Executive Summary
The BBNJ Agreement — the United Nations treaty on the conservation and sustainable use of marine biological diversity of areas beyond national jurisdiction — establishes new obligations around marine genetic resources (MGRs) and their digital equivalents, including benefit-sharing rules that will directly affect pharmaceutical firms engaged in marine-derived research. Compliance teams at Pharmaceuticals firms operating internationally need to understand precisely which collections fall within the treaty's scope and which article governs each obligation, as these details determine whether prior-collection programmes, current research pipelines, and new benefit-sharing contracts are correctly calibrated.
Across two questions put to AI tools on this agreement, the AI got both wrong — in each case stating the law confidently before acknowledging error when pressed. The failures are not peripheral: both concern foundational scope and citation questions whose answers shape whether a firm designs its compliance programme around a retroactive or a prospective regime, and whether it attributes its benefit-sharing duties to the right treaty article.
How AI gets this regulation wrong
The findings below show AI tools confidently stating incorrect rules and citing the wrong treaty articles — then, when challenged, acknowledging the errors rather than defending them. In both cases the AI presented an invented or misattributed legal position with the same tone it would use for a settled rule, giving no signal that the answer was unreliable.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Exposed Fabrication | 2 | Finding#1 · Finding#2 |
What that means for your team
Both failures on this agreement create regulatory enforcement exposure for Pharmaceuticals firms — the kind of risk that materialises when a compliance programme is structured around an incorrect reading of the treaty's scope or its benefit-sharing mechanics. The table below maps each finding to the specific enforcement dimension it puts at risk for a Compliance function operating across international jurisdictions.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Regulatory enforcement | 2 | Finding#1 · Finding#2 |
When this affects your department
Pharmaceuticals firms with marine-derived research programmes — whether in natural products drug discovery, marine-organism-derived biologics, or bioprospecting initiatives — routinely face internal compliance questions about the BBNJ Agreement as they assess their obligations for existing sample collections and plan new research expeditions. Compliance teams are typically asked to confirm whether legacy materials collected in international waters before the agreement entered into force are now subject to benefit-sharing requirements, and to identify the precise treaty provisions that govern digital sequence information derived from those collections.
Both questions are live operational ones: the answers determine whether the firm needs to retrofit access and benefit-sharing contracts onto prior research, whether ongoing data-sharing partnerships need amendment, and whether new product development programmes are structured correctly from the outset.
If AI tools are used to answer these questions and the answers are wrong, the consequences compound rapidly. A firm that designs its benefit-sharing programme around a retroactive reading of the treaty — when the agreement is in fact non-retroactive by default — will incur unnecessary contractual obligations and may create commercial friction with research partners who are not party to those obligations.
Conversely, a firm relying on an incorrect article citation when drafting internal policies, training materials, or regulatory submissions risks having those documents fail scrutiny by a treaty body, a national authority implementing the BBNJ Agreement, or a counterparty's legal team. In either case the Compliance function carries the reputational and enforcement exposure for advice it provided in good faith but sourced from an unreliable tool.
The findings at a glance
The table below summarises each question area where AI tools produced a confirmed error on the BBNJ Agreement, together with the type of failure and the primary risk it creates for a Pharmaceuticals Compliance team.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | Retroactivity default inverted — legacy MGR collections | Hallucination | RLB-F-INT-UNTC-BBNJ-HIGH-SEAS-BIODIVERSITY-AGREEMENT-2023-Q003 |
| 2 | DSI benefit-sharing attributed to wrong treaty article | Hallucination | RLB-F-INT-UNTC-BBNJ-HIGH-SEAS-BIODIVERSITY-AGREEMENT-2023-Q004 |
Aggregate impact
Both failures cluster on a single theme: the AI confidently misstated core structural rules of the BBNJ Agreement — the temporal scope of the MGR regime and the correct article governing digital sequence information — and in each case admitted the error only when directly challenged. This pattern is particularly hazardous for Pharmaceuticals Compliance teams because both questions are precisely the kind a team consults AI to answer quickly: threshold scope determinations and citation checks that underpin everything else in the compliance programme.
An error at this foundational level does not stay isolated — it propagates into policies, training, contract templates, and regulatory submissions.
The retroactivity finding is the more consequential of the two. A Compliance team that acts on the AI's inverted reading of Article 10(1) — treating the MGR regime as retroactive by default with an opt-out, rather than prospective by default — would design its programme around obligations that do not legally exist for pre-entry-into-force collections, potentially renegotiating supplier contracts, imposing benefit-sharing burdens on legacy research partners, and restructuring internal data governance programmes unnecessarily. When that error is later identified, the cost is not only remediation but also the credibility of the Compliance function with commercial leadership and external partners.
The article citation error in the digital sequence information finding is lower in immediate severity but significant for documentation integrity. Internal policies and regulatory submissions that cite Article 15.5 as the source of DSI benefit-sharing obligations — when the correct provision is Article 14(1) — will fail verification by treaty bodies, national competent authorities, or counterparties' counsel. For a firm operating across multiple jurisdictions simultaneously implementing the BBNJ Agreement into national law, citation accuracy is not a formality: it is the basis on which national regulators will assess whether the firm's compliance programme is fit for purpose.
What your team should do
The default position for Compliance teams at Pharmaceuticals firms should be to treat AI-generated answers on BBNJ Agreement scope and citation questions as starting points requiring verification against the treaty text, not as reliable answers. The two errors identified here — one inverting the non-retroactivity default, one citing the wrong article — both passed through the AI's output with full confidence and no uncertainty signal. That means the usual heuristic of "if the AI sounds unsure, verify" does not protect against this failure mode: the AI sounded certain, and was wrong.
For the retroactivity question specifically, the practical safeguard is to read Article 10(1) directly before finalising any internal position on whether legacy collections are in scope. The treaty text is available through the United Nations Treaty Collection portal at treaties.un.org and the provision is short and unambiguous. The same discipline applies when drafting the sections of access and benefit-sharing contracts, supplier due-diligence questionnaires, or regulatory filings that turn on the temporal scope of the MGR regime.
For the DSI benefit-sharing question, any document that needs to cite the governing treaty article should be checked against Article 14(1) directly rather than relying on AI-generated cross-references.
AI tools can still add genuine value in a BBNJ compliance workflow for tasks where precision citation is not the deliverable: summarising the broad architecture of the treaty for non-legal stakeholders, drafting initial outlines of compliance programmes for expert review, or identifying which business units within the firm are likely to be within scope.
The discipline required is to keep AI in the drafting lane and primary sources in the verification lane — and to ensure that no internal policy, contract clause, or regulatory submission goes out carrying an AI-generated article citation that has not been checked against the treaty text itself.
How RLB Can Help
RegLeg's published Hallucination Research gives Compliance teams at Pharmaceuticals firms a practical pre-flight check before acting on AI-generated output for regulatory questions. The research documents, by regulator and regulation, the specific failure modes AI tools have exhibited — misquoted thresholds, fabricated citation trails, contradicted guidance — so that a Compliance professional can cross-reference the known risk profile of a regulatory area before relying on AI-assisted work product. This is especially relevant in pharmaceutical regulation, where AI tools are increasingly used to navigate post-market surveillance obligations, labelling requirements, and pharmacovigilance reporting frameworks that carry direct patient-safety and enforcement consequences.
For firms that want to go further, RegLeg offers bespoke regulator deep-dives that map the Compliance function's existing AI-supported workflows — from regulatory horizon-scanning to internal policy drafting and submission review — against the hallucination exposure profile specific to the regulators your firm interacts with. The output is a prioritised risk register that identifies which workflows carry the greatest exposure and what human-review controls are proportionate to each.
RegLeg can also conduct a confidential review of the firm's current AI-use policy against our full failure-mode catalogue, producing a gap analysis and prioritised remediation plan that is practical to implement within a functioning Compliance team rather than aspirational.
RegLeg also develops training material and CPD-aligned content Compliance teams can use internally — covering how AI hallucination manifests in regulatory contexts, how to structure effective human-review checkpoints, and how to document AI-assisted work product in a way that satisfies regulatory expectations around audit trails and professional accountability. Content is designed to be delivered by the Compliance team to the wider business rather than requiring ongoing external facilitation, giving firms a durable capability rather than a one-off engagement.