AI in the workplace: Legal risks and how to mitigate them

According to a 2025 McKinsey & Company report, AI has become a mainstream feature in the workplace, with 76% of employees using it by 2025, up from 30% in 2023.

It is reshaping not only how work is performed, but also the nature of tasks and decision-making. For employers across the UK, this shift introduces significant legal risks and requires a more proactive and structured approach to governance.

The use of AI in the workplace raises a range of legal concerns. In particular, the “red lines” for deploying AI in HR functions centre on discrimination and bias, data protection and the need to preserve meaningful human involvement in decision-making, especially where automated systems are used.

Regulators such as the Information Commission’s Office (ICO) and the Equality and Human Right Commission (EHRC) have warned that employers may be underestimating the extent to which AI influences workplace decisions.  This creates a real risk of unlawful practices going unnoticed.

AI should never be given sole, final authority over significant employment decisions. These are decisions that can materially affect an individual’s career, livelihood or legal rights. Such decisions require meaningful human oversight, informed judgment and clear accountability.

There are four key areas where fully automated AI decision-making presents particularly high legal and operational risk.  In these contexts, reliance on AI without robust safeguards increases the likelihood of unfair outcomes, embedded bias, lack of transparency and legal challenge.

1. Hiring, Firing, Promotion and Disciplinary Decisions

These are all high impact decisions affecting both individuals and the organisation. Under UK GDPR, solely automated decision-making that produces legal or similarly significant effects is restricted, unless specific conditions and safeguards are in place.

If AI is effectively determining who is hired, promoted, or dismissed, employers risk breaching data protection principles unless:

• meaningful human review is involved.
• Individuals are able to challenge the decision.
• The reasoning behind the decision can be clearly explained.

Failure to meet these standards may expose employers to claims under data protection law, as well as unfair dismissal and discrimination legislation.

2. Discrimination – sensitive decision-making

AI should not be relied upon to make decisions that could directly or indirectly discriminate against individuals with protected characteristics ( e.g. sex, race, age, disability, religion or belief). Such decisions require careful human oversight to ensure fairness, legal compliance and proper consideration of individual circumstances.

AI systems trained on historical HR data may replicate or amplify existing biases. As a result, even in the absence of intent, their use can produce outcomes that are unfair or disproportionate.

This creates a genuine risk of indirect discrimination, particularly where AI tools are deployed at scale in recruitment, performance management or other employment processes without adequate review, transparency and bias mitigation measures.

3. “Black Box” performance management

AI should not function as an opaque judge of employee performance. Employees must be able to understand decisions affecting them and have a clear opportunity to challenge them.

A lack of transparency undermines procedural fairness, which is central to employment law, particularly in unfair dismissal claims. A fair process requires that employees are not merely presented with conclusions but are given access to the reasoning and evidence behind them, so they can respond effectively.

If an employer cannot explain how an AI system reached a particular recommendation or decision (whether in relation to capability, misconduct, redundancy selection or performance scoring etc) it will be significantly more difficult to demonstrate that the decision was fair, reasonable and lawful in an employment tribunal. In practice, reliance on unexplainable AI outputs risks weakening an employer’s ability to defend its decision-making process.

4. Decisions involving sensitive HR Judgment

AI should not be used to determine outcomes in situations where context, credibility or nuanced judgment are central to the decision-making process. In employment law, and particularly before employment tribunals, significant weight is placed not only on the final outcome, but in whether the employer’s decision-making process was reasonable, proportionate and properly informed.

AI systems are currently limited in their ability to replicate this evaluative judgment. In particular, they struggle with:

• Assessing credibility– including weighing conflicting accounts and evaluating witness reliability
• Understanding workplace context – such as informal norms, team dynamics and organisational culture
• Making judgments of proportionality – including whether a response is appropriate in light of severity, prior conduct and mitigating factors.

These elements are fundamental to fair employment decision-making. Over reliance on AI risks reducing complex, fact-sensitive judgements to rigid or decontextualised conclusions, potentially undermining fairness and weakening an employer’s position before a tribunal.

The Evolving Regulatory Landscape

The regulatory landscape for AI is evolving rapidly. The UK Government is moving away from purely voluntary principles towards a more interventionist approach, with increased regulation of advanced AI systems expected from 2026 onwards.

For example, the Data (Use and Access) Act 2025 has already amended aspects of UK GDPR relating to automated decision‑making, increasing scrutiny on how employers use AI in areas such as recruitment screening and performance monitoring.

Despite Brexit, the EU AI Act (effective since early 2025) is setting global standards. UK employers operating internationally, or using AI tools provided by global vendors, may still need to comply with its requirements depending on their activities and exposure to EU markets.

Practical Takeaway

AI can support HR decision making, but it must not replace human judgment. Employers should treat AI as an assistive tool and ensure robust governance, transparency, training and accountability at every stage.

While AI offers clear efficiencies and strategic advantages in the workplace, its use in HR and employment decision-making must be approached with caution and discipline. The legal risks, particularly in relation to discrimination, data protection and procedural fairness, are significant and, in many cases, still developing. Employers should not wait for regulatory enforcement to drive change. Instead, they should act now to embed clear governance frameworks, ensure meaningful human oversight and regularly audit AI systems for fairness and transparency. Those who take a considered and compliant approach will be better placed not only to mitigate legal exposure but also to build trust and credibility in their use of emerging technologies.

This update contains general information only and does not constitute legal or other professional advice. For further information and advice on this topic, please contact a member of our Employment team.