negotiation process. The demand letter from your attorney will outline the following:

• How the defendant’s actions are responsible for the accident
• Details about your injuries and property damage
• A description of the law relevant to your case
• The specific amount you’re seeking in damages

After the insurance company reviews your demand letter, the negotiation process starts. Don’t be surprised if you go through a few rounds of negotiations. This is normal and hopefully, you’ll reach an agreement. If you can’t reach an agreement, the next step is filing a lawsuit.

Going Through A Personal Injury Lawsuit in New York

When you can’t reach a settlement agreement with the at-fault party’s insurance company, your attorney will prepare and file a personal injury lawsuit. Your case will go through a discovery phase and several pre-trial motions before eventually heading to trial.

A judge or jury will reach a verdict and then you may need to sit through the appeals process. If your personal injury claim does become a lawsuit, you want to have an experienced attorney by your side. 

Traffic and congestion plague many cities, slowing commutes and emergency vehicle response times, but cloud software firm LYT is using artificial intelligence (AI) and machine learning (ML) to improve urban mobility.

Alongside other solutions, the California-based company offers a system specifically dedicated to helping emergency vehicles get where they need to be as quickly as possible. Indeed, LYT says that, when implemented for California’s Freemont Fire Department, the system delivered a 62% reduction in response time across a main 8mi (13km) area.

The LYT.emergency platform uses a device installed in the traffic control centre of a city to control networked traffic signals and provide green lights along the duration of a journey. Speaking to Verdict, Tim Menard, founder and CEO of LYT, explained ghowq the system differs from other solutions and the role of AI in smart cities.

How does LYT.emergency work and how long has it been available to use?

Menard: LYT.emergency has been available for use since 2021. LYT.emergency uses pre-existing infrastructure to securely link city emergency response systems to city traffic management systems. By using LYT’s secure network device called Maestro, traffic lights can be securely connected to LYT’s cloud. Location data provided from the CAD/AVL system installed on the emergency vehicles are also sent securely to LYT’s cloud.

By combining this information LYT.emergency provides a bird’s-eye-view of what a happening and why. This is how we are able to determine the ETA of the fire truck to any one intersection well in advance of the fire truck approaching. It is then that the fire trucks see the wave of green lights as they approach the intersections, whether they are in sight or not.

How does LYT’s solution differ from traditional emergency vehicle pre-emption solutions?

Traditional emergency vehicle preemption (EVP) solutions use a line-of-sight hardware solution, which can be affected by inclement weather conditions, as well as just poor maintenance. They can be costly and they are often unreliable due to the lack of performance insight. A fire truck needs to be within view of the intersection for the light to turn green, which can make curves and intersections after a turn unable to provide the green light in time.

What challenges in making edge devices, the cloud platform and training the machine learning algorithm has LYT had to overcome?

Introducing a cloud-native, hardware-less traffic optimisation platform brings great responsibility to ensure our communities’ infrastructure remains secure.

LYT has put tremendous resources and effort into implementing industry-standard security protocols and ensuring the overall architecture is safe from cyberattacks. We’ve also heavily invested in our machine-learning platform to make it powerful enough to learn a wide array of vehicle movement patterns and handle unpredictable events, including inclement weather and detours.

What role will AI play in creating smart cities and overcoming congestion issues?

AI plays a huge role in the future of smart cities and reducing congestion. We can’t have smart cities without smart traffic lights. AI and ML have the ability to assess mass amounts of traffic data faster than any human can, which allows the traffic intersections to continuously optimize and improve our city streets making them more responsive, resilient, and conducive to the well-being of everyone in the community.

The post How LYT is using AI to reduce emergency vehicle response time appeared first on Verdict.

Law firms know better than most that compliance is a fundamental part of operating in a way that won’t get penalized by regulatory bodies – and this certainly applies to the finance side of the coin.

In 2023 the IRS collected over $100 billion as a result of compliance-related fines, of which over $5 billion was taken from businesses for their mishandling of income tax affairs. So there’s a steep price to pay for even minor missteps – and tax is only a small part of the total compliance picture.

The good news is that there are a number of tools that are available to law firms that not only assist with avoiding compliance snafus, but also streamline workflows and reduce some of the burden of managing financial matters across the board. 

Here are just a few examples that need to be included in your set of software resources, if they aren’t already.

Harnessing Document Scanning & Conversion for Compliance Precision

Dealing with the document-intensive environment of law firms requires powerful tools that streamline processes and enhance accuracy. Document scanning and conversion solutions like DocuClipper are pivotal in transforming piles of paperwork into manageable, searchable digital formats. 

Here’s what they have to offer:

• Enhanced Accuracy and Accessibility: Modern document scanning technologies utilize Optical Character Recognition (OCR) to convert physical documents into digital text – while also converting one file format to another with ease. So if you’ve got PDF-based bank statements that need to be turned into a CSV file for filing, it’s a breeze. This not only speeds up the retrieval process but also reduces human error, ensuring that critical information is maintained accurately.
• Audit Trail Creation: These tools automatically log activities related to document handling which can be crucial during audits or compliance reviews. Every scan, access, or modification is recorded, creating a transparent and tamper-evident audit trail.
• Data Security Features: Given the sensitive nature of legal documents, leading scanning technologies incorporate advanced security measures to protect data from unauthorized access or breaches. Encryption during transmission and storage ensures client confidentiality remains intact.

As you’d expect, incorporating these scanning and conversion solutions not only assists in compliance efforts but also significantly boosts operational efficiency.

Streamlining Transactions with Financial Monitoring Software

Automated financial monitoring software is another must-have for ensuring ongoing compliance in law firms, and indeed across all industries. These tools scrutinize every transaction for anomalies that could indicate errors or fraudulent activities, thus safeguarding the firm’s financial integrity. 

Here’s a closer look at a few of the tricks up their sleeve:

• Real-time Transaction Monitoring: This feature allows for the immediate detection of unusual transaction patterns or amounts that deviate from typical activity. Identifying discrepancies in real time means firms can respond promptly to potential issues.
• Comprehensive Reporting Capabilities: Tools such as Thomson Reuters CLEAR are instrumental in generating detailed reports that summarize financial activities over any given period. This is critical not only for internal audits but also for regulatory compliance, ensuring all financial operations are transparent and accounted for.
• Integration with Existing Systems: Many of these software solutions offer seamless integration with existing accounting systems within law firms. This interoperability ensures that data flows smoothly between systems, reducing manual entry errors and increasing efficiency.

We’ve discussed the scale of the fines levelled against firms for non-compliance, and the rise in financial fraud is also noteworthy in this context – surpassing $10 billion last year. And while consumers are often the target, businesses that get caught in the crossfire can suffer reputational damage, which is something no law firm can afford to allow.

As such, it should not be surprising that the transaction monitoring market alone is worth over $9 billion, and is growing at a rate of 14.2% annually.

Enhancing Due Diligence with Risk Assessment Tools

As mentioned, the stakes are high when it comes to compliance – especially in the case that upholding the law is the primary purpose of the organization in question. This is where risk assessment tools come in, providing a systematic approach to identifying, assessing, and mitigating risks related to clients and their associated financial activities. 

Here’s what they can do:

• Automated Risk Scoring: These tools feature algorithms that assign risk scores based on a variety of factors including transaction history, client background, and public financial records. This automated scoring helps firms prioritize their oversight efforts effectively.
• Continuous Monitoring for Changes: It’s crucial that risk assessment doesn’t just happen at the outset of a client relationship but continues throughout its duration. Tools like LexisNexis Risk Solutions offer continuous monitoring features that alert firms to any changes in a client’s risk profile or status, enabling proactive compliance management.
• Integration with Compliance Databases: Top-tier risk assessment platforms maintain integration with global compliance databases. These integrations provide access to up-to-date watchlist information, politically exposed persons (PEPs) lists, and more – tools essential for complying with anti-money laundering (AML) regulations.

We’re also entering an era in which artificial intelligence is making waves in the risk assessment scene, with KPMG reporting that its impact is already vast and that it will grow further in the coming years. This of course throws up its own set of compliance conundrums which need to be taken into account – but it’s still a good time to adopt modern tools to tackle threats that threaten compliance, regardless.

Bolstering Compliance with Advanced Auditing Software

Auditing is another critical element in the compliance framework, and of course, it demands precision and thoroughness in equal measure – particularly for internal use. 

Thankfully there’s advanced auditing software out there which can significantly enhance the efficiency and effectiveness of these processes in the following ways:

• Automated Compliance Checks: These tools can automatically review financial records against relevant legal standards and flag any inconsistencies or breaches. This automation helps reduce the workload on staff and once again minimizes human error, streamlining compliance efforts.
• Historical Data Analysis: Tools such as CaseWare IDEA allow auditors to perform complex data analyses, inspecting years of financial data to identify trends or anomalies that could indicate compliance issues or areas of risk.
• Customizable Reporting Functions: With advanced auditing software, firms can generate tailored reports that fit specific regulatory requirements or internal needs. This customization ensures that all stakeholders have access to pertinent information in an understandable format.

Given that law firms are in the process of facing an uphill struggle in terms of client demand, which dropped by 0.4% last year in the face of a 3.9% in the number of full-time legal pros employed across the industry, finding efficiency wherever it’s available is advised. 

Since that’s exactly what auditing software brings to the table, its popularity and impact are to be expected.

Optimizing Client Billing with Time Tracking Software

Accurate and compliant client billing is another paramount concern that any law firm will need to get right. Time tracking software plays a crucial role in ensuring that every billable hour is accounted for accurately and ethically. 

Here are some selling points:

• Detailed Time Entry: These systems allow lawyers to record time spent on different tasks with precision, which can be directly linked to client bills. Tools like TimeSolv provide easy-to-use interfaces for entering time, ensuring minimal disruption to the lawyer’s workflow.
• Automated Billing Cycles: By setting up automated billing cycles, firms can reduce administrative overhead and improve cash flow consistency. This automation ensures invoices are generated and sent without delay, adhering strictly to agreed schedules.
• Integration with Accounting Systems: Effective time-tracking solutions offer seamless integration with broader accounting systems. This integration ensures that billing information aligns with financial records, maintaining consistency across all financial documentation.

Wrapping Up

There’s no question that the right tools can make financial compliance a cakewalk for law firms – so long as they are both adopted as a priority and also put to work properly. Falling short here will lead you down the path to fines and a tarnished reputation, so it is worth actioning the advice we’ve provided.

Football fans everywhere will be familiar with reckless tackles, whether from their own Sunday league experience or as followers of the professional game. But when will a tackle amount to negligence and be actionable in a civil court, such that an injured player can sue their opponent?

In Episode 197 of Law Pod UK, 1COR members Jo Moore and Nicholas Jones join Lucy McCann to discuss how the law of personal injury applies to football.

Here are the full citations of cases discussed in the episode:

• Caldwell v Maguire [2001] EWCA Civ 1054
• Wooldridge v Sumner [1963] 2 QB 43
• Sharpe v Highland and Islands Fire Board 2008 S.C.L.R. 526
• Condon v Basi [1985] 1 WLR 866
• Czernuszka v King [2023] EWHC 380 (KB)
• Kerr v Willis [2009] EWCA Civ 1248
• Fulham v Jones [2022] EWHC 1108 (QB)
• McCord v Swansea Football Club and another [1996] 12 WLUK 409 

The post Negligence in football: A claim of two halves appeared first on UK Human Rights Blog.

In April 2024, UK cybersecurity company Darktrace agreed to be bought by US private equity (PE) company Thoma Bravo in a $5.3bn deal.

Assuming it goes ahead, the deal will remove another home-grown tech company from the London stock exchange. It will also be the latest example of PE generally, and Thoma Bravo in particular, snapping up a cybersecurity company.

However, new US merger guidelines may mean PE companies are more likely to see regulators taking assertive action to examine and potentially block cybersecurity acquisitions.

The new rules put in place by the Department of Justice (DoJ) and the Federal Trade Commission (FTC) in December 2023 reflect concerns in the Biden administration about so-called ‘roll-up’ acquisitions by PE companies.

Under such acquisition strategies, a buyer accumulates market share through a series of relatively small acquisitions over time. The new merger guidelines aim to address the concern by noting that if an acquisition is part of multiple related acquisitions, the regulatory agencies may examine the whole series of deals. 

Cybersecurity ready for regulation

Some might argue that regulators have already been sharpening their pens on cybersecurity.

In December 2022, the DoJ asked US cybersecurity firm ForgeRock for more information about its planned $2.3bn buyout by Thoma Bravo. ForgeRock operated in the growing identity and access management (IAM) area of cybersecurity, and Thoma Bravo had already acquired two other IAM companies, Ping Identity and SailPoint Technologies. Despite investigating the deal, the DoJ eventually let the bid through, and it was completed in August 2023.

Thoma Bravo subsequently merged ForgeRock with Ping Identity, thus taking one competitor out of the IAM marketplace. The deal could perhaps be justified only by an argument that the merged company might be better positioned to compete with larger companies in the IAM space, such as Microsoft and Okta.

Thoma Bravo’s plans for Darktrace

Thoma Bravo’s plans for Darktrace will likely involve using the PE company’s market clout to help Darktrace expand its footprint in the US. It would be no real surprise to see Darktrace provided with investment funds for acquisitions of its own.

As of December 2023, Thoma Bravo’s cybersecurity portfolio represented around $45bn in total enterprise value. Other private equity companies such as Insight Partners, TA Associates, Francisco Partners, and Advent International have also made significant cybersecurity investments.

It will take time for the merger guidelines to take effect, but it is almost certain that PE companies’ cybersecurity acquisitions will face considerably more antitrust scrutiny in the future than in recent years.

The post US merger rules may rein in private equity cybersecurity spending appeared first on Verdict.

The Science-Based Targets initiative (SBTi) tells companies whether their targets for cutting greenhouse gas emissions (GHG) are ambitious enough.

For example, if a company says it wants to cut GHG emissions by 50% by 2030 compared to 2020, the SBTi verifies whether this 50% is enough. It does this by comparing it to the decarbonisation pathways needed to keep global warming under 2°C above pre-industrial levels. Many of the world’s largest companies have emissions targets that are verified by the SBTi.

What has gone wrong at the SBTi?

The SBTi’s board of trustees released a statement on April 9, 2024, announcing that it intended to allow the use of what it calls ‘environmental attribution certificates’, which includes carbon offsets, to meet Scope 3 emissions targets. Or, in its own words: “to extend their [environmental attribute certificates] use for the purpose of abatement of Scope 3 related emissions beyond the current limits”.

Scope 3 emissions are the emissions generated by a company’s supply chain rather than its own buildings or machinery. Meanwhile, carbon offsets are typically bought to support claims of carbon neutrality. A company that buys a single carbon offset is “offsetting” one tonne of CO₂ by avoiding or removing emissions. For example, the proceeds of the sale of an offset may support a forest preservation project that helps avoid new emissions entering the atmosphere through deforestation. Avoidance offsets are commonplace and cheap but rely on assumptions to estimate their impact. Removal offsets are rare and expensive but exact and more robust.

The SBTi’s announcement was met with anger by some of its staff, who published an open letter stating the Board of Trustees “undermined our Standard Operating Procedures and governance policies”. According to press reports, a private letter signed by staff and advisers asked the CEO and board to retract their statement and resign.

SBTi CEO Luiz Amaral then published a blog post on the company’s website on April 19, defending the original statement. The statements contain an obscure debate about the SBTi’s internal procedures and policies but, regardless of who is right or wrong about questions of protocol, one must wonder why the board of trustees did not anticipate this predictable response or discuss the statement first with its staff and advisers.

Companies should still avoid carbon avoidance offsets

The SBTi’s own internal kerfuffle aside, companies should steer clear of carbon avoidance offsets regardless of any changes the SBTi makes. 2023 was a damaging year for the avoidance offset market, with key players such as Verra, the market’s leading verifier, and South Pole, a major offset retailer, caught up in scandals that led to both of their CEOs resigning. Many businesses quietly stepped away from the market as a result and the EU began work on legislation which would prevent companies from saying they were carbon neutral if the claim was supported by offsets. Some corporations began investing in carbon removal offsets, which physically remove CO₂ from the atmosphere rather than avoid its release.

The problem with scandals in the offset market is that they have a knock-on effect on the companies that have invested in the underlying projects. Even if offsets help achieve an SBTi-approved target, they still expose corporates to the risk of greenwashing accusations, which is increasingly becoming a legal issue rather than just a public relations one.

There is also the risk that any decision made on offsets can be reversed by a future CEO and board of trustees, which is a distinct possibility given the broad reputational damage the offset market suffered in 2023. The SBTi said any guidance it gives on offsets would include ‘guardrails and thresholds’ and that it would not validate the quality of offsets as ‘other entities are better positioned to deal with this activity’.

Unfortunately, 2023 showed that no entities are positioned to deal with this activity and that previous ‘guardrails and thresholds’ have not provided much security to businesses. The quality of standard avoidance offsets will always be debatable and subject to different assumptions, and this will always create difficulties for the companies that buy them.

The post SBTi gets into carbon offsets mess appeared first on Verdict.