The Legal Do’s and Don’ts of Using AI
Artificial intelligence is transforming industries across Switzerland and beyond. Companies are racing to use AI to automate tasks, gain insights and innovate. AI can be a powerful asset. You can use AI to analyze large data sets or streamline workflows but AI can also create significant legal and ethical risks if misused. But for any organization, AI is a double-edged sword: It offers efficiency and other benefits, yet the use of AI brings new compliance pitfalls. Companies and their officers and directors who use AI on their own for corporate purposes need to be aware of some pitfalls.
This article serves as a director’s guide to the do’s and don’ts of using AI, helping company leaders and developers navigate the legal landscape and implement AI in the workplace responsibly.
Navigating the Legal Landscape of AI in Switzerland
Understanding the legal framework is crucial before diving into the use of AI. Switzerland does not (yet) have a single, dedicated AI law. Instead, existing laws apply. The new Federal Act on Data Protection (FADP) is technology-neutral and directly applicable to AI. That means AI-supported data processing must comply with all general data protection principles.
Organizations must ensure transparency, data security and respect for individual rights when using automated systems. The Swiss data protection regulator has made clear that manufacturers, providers and users of AI systems must make the purpose, functionality and data sources of AI processing transparent and individuals have a legal right to know if they are interacting with a machine and whether their input data is used to improve an AI model. In practice, if your company uses an AI chatbot or other AI tools, you should disclose this to users and ensure the use of their data is lawful. Individuals also have the right to request human review of AI decisions that significantly affect them.
Privacy and security are paramount. Swiss law requires safeguarding personal information and data processed by AI. A data protection impact assessment is mandatory before deploying AI in high-risk scenarios like profiling or large-scale processing of sensitive data. Even outside of data privacy, other Swiss laws still apply to AI. For instance, anti-discrimination rules (e.g. the Gender Equality Act) mean that using AI in hiring or customer service must not result in biased outcomes against protected groups. Likewise, intellectual property laws cover AI’s use of copyrighted material and product liability principles can extend to AI tools, meaning your company could be liable if an AI system causes damage.
Don’t forget the international context. The European Union’s AI Act, a comprehensive regulation categorizing AI systems by risk, will start applying in 2025–2026 and has extraterritorial reach. If a Swiss company’s AI system or its output is used in the EU, the EU AI Act may apply. This includes strict rules for “high-risk” AI (like in healthcare or finance) and bans on certain harmful AI uses (such as mass surveillance or social credit scoring). In the United States, there is no single AI law yet but regulators are actively monitoring AI in areas like consumer protection, employment and finance. A recent Executive Order on AI and various agency guidelines signal that companies deploying AI in the U.S. should prepare for oversight in data privacy, safety testing and anti-bias measures. In short, Swiss companies should track these developments. The use of AI is increasingly subject to scrutiny worldwide and practices acceptable today might face new regulations tomorrow.
With this backdrop in mind, what are the do’s and don’ts of AI for companies? Below we outline key do’s and don’ts of using AI in your business to stay on the right side of the law.
Legal Do's and Don'ts : Best Practices for Safe and Ethical AI Use
Participation and Voting Rights
Treat personal data with care when using AI. Collect and use only the data you need (data minimization) and have a clear purpose for it. If your AI will make automated decisions about people (for example, an AI in HR screening resumes or an AI in fintech assessing creditworthiness), inform the individuals and obtain consent if required. Provide a way for humans to intervene or review important AI-driven decisions. Under Swiss law, people can object to purely automated decisions and demand human oversight. Also, conduct a DPIA for any high-risk AI project to identify and mitigate privacy risks. These steps are not just formalities; they build trust and reduce legal exposure.
Secure your data and systems.
Before using any AI tool, especially third-party AI tools like ChatGPT, implement strict data security. Confidential material should only be analyzed with AI tools that have been vetted for privacy and security compliance. Do not upload sensitive company data or personal information into untrusted AI services. Remember that data you feed into an external AI could be stored on the provider’s servers. Encrypt data in transit and at rest and if possible anonymize or pseudonymize personal data before processing it with AI. Robust privacy and security measures protect you from data breaches, regulatory fines and reputational damage.
Set clear policies and train your team on using AI responsibly.
Establish internal guidelines (an AI usage policy) that define where and how employees may use AI. This policy should cover approved AI tools and use cases, data handling rules and required approvals for high-risk applications. For instance, you might prohibit using public chatbots for any customer data or require legal review before deploying an AI that interacts with clients. With proper guidance, AI can be integrated beneficially into workflows without employees inadvertently breaking laws (such as by exposing confidential data). A well-informed team is your first line of defense against AI-related missteps.
Maintain human oversight and accountability for AI decisions.
AI is powerful but it is not infallible. Always use AI as a support tool, not as an unchecked decision-maker. AI models are prone to errors or “hallucinations” (producing false information) and can reflect biases present in their training data. If you rely blindly on AI outputs, you risk making decisions that are wrong or even unlawful. Review and verify AI-generated outputs before they are incorporated into final decisions or documents. In practice, this means having a human in the loop: require approvals for AI-driven actions and double-check important results.
Rigorously test and document your AI systems.
Before and during deployment, test your AI models for accuracy, fairness and robustness. Validate that outputs make sense and check for disparate impacts (e.g. does your AI consistently favor or disfavor a group?). Ongoing monitoring is essential. AI behavior can drift over time or as data changes. Swiss financial regulators have emphasized the need for scheduled testing, bias audits, performance monitoring and data quality checks for AI models. Keep comprehensive documentation of your AI systems.
Consider intellectual property and licensing issues.
AI development and usage can raise tricky legal and ethical issues around IP. If you are developing an AI model, ensure you have the rights to the training data. Using copyrighted text, images or code to train AI models without permission can infringe copyright (unless an exception or license applies). For example, scraping online content for AI training might violate terms of service or copyright laws. When integrating third-party AI tools, review their license terms – who owns the output? Can the vendor use your data or outputs? Likewise, be aware that the AI model may sometimes regurgitate parts of its training data. The AI might incorporate recognizable snippets of a copyrighted work into its output, which could be discoverable and infringe on someone’s IP rights.
Stay updated on AI regulations and industry guidelines.
AI law is a moving target. New rules are being proposed in Switzerland (e.g. potential amendments to the Copyright Act for AI training data) and internationally. The legal industry and many business sectors are closely watching these developments. Follow news on the EU AI Act’s implementation and sector-specific guidance (for example, the Swiss financial regulator FINMA’s AI guidance for banks). Regulators often publish expectations even before laws are passed. Staying informed will help you anticipate changes.
Conclusion: Integrating AI into Business Safely
Adopting AI can yield tremendous benefits for companies, from efficiency gains to information and insight that drive innovation. But those who use AI on their journey must do so with eyes open to the legal landscape. By following the do’s and don’ts of using AI outlined above, organizations can be aware of some pitfalls and address them before they become problems. In Switzerland, as in many jurisdictions, the use of AI is under increasing scrutiny but proactive compliance can turn legal risk into a competitive advantage. Companies that use AI in a safe and ethical manner, respecting privacy, ensuring fairness and keeping humans in control, will not only avoid lawsuits and fines but also earn trust from customers, partners and regulators.
In practice, this means building a culture of accountability around AI. The key to using AI effectively is not just choosing the right technology but also implementing the right governance. Treat AI as you would any powerful business tool: with clear-eyed strategy, oversight and a commitment to uphold legal and ethical standards. Whether you are a startup experimenting with machine learning or a large enterprise deploying AI at scale, it’s wise to periodically audit your AI activities against these best practices. Update your policies as laws evolve (for example, preparing for EU AI Act requirements if relevant) and stay agile. What is acceptable today might change as society and regulations catch up with AI.
