Almost half of British businesses (41%) do not have a documented AI policy, with some believing that AI is a fad that won’t impact their business, a survey has revealed.
With AI now firmly in the mainstream, accelerated by generative AI, law firm Ashfords spoke to 250 British businesses about their use of and attitude towards AI. It found a worrying lack of preparedness: of the 41% who said they didn’t have an AI policy, 12% didn’t even know they needed one and only 14% had plans to implement one.
Over half of respondents (54%) described themselves as cautious adopters of AI who recognise its benefits but are wary of its implementation challenges, data privacy risks and the need for employee training. Yet over a quarter of businesses classed themselves as sceptical bystanders, claiming AI is a fad that won’t impact their business (18%) with some even describing themselves as fierce opponents, who will resist its use for fear of job losses or being put out of business (10%).
“The effective use of generative AI is a potential gamechanger for businesses of all sizes, but with opportunity comes risk and so it is understandable that some businesses don’t want to think about it. However, I would urge businesses that are using or contemplating using AI to have a policy in place and even if you’re one of the sceptical bystanders or fierce opponents, you should at least consider how it is being used in your supply chain,” says Liam Tolen, senior associate at law firm Ashfords.
“We are yet to see any British company hauled before the courts over their misuse of AI, but it won’t be far off. Hence, businesses need to protect themselves and offer clear guidance to their employees now,” adds Liam.
Data security was the primary concern when it came to AI implementation, cited by 37% of businesses, but this was followed by staff concerns over whether AI will make their role obsolete (23%). Other concerns centred around regulatory compliance (14%), ethical implications, such as bias (14%), and staff concerns over how to use it (12%).
“An obvious but often overlooked risk comes from the unauthorised release of sensitive data, breaching privacy and confidentiality, and potentially giving rise to copyright infringement, with any breaches potentially leading to substantial fines and damages claims as well as significant reputational damage,” explains Liam.
There was strong support for specific government regulation for businesses using AI technology (65%) with only 10% against it citing fears of stifling innovation.
The most commonly used AI tools were chatbots, such as ChatGPT, used by 46% of businesses, followed by automation tools (30%), predictive analytics (25%) and image recognition (14%).
So, what should be in a workplace AI policy?
“It doesn’t need to be onerous and overly complicated, but it should be well communicated and backed up with appropriate training,” explains Su Apps, an employment law partner at Ashfords.
Su offers some guidance:
- Define: What AI tools can and cannot be used for specific tasks so that everyone is clear on the parameters of use. Within that stipulate whether the use of individual accounts or company only accounts apply. When considering this, make sure it is tailored to your business.
- Human accountability: Don’t fall into the trap of thinking generative AI content will be perfect. Anything produced by AI should be considered a draft and as such, be subject to a human quality control. Ultimately make it clear that the employee using the AI to assist in their work retains full responsibility and accountability for the end result. Blaming the AI is not a defence.
- Data aware: Ensure staff know that the use of personal data in AI is not permitted. As part of this clearly set out how you will monitor their use of AI, which should also be covered in your privacy policy.
- Help and guidance: Larger business may consider the appointment of a Chief AI Officer to direct and monitor usage of this quickly evolving tool but for those not operating at such a scale, consider offering one point of contact for assistance in using generative AI. Alongside this, deliver ongoing employee training to engender widespread understanding of how to use and apply the permitted AI tools.
- Review, refine, repeat: As the use of generative AI is rapidly evolving, so too should your AI policy. Hence it is advisable to review, refine and update initially at least every six months.
“Always remember that any policy needs to be bespoke to your business, be layered with human intervention and have ethics at its heart,” says Su.
