An insurance algorithm wrongly rejects a long-standing client’s claim and no one can explain why. Meanwhile, a credit AI turns down a strong loan application without human review, and an automated hiring tool flags a top performer for dismissal, but its logic is a mystery. These aren’t tech-fantasies, but dilemmas at the heart of today’s AI liability challenge. Although artificial intelligence promises speed and objectivity, legal accountability still lands squarely on human organisations. With the EU’s Artificial Intelligence Act now setting cross-border standards and the UK pursuing a “pro-innovation” regulatory approach that still emphasises responsibility, businesses must confront a pressing question…..  if no human made the decision, who is legally responsible? 

Who’s to Blame When the Algorithm Decides?

Lawyers like clear villains. Someone intended harm, controlled the process and could reasonably foresee the outcome. Algorithms spoil that logic. A hiring model trained on historic data does not “intend” to discriminate; a credit-scoring system rejects an applicant because a probability tipped by half a percentage point. Yet real people suffer real consequences.

This is why accountability for AI is shifting from authorship to deployment. Regulators and courts are less interested in who wrote the code than who chose to use it, fed it data and failed to step in. In 2023, Dutch authorities fined Uber for opaque automated driver decisions, focusing on the company’s use of the system rather than its technical design.

The EU AI Act further doubles down on this logic, setting explicit responsibility chains for high-risk systems, from developers to deployers. The UK, by contrast, prefers to stretch existing negligence, consumer and employment law, asking whether organisations took “reasonable steps” to oversee automation.

The uncomfortable truth for business leaders is simple.  Delegating decisions to AI does not dilute liability. It concentrates it on those who benefit most and those who could have intervened, but did not.

From Black Box to Courtroom

For years, businesses have treated AI explainability as an engineering headache. In reality, it is fast becoming a legal problem with commercial consequences. When an automated system refuses a mortgage, flags a job applicant, or blocks a bank transfer, courts are less interested in neural networks than in who can explain what happened, and why.

This is where the myth collapses. Explainability is not just about opening the black box, but about translating statistical reasoning into something that satisfies legal standards of proof. Judges do not accept “the model says so”. They ask whether a decision was reasonable, proportionate and contestable. That creates tension between protecting trade secrets and respecting the individual’s right to an explanation, a principle embedded in the General Data Protection Regulation (GDPR) and reinforced by the EU’s risk-based AI Act.

Smart companies are responding creatively. Instead of redesigning core models, they are building explainability layers around them, including narrative summaries, decision logs and counterfactual explanations designed for lawyers, regulators and judges. Some firms now maintain AI audit trails specifically drafted for court disclosure, not data science reviews.

In the UK, courts are testing whether a reasonable understanding of an automated decision is sufficient. The provocation is clear, treat explainability as litigation preparedness, not mere compliance, and you gain a strategic edge.

Code, Consequences, and the Law

AI risk is no longer a compliance checklist, but a design decision with legal consequences. Automated hiring tools that disadvantage women, or credit models that quietly exclude ethnic minorities, are increasingly framed as organisational negligence, not technical accidents. In the Netherlands, the SyRI welfare fraud system was struck down partly because its systemic bias breached human rights.

Other risks are subtler. Model drift, where an AI slowly changes behaviour as data shifts,  can turn a once lawful system into a liability if no one is clearly responsible for oversight. Automation bias adds another layer, because when staff defer blindly to machine recommendations, regulators may see a governance failure, not human error.

Best practice is moving upstream. Leading firms are creating board-level AI risk committees, requiring legal sign-off at deployment rather than procurement, and renegotiating contracts to clarify liability with AI vendors, This is very much an area still evolving.

Regulatory approaches are also diverging. The EU favours prescriptive risk categories under the AI Act, while the UK expects “reasonable steps”, without defining them. It is now clear that courts increasingly judge AI liability by process maturity.

When Software Becomes a Decision-Maker

Law struggles in the grey zone where software stops advising and starts deciding. Is an automated shortlist in recruitment merely “decision support”, or is it exercising discretion traditionally reserved for humans? Courts and regulators have yet to draw a clean line, but businesses are already feeling the risk.

High-stakes sectors expose the problem. In employment, AI screening tools can quietly filter out candidates long before a human interview. In credit and insurance, algorithms may adjust eligibility or pricing in ways no single employee can explain. Public-facing services add further tension, as automated benefits decisions or fraud flags can feel final, even when a nominal appeal process exists.

Many firms respond by insisting on “human-in-the-loop” oversight. Yet this can become a legal fiction if staff lack the time, authority or understanding to override the system. Regulators are increasingly sceptical of rubber-stamp review. The EU’s AI Act takes a strict view, treating certain automated systems as high-risk regardless of human involvement. As noted already, the UK’s approach is looser. However, the uncomfortable insight is that formal human oversight without real power can increase liability, not reduce it.

The Liability Gap in the Age of AI

AI moves at startup speed whereas law moves much more slowly. This growing mismatch is creating a widening liability gap. Businesses can deploy automated decision systems in months, while legal frameworks evolve over years. When harm occurs, responsibility rarely sits with the model creator. Instead, regulators and claimants pursue the end-user organisation that selected, trained and relied on the system.

Take automated credit scoring built on third-party models. If biased outcomes emerge, banks face enforcement action, not the software vendor. This imbalance is driving policy debate. In the EU, lawmakers are considering structural reform, including strict liability rules and mandatory insurance for certain high-risk AI systems. The UK is choosing a lighter path, expecting courts to stretch existing negligence and product liability principles to cover AI-driven harm.

For business leaders, the message is blunt: the liability gap is not temporary. It is becoming a permanent cost of using AI.

The Strategic Question Leaders Must Now Ask

The strategic question for leaders has shifted. It is no longer “Is our AI compliant?” but “Could we defend this decision in court and explain it convincingly to customers?” As automated decisions scale, legal liability now collides with trust, reputation and brand value, not just regulatory fines. The European AI Act makes clear that governance, documentation and accountability are business responsibilities, not technical footnotes. In the UK, courts are expected to test similar ideas through existing law, case by case.

The real insight is that in the age of automated decisions, law is a design parameter. The most resilient organisations will treat AI liability as core capability.

And what about you…?   

• If one of your AI-driven decisions were challenged tomorrow, could you clearly explain who made the decision, on what basis, and with what safeguards?

 • Are you relying on “human oversight” in name only, or do people genuinely have the authority, time and confidence to challenge the system?