ArtificiaI Intelligence in Business: The Legal Risks

Published on 8th Jun 2026

AI is everywhere now. It writes emails, summarises documents, drafts reports and occasionally produces results that make everyone in the room stare at the screen in silence.

Useful? Absolutely.

Risk-free? Not even close.

For businesses, the real issue is not whether AI can save time. It can. The issue is who is left holding the bag when it gets things wrong.

AI is helpful, not magical

AI tools are powerful, but they are not mind readers and they are certainly not infallible. They rely on the data they are given and the prompts they receive, which means the output can be biased, incomplete or simply wrong.

That is why businesses should treat AI as an assistant, not a decision-maker. If a human would be expected to check the work, AI should be checked too.

When AI gets it wrong

If a business relies on AI without proper oversight, the business is usually the one that carries the risk. The software does not take the blame; the organisation using it does.

That matters in a range of contexts. A poor AI-driven employment decision could create discrimination issues. A faulty AI-generated report could lead to professional negligence claims. A bad recommendation could cause a contractual breach. And in regulated sectors, the standards are even higher.

Legend has it that a 1970’s training course at IBM coined the phrase: “A computer can never be held accountable, therefore a computer must never make a management decision”. Regardless of its origin, that remains as true today as it did nearly 50 year ago.

The lesson is simple - if AI helps make the decision, a human still needs to own it.

Data protection and confidentiality

One of the biggest risks is putting information into AI tools without thinking about what happens next.

If employees enter personal data, client information, financial details or commercially sensitive material into a public AI platform, that can create serious data protection and confidentiality problems. The business may not realise it has shared information beyond its intended audience until it is too late.

Under UK GDPR, businesses need a lawful basis for processing personal data, appropriate security measures, and clear internal controls. If the data is confidential or sensitive, the stakes are even higher. You should not assume that a free or consumer-facing AI tool offers the level of protection your business needs.

Cybersecurity risks are growing too

AI does not just create privacy issues. It also opens the door to cybersecurity problems.

Employees may inadvertently leak information through prompts. Attackers may try prompt injection. Vendors may suffer breaches. Criminals may use AI to create more convincing phishing messages or deepfake scams. None of this is science fiction; it is already part of the modern risk landscape.

That means businesses should think about AI in the same breath as cyber risk, not as a separate, trendy side project.

Practical safeguards

The good news is that these risks can be managed. A sensible business should:

This is not about banning AI. It is about making sure the business uses it with discipline. 

The bigger picture

AI regulation is still developing, but the direction of travel is clear: more transparency, more accountability and more scrutiny. Businesses that put proper controls in place now will be in a far better position than those hoping for the best.

AI can absolutely improve efficiency and reduce repetitive work. But when it goes wrong, the law is unlikely to be impressed by the argument that “the computer did it”.

A final thought

Used properly, AI is a brilliant tool. Used carelessly, it is a fast route to avoidable risk.

If your business is using AI, or thinking about it, now is the time to make sure your policies, contracts and controls are up to scratch.

Need advice on managing AI risk in your business? Contact our team for practical guidance on compliance, governance and protecting your organisation.

Written by Iain Garfield (Director (known as Partner))