As employer costs continue to rise, businesses are on the lookout for ways to reduce their bills. AI can deliver great benefits to businesses across the employee life cycle. From recruitment and hiring, to performance reviews, redundancy scoring or productivity analysis, its potential is vast. However, adoption also brings risk. Below are some of the possible pitfalls and guidance on how to use AI safely.
What are the risks?
Trust and confidence
Any employment contract carries with it an implied term of trust and confidence. When it comes to consultations or decisions made about staff, this normally requires an employer to be able to provide some sort of reasoning to justify their decision making. An employer will struggle to do this if they effectively outsource the decision-making part of the process to AI. It is recognised that AI can make mistakes and the Horizon scandal shows there can be significant risks to an organisation when technology fails but is relied on when making decisions.
When using AI for decision-making, individuals must understand how it works, how to use the outputs and be clear about the role AI has played. A material breach of trust and confidence can leave an organisation open to claims for constructive dismissal. It's also important to consider the impact on employees’ mental health if they feel their performance is being constantly monitored by AI, which may not take into account individual circumstances.
Discrimination
AI is only as good as the data that is put into it. If the historic data used by the company is discriminatory or has biases already contained within it, then the output is also likely to be discriminatory or biased. For example, in 2018 Amazon used an algorithm prioritising the applicants who were a good “fit” for the company. However, this was based on previous recruitment policy which had favoured male applicants.
In terms of potential indirect discrimination claims, the use of AI, or the database used to train the algorithms could be seen as a provision, criterion or practice (PCP). If that PCP can be shown to place a particular group who have a protected characteristic (such as age, disability, race etc) at a disadvantage, this could lead to potential claims for indirect discrimination. The European Human Rights Convention has already highlighted how facial recognition technology used to assess candidates in video interviews or to monitor attendance at work, does not work uniformly well for all skin colours – risking discriminatory outcomes.
Data protection
In the UK, there is currently no specific legislation for use of AI, including in relation to data protection obligations. Organisations therefore need to balance the opportunities available to them through AI with their existing obligations on data protection – including compliance with the UK General Data Protection Regulations, the Data Protection Act 2018, and the Data Use and Access Act 2025. For any organisations delivering services to EU citizens, there will also be a need to comply with the EU AI Act.
Processing personal data via AI carries significant risk. Organisations must understand these risks and undertake Data Protection Impact Assessments and other risk assessments, just as they would when sharing personal data with a third party processor.
Organisations must be clear on how they are using AI, what data is being inserted into a system, and how secure that data is. For many freely available AI models, the contracts under which they are supplied place the liability and responsibility entirely with the customer – in other words, if an organisation is using the model, they need to be prepared to take on any liability that may come with this. When procuring access to AI for a workplace, an organisation will require to assess how they can manage this risk, both through contractual mitigations with suppliers and internal processes and guidance to ensure safe, fair and transparent use of AI.
How to use AI safely
As the rewards of using AI in the workplace can be significant, to follow are some suggestions about mitigating risk.
Policies
Having an internal policy place explaining to staff how you are using AI is a must. Transparency and openness are key to maintain staff relations. A policy gives an organisation the chance to explain where and how AI is being used, how it might impact them and how they may be able to raise any queries that they may have around its use. For all its potential, AI still creates uncertainty for employees. AI use must line up with existing governance structures – make sure that new AI policies comply with and work together with existing policies, including your privacy and data protection policies.
Develop ethical principles and responsible use
As organisations adopt AI, clear principles will be important to build stakeholder trust and to align use with the existing organisational culture. This might include, for example, assessing fairness and reasonableness against your intended use, and evaluating the impact on individuals. It is also important to regularly review its use to determine whether it is contributing to discriminatory or biased decisions.
Risk assessments
Where AI is used in business decision-making, robust risk assessments should be carried out for each area of use. Showing that they have at least considered potential risks, and ways of mitigating against them, may help employers justify their decision making further down the line. Where your use of AI is likely to include the processing of personal data, ensure that the appropriate DPIAs and risk assessments are carried out and comply with your organisation’s policies around handling of personal data.
Leadership
To ensure accountability and clarity for employees, organisations should consider appointing an AI governance committee or lead. This would help in establishing clear lines of decision-making and responsibility as an organisation develops new or updated policies and procedures to balance compliance with innovation.
Training
It is vital that anyone relying on the data provided by AI understands how this information was arrived at, what this data means and how to incorporate it into their decision-making. It is important that managers do not simply say, “that’s what the software said”. Additionally, as the manager will be held responsible for the decision they must be able to justify it. Any use of AI should have human oversight - and this means providing training on its use.
To summarise our key take away points:
- AI has great potential in the workplace if used responsibly.
- Be wary of the risk areas where AI can leave your organisation vulnerable to claims.
- Responsibility for decision-making will always lie with the individual and not AI.
If you are nervous about using AI in the workplace, or want to speak to any of our experts then please contact a member of our team on 03330 430350.
