AI at work: Managing legal risk across the fast moving global landscape
To address the changing AI landscape in the workplace, employers should consider:
Artificial intelligence is rapidly reshaping work globally, creating significant productivity opportunities while also raising complex employment law risks around automated decision-making, workplace surveillance, psychosocial harm, consultation obligations and data privacy.
From recruitment and performance management to service delivery and workplace communications, AI tools are changing how organisations operate and how decisions affecting employees are made. Responsible use of AI in the workplace starts with governance, employee education and risk management.
Ashurst Perkins Coie is conducting a global client survey on AI in the workplace to supplement our current understanding of the key issues. We will report our survey results and provide a summary of the law applicable to AI in the workplace later this year. In the meantime, the key issues for employers to consider include:
AI governance and regulation varies significantly across jurisdictions, from risk based mandatory regulation in the European Union (EU), to industry led frameworks in Singapore and state-specific requirements in the United States. Multinational employers deploying AI across borders should consider the regulatory landscape in each jurisdiction and adopt governance frameworks that operate consistently across markets. However, there are some converging themes across jurisdictions such as transparency, explainability, testing, oversight and accountability. In addition, the OECD principles for trustworthy AI list inclusive growth, sustainable development and wellbeing, and these are often referenced by organisations as guiding principles for responsible AI use. Employers should keep and maintain a centralised register of AI systems in use across their organisations to be able to understand the risks they pose.
The term “Artificial Intelligence” was first used in 1956, at Dartmouth College in the United States. The AI revolution continues to develop in the United States, with Silicon Valley in California being home to numerous industry leaders. Although the United States’ Equal Employment Opportunity Commission (the EEOC) has launched an Artificial Intelligence and Algorithmic Fairness Initiative focused on how AI tools affect hiring, promotion, and other employment decisions, we are seeing the most regulation at the state level, through legislation requiring disclosure and via litigation pursuing liability against employers who rely too heavily on automated tools without policing their impact on the workforce.
Singapore is positioning itself as an AI hub and has adopted a self-regulatory approach. Key initiatives include the AI Verify Testing Framework (a voluntary testing framework and software toolkit) and the Personal Data Protection Commission's Advisory Guidelines (issued 1 March 2024), which clarify how the Personal Data Protection Act 2012 (PDPA) applies to AI systems that make, or assist a human decision-maker through, recommendations, predictions and decisions. These Guidelines are advisory and not legally binding, although the Privacy Commissioner is likely to enforce the PDPA consistent with the Guidelines. Singapore's Model AI Governance Framework for Generative AI sets out nine dimensions, including accountability, testing and assurance (third party testing), incident reporting and remediation.
In the United Kingdom, Parliament’s Business and Trade Committee launched an inquiry into AI and the future workforce which closed in April this year. This inquiry is examining AI's opportunities as well as risks for businesses and the workforce, including productivity, skills demand, job quality, health and safety, wellbeing, recruitment safeguards and the adequacy of the current regulatory framework. From our involvement with the All-Party Parliamentary Group on the Future of Work, there are various initiatives being considered around the impact of AI and the future of youth employment. In particular, there is a focus on providing the right training in AI so that young people have the right work skills for the future. We also expect that the impact of AI in the UK workplace will become a key focus for unions with their increased powers conferred by the Employment Rights Act 2025 (ERA). The UK is positioning itself as a hub for AI safety and assurance – having set up the AI Safety Institute to evaluate the risks of AI relating to public safety and security.
In Germany, France and the broader European Union, the EU Artificial Intelligence Act 2024 adopts a risk-based classification system, and imposes some of the most prescriptive AI obligations globally. From 2 December 2027, many HR related AI tools, including algorithmic CV screening, automated shortlisting, psychometric testing and productivity tracking, will be classified as “high risk” under Annex III of the EU AI Act. Employers that choose to use a high risk AI system must comply with obligations relating to governance, documentation, human oversight, transparency to individuals, data quality and non-discrimination. Non-compliance with the EU AI Act may attract fines of up to €35 million or 7% of a company's annual global turnover, in addition to sanctions under the General Data Protection Regulation (GDPR) and Germany's Federal Data Protection Act. The EU AI Act also mandates AI literacy under Article 4 which has been in force since February 2025 and covers any provider or deployer of an AI system. The requirements include the need to conduct an AI literacy needs analysis, tailor and deliver role and function-based AI training accordingly, and maintain robust training records to evidence compliance.
In Germany, works councils (Betriebsräte) have extensive co-determination rights under the Works Constitution Act (Betriebsverfassungsgesetz – BetrVG) when AI systems are introduced in the workplace. Under section 87(1) No. 6 BetrVG, the works council has mandatory co-determination rights over the introduction of technical devices capable of monitoring employee behaviour or performance. This applies even where monitoring is not the primary purpose of the AI tool, provided it is objectively capable of such monitoring. Employers must also inform and consult with works councils under section 90(1) No. 3 BetrVG before implementing AI systems. Failure to comply with these co-determination rights can render AI deployment unlawful. Under section 80(3) BetrVG, works councils have an express statutory right to engage external experts when assessing AI systems, with costs borne by the employer.
In France, the EU AI Act will reinforce existing workplace consultation considerations. Before using a high risk AI system in the workplace, employers will need to inform and consult workers’ representatives, particularly where the tool is used for recruitment, selection, promotion, termination, task allocation or performance and behaviour monitoring.
In Australia, the Australian Government released its National AI Plan in December 2025, confirming that Australia will rely on existing technology-neutral laws and sector regulators rather than introducing a standalone AI Act or mandatory guardrails for AI systems. The Plan is framed around three objectives: capturing economic opportunities through infrastructure and investment, spreading the benefits of AI adoption across industries and the workforce, and keeping Australians safe by managing AI risks through existing legal frameworks. As a key action under the Plan, the Australian Government established Australia's AI Safety Institute in early 2026, with $29.9 million in funding committed to monitor, test and analyse advanced AI capabilities, risks, harms and trends. The AI Safety Institute advises government and regulators but does not have enforcement powers, which remain with portfolio agencies and sector regulators under existing technology-neutral laws.
AI automation is changing the nature of work and creating complex legal questions around employee redundancy, redeployment, contractual variation and outsourcing arrangements. AI may affect employee roles, create redeployment needs, prompt downsizing, change the use of casual or labour hire arrangements, and trigger major change consultation requirements and severance entitlements.
Employers are encouraged to review position descriptions, job content, required skills, role classifications, duties clauses, bargaining terms, performance expectations, workloads, working conditions, data usage and redeployment pathways. If generative AI fundamentally changes an employee's day-to-day work and functions, employers may need to consult affected employees and seek employee consent to contractual variations.
Generative AI may also reduce the need for certain work to be performed by employees, potentially giving rise to genuine redundancy situations. In Spain, there have already been judgments declaring the validity of dismissals based on productive and organisational grounds due to the decrease of work linked to AI implementation (for instance, of translators who are no longer necessary due to AI).
In the United Kingdom, employers must undertake collective consultation where 20 or more redundancies at one establishment within a 90 day period are proposed. The maximum protective award for failure to comply with the collective consultation obligations has recently doubled and a new additional "threshold" will be introduced by the ERA triggering the collective consultation obligations. Similarly, in Australia, the introduction of AI in the workplace that may result in 15 or more redundancies will require consultation with unions representing those employees. Consultation obligations under applicable industry or occupational industrial instruments ('awards'), or employer specific instruments ('enterprise agreements') may also be triggered where this amounts to a major workplace change with significant effects on employees such as redundancies, or loss of job opportunities.
Organisations should also consider whether service contracts and outsourcing arrangements should address where AI could eliminate roles during the contract term, who pays redundancy or dismissal costs, and how employees will be treated upon the expiry or termination of their employment.
The use of AI in recruitment and employment decision-making raises significant discrimination and fairness risks across all jurisdictions. Employers that deploy or procure AI powered HR tools must maintain human accountability and guard against direct and indirect algorithmic bias. From a governance perspective, employers should ensure that AI systems used in employment decisions are sufficiently explainable to support legal defensibility. This means being able to articulate, in plain language, why a particular decision was reached or recommended. 'Black box' models that cannot provide this level of explanation present heightened legal and governance risk in employment contexts where decisions must be rational, proportionate and capable of being reviewed.
While the United States does not yet have federal laws mandating proactive disclosure of the use of AI tools in the hiring process, the legislative bodies in many US states are actively working to increase awareness of potential biases created by these tools. For example, the state of Illinois requires employers to notify applicants in advance if AI will be used in the screening process, and to obtain express consent if AI will be used to evaluate video interviews. Maryland requires similar express consent where AI will be used to assess interview performance. New York City and California require proactive disclosure when “Automated Employment Decision Tools” will be used – a broad term that applies to any computerized sorting function used to screen applicants. Colorado has codified a disclosure requirement and an opportunity to address and correct any perceived errors when AI tools are used to help make “consequential employment decisions.”
In Australia, the Privacy and Other Legislation Amendment Act 2024 (Cth) introduced new Australian Privacy Principles (APP) which will take effect from 10 December 2026 and require APP entities to disclose in their privacy policies information about the use of automated decision making software that could reasonably be expected to significantly affect the rights or interests of individuals, including the kinds of personal information used and the types of decisions made using AI. These obligations apply where an organisation uses a computer program to make, or substantially assist in making, decisions affecting individuals, including in connection with employment related decisions such as recruitment, performance evaluation and disciplinary outcomes.
Employers may be liable for discrimination or adverse action claims if the use of AI tools leads to biased results at any stage of the employment process. Recent employment law developments around the world demonstrate the risks involved when using AI tools for recruitment, though the risks extend to all steps of the employment relationship. In the US, the EEOC brought a lawsuit against iTutorGroup after an AI based hiring platform allegedly rejected all female applicants over 55 years of age and all male applicants over 60 years of age in violation of age and sex discrimination laws. A class action is currently pending in the US seeking to recover damages directly from the third party AI provider (versus the end-user employer), alleging race, age and disability discrimination through applicant screening tools using biased AI algorithms. In Germany, under the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz – AGG), employers are liable for discrimination caused by AI recruitment tools, regardless of whether the bias was intentional. Where works councils exist, employers must also seek works council consent for selection guidelines used in recruitment or transfers, including those involving AI systems.
In France, AI assisted recruitment and selection tools should be based on transparent methods disclosed to candidates and the Comité Social et Économique (CSE), use non-discriminatory criteria linked to the professional requirements of the role, and remain subject to meaningful human control. Employers may remain responsible for decisions made on the basis of algorithmic recommendations, particularly where biased outputs lead to discriminatory treatment.
Employers should take active steps to reduce bias and unconscious discrimination in AI recruitment tools by reviewing training data, identifying and addressing existing biases, and ensuring human oversight to investigate and correct outcomes. Employers should also have effective AI monitoring in place with bias, fairness and discrimination testing implemented, key risk indicators defined and tracked, with monitoring and reporting of those indicators, and clear protocols for where an AI system displays bias/discrimination. This might include, for example re-training the model, removing the model from use, or rolling back to previous versions of the model. Where third party recruitment tools are used, employers should understand the provider's contractual duties, seek assurances on non-biased training data and safeguard against bias and discrimination. This all needs to be underpinned by robust documentation on the type and nature of testing and validation performed, evidence of ongoing monitoring, and logs for risk and governance decisions.
The introduction of AI in the workplace can result in significant changes to the composition, operation or size of the workforce, the skills required, or the elimination or diminution of job opportunities.
In Germany, the works council has extensive co-determination rights regarding matters including working hours, remuneration principles, and health and safety measures. Where AI implementation constitutes a major operational change (Betriebsänderung), for example, where it involves significant changes to work processes, workforce composition, or job elimination, employers must inform and consult the works council and negotiate a reconciliation of interests (Interessenausgleich) and social plan (Sozialplan). Works councils also have information and consultation rights specifically concerning AI deployment and are entitled to engage external AI experts at the employer’s expense.
In the United Kingdom, redundancy laws require employers to give genuine consideration to redeployment and retraining opportunities before roles are made redundant due to AI automation. Fundamental changes to employment terms may require employee consent, and implications may arise because of the application of the Transfer of Undertakings (Protection of Employment) Regulations 2006 (TUPE) where AI changes service delivery models.
The EU AI Act’s human oversight requirements also create indirect upskilling obligations, as employers must ensure that individuals overseeing high risk AI systems have the competence, training and authority to exercise meaningful oversight and have sufficient AI literacy.
In France, although the Labour Code does not currently provide for a standalone AI specific consultation of the CSE, AI deployment may fall within existing consultation triggers, including the introduction of new technologies, significant changes to working conditions, employment, training, recruitment processes or employee monitoring. Recent decisions have required employers to consult the CSE, and in some cases suspend AI tools, where deployment had moved beyond mere experimentation or was likely to affect employees’ working conditions.
Recent legal decisions in France illustrate the fact-specific approach adopted by the courts. They show, first, that AI tools piloted over several months may be treated as a genuine first implementation rather than a mere experiment, triggering the need for CSE consultation. They also confirm that deploying AI tools for operational or content-related tasks may justify suspending their use until consultation is completed, where the technology is likely to affect employees’ working conditions. Finally, the decisions clarify that not every update to an existing AI tool requires fresh consultation; a new consultation is generally required only where the change amounts to a new technology or an important project with potential effects on working conditions.
Although these are interim decisions and the case law remains developing, they suggest that French courts will focus on the practical effect of the AI tool, the maturity and scale of the deployment, and whether the project is likely to affect work organisation or employees’ working conditions.
Notably, the United States has not yet implemented any laws increasing or altering workplace notification obligations when reductions in force are caused in part by the automation of functions, whether via AI or otherwise. However, several states are heading in this direction. California has seen multiple proposed bills aimed at requiring employers to conduct workforce impact assessments before deploying AI systems that could displace workers, and to provide retraining or transition assistance. New York has proposed legislation that would require employers adopting AI to provide advance notice to affected workers and to offer retraining programs or placement assistance. The states of Washington and Connecticut have also considered measures addressing automation related displacement, including task forces, study commissions, and proposed reskilling mandates.
In Australia, as noted, major changes in the workplace by the introduction of AI would likely trigger consultation obligations under industrial instruments (modern awards and enterprise agreements).
AI enabled monitoring tools allow employers to track employee activity at unprecedented levels, but they also create legal risks that must be managed proactively. Surveillance data may be used to inform decisions about work allocation, remuneration, discipline, and termination of an employee.
Where employers use AI in performance management, they must be able to explain how the tool informed the relevant assessment so that decisions remain lawful, rational, and made in good faith. AI should support, not replace, human decision making in performance related matters.
From 10 December 2026, the Australian Privacy and Other Legislation Amendment Act 2024 (Cth) will require APP entities to include information in their privacy policies about the use of automated decision-making software, the kinds of personal information used, and the types of decisions made using AI, where those decisions could reasonably be expected to significantly affect the rights or interests of individuals. Non-compliance with the updated privacy policy obligations may attract civil penalties of up to $50 million, three times the value of the benefit obtained, or 30% of the APP entity's adjusted turnover during the relevant period. Employers are encouraged to consider whether AI based productivity assessments may indirectly discriminate against an employee if their personal circumstances, such as a disability or caring responsibility, are not taken into account.
Although the US does not have a federal data protection statute, state laws, such as the California Consumer Privacy Act 2018, impose requirements on automated profiling of employees. In the US, various industries also utilize AI driven cameras in fleet vehicles that collected granular worker data about location, behaviours, work intensity and performance. This data is often used to mark efficiency to goals, track compliance with timekeeping requirements, help set pay rates, or for safety purposes. The implementation of these tools also creates potential exposure from a data and individual privacy standpoint, which can trigger specific disclosure and consent requirements.
Singapore's PDPA advisory guidance confirms that notification and consent obligations apply to the use of personal data in AI systems subject to consent exceptions, including the Business Improvement Exception and the Research Exception (for example, where developing or enhancing a product or conducting commercial research).
In Europe, a French bank implemented an AI system to monitor employee productivity after an employee challenged a disciplinary action against them. The bank was required to submit specific evidence showing how a human review was conducted during the decision-making process. In Italy, a food delivery platform was ordered to notify riders when their performance was being algorithmically evaluated following protests and legal action by trade unions. The Spanish Data Protection Act also specifically sets out an employer’s obligation to inform workers' representatives of the parameters, rules and instructions on which algorithms or artificial intelligence systems are based that affect decision-making, which may have an impact on working conditions, access to and maintenance of employment, including profiling.
In France, where AI tools process employee personal data, employers should ensure that employees are clearly informed of what data is collected, why it is collected, how it will be used and what rights they have in relation to that data. Particular care is needed where AI supports monitoring, performance assessment, work allocation or other decisions affecting the employment relationship.
AI enabled workplace monitoring can create psychosocial risks, including role uncertainty, job uncertainty, increased workloads and intensity, stress, unreasonable performance metrics, pervasive surveillance, and algorithmic task allocation.
Best practice WHS management provides that employers should perform targeted psychosocial risk reviews, manage workplace hazards, consult affected workers, formalise governance and human oversight, update WHS policies, and train HR professionals. In Spain, psychosocial risk assessments are not only recommended but compulsory. Employee training should emphasise that personal, copyrighted, or biased data should not be input into AI systems, as comprehensive training can help mitigate data protection and privacy risks.
In Australia, world first legislation, in the form of the NSW Work Health and Safety Amendment (Digital Work Systems) Act 2026, came into effect on 18 February 2026. The Act defines a “digital work system” as an algorithm, artificial intelligence, automation or online platform, and amends the Work Health and Safety Act 2011 (NSW) to impose a primary duty of care requiring a person conducting a business or undertaking to ensure, so far as reasonably practicable, that the health and safety of workers is not put at risk from the use of digital work systems. In particular, the Act requires businesses to consider whether the allocation of work by a digital work system creates risks including excessive or unreasonable workloads, performance metrics, monitoring or surveillance, or unlawful discriminatory practices or decision making. WHS entry permit holders are also given powers to require reasonable assistance to access and inspect digital work systems relevant to suspected contraventions.
In France, employers should also consider AI deployment through an occupational health and psychosocial risk lens. Tools that increase monitoring, performance pressure, workload intensity, isolation or uncertainty around roles should be assessed in advance, including through updates to workplace risk assessments and consultation with the CSE.
In United States v Heppner No. 25 Cr. 503 (JSR), the court rejected privilege claims over AI generated and AI processed materials, treating the information input into a free AI tool as disclosure to a third party under non-confidential terms.
This decision acts as a warning that entering privileged or confidential material into public AI platforms may irreversibly waive privilege and raise serious privacy and confidentiality issues. A similar finding could be made in other jurisdictions.
AI presents significant opportunities for employers, but its adoption must be supported by clear governance, transparency, human oversight and careful attention to employment, privacy and safety obligations.
We look forward to reporting further on these issues, with the release of our report on our 'AI in the workplace' client survey later this year.
Other authors: Cristina Grande, Counsel; Matthew Worsfold, Partner, Risk Advisory; Jordan Cohen, Senior Associate; Maria Baixauli, Associate and Isabella Stewart, Graduate.
This publication is a joint publication from Ashurst Perkins Coie Australia and Ashurst Perkins Coie Risk Advisory Pty Ltd, which are part of the Ashurst Perkins Coie Group.
The Ashurst Perkins Coie Group comprises Ashurst Perkins Coie UK LLP, Ashurst Perkins Coie US LLP, Ashurst Perkins Coie Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst Perkins Coie" or describe themselves as being affiliated with Ashurst Perkins Coie. Some members of the Ashurst Perkins Coie Group are limited liability entities. Some members of the Ashurst Perkins Coie Group provide legal services and some provide non-legal services. Different legal entities in the group may operate in the same jurisdictions. Information about which Ashurst Perkins Coie Group entity operates in any country can be found on our website at www.ashurstperkinscoie.com.
Ashurst Perkins Coie Australia (ABN 75 304 286 095) is a general partnership constituted under the laws of the Australian Capital Territory.
Ashurst Perkins Coie Risk Advisory Pty Ltd is a proprietary company registered in Australia and trading under ABN 74 996 309 133.
The services provided by Ashurst Perkins Coie Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.
For more information about the Ashurst Perkins Coie Group, which Ashurst Perkins Coie Group entity operates in a particular country and the services offered, please visit ashurstperkinscoie.com.
This material is current as at 15 July 2026 but does not take into account any developments after that date. It is not intended to be a comprehensive review of all developments in the law or in practice, or to cover all aspects of those referred to, and does not constitute professional advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst Perkins Coie. We accept no liability for use of these materials and reliance upon it by any person.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.