Executive Summary
ESG & Sustainability teams at Software & SaaS firms operating across international jurisdictions use the OECD's 2025 Recommendation on Digital Technologies and the Environment as a reference anchor for infrastructure sustainability benchmarking, digital product environmental disclosures, and cross-jurisdictional regulatory alignment across OECD member states. In our testing, AI tools failed on 1 of the quantitative claims we examined, producing an incorrect percentage for Ireland's 2021 data-centre share of metered electricity, attributing that figure to the named OECD and CSO sources, and fabricating an accompanying multi-year time series that does not appear anywhere in the underlying document.
The failure mode was not ambiguity or version confusion: the AI stated a specific number (14%) with full source attribution where the Recommendation's supporting data states 11%, then generated a trajectory, 5%, 14%, 18%, 21% across successive years, that is invented. For an ESG team that relies on AI to surface OECD data points for board packs, investor disclosures, or regulatory submissions, the operational risk is that a fabricated statistic dressed in legitimate citations passes through internal review and into a published document without anyone flagging it.
How AI gets this regulation wrong
The dominant failure mode we observed across this regulation is confident, source-attributed fabrication: AI tools stated a specific numeric figure, named the official sources that ostensibly support it, and compounded the error by generating a plausible-looking but entirely invented time series. The divergence between the AI's stated figure and the actual document text is not a rounding difference or a version ambiguity, it is a wrong number attached to a correctly-cited source chain, the hardest category of AI error to catch in a normal workflow review.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Exposed Fabrication | 1 | Finding#1 |
What that means for your team
The risk that materialises for ESG teams at SaaS firms is a wrong deliverable, a sustainability report section, regulatory mapping brief, or investor data room document carrying an AI-generated OECD statistic that the team has no practical way to identify as fabricated without returning to the primary source. Given the volume of regulatory data points ESG functions are expected to track across OECD member jurisdictions, the operational pressure to delegate that research to AI tools is high, and that is precisely where this failure mode lands hardest.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Wrong deliverable | 1 | Finding#1 |
When this affects your department
The OECD Recommendation sits at the intersection of two things SaaS ESG teams are actively navigating: the digital infrastructure footprint question (data centres, cloud compute, hardware lifecycle) and the policy-alignment question (what do OECD member regulators expect from technology companies on environmental obligations). AI tools get pulled in whenever a team member needs to quickly surface a supporting data point, writing a sustainability report chapter, briefing an exec before a regulatory engagement, populating a supplier questionnaire template, or building the evidence base for a new product's environmental claims.
The OECD's empirical case for its Recommendation, including data-centre energy consumption figures from national statistics offices, is exactly the kind of content teams expect AI to retrieve accurately because it reads as factual and sourced.
The exposure is sharpest when the output feeds an external work product. A junior analyst who uses an AI-generated figure in a board climate brief, an ESG disclosure filed under a voluntary reporting framework, or a regulatory response that cites OECD data has no indication from the AI's output that the number is wrong, the source attribution is correct, the framing is plausible, and the figure is in the right ballpark.
For SaaS firms with data centre infrastructure in OECD member states, or whose investor narrative includes comparisons against sector-wide digital-infrastructure energy benchmarks, a materially incorrect OECD statistic in a published document creates reputational, audit, and potentially regulatory exposure. Investors doing primary source verification, increasingly common in ESG due diligence, will find the discrepancy immediately.
The findings at a glance
The table below summarises the finding from our testing of AI tools against the OECD's 2025 Recommendation on Digital Technologies and the Environment, including the question area, the failure type, and the primary risk it creates for ESG teams at SaaS firms.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | Ireland data-centre electricity share fabrication | Hallucination | RLB-F-INT-OECD-OECD-DIGITAL-TECHNOLOGIES-ENVIRONMENT-2025-Q006 |
Aggregate impact
The single finding from our testing reveals a failure pattern concentrated on the empirical layer of the OECD Recommendation, the data-centre energy consumption statistics that underpin its policy case and that ESG teams at SaaS firms are most likely to extract and quote externally. The AI produced the wrong figure for Ireland's 2021 data-centre share of metered electricity (14% versus the correct 11%, as stated in the OECD Digital Economy Outlook 2024 drawing on Ireland's CSO 2023 data), then fabricated a multi-year trajectory that does not exist anywhere in the source material.
The fabricated time series, presented as a progression from 5% in 2015 to 21% in 2023, would slot into a sustainability narrative or regulatory mapping document with no visible seam, because the direction of travel (rapid growth in data-centre energy demand) is directionally correct even if the specific figures are invented.
For ESG teams, the systemic risk here is not confined to a single statistic. It reflects a class of AI failure that is structurally difficult to catch: the AI has correctly identified the right source, the right document, and the right topic area, but has confabulated the specific number and extended it into plausible-looking supporting data. Standard QA processes, checking that the cited source exists, that the citation format is correct, that the topic matches, will all pass.
The failure only surfaces if someone opens the primary document and checks the actual figure, which in a high-volume ESG reporting cycle almost never happens for every data point sourced via AI.
The risk is amplified for SaaS firms operating across multiple OECD jurisdictions, where regulatory mapping documents regularly draw on cross-country OECD statistics to benchmark the firm's own digital infrastructure against sector norms. A wrong baseline figure embedded in that mapping propagates downstream into product sustainability claims, procurement criteria applied to cloud vendors, and external reports filed under voluntary or mandatory ESG frameworks.
What your team should do
The default position for any OECD data point retrieved via an AI tool is: treat it as a research lead, not a citable figure. That applies doubly to statistics drawn from subsidiary sources cited within OECD publications, country-level data from national statistics offices, for example, where the AI's training data may have encountered a draft, a summary, or a secondary commentary that carried a different number.
The Ireland CSO 2023 data-centre share is precisely this type of figure: narrow, jurisdiction-specific, and likely to appear in multiple forms across summaries, press releases, and analyst reports before the OECD's primary Recommendation-level document was finalised.
The practical safeguard is a two-step verification rule applied to any numeric claim the team intends to put in a document that leaves the firm: (1) open the primary source the AI named and locate the specific figure, not just confirm the source exists, but confirm the number is on the page; (2) if the AI also provided a time series or trend line, verify each data point independently, since fabricated series are commonly generated as extensions of a single sourced anchor figure.
For ESG teams working across multiple OECD member jurisdictions, this is most critical for data points that will appear in regulatory submissions, voluntary sustainability reports, or investor materials, where a material inaccuracy, even in a cited external statistic, can create audit findings or investor relations issues.
AI tools are safe and efficient for structural work on this regulation: identifying which sections of the Recommendation apply to digital infrastructure, mapping its scope against other sustainability frameworks, drafting section outlines for internal policies, or summarising the obligations tier for a business-line briefing. Where they should not be trusted without primary-source verification is on any specific numerical figure, energy percentages, consumption growth rates, benchmarks by country or sector, and on any citation chain that runs more than one step from the primary OECD document.
How RLB Can Help
RegLeg's published Hallucination Research gives your team a concrete pre-flight check before acting on AI-assisted output on ESG and sustainability regulatory questions. The findings catalogue, structured by regulation, jurisdiction, and failure mode, lets you see exactly where AI tools have been tested against primary regulatory text, what they got wrong, and how. For an ESG & Sustainability function at a Software & SaaS firm navigating disclosure obligations across multiple jurisdictions simultaneously, that catalogue is a faster signal than running your own internal red-teaming exercise every time a new framework lands or an existing one is amended.
Beyond the published research, RegLeg can run bespoke regulator deep-dives scoped to your firm's specific AI-supported workflows: materiality assessments under CSRD or ESRS where AI is used to interpret double-materiality scope; TCFD-aligned climate risk disclosure drafting where AI tools synthesise scenario guidance; supply-chain due diligence under CSDDD where AI is queried on third-party obligation thresholds; GHG Protocol and SBTi alignment checks where AI fields questions on scope boundary definitions. The output maps which workflow categories carry the highest hallucination exposure for your jurisdiction mix, so your team can triage AI reliance decisions rather than applying a blanket policy.
For firms with an existing AI-use policy, RegLeg can run a confidential review of that policy against the failure-mode catalogue, identifying gaps where the policy permits AI use in high-exposure contexts without adequate human-in-the-loop controls, and returning a prioritised remediation list scoped to ESG & Sustainability's actual workflow footprint. We can also translate the research findings into training material and CPD-aligned content your team can deploy internally: case-led modules that use real regulatory failure examples to build the pattern recognition your analysts need to catch AI errors before they reach a disclosure or a board pack.