人工智能(AI)已成為企業營運的重要一環,協助招聘、客服、自動化、數據分析等工作。然而,隨着 AI 越來越「自主」,一個愈來愈多人關心的問題浮現:如果 AI 觸犯法例,責任由誰承擔?
儘管 AI 變得愈來愈聰明,但法律仍然一致地視 AI 為一種「工具」,而不是一個有獨立責任的主體。包括香港在內,大多數司法區均不承認 AI 具有法律人格,因此:
💥AI 不能被起訴
💥AI 不會承擔民事或刑事責任
💥任何後果最終都由人或企業負責
以下是企業在 2026 年應理解的重點:
🔖當 AI 造成影響時,誰真正負責?
企業(AI 使用者)通常是首要責任人,因為是企業決定使用哪款 AI、如何整合到流程、輸入什麼資料、是否採用 AI 的結果,以及最終誰受益。監管機構亦期望企業必須保持人類監督。
AI 開發者 / 模型提供者:若 AI 在設計、訓練或安全上存在偏差、風險未管理或透明度不足,開發者亦可能承擔部分責任。
提供資料或操作的使用者:若使用者輸入私隱數據、受版權保護內容或具法律風險的資料,也可能需為後果負責。
🔖如何建立「可信任 AI」?信任不來自 AI 完美,而是來自風險可控。
a. 保持人類在迴路(Human-in-the-loop):適用於招聘、晉升、風險與合規決策、醫療建議、金融審批及法律內容生成。AI 應作為輔助,而非替代。
b. 透明度與可解釋性:企業應清楚說明 AI 的判斷原因、所使用的資料及潛在風險,以提升信任與合規能力。
c. 完整紀錄與審計追蹤(Audit Trails):包括輸入與輸出、數據來源、審查流程及人工覆核紀錄,有助於合規及後續追責。
d. 清晰的 AI 使用政策:明確定義 AI 的可用與不可用場景、審批流程、驗證要求及資料處理指引,有效降低風險。
e. 持續評估與監控:AI 可能「漂移」,因此需定期檢查準確度、偏差、不尋常行為及私隱與安全風險。
總結
AI 的能力不斷提升,但法律責任始終在人與企業身上。要安全地擁抱 AI,企業必須保持人類監督、透明度、審查機制與良好治理。AI 的目的不是取代責任,而是提升能力。
Artificial Intelligence (AI) has quickly shifted from a supporting tool to a core component of modern business operations. It assists in hiring decisions, customer service, financial analysis, content generation, and workflow automation. As AI systems become more autonomous, concerns about legal responsibility continue to rise. A key question now being debated globally is: If AI breaks the law, who is accountable?
Today, AI is not recognised as a legal person in nearly all jurisdictions, including Hong Kong, the EU, the United States, and the UK.
💥 AI cannot be sued
💥 AI does not bear civil or criminal liability
💥 Humans or businesses are ultimately responsible for any consequences
What are the fundamental prerequisites for businesses in this context?
🔖Who is responsible when AI causes harm?
a. The organisation using the AI — Businesses deploying AI systems typically hold primary responsibility. They selected the system, integrated it into workflows, provided the data, and allowed employees or customers to rely on its output. Regulators expect companies to maintain oversight, risk management, and human control, especially in high-risk tasks such as hiring, finance, healthcare, compliance, and legal support.
b. The AI developers or model providers — If an AI system behaves unlawfully due to flaws in its design, biased training data, inadequate safeguards, or misleading claims, the developers may share liability. Examples include models with built-in bias, unsafe behaviour, or insufficient documentation.
c. Users providing data or prompts — If a user inputs personal data without consent, uploads copyrighted materials, or intentionally uses AI for unlawful purposes, the responsibility may fall on the user rather than the system.
🔖How can people trust AI? Trust in AI comes not from perfection but from governance and responsible oversight.
a. Human-in-the-loop — AI should support, not replace, human judgment. This is essential in recruitment, promotions, financial approvals, medical suggestions, legal interpretations, and compliance decisions.
b. Transparency and explainability — AI systems must provide understandable reasoning behind their outputs. Businesses should be able to explain what data influenced a result and how the system reached its recommendation.
c. Documentation and audit trails — Organisations should retain records of prompts, outputs, data sources, human approvals, and review history. These records help with compliance, internal audits, and incident investigations.
d. Clear AI usage policies — A strong policy defines acceptable uses, prohibited use cases, approval workflows, verification requirements, and data input rules. e. Continuous monitoring — AI behaviour can drift. Regular reviews of accuracy, bias, privacy risks, and security vulnerabilities are essential.
Conclusion
AI adoption will continue accelerating, but accountability will always remain with humans and organisations. The most sustainable path is to pair AI innovation with strong governance, human oversight, and transparent decision-making.