Artificial intelligence in business: opportunities and legal challenges in 2025 that you should not forget
If your employees routinely use AI tools such as generative assistants (ChatGPT, Copilot), compilers (DeepL) or graphical applications (Canva, Midjourney), you should consider implementing an AI Policy. This document establishes rules for the safe and effective use of AI tools and protects sensitive information, including trade secrets or personal information.
1. Internal rules for the use of AI: the key to sustainability
2. Supplier arrangements and control of AI tools
Increasingly, companies are setting rules for the use of AI not only for their employees, but also for their suppliers. Supplier contracts may contain clauses on how data can be shared or processed using AI. Such arrangements minimize the risk of misuse and ensure that partners use AI tools in accordance with the law and your expectations.
3. GDPR and data protection: what not to forget?
If your business processes personal data using AI tools, it is crucial that you:
- Properly inform data subjects about how their data is processed.
- Consider the need for a Data Protection Impact Assessment (DPIA).
- Enter into processing agreements with AI system providers.
Failure to address the question of whether AI systems use sensitive data to 'learn' may lead to legal challenges or regulatory sanctions.
4. The AI Act: what does the new regulation bring?
The AI Act, adopted by the EU, introduces strict rules for high-risk systems such as those handling biometric data or making employment decisions. Companies should analyse whether their AI systems fall into high-risk categories and ensure that they comply with transparency and security requirements.
5. Training data: when can you use it?
Using data to train your own AI models often raises legal licensing issues. Unauthorized use of data can lead to litigation, especially if the data is copyrighted or contains sensitive information.
6. Implementation and legal liability
AI technologies, such as facial recognition systems or autonomous drones, raise issues of liability for damages caused by system errors. Clear contractual terms and ensuring compliance can minimise the risk of legal complications.
Key takeaways:
- Having an AI Policy in place ensures a sustainable and safe approach to using AI in the business.
- Legal documentation, including GDPR modifications and supplier contracts, is essential to protect data and minimize risk.
- The AI Act and rules for working with training data present new challenges that require expert solutions.
If you have questions about implementing AI in your business, contact us! We'd be happy to help you set up everything you need to use AI to its full potential without worrying about legal complications. We are here to help you!
About the author
Disclaimer:
The information contained in this article is for general informational purposes only and is intended to provide basic orientation on the subject matter in accordance with the legal framework as of 2026. While we strive for maximum accuracy, legislation and its interpretation evolve over time. We are ARROWS Law Firm, an entity registered with the Czech Bar Association (our supervisory authority), and for the maximum protection of our clients we carry professional indemnity insurance with a limit of CZK 400,000,000. To verify the current wording of applicable regulations and their impact on your specific situation, please contact the author of this article or another qualified professional.