Data poisoning is gaining attention as a core vulnerability in generative Artificial Intelligence systems, with the greatest risk often sitting in the upstream data supply chain rather than in downstream safeguards such as content filters or moderation layers. The threat can be malicious, where attackers insert crafted training data to create hidden backdoors, or non-malicious, where poor-quality, biased or context-stripped data distorts model behaviour. In both cases, the result can be outputs that developers did not intend, creating legal, operational and compliance exposure for organisations that procure or deploy these systems.
A 2025 study from Anthropic found that as few as 250 malicious samples could trigger backdoors in language models trained on up to 13 billion parameters, challenging assumptions that poisoning requires large-scale access to training data. Research also showed that training GPT-4o on 6,000 examples of code containing built-in vulnerabilities, stripped of contextual signals that the code was insecure, led the model to produce unsafe answers even for unrelated prompts. These findings reinforce the need for dataset curation, validation and ongoing testing, especially where organisations fine-tune models on internal data or incorporate external sources such as vendor datasets, web-scraped material, employee feedback or model updates.
In the UK, regulatory expectations are shaped by the government’s 2023 white paper and a principles-based framework applied by sector regulators including the ICO, FCA and CMA. The framework focuses on safety, security and robustness, transparency, fairness, accountability, governance, and contestability and redress. There is overlap with the UK GDPR where personal data is involved, and mixed datasets containing personal and non-personal data can still bring the full dataset within scope. For organisations serving EU clients, the EU Artificial Intelligence Act extends obligations beyond the bloc and adds detailed requirements across the supply chain, including transparency, technical documentation and, for general-purpose models, disclosure of training data sources. Penalties for non-compliance can reach up to €35,000,000 or 7% of global annual turnover, and/or prohibition from operation in the European market in the most serious cases.
Legal risk management starts with procurement and supply chain governance. Contracts with Artificial Intelligence vendors should be supported by structured due diligence covering model transparency, data provenance, security practices, subcontractor governance and internal compliance controls. Organisations should translate those findings into vendor terms on data hygiene, audit rights, incident-notification windows, performance standards, data integrity warranties and liability allocation. Practical measures also include maintaining dataset provenance registers, using data protection impact assessments to identify risk, screening for bias, and setting maximum age rules for training and fine-tuning data. Because contaminated data may require retraining rather than simple patching, prevention through early governance, careful contracting and continuous monitoring is presented as the most realistic defence.
