{"id":4616,"date":"2024-03-27T16:20:21","date_gmt":"2024-03-27T16:20:21","guid":{"rendered":"https:\/\/www.ditges.de\/?p=4616"},"modified":"2025-02-24T16:23:30","modified_gmt":"2025-02-24T16:23:30","slug":"compliance_risikominimierung_ki","status":"publish","type":"post","link":"https:\/\/www.ditges.de\/en\/compliance_risikominimierung_ki\/","title":{"rendered":"Compliance and Risk Mitigation in the Use of Artificial Intelligence (AI) in Companies under German Law"},"content":{"rendered":"
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Artificial intelligence (AI) is increasingly becoming an integral part of the daily operations of small and medium-sized enterprises (SMEs). With the advent of \u2018turnkey\u2019 software solutions, particularly through SaaS delivery models, SMEs can leverage AI's vast potential for value creation. However, a recent study by Koblenz University of Applied Sciences<\/a> highlights that the primary challenge for businesses remains the legal uncertainty associated with AI implementation.<\/p>\n


<\/p>\n

-<\/h3>\n

-<\/p>\n


<\/p>\n

Liability Considerations: Who is Responsible When AI Makes a Mistake?<\/h3>\n

As in traditional business environments, overall responsibility for AI-related decisions ultimately lies with company management, including the duty to establish early crisis detection mechanisms. Today, risk management systems must not only assess annual financial statements but can also incorporate predictive AI for financial and liquidity planning. This development raises the bar for management\u2019s ability to exculpate itself from liability in case of AI-related failures.<\/p>\n


A key risk associated with generative AI is the phenomenon of \u2018hallucinations,\u2019 where the system generates false or misleading outputs. If an AI system produces an incorrect result, several questions arise. First, if the AI system itself is defective, liability may rest with the provider. Second, if the system was used improperly, employee liability within the framework of internal damage compensation may be relevant. Third, if there was a failure in organizational oversight, management could be held accountable. Matters become even more complex when AI makes \u2018independent\u2019 decisions without human involvement. Apart from the general prohibition of fully automated decisions under Article 22 of the GDPR, companies must consider the extent to which AI system providers bear responsibility for regulatory compliance.<\/p>\n


<\/p>\n

Data Protection and Security: Ensuring Compliance<\/h3>\n

Given that AI systems process vast amounts of data, data protection and security must be prioritized. Beyond ensuring the legality of data processing, companies must address data sovereignty concerns. Depending on the application, it is critical to prevent user data from being utilized to \u2018train\u2019 AI models. Removing such data after it has been incorporated (\u2018unlearning\u2019) is technically challenging. Even where user consent has been obtained, legal uncertainty persists in cases involving personal data, as revocation or deletion requests can be difficult to implement.\nTo mitigate these risks, companies must implement robust technical and organizational measures (TOMs) to safeguard sensitive data. This has direct implications for contract negotiations when procuring AI solutions. In SaaS agreements, data protection responsibilities must be clearly defined, and businesses should consider whether a data processing agreement (DPA) is necessary.<\/p>\n


<\/p>\n

Intellectual Property: Who Owns AI-Generated Work?<\/h3>\n

Another critical question concerns the ownership of AI training data and outputs. This issue affects not only contractual relationships between companies and software providers but also the rights of employees. Under German copyright law (Sections 43, 69b UrhG), when an employee creates a copyright-protected work or software, the employer generally acquires the corresponding usage rights. However, when generative AI is involved, the protectability of the resulting work is uncertain. The extent to which an employee's qualitative and quantitative contributions can be distinguished from AI-generated elements must be assessed on a case-by-case basis under copyright law. Furthermore, companies must implement safeguards to prevent unintentional copyright infringements when using AI-generated content.<\/p>\n


<\/p>\n

Navigating the legal complexities of AI implementation requires a strategic, interdisciplinary approach. At DITGES, with offices in Bonn and Munich, we provide consolidated, harmonized legal counsel based on extensive experience in practice, academia, and strategic advisory.<\/p>\n

For further inquiries, please do not hesitate to contact us:<\/p>\n

Prof. Dr. Renate Dendorfer-Ditges LL.M. MBA<\/a>
Rechtsanw\u00e4ltin \/ Fachanw\u00e4ltin f\u00fcr Arbeits- \/ Handels- und Gesellschaftsrecht \/ Internationales Wirtschaftsrecht \/ Zertifizierte Mediatorin<\/p>\n

Philipp Wilhelm LL.M.<\/a>
Rechtsanwalt \/ Zertifizierter Mediator<\/p>\n


Stand: 15.03.2024<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

K\u00fcnstliche Intelligenz (KI) ist im Alltag kleiner und mittlerer Unternehmen angekommen. Die gr\u00f6\u00dfte Herausforderung sehen Unternehmen in der damit verbundenen Rechtsunsicherheit.<\/p>","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[64],"tags":[59,4],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ditges.de\/en\/wp-json\/wp\/v2\/posts\/4616"}],"collection":[{"href":"https:\/\/www.ditges.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ditges.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ditges.de\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ditges.de\/en\/wp-json\/wp\/v2\/comments?post=4616"}],"version-history":[{"count":32,"href":"https:\/\/www.ditges.de\/en\/wp-json\/wp\/v2\/posts\/4616\/revisions"}],"predecessor-version":[{"id":4649,"href":"https:\/\/www.ditges.de\/en\/wp-json\/wp\/v2\/posts\/4616\/revisions\/4649"}],"wp:attachment":[{"href":"https:\/\/www.ditges.de\/en\/wp-json\/wp\/v2\/media?parent=4616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ditges.de\/en\/wp-json\/wp\/v2\/categories?post=4616"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ditges.de\/en\/wp-json\/wp\/v2\/tags?post=4616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}