The legal risks facing companies in 2026 present a shifting, and in some ways unexpected, focus for CEOs. Overall dispute volumes are plateauing—but the cases that do go to trial are producing much higher verdicts. Regulatory actions have shifted with state regulators filling enforcement gaps left by federal agencies pulling back. Reverse discrimination claims are rising, reshaping how companies need to think about their diversity programs and hiring practices. And the AI tools companies adopted to drive efficiency are generating a new category of liability. In January, Norton Rose Fulbright released its annual Litigation Trends Survey, which revealed that only 29 percent of in-house legal leaders felt “very prepared” for what was coming in 2026—down from 46 percent just a year ago. One-third of the way through 2026, it seems that in-house leaders’ consternation may have been well founded, as 2026 has already demonstrated the unpredictability in where, what and how much litigation companies face.
2026 began with state data privacy statutes taking effect in Indiana, Kentucky and Rhode Island, and AI statutes taking effect in California, Texas and Illinois. Three weeks later, the EEOC rescinded its guidance on harassment in the workplace and returned greater litigation oversight to the EEOC chair, who prioritizes ending “unlawful DEI-motivated race and sex discrimination” and “anti-American national origin discrimination,” among other priorities. In April, a Texas jury awarded $1.6 billion to the family of two men killed in a workplace explosion. And numerous instances of hallucinated cases appearing in legal briefing have drawn attention to the potential for professionals to improperly use artificial intelligence at work. In other words, the headlines are full of news stories confirming the concerns of corporate counsel.
Here are five of the most pressing litigation risks for CEOs and their leadership teams right now, and what to do about them.
1. Cybersecurity and data privacy: understanding the convergence of class actions, multi-state enforcement and vendor risks
To start the year, 38 percent of companies surveyed said their legal exposure in cybersecurity and data privacy had grown over the past year, and 82 percent reported that state attorneys general are ramping up enforcement as federal agencies pull back.
Companies face lawsuits on multiple fronts: vendor disputes over data handling, shareholder lawsuits tied to cyber incidents, False Claims Act whistleblower claims, and tracking-technology litigation. Cyber/privacy class actions increased in 2025 (40 percent vs. 32 percent in 2024), and 74 percent reported plaintiffs using “mass arbitration”—filing hundreds of individual arbitration demands to overwhelm companies with filing fees.
With state privacy laws proliferating and attorneys general coordinating enforcement, companies face regulatory scrutiny from multiple directions. Mass arbitration filing fees alone can exceed traditional class action defense costs.
Consider the following options to mitigate risk:
- Address “compliance drift” proactively. When policies fall behind evolving legal requirements, litigation risk increases. Compliance risk related to evolving cybersecurity and data privacy requirements and regulations is the top driver of expected cyber exposure (66 percent) this year, followed by attacker sophistication (57 percent) and AI-related challenges (50 percent).
- Establish cyber due diligence for vendors and acquisitions. Require cybersecurity certifications and contractual audit rights. Third-party breaches can create liability for your company.
- Prepare for multi-state enforcement. Map your customer footprint to state AG priorities and ensure incident response plans account for multi-state notification requirements.
- Go beyond paper compliance. Use technical tools like network traffic analysis to identify over-collection or data leakage that policy reviews won’t catch.
- Revisit arbitration clauses. Calculate mass-arbitration filing-fee exposure and consider fee caps, carve-outs or bellwether procedures (resolving sample cases first to guide settlement).
2. “Nuclear” and “thermonuclear” verdicts: what they are, why they matter and how they’re changing litigation strategy
Nuclear verdicts (over $10 million) and “thermonuclear verdicts” (over $100 million) are reshaping litigation risk assessments. From the report: 64 percent of survey respondents report higher settlement demands as a result of the “nuclear verdict” trend, 53 percent cite increased litigation costs, and 45 percent say plaintiffs are less willing to settle.
About half of those surveyed expect verdict amounts (49 percent) and settlements (48 percent) to keep rising in 2026, with ripple effects including higher insurance premiums and increased use of jury consultants.
To reduce nuclear verdict risk, consider the following:
- Develop a comprehensive strategy early. Regularly reassess your valuation of cases. Invest in jury research during initial assessment to inform early settlement and trial staffing decisions. Test case themes with focus groups, encourage candid internal feedback and be ready to pivot as evidence develops.
- Budget for risk mitigation. Nuclear-verdict concern correlates with earlier settlement negotiations, more consultants and heightened board/executive involvement, so plan accordingly. Update your litigation budgeting templates to include trial consultant fees, settlement authority matrices and board reporting milestones.
- Tie trial-risk planning to staffing reality. Implement case assessment protocols (regular updates, feedback loops, off-ramp strategies, escalation procedures, upstream reporting) to avoid ad hoc decision-making under pressure. A standardized high-stakes case assessment protocol ensures consistent quality even when your team is stretched thin.
3. State enforcement surge after Chevron: what the end of agency deference means for your company
Changing federal enforcement priorities are creating uncertainty. While 39 percent of respondents expected federal regulatory investigations to increase in 2026, the bigger story is at the state level: 82 percent reported increased state enforcement activity as state attorneys general step in to fill gaps left by federal agencies.
In 2024, the Supreme Court overturned “Chevron deference,” which had required courts to defer to agencies’ statutory interpretations. As a result, 55 percent said this development increased the number of lawsuits involving regulatory matters in 2025, while 63 percent say companies now have greater incentive to litigate and 55 percent adjusted internal compliance processes.
To lower enforcement risks, evaluate these action items:
- Create a “state AG heat map.” Track which attorneys general are investigating your industry. Pattern recognition provides early warning of enforcement waves.
- Rebuild compliance documentation for judicial review. In the absence of Chevron deference, courts review agencies’ interpretation of statutes independently. Compliance documentation should withstand scrutiny under both existing administrative guidance and potential judicial review of the relevant statutes.
- Monitor shifting federal priorities by agency and topic. Enforcement priorities now vary significantly across agencies. Review your regulatory risk exposure quarterly and shift monitoring resources to match the areas where enforcement is most active.
4. Employment litigation evolves: navigating DEI scrutiny, reverse-discrimination claims, accommodations and leave law complexity
Employment and labor litigation remains the second most common area of disputes (34 percent of respondents experienced it). It ranked second for both increased exposure in 2025 (31 percent) and expected increases in 2026 (30 percent). Three key drivers are reshaping this area: (1) increased scrutiny of workplace diversity, equity and inclusion (DEI) programs; (2) growth in “reverse discrimination” claims-where employees allege they were disadvantaged because of their race, gender or other characteristics-particularly after the Supreme Court’s June 2025 Ames decision; and (3) more disputes over disability accommodations.
Paid sick leave and family leave disputes are also rising sharply as a source of litigation (36 percent of respondents cited it in 2026 vs. 24 percent in 2025). This reflects the growing “patchwork” of leave laws, with multiple states and cities expanding or enacting new leave requirements in 2025-creating a compliance maze for multi-state employers.
Companies should consider the following options to lower their employment-related risks:
- Treat employment policies as litigation controls. Review and update employee handbooks, manager training programs and arbitration agreements to reflect today’s risk environment. Reassess non-solicitation and non-competition agreements. These documents will be scrutinized if litigation arises.
- Strengthen your accommodations process. Standardize “interactive process” documentation and remote-work criteria. Every request should trigger a documented, good-faith response.
- Build a leave-law compliance matrix. Maintain a jurisdiction-by-jurisdiction leave matrix with payroll and HR triggers. This is especially advisable as states simultaneously expand and roll back leave laws.
- Review programs related to diversity, equity and inclusion now. Before litigation arises, audit your diversity, equity and inclusion programs in light of emerging and evolving guidance from state and federal authorities.
5. AI enters the litigation landscape: governance challenges and opportunities extending beyond IT to legal operations, intellectual property and product liability
Companies are embracing AI tools while grappling with new risks. More than 60 percent of respondents now use customized generative AI (tools that create text, images or code) and agentic AI (tools that can take actions autonomously). Yet 59 percent say managing litigation risks from AI has been challenging. The regulatory landscape is evolving rapidly.
AI risk extends beyond how your company uses AI internally. Vendors may use your company’s data to train AI models in ways that create legal exposure. Product liability theories are emerging against AI platforms, including claims that AI systems are defectively designed or fail to adequately warn users of risks. On the intellectual property front, AI creates new questions about who owns AI-generated content and who qualifies as an “inventor” for patent purposes. Technology companies report the highest IP exposure (37 percent in 2025), and smaller tech firms are particularly focused on AI product liability risk (47 percent).
Consider the following options to lower AI-related dispute exposure:
- Establish litigation-ready AI governance. Vet internal and vendor tools, set “circle of trust” rules, implement policies and procedures, and continuously train and reinforce across stakeholders. Your AI governance framework should address data inputs, model transparency, human oversight and vendor due diligence—with clear audit trails.
- Update outside counsel AI guidelines. Specify permitted tools, confidentiality requirements and quality controls to prevent issues like “hallucinated” cases in briefs.
- Factor litigation funding into case assessments. Third-party funding is increasing, particularly by fueling patent lawsuits by non-practicing entities. Consider this dynamic and the potential for increased patent disputes when assessing budgeting, legal staffing, and case risk.
How to operationalize all five trends with limited resources
The common thread is the need to do more with less:
1. Build protocols and eliminate accountability gaps and blindspots. With preparedness declining and leaner in-house litigation teams, create case assessment and management protocols for litigation matters. Craft, and regularly update, response playbooks for cyber incidents, accommodations and regulatory inquiries. Stress test those response playbooks with tabletop exercises.
2. Consolidate work with trusted outside counsel who know your business. Companies spend an average of $2.4 million annually on litigation, with 56 percent going to outside counsel. Organizations are responding by consolidating: 62 percent now use just one–five law firms (up from 55 percent in 2024). Concentrating work with fewer, well-aligned firms can improve efficiency and reduce costs.
3. Prioritize prevention. The most common litigation prevention tools are tightening contract language and providing employee training. Reassess language in contracts (particularly non-compete and non-solicitation agreements), review indemnification provisions and evaluate the appropriateness of your insurance coverage. Invest in contract improvements and compliance tools that reduce exposure before disputes arise-prevention is almost always cheaper than defense.
The current litigation environment rewards preparation. While dispute volumes may be plateauing, risk is concentrating in areas where impact is severe and the landscape is evolving rapidly. CEOs and in-house legal teams who build systematic approaches to these five trends, backed by repeatable playbooks and disciplined resource allocation, will be better positioned to manage litigation when it arrives—and to prevent it in the first place.
