The growing use of generative AI for regulatory research is outpacing the governance structures needed to make that use safe. For EHS teams, the gap between an AI-generated summary and defensible compliance is not a minor concern. It is a material risk.
Artificial Intelligence (AI) adoption within Environmental, Health, and Safety (EHS) and sustainability functions has accelerated dramatically. According to NAEM’s State of Artificial Intelligence in EHS and Sustainability (April 2026), 94% of EHS professionals now report using AI tools, up from just 5% in 2019. Among the most common applications: leveraging AI to summarize regulations, guidance documents, and reports (81% of respondents) and searching for regulatory information (94%).
These numbers reflect the practical reality of understaffed EHS teams managing expanding compliance obligations. The appeal is understandable. AI tools are fast, accessible, and capable of condensing dense regulatory language into plain-English summaries. But for organizations subject to Occupational Safety and Health Administration (OSHA) standards, Environmental Protection Agency (EPA) regulations, and a web of state and local requirements that sit alongside them, that accessibility creates a specific and measurable form of risk.
EHS compliance and AI are increasingly spoken of in the same breath, but the assumption that AI integration alone advances managing compliance is where many organizations are making a costly mistake.
The Complexity That AI Summaries Cannot Capture
EPA and OSHA regulations are not static documents. They are dynamic, jurisdiction-specific frameworks that interact with facility-level conditions, operational processes, permit terms, and documented compliance histories. A summary of a standard, even an accurate one, is not a compliance determination.
EHS management requires understanding not just what a regulation says, but how it applies to a specific facility, workforce, and operational context. That distinction is not a detail. It is the entire basis of ensuring compliance. Consider what a complete regulatory analysis actually requires:
Jurisdictional layering. Federal EPA and OSHA regulations establish baseline requirements, but state environmental agencies and State Plan OSHA programs frequently impose more stringent standards. What applies in one state may differ substantially from what applies in another, and multi-site organizations must account for that variation at every location.
Applicability thresholds. Many regulations apply only when specific conditions are met: chemical inventory thresholds under the Risk Management Program (RMP), permitting triggers under the Clean Air Act, recordkeeping obligations under OSHA’s injury and illness standards. Whether a regulatory requirement applies depends on site-specific data, not the text of the regulation in isolation.
Permit conditions. For facilities operating under air, water, or waste permits, compliance obligations are defined not just by the underlying regulation but by the specific terms of each permit. Those terms vary by facility and are not captured in any general regulatory summary.
Current compliance posture. Regulatory analysis must account for where an organization currently stands: what documentation exists, what processes are in place, what deficiencies have been identified, and what corrective actions are underway. An AI tool operating on regulatory text has no visibility into any of that.
A generative AI model can tell you what a regulation says. It cannot tell you whether your facility complies with it.
The Hidden Risks of AI-Generated Regulatory Guidance
The NAEM research identifies inconsistent outputs and data quality issues as one of the top pain points in AI adoption, cited by 48% of respondents. In most business contexts, an inaccurate AI output is an inconvenience. In the EHS compliance context, it carries a different weight.
Hallucinations and citation errors. Large language models use natural language processing to generate plausible-sounding responses, but they are known to produce factually incorrect information, a phenomenon commonly referred to as hallucination. In regulatory contexts, this can manifest as incorrect citation of standards, misstatement of thresholds, or confident description of requirements that do not exist as stated. For EHS programs relying on AI to understand OSHA or EPA obligations, an undetected error in a regulatory summary can translate directly into a compliance gap.
Missed regulatory updates. Artificial intelligence models have knowledge cutoffs and may not reflect recent regulatory changes, new enforcement guidance, or updated permit conditions. Regulatory requirements change frequently. New OSHA standards, EPA rulemaking, and state-level amendments arrive on a rolling basis. A summary that was accurate at the time of a model’s training may no longer reflect current obligations. Emerging risks tied to new chemicals, new processes, or shifting enforcement priorities are particularly likely to fall through that gap.
The deference problem. Perhaps the most consequential risk is not the AI error itself, but the organizational behavior it enables. NAEM research identifies lack of internal expertise as a top barrier to responsible AI adoption (49% of respondents). When safety professionals with limited regulatory fluency rely on AI summaries without the human expertise to interrogate the output, errors go unchallenged. As one NAEM respondent noted, “Inaccuracies are abundant and not always caught when large data or documents are being reviewed. The time required to validate the results often eliminates the efficiency gains.”
The implication for EHS compliance is direct: staff acting on AI-generated guidance without understanding the underlying regulatory framework may make decisions that create exposure. Not because they acted carelessly, but because they reasonably trusted an output that appeared authoritative. Human oversight is not optional in this context. It is the control that makes AI use defensible.
When Regulatory Errors Become Operational Consequences
The consequences of compliance failure extend well beyond administrative penalties, though those are real and quantifiable. EPA enforcement actions regularly result in civil penalties in the millions of dollars for significant violations. OSHA penalties for serious, willful, or repeat violations can reach tens of thousands of dollars per citation, with higher exposure for multi-violation findings at multi-site organizations.
But the more significant risk is not financial. It is operational and reputational.
Incorrect understanding of occupational safety requirements, including OSHA chemical hazard communication standards, process safety management requirements, or respiratory protection programs, can contribute directly to serious injuries and workplace incidents. Inadequate hazard identification, gaps in emergency response planning, or failure to conduct thorough job safety analysis on high-risk tasks all become more likely when the foundational understanding of what is required is based on a summary rather than a verified compliance analysis. Missed EPA permit conditions or RMP requirements can result in environmental releases and environmental risks that carry their own enforcement and liability exposure.
AI-assisted safety management can play a valuable role in analyzing past incidents, identifying patterns in historical data, and surfacing potential hazards across large datasets. Machine learning and computer vision technologies are increasingly being applied to workplace safety challenges, flagging unsafe conditions, supporting manual inspections, and helping EHS leaders move beyond reactive safety programs toward more proactive risk management. These are legitimate, valuable applications.
The problem is when those same capabilities are assumed to extend to regulatory interpretation. When an AI tool that performs well at enhanced data analysis or data-driven decision making is treated as equally reliable for determining whether a facility meets its specific, site-applicable compliance obligations, the risk shifts from technical to organizational.
When a compliance gap was created or widened by unvalidated AI output, the organization faces a particularly difficult position in any subsequent enforcement proceeding or litigation. As Haven Safety AI Co-Founder Joe Hanna noted in the NAEM report: “AI creates a clearer, more comprehensive record of the hazards identified and the corrective actions considered… AI should be treated as a decision-support layer, not the company’s final position.”
Regulatory non-compliance resulting from AI-assisted misunderstanding does not reduce liability. In some scenarios, it may complicate the defense.
What Responsible AI Integration Looks Like in EHS Programs
None of this means AI has no role in EHS processes. The question is not whether to use AI, but how to use it without creating unacceptable exposure while maintaining the human oversight and human expertise that compliance-critical decisions require.
The NAEM report identifies several characteristics of organizations using AI responsibly. They treat AI outputs as starting points for analysis, not endpoints. They require review by EHS professionals with relevant domain expertise before acting on AI-generated content. They invest in training programs to build the internal AI literacy needed to evaluate outputs critically. And they are building governance frameworks that establish clear separation between AI-generated drafts and approved compliance determinations, with disciplined corrective actions tracking and tighter controls on access, retention, and escalation.
Data quality is foundational to all of it. As one NAEM respondent observed, “Establishing a strong data foundation by structuring and standardizing EHS data was necessary before we could trust AI outputs.” Safety data, incident reports, audit findings, and compliance records must be accurate and current before AI can add value. Without that foundation, AI integration risks amplifying existing data problems rather than solving them. Manual processes for data collection that produce inconsistent or incomplete records are a liability before they ever interact with an AI system.
That foundation matters particularly for regulatory analysis. Purpose-built EHS software platforms, designed around structured regulatory data, applicability logic, and site-specific compliance tracking, provide a fundamentally different foundation than general-purpose generative AI. The distinction is the difference between a tool that summarizes regulatory language and one that determines whether a specific facility, with specific operations and specific permit conditions, is meeting its current obligations. EHS managers need EHS software built for that level of specificity, not general-purpose tools adapted to fill the gap.
Continuous improvement in compliance management requires knowing your current state accurately. That demands EHS programs built around verified, authoritative regulatory data, not summaries that may be incomplete, outdated, or simply wrong.
As 3E Senior Vice President Maria Rutland put it in the NAEM research: “You have to evaluate your approach—and the partners and tools you work with—based on domain expertise, not just the technology… When AI is backed by quality expertise and purpose-built to properly reason, that’s when the possibilities become exciting.”
Final Thoughts: The Pressure to Adopt Is Real. So Is the Need for Rigor.
The NAEM data shows that 82% of EHS organizations are leveraging AI to make routine work more efficient, and 51% cite limited staffing or resource constraints as a driver. Many organizations are also responding to pressure from executive leadership (46% of respondents) to demonstrate AI use as part of broader digital transformation. Those pressures are not going away.
The expectation that EHS teams will do more with less, managing compliance across more jurisdictions, maintaining workplace safety standards at more locations, and producing more compliance reports with fewer resources, is the operating reality for most EHS functions today. AI offers real tools for addressing that challenge, and the future of health and safety management will be shaped by how well organizations learn to use them.
But the organizations reporting the biggest pain points in AI adoption cite uncertainty about data privacy (49%), lack of internal expertise (49%), inconsistent outputs (48%), and legal or regulatory risks (41%) as their primary concerns. Each of those concerns is amplified when AI is applied to high-stakes compliance decisions where the consequences extend to workplace risks, environmental risks, enforcement liability, and reputational damage.
The organizations that navigate this new era well will be those that use AI-powered tools to improve risk mitigation and expand capacity, while maintaining the rigor, human oversight, and purpose-built systems that compliance-critical decisions demand. Informed decisions in EHS management have always required more than a summary. That has not changed because the summary is now generated by an algorithm.
Dakota Software provides regulatory risk intelligence for multi-site EHS organizations. Our ProActivity EHS software is built around structured regulatory data, applicability analysis, and compliance tracking at the facility level, designed to deliver the critical information and support the data driven decision making that EHS compliance actually requires.
