Artificial intelligence is no longer sitting on the edge of business strategy. It is already being used across products, platforms, internal systems and customer-facing services.
From generative AI tools that create content and code, to automated systems that support recruitment, risk assessment, fraud detection and customer profiling, AI is becoming part of how businesses operate.
That brings opportunity. It also brings a more difficult question.
Just because AI can do something, should it?
For technology-driven companies, this is no longer a theoretical debate. It is a commercial, legal and governance issue. If AI is being built into a product, used to make decisions, trained on customer data or relied on by teams, the business needs to understand where responsibility sits and what protections should be in place.
AI does not remove responsibility
One of the biggest misconceptions around AI is that responsibility somehow shifts to the technology itself. It does not.
If an AI system produces an unfair outcome, inaccurate output, privacy issue or harmful decision, the focus will not simply be on what the system did. The more important questions will be:
Who chose to use the system?
How was it tested?
What data was used?
Were users told AI was involved?
Was there human review?
What safeguards were in place?
For developers, SaaS providers and businesses deploying AI tools, accountability still sits with people and organisations. AI may support decision-making, but it does not replace the need for clear responsibility, good governance and legal oversight.
This is particularly important where AI is used in ways that affect individuals, such as employment, access to services, financial decisions, eligibility checks or customer profiling. The more meaningful the impact, the more important it becomes to understand how the system works and how decisions can be reviewed or challenged.
Fairness cannot be assumed
AI systems can appear neutral because they are based on data, rules and models. But that does not mean their outcomes are automatically fair.
Bias can enter an AI system in several ways. It may come from historic data, poor design choices, incomplete testing, unclear objectives or the way the system is used in practice. A model trained on past decisions may repeat patterns that already existed. A tool designed to optimise speed or efficiency may unintentionally create unfair outcomes for certain groups.
For businesses, this means fairness needs to be actively considered rather than assumed.
Before using AI in any meaningful decision-making process, businesses should be asking:
What data has the system been trained on?
Could that data produce biased or incomplete results?
Can the output be explained?
Is there a human review point?
Can a person challenge the result?
Has the system been tested in the context where it will actually be used?
This is not just about ethics. It is about trust, risk and defensibility. If a business cannot explain how an AI-supported decision was reached, it may struggle to defend that decision when challenged.
Data protection is one of the biggest pressure points
AI and data protection can be uncomfortable partners.
Many AI systems depend on large amounts of data. Data protection law, however, expects businesses to be clear, proportionate and transparent about how personal data is used.
That creates tension, especially where AI tools are trained, improved or customised using customer, employee or user data.
Businesses need to understand exactly what data is being processed, why it is being used, where it is going and whether it is being used to improve the model. This is particularly important where third-party AI tools are involved.
Key questions include:
Is personal data being used?
Is customer data being used to train or improve AI models?
Has the business told individuals how their data will be used?
Is there a lawful basis for the processing?
Can users opt out of certain uses?
Is data being transferred outside the UK or EU?
Are appropriate contractual protections in place with suppliers?
For tech companies, these questions often become commercial questions too.
Customers are increasingly asking how their data will be used. Procurement teams want to know whether their data will train wider models. Investors may want to understand whether AI-related data risks have been properly managed.
If the answers are unclear, deals can slow down.
Contracts need to catch up with AI use
AI is already appearing in commercial relationships, but many contracts are still not written with AI in mind. This creates risk for both providers and customers.
If a SaaS product uses AI, the contract should explain what the AI does, what it does not do and what the customer can safely rely on. If AI outputs are generated, the contract should deal with ownership, permitted use, responsibility for review and limits on liability.
Where customer data is involved, terms should be clear about whether that data can be used to train, test, improve or fine-tune AI systems.
Important contract points include:
AI functionality and limitations
Customer data use
Training and model improvement
Ownership of inputs and outputs
Accuracy of AI-generated results
Human review requirements
Third-party AI suppliers
Liability for AI-related issues
Confidentiality and security
Change control where AI features evolve over time
This matters because AI can alter the risk profile of a product or service. A tool that once stored information may now generate recommendations. A platform that once processed data may now analyse, predict or automate outcomes. Contracts need to reflect what the technology actually does.
AI-generated content raises ownership and risk questions
AI-generated content has made it easier than ever to produce copy, designs, code, reports and other outputs. But the legal position around ownership, originality and third-party rights is still developing.
For businesses, the practical issue is not whether the law has answered every question. It is whether the business understands the risk well enough to use the output responsibly.
If AI is being used to create business assets, product materials, software code or customer deliverables, businesses should consider:
Who owns the output?
Can it be used commercially?
Could it reproduce or resemble third-party material?
Has any confidential or personal data been entered into the tool?
Is human review required before the output is used?
What do the AI tool’s terms say?
This is especially important where AI-generated outputs are being supplied to customers, used in products or relied on in regulated or high-value contexts.
The EU AI Act shows where regulation is heading
The EU AI Act is a major development in AI regulation and shows the direction of travel for businesses using or developing AI.
Its approach is based on risk. Some uses of AI are prohibited. High-risk systems are subject to stronger requirements around data quality, transparency, human oversight, monitoring and accountability.
Even where a UK business is not directly caught by every part of the EU regime, the wider message is clear. AI use is moving towards greater scrutiny.
Businesses will increasingly be expected to show that they understand how AI is being used, what risks are involved and what controls are in place.
This will affect product development, customer contracts, procurement processes, due diligence and internal governance. AI compliance will not sit neatly in one department. It will touch legal, product, data protection, commercial, operations and leadership teams.
Good AI governance supports growth
AI governance should not be seen as a blocker to innovation.
Done properly, it helps businesses move faster with more confidence.
A business that can clearly explain its AI use, data practices, contractual position and risk controls will be in a stronger position with customers, investors and commercial partners.
Good AI governance should include:
Clear internal rules on AI use
Defined responsibility for AI decisions and outputs
Data protection checks before deployment
Supplier review for third-party AI tools
Contract terms that reflect AI functionality
Human oversight where decisions affect people
Clear records of testing, risk assessment and review
Transparent customer-facing explanations where needed
The point is not to remove all risk. That is not realistic. The point is to understand the risk, allocate responsibility properly and make sure the business can stand behind the way AI is being used.
Final thought
AI is changing how businesses build products, deliver services and make decisions.
But legal responsibility has not disappeared just because the technology has become more advanced.
For tech-driven companies, the key question is not simply whether AI can improve speed, efficiency or scale.
It is whether the business has the governance, contracts and data protection foundations to support that use properly.
Because when AI becomes part of the business, AI risk becomes business risk.
If you would like support reviewing how your AI use, data protection obligations and commercial contracts fit together in practice, please contact us at info@ethiqs.legal.
From generative AI tools that create content and code, to automated systems that support recruitment, risk assessment, fraud detection and customer profiling, AI is becoming part of how businesses operate.
That brings opportunity. It also brings a more difficult question.
Just because AI can do something, should it?
For technology-driven companies, this is no longer a theoretical debate. It is a commercial, legal and governance issue. If AI is being built into a product, used to make decisions, trained on customer data or relied on by teams, the business needs to understand where responsibility sits and what protections should be in place.
AI does not remove responsibility
One of the biggest misconceptions around AI is that responsibility somehow shifts to the technology itself. It does not.
If an AI system produces an unfair outcome, inaccurate output, privacy issue or harmful decision, the focus will not simply be on what the system did. The more important questions will be:
For developers, SaaS providers and businesses deploying AI tools, accountability still sits with people and organisations. AI may support decision-making, but it does not replace the need for clear responsibility, good governance and legal oversight.
This is particularly important where AI is used in ways that affect individuals, such as employment, access to services, financial decisions, eligibility checks or customer profiling. The more meaningful the impact, the more important it becomes to understand how the system works and how decisions can be reviewed or challenged.
Fairness cannot be assumed
AI systems can appear neutral because they are based on data, rules and models. But that does not mean their outcomes are automatically fair.
Bias can enter an AI system in several ways. It may come from historic data, poor design choices, incomplete testing, unclear objectives or the way the system is used in practice. A model trained on past decisions may repeat patterns that already existed. A tool designed to optimise speed or efficiency may unintentionally create unfair outcomes for certain groups.
For businesses, this means fairness needs to be actively considered rather than assumed.
Before using AI in any meaningful decision-making process, businesses should be asking:
This is not just about ethics. It is about trust, risk and defensibility. If a business cannot explain how an AI-supported decision was reached, it may struggle to defend that decision when challenged.
Data protection is one of the biggest pressure points
AI and data protection can be uncomfortable partners.
Many AI systems depend on large amounts of data. Data protection law, however, expects businesses to be clear, proportionate and transparent about how personal data is used.
That creates tension, especially where AI tools are trained, improved or customised using customer, employee or user data.
Businesses need to understand exactly what data is being processed, why it is being used, where it is going and whether it is being used to improve the model. This is particularly important where third-party AI tools are involved.
Key questions include:
For tech companies, these questions often become commercial questions too.
Customers are increasingly asking how their data will be used. Procurement teams want to know whether their data will train wider models. Investors may want to understand whether AI-related data risks have been properly managed.
If the answers are unclear, deals can slow down.
Contracts need to catch up with AI use
AI is already appearing in commercial relationships, but many contracts are still not written with AI in mind. This creates risk for both providers and customers.
If a SaaS product uses AI, the contract should explain what the AI does, what it does not do and what the customer can safely rely on. If AI outputs are generated, the contract should deal with ownership, permitted use, responsibility for review and limits on liability.
Where customer data is involved, terms should be clear about whether that data can be used to train, test, improve or fine-tune AI systems.
Important contract points include:
This matters because AI can alter the risk profile of a product or service. A tool that once stored information may now generate recommendations. A platform that once processed data may now analyse, predict or automate outcomes. Contracts need to reflect what the technology actually does.
AI-generated content raises ownership and risk questions
AI-generated content has made it easier than ever to produce copy, designs, code, reports and other outputs. But the legal position around ownership, originality and third-party rights is still developing.
For businesses, the practical issue is not whether the law has answered every question. It is whether the business understands the risk well enough to use the output responsibly.
If AI is being used to create business assets, product materials, software code or customer deliverables, businesses should consider:
This is especially important where AI-generated outputs are being supplied to customers, used in products or relied on in regulated or high-value contexts.
The EU AI Act shows where regulation is heading
The EU AI Act is a major development in AI regulation and shows the direction of travel for businesses using or developing AI.
Its approach is based on risk. Some uses of AI are prohibited. High-risk systems are subject to stronger requirements around data quality, transparency, human oversight, monitoring and accountability.
Even where a UK business is not directly caught by every part of the EU regime, the wider message is clear. AI use is moving towards greater scrutiny.
Businesses will increasingly be expected to show that they understand how AI is being used, what risks are involved and what controls are in place.
This will affect product development, customer contracts, procurement processes, due diligence and internal governance. AI compliance will not sit neatly in one department. It will touch legal, product, data protection, commercial, operations and leadership teams.
Good AI governance supports growth
AI governance should not be seen as a blocker to innovation.
Done properly, it helps businesses move faster with more confidence.
A business that can clearly explain its AI use, data practices, contractual position and risk controls will be in a stronger position with customers, investors and commercial partners.
Good AI governance should include:
Final thought
AI is changing how businesses build products, deliver services and make decisions.
But legal responsibility has not disappeared just because the technology has become more advanced.
For tech-driven companies, the key question is not simply whether AI can improve speed, efficiency or scale.
It is whether the business has the governance, contracts and data protection foundations to support that use properly.
Because when AI becomes part of the business, AI risk becomes business risk.
If you would like support reviewing how your AI use, data protection obligations and commercial contracts fit together in practice, please contact us at info@ethiqs.legal.