AI and law

Basic knowledge and future requirements

© Panpatsa - stock.adobe.com

August 2025


Artificial intelligence (AI) is transforming the corporate world at a rapid pace. And with every new possibility, the question quickly arises: Can the new tool be used at all? What data protection issues need to be considered? Could it violate internal regulations? This article is intended to help provide orientation and to keep the added value of the new technologies for small and medium-sized enterprises (SMEs) in focus despite all the concerns.

Important legal framework conditions

When using AI in SMEs, a key aspect of data protection is compliance with the General Data Protection Regulation (GDPR). As AI systems often process personal data, it must be ensured that there is a valid legal basis for the processing, such as the consent of the data subjects or a legitimate interest of the company. In addition, information obligations must be complied with so that data subjects are informed transparently about the type, scope and purpose of data use.

Copyright and usage rights also play an important role, as AI-generated content such as texts or images must be legally protected. SMEs should therefore clarify who owns the rights to this content and be sure to check the licence conditions when using pre-trained models or external software.

Another important point is product liability and responsibility. If AI systems make decisions or control processes that lead to errors or damage, it must be clearly defined who can be held liable. This applies in particular to companies that use AI to make automated decisions.

Labour law aspects are also relevant, especially if AI is used in the HR department, for example when selecting applicants. Here, care must be taken to ensure that the systems used work fairly and transparently in order to avoid discrimination.

KI und Recht
© Suriya - stock.adobe.com

Keyword: Employee empowerment

Employee empowerment is extremely important when dealing with AI in SMEs and complying with legal framework conditions - often even a key factor for the success of the AI introduction. Even the best AI technology is of little use if employees do not understand how it works, what opportunities it offers and what risks it harbours. Only if employees are competent in dealing with AI can they fully utilise the potential of the technology, make informed decisions and avoid errors or misuse.

In concrete terms, this means that employees need both technical expertise and an awareness of ethical and legal aspects, such as data protection or possible biases in the algorithms. Training, further education and an open communication culture are therefore crucial in order to reduce uncertainty or fears and create acceptance.

Empowerment also promotes innovative strength within the company, as employees can often make their own suggestions on how AI can be used sensibly to optimise processes or open up new business areas. Especially in SMEs, where there are often fewer resources available, this commitment pays off directly.

Effective measures include

  • Targeted training and workshops on AI law and data protection
    Regular, practice-orientated training courses teach the basics of data protection, liability and ethical aspects of AI use - adapted to the respective roles of employees.
  • Provision of guidelines and checklists
    Easily accessible, comprehensible documents help employees to comply with legal requirements in their day-to-day work, for example when using or developing AI applications.
  • Establishment of an internal contact person or compliance team
    A permanent point of contact for questions relating to AI law promotes dialogue, provides support in the event of uncertainty and ensures that legal issues are clarified quickly.

Ethical and international aspects

AI is borderless - it is inextricably linked to social developments and media content. At the same time, digital communication and data processing is also an international task. Accordingly, there are also international regulations to provide guidance, especially when it comes to ethical issues. Although many of these regulations are not yet legally binding, they have a major influence on responsible behaviour and the design of AI systems.

There are now several ethical regulations and guidelines that are intended to provide companies with guidance. Although many of these regulations are not yet legally binding, they have a major influence on responsible behaviour and the design of AI systems. Here is an overview of the most important ethical principles and regulations:

  • EU guidelines: The European Commission published "Ethics guidelines for trustworthy AI" in 2019. These are based on seven key requirements (including human agency, privacy, social and environmental wellbeing).
  • OECD principles: In 2019, the Organisation for Economic Co-operation and Development (OECD) adopted principles for dealing with AI that respect human rights, promote fairness and transparency and ensure accountability and safety, among other things.
  • UNESCO recommendations: In 2021, UNESCO adopted a recommendation on the ethics of AI that formulates global ethical principles, including justice, human dignity, privacy, responsibility and sustainability.

These and other international regulations strengthen and supplement national guidelines. For SMEs in particular, it is worth keeping an eye on these major international developments and identifying the needs and trends in the field of AI.

KI und Ethik
© 3Dsss - stock.adobe.com

Forecast

It is clear that companies must utilise AI in order to remain competitive in the long term. Where and how exactly this happens is individual and must also be embedded in the respective corporate strategy. The following legal challenges, which go beyond the issues mentioned above, should also be taken into account when embedding AI in a future-oriented manner.

The future legal challenges for companies using AI will be diverse and complex, as technology, society and the law are constantly evolving. Here are some of the key issues that companies are likely to face in the coming years:

  1. Regulation of AI liability and responsibility
    Currently, it is often unclear who is liable when AI systems make mistakes or cause damage - be it through incorrect decisions, security vulnerabilities or faulty data processing. Future laws will probably have to create clear liability regulations, such as who is responsible for autonomous systems: the developer, the operator or even the AI itself (keyword "artificial person").
  2. Data protection and data sovereignty
    As the use of AI increases, so does the amount of data that is processed. Data protection regulations such as the GDPR are likely to be further tightened or supplemented by new requirements to better ensure the protection of personal data. In addition, the question of how companies use data fairly and transparently without violating the rights of individuals will become more important.
  3. Transparency and explainability
    Legislators are increasingly demanding that AI decisions must be comprehensible and explainable, especially in the case of automated decisions with major consequences (e.g. granting loans, applicant selection). Companies must therefore take technical and organisational measures to ensure transparency.
  4. Combating discrimination and bias
    AI systems can unconsciously reproduce prejudices and make discriminatory decisions. Future legal requirements will oblige companies to check algorithms for bias, document them and take measures to prevent discrimination.
  5. Security requirements and cybersecurity
    AI systems can be the target of cyber attacks or harbour security risks themselves. Future laws are likely to prescribe stricter security standards and obligations to provide evidence in order to prevent manipulation and misuse.

Overall, the legal landscape surrounding AI will become much more dynamic and complex. For companies, this means that they will have to keep abreast of new developments and flexibly adapt their AI strategies and compliance measures in order to minimise risks and secure competitive advantages. This will also enable SMEs in Baden-Württemberg to tap into the potential of AI, which will open up competitive advantages for them, for example by opening up new markets and increasing efficiency.