The Legal Risks of Using AI in Your Business

Artificial intelligence tools are now a fixture of the modern workplace. From drafting contracts to analysing financial data, generating marketing assets to screening job applicants, businesses of all sizes are embracing AI to save time and cut costs. But with that convenience comes a set of legal risks that most business owners have not yet considered or even have already unknowingly taken on.

This article explains the key legal risks of using AI in your business under Australian law, and what you can do to manage them.

1. Intellectual Property: Who Owns What AI Creates?

When your employee writes a report, the copyright generally belongs to the business. When an AI tool generates that same report, the position is far less clear.

Under the Copyright Act 1968 (Cth), copyright only subsists in works created by a human author. Content that has been entirely generated by an AI, without meaningful human creative input, may attract no copyright protection at all. That means a competitor could copy your AI-generated marketing material, product descriptions, or client reports without infringing your rights.

There is also the reverse problem. Many AI tools are trained on existing content, which is content that belongs to someone else. If your AI output reproduces or closely resembles a third party’s protected work, your business could be the one facing an infringement claim.

What you should do:

  • Treat AI-generated content as a starting point, not a finished product. Human review and editing not only ensures and improves quality, it also strengthens your claim to copyright.
  • Review the terms of service of any AI tool you use. Some platforms claim a licence over the content you generate using their service.
  • Avoid using AI tools that have faced litigation over their training data, particularly in creative industries.

2. Confidentiality and Data Security

One of the most immediate risks for businesses is the data you feed into AI tools. When a staff member pastes a contract, a client email, or sensitive financial information into a publicly available AI platform, that data may be stored, used to train future models, or accessed by the platform provider in ways you did not intend.

This raises serious issues under:

  • Your contractual confidentiality obligations to clients and counterparties;
  • The Privacy Act 1988 (Cth) and the Australian Privacy Principles, if the data includes personal information; and
  • Professional obligations, for businesses in regulated industries such as law, accounting, finance, or health.

A data breach caused by an employee sharing sensitive information with an external AI tool could expose your business to regulatory action, contractual liability, and reputational damage.

What you should do:

  • Implement a clear AI usage policy that identifies which platforms staff may use and what categories of information may not be entered into them. It is prudent to ensure that any information fed to an AI tool is de-identified.
  • Consider enterprise versions of AI tools, which typically offer stronger data protection and confidentiality commitments.
  • Review your privacy policy and data handling procedures to ensure they account for AI use.

3. Consumer Law and Misleading Conduct

The Australian Consumer Law (ACL) prohibits misleading or deceptive conduct in trade or commerce. If your business uses AI to generate product descriptions, pricing information, or customer communications that turn out to be inaccurate, you may be exposed to ACL liability. This still applies even if it was done unintentionally.

AI tools are known to “hallucinate”, where they will often produce confident, plausible-sounding output that is factually wrong. In a business context, this can mean incorrect technical specifications, inaccurate regulatory claims, or fabricated statistics appearing in your customer-facing materials.

There is no defence under the ACL that the error was generated by an AI rather than a human. The business remains responsible for the representations it makes.

What you should do:

  • Never publish AI-generated content, particularly factual or technical claims, without human verification.
  • Pay particular attention to any AI-generated content that makes representations about price, product performance, safety, or compliance.
  • Train staff to treat AI output as a draft that requires checking, not a final answer.

4. Employment Law Risks

AI is increasingly being used in hiring processes. It is often used to screen resumes, assess candidates, and shortlist applicants. While this may save time, it introduces discrimination risk that many employers overlook.

If an AI recruitment tool produces outcomes that disadvantage candidates on the basis of a protected attribute, your business may be exposed under federal anti-discrimination legislation. These include the Racial Discrimination Act 1975 (Cth), the Sex Discrimination Act 1984 (Cth), the Age Discrimination Act 2004 (Cth), and the Disability Discrimination Act 1992 (Cth), as well as applicable state and territory anti-discrimination laws. This exposure exists even where the employer did not intend to discriminate and did not know how the algorithm reached its decisions.

There is also an emerging question about how AI surveillance tools, like productivity monitoring software, email scanning, and similar technology, interact with employee rights to privacy and the implied duty of mutual trust in employment relationships.

What you should do:

  • If you use AI in any stage of recruitment, audit the outcomes regularly for patterns that could indicate indirect discrimination.
  • Ensure any AI monitoring of employees is clearly disclosed in employment contracts and workplace policies.
  • Obtain legal advice before deploying AI tools that make or contribute to decisions affecting employee entitlements or job security.

5. Professional Liability and Reliance on AI Advice

For professionals, including lawyers, accountants, financial advisers, engineers, and others, the use of AI in delivering services creates specific liability concerns. Relying on AI-generated analysis without adequate verification is not a defence to a negligence claim. Your duty of care to clients is not delegated to the software.

There have already been cases internationally where legal practitioners have filed court documents containing AI-generated case citations that did not exist. The professional consequences have been significant.

Even in non-professional contexts, businesses that provide advice or recommendations to customers, whether in retail, financial services, or health, carry responsibility for the accuracy of what AI helps them say.

What you should do:

  • Treat AI as a research assistant, not an expert. Always verify material facts, legal citations, and technical conclusions from authoritative sources.
  • Disclose to clients or customers when AI has been used in preparing advice or materials, where that is relevant to their decision-making.
  • Review your professional indemnity insurance to understand whether AI-related errors are covered.

6. Contracts and Liability Allocation

If you are a business that is supplying AI-assisted services to clients, or a business purchasing AI tools from a vendor, the contracts governing those relationships matter enormously.

On the supply side: if your service agreement does not address how AI is used in delivering your services, you may have obligations of accuracy or fitness for purpose that are difficult to meet when AI is involved.

On the purchasing side: most AI vendor agreements limit liability significantly, often excluding consequential loss entirely. If an AI tool makes an error that costs your business money, the vendor contract may leave you with no recourse.

What you should do:

  • Review your client-facing contracts and update them to address AI use, including appropriate disclaimers where AI is involved in the output.
  • Before signing AI vendor agreements, understand the limitations of liability and assess whether they leave your business exposed.
  • Consider whether your existing professional indemnity and business insurance policies need to be reviewed in light of AI adoption.

7. Regulatory Compliance

Several Australian regulatory regimes impose specific obligations that intersect with AI use:

  • Financial services: ASIC published its report Beware the Gap: Governance Arrangements in the Face of AI Innovation in October 2024, finding that many licensees are adopting AI faster than they are updating their compliance frameworks. ASIC has made clear that existing obligations, including the duty to provide financial services efficiently, honestly and fairly under section 912A of the Corporations Act 2001 (Cth), and the prohibition on misleading or deceptive conduct, apply with full force regardless of whether decisions are made by humans or algorithms.
  • Health: The Therapeutic Goods Administration has regulatory requirements for software that constitutes a medical device, which can include certain AI diagnostic tools.
  • Privacy: The Privacy and Other Legislation Amendment Act 2024 (Cth) has already been enacted. From 10 December 2026, businesses that engage in automated decision-making involving personal information that could reasonably be expected to significantly affect an individual’s rights or interests must update their privacy policies to disclose how that automated decision-making operates. Non-compliance exposes organisations to civil penalties and regulatory scrutiny under the Privacy Act 1988 (Cth).

 

Internationally, if your business deals with customers in the European Union, the EU AI Act entered into force on 1 August 2024 and is being phased in progressively, with full applicability from 2 August 2026. Depending on the risk classification of your AI tools and your role in the supply chain, compliance obligations may already apply.

What you should do:

  • Identify every AI tool your business uses and the regulatory frameworks that apply to the activities it supports.
  • Monitor the progress of Australian privacy law reform, particularly proposed changes to automated decision-making.
  • If you operate in regulated industries, obtain specific legal advice about your AI compliance obligations before the tools are deployed.

The Bottom Line

AI tools can deliver genuine efficiency gains for businesses. But the legal framework has not kept pace with the technology, and the gaps create real risk. This applies to intellectual property, data privacy, consumer protection, employment, professional liability, and contractual exposure.

The businesses best positioned to benefit from AI are those that adopt it deliberately: with clear policies, proper staff training, reviewed contracts, and legal advice where the stakes are high.

If your business is already using AI tools, or is considering doing so, now is the time to take stock of where your exposure lies.

image_pdfimage_print
X
Scroll to Top