When AI Starts Making Business Decisions: Who Is Responsible?
Artificial Intelligence (AI) is no longer merely used for summarising, answering questions, or automating administrative tasks. In many companies, AI is now being deployed to read market trends, map risks, detect transaction anomalies, and provide recommendations for business decision-making. This capability is undoubtedly tempting. AI can process vast amounts of data in a short time, find patterns difficult for humans to detect, and offer projections that appear more objective. However, when an AI recommendation proves incorrect and the company suffers a loss, a critical question immediately arises: who should be held responsible? Should the technology provider bear the consequences? Can the algorithm be considered the party at fault? Or does responsibility remain with the party who decided to use the analysis? This is where the legal issues begin.
AI is beginning to enter the boardroom. The use of AI in corporations is no longer futuristic. Where directors once relied on reports from consultants, market analysts, or financial advisors, some of these processes are now supported by AI-based systems. Warner Bros. Pictures International, for example, previously collaborated with Cinelytic Inc. to utilise AI in content and talent assessment as part of its film release strategy. In Indonesia, AI is also being used in the banking sector. PT Bank Danamon Tbk has integrated SAP Business AI into its human resources management to support work process efficiency and decision-making. These examples show that AI is moving from a support function to a more strategic role, helping to shape the basis of business considerations. The problem is that AI is not always correct. AI recommendations can be wrong due to incomplete data, data bias, model errors, or the system’s failure to read context. When such a recommendation forms the basis of a business decision, the risk is no longer purely technical. It can turn into financial loss, legal problems, and even a threat to the company’s reputation.
No matter how sophisticated its capabilities, AI cannot be positioned as a legal subject. In law, a legal subject is a party that has rights and obligations, can perform legal acts, can be sued, and can be held accountable. Humans are legal subjects. Limited liability companies are also legal subjects (legal entities) because they can own assets, rights, obligations, and responsibilities. AI does not hold this position. AI cannot be sued independently, cannot be asked to pay compensation, and cannot be burdened with legal obligations like directors, commissioners, or companies. Therefore, AI is more appropriately viewed as an instrument or tool. In a corporate context, the position of AI is similar to a consultant’s report, expert recommendation, market analysis, or other decision-support systems. AI can provide input, but it cannot bear the legal consequences of decisions made based on that input. Consequently, the use of AI does not automatically transfer responsibility to the machine.
The Business Judgment Rule is not a free pass. Under Indonesian corporate law, directors can essentially obtain protection through the Business Judgment Rule doctrine. This doctrine is reflected in Article 97 paragraph (5) of Law Number 40 of 2007 concerning Limited Liability Companies. Directors may be released from liability for company losses if they can prove that the loss was not due to their fault or negligence, the management was carried out in good faith and with due care, there was no conflict of interest, and they took action to prevent the continuation of the loss. This doctrine is important because not every business decision that results in a loss is automatically the director’s fault. The business world always contains risk. Decisions taken properly can still result in losses due to market conditions, economic changes, or external factors. However, the use of AI does not automatically allow directors to take shelter behind the Business Judgment Rule. Directors cannot simply state that a decision was made based on AI analysis. What will be assessed is the process before the decision was taken. Was the data used trustworthy? Was the AI recommendation tested again? Did the directors understand the system’s limitations? Was there a verification process before the decision was implemented? If directors accept AI recommendations uncritically, it is difficult to claim that the decision was made with adequate care. AI can strengthen decision-making, but it cannot replace the duty of prudence.
Because of this, companies do not just need to adopt AI; they also need to build AI governance. AI governance is needed so that technology does not become a new source of risk. Companies must determine who is responsible for the use of AI, how data quality is maintained, which decisions may be influenced by AI, and when human review of AI results is mandatory. At least four principles must be upheld. First, there must be a clear person in charge. AI must not become a grey area where many parties use its recommendations but no one is responsible when the results are wrong. Second, data quality must be considered. AI is only as good as the data it uses. Biased, inaccurate, or irrelevant data can produce misleading decisions. Third, companies need to maintain transparency.