Artificial Intelligence: the evolving legal landscape – and what businesses need to do to comply


So far in our series on AI and the law, we have set the scene for the AI debate, examined some practical risks of applied AI, and set out a possible framework for managing those risks. Now, in this and the next few posts, we turn to explore whether and how current legal regimes may need to adapt to meet the AI challenge – and how businesses can factor in legal change when deploying AI.

The pace of development of AI and its adoption and use in business and society is increasing exponentially. How far that development, adoption and use can go, and whether AI meets the full extent of its potential, will depend at least partially on the suitability of the legal framework that underpins it. The reasons for this are clear: a robust legal regime is essential to foster growth, attract investment, enable effective risk management, and help ensure public take-up of AI technology. Equally, imposing an unsuitable or overly onerous legal regime to govern AI may have the opposite effect, discouraging growth and stifling innovation.

So how might current legal regimes need to adapt, and what new regulations may be required, in order to provide an appropriate legal platform for AI technology to thrive? And how do businesses seeking to deploy AI factor in the legal changes that will inevitably come? Those are broad questions, and we will devote the next few posts in this series to responding to them. Before we do so, however, it is necessary to set out the key areas of law that, in our view, will be impacted by AI that businesses will need to consider.

Broadly speaking, in our view, the key areas of law that businesses will need to consider when deploying AI are as follows:

• Legal liability – it is clear that AI has the potential to expose businesses to risk, loss and liability. What is the legal status of an AI system that operates largely independently of its designers and ‘machine learns’ over time? And who (or what) is responsible when AI goes bad? Is there a timeframe within which the manufacturer remains liable but, as machines learn to make their own decisions, does the risk leave the manufacturer and move elsewhere?

• Data privacy and cybersecurity – many AI systems will depend on large datasets, some of which are likely to include personal data. How will existing and upcoming data protection laws (including the GDPR) apply to AI and how can businesses design in compliance when using AI? Those AI systems are likely to be connected to networks and possibly each other – how can businesses mitigate cybersecurity risk in this interconnected environment?

• Employment law – much is being written about the potential for AI to displace human capital and the social implications of this. What are the HR issues that businesses need to consider when AI takes over tasks, processes and perhaps entire roles previously fulfilled by workers?

• Intellectual property – it is clear that IP will usually exist in AI, but IP may also be created by AI. Who owns information, knowhow and inventions developed by an autonomous AI, and what protections are available to would-be rights-holders?

• Contracting for AI – the AI service provider sector is burgeoning, with many new and existing providers selling AI-driven software and tools that disrupt traditional technology services markets, including data analytics and robotic process automation. What are the contractual issues that users will need to consider when procuring AI systems and services in the market? How do providers create contracts that reflect how AI operates in practice?

• Regulatory specifics – AI will be used across all industry sectors. To that end, what are the specific issues that arise when AI in healthcare, for example, and how will they differ from the situation where AI is used elsewhere, for example in transport and logistics. How will the relevant regulatory authorities deal with the issues raised?

It is clear that any serious assessment of AI deployment will require a thorough understanding of the legal risk being assumed, a risk management strategy to help ensure compliance, and a clear eye on the trends and developments that will shape law and regulation in this area. Our aim over the course of the next few posts is to examine how specific applications of AI will require specific changes and adaptations to specific laws, and how businesses can engage in the legal and compliance issues.