Most organizations track AI risk by watching for new laws. The exposure does not wait for them. AI legal liability runs through regulatory enforcement, civil and product liability, and insurance at the same time, and all three demand the same thing: a record that a named human governed the AI and verified its work. This piece maps the three channels and names the one artifact that answers all of them.