When Air Canada’s chatbot told a customer he could apply for a bereavement fare after he had already travelled, the airline’s position was that the bot had acted independently and the company wasn’t responsible for what it said. The BC Civil Resolution Tribunal rejected that argument in 2024. The airline paid. That case has become a reference point for anyone asking what it means to deploy a chatbot on behalf of a business, and who carries the consequences when it gets something wrong.
For owner-managed service firms in the UK, the question has moved past whether to use chatbots. Many already have one, often embedded through a third-party platform, a CRM tool, or a website widget. The practical question is which risks are real, which are overblown, and what a proportionate response looks like.
What counts as an AI chatbot risk?
An AI chatbot risk is any point where the software generates wrong, incomplete, or misleading outputs that cause operational failure, legal exposure, or brand damage. Chatbots are probabilistic rather than rule-bound, which means they can produce incorrect responses even when drawing on accurate source material. For a services firm, this matters because the chatbot speaks on behalf of the business, and its errors become the firm’s errors.
Three risk types sit inside that definition. Operational risk is when the bot gets something factually wrong and a customer acts on it: being told the wrong renewal date, given incorrect availability, or sent in the wrong direction by a support query. Legal risk is when that wrong answer constitutes a representation the business is expected to honour. Reputational risk is when the exchange becomes public and the story is no longer yours to control.
The three categories do not sit cleanly apart. A single wrong chatbot response, particularly one touching price, availability, or contractual terms, can create all three at once. The Air Canada case illustrates how one incorrect answer about a fare policy became a legal liability and, once it attracted media attention, a reputational story the airline’s communications team had no advance warning of.
Why does this matter if you run a services firm?
Owner-managed service firms sit at a specific part of the chatbot risk picture. They are customer-facing, handle personal data as part of normal operations, and frequently operate in sectors where advice or information carries financial or professional stakes. When a chatbot fields a complaint, confirms a price, or handles a booking query, it performs the same function as a trained staff member, without the judgment to know when to stop and ask a person.
UK regulation makes this concrete. The ICO’s guidance on AI and data protection says organisations must have a lawful basis for processing personal data via AI, provide meaningful transparency to users, and conduct data protection impact assessments where processing is high-risk. The FCA has set out in its AI discussion paper that regulated firms remain responsible for outcomes even when using AI, and must be able to explain and govern those outcomes. The NCSC has separately identified prompt injection and third-party supplier risk as the two most practically relevant attack paths from AI deployment.
A small consultancy whose chatbot discusses pricing or eligibility is making representations about its services. A professional services firm whose chatbot handles complaints has incorporated it into its complaints procedure. The risk is proportionate to the authority the chatbot holds over outcomes.
Where do these risks actually show up?
Chatbot risks are highest when the bot is customer-facing and the stakes are material. A basic FAQ widget answering questions about opening hours or parking sits at the low end of the spectrum. A bot that handles complaints, processes booking changes, discusses service eligibility, or provides pricing guidance sits at the other end. The difference is what authority you have given the bot over outcomes that actually affect your customers.
In practice, risks cluster in four areas. Privacy exposure appears wherever the chatbot collects names, contact details, booking data, complaint text, or payment queries. UK GDPR and the Data Protection Act 2018 apply: lawful basis, transparency, data minimisation, and appropriate retention. If the vendor uses transcripts to train models, that is a separate processing activity requiring its own legal basis.
Legal exposure concentrates around statements about price, policy, eligibility, or guaranteed outcomes. A chatbot that says a service is “guaranteed”, “fully compliant”, or “free of charge” may create an expectation the business is expected to meet. The Air Canada case applies to a ten-person services firm as much as to an airline. Business size does not reduce the legal weight of a representation.
Security risk takes two forms. The conventional path is a vendor breach: if your chatbot platform is compromised or misconfigured, customer data passing through it is exposed. The second, which the NCSC has flagged, is prompt injection, where an attacker crafts inputs to extract internal instructions or reveal customer data. Neither requires a sophisticated attacker when configuration is weak.
Discrimination risk is less discussed in owner-managed firm contexts but relevant where a bot triages leads, routes complaints, or screens enquiries. If its outputs vary by customer characteristics in a way that creates unfair treatment, that can breach data protection and equality law requirements even when a person makes the final decision.
When is the risk serious and when is it manageable?
The risk level depends on what the chatbot can say and what it can do. A bot restricted to approved answers, with no access to personal data, that clearly labels itself as AI, carries low risk. One that can change bookings, issue refunds, or give guidance in a regulated area needs proper governance before you deploy it. The tool matters less than the authority you have granted it.
For an owner-managed firm, practical governance has four elements. Define the bot’s job in one sentence and set a hard boundary around what it cannot do. Check your vendor contract for data retention, training-data rights, sub-processors, and breach notification terms. Test the bot on adversarial inputs before launch and after every update, because models can behave differently across different phrasings of the same question. Keep a human override in place for complaints, refunds, regulated advice, and any query that could become evidence.
If you are already running a chatbot without having done this, a short review is the right first move. The ICO expects proportionate responses to proportionate risks. A bot with narrow, scripted, data-free functions sits in a different category from one with broad permissions and access to customer records.
What else should be on your radar?
Three issues sit just outside the most obvious chatbot risk picture for services firms. The first is prompt injection, where an attacker tricks the bot into revealing internal instructions or customer data. The second is your vendor contract, which determines who carries the liability when something goes wrong. The third is the EU AI Act, which applies to any UK firm whose chatbot serves EU-based customers or uses an EU-scoped provider.
On vendor contracts: standard terms for common chatbot platforms often include rights to use conversation data for training purposes. That is a data processing decision with potential legal consequences under UK GDPR. Read the terms before you deploy, check whether you can opt out of training-data use, and document the decision. For regulated sectors, also check whether the vendor holds relevant certifications or can evidence their compliance posture.
The EU AI Act, with key obligations now in effect and more rolling in through 2025 and 2026, applies based on where a chatbot’s users are located, not where the deploying firm is registered. A UK services firm with EU clients or EU-facing web traffic may have transparency and documentation obligations depending on how the chatbot’s use case is classified. For many owner-managed firms, the practical first question is whether your vendor’s platform is EU AI Act compliant and whether you can get that in writing.
The UK’s regulators are not expecting perfection. The ICO, the FCA, and the NCSC all emphasise governance, proportionality, and accountability. They expect firms to understand what their AI does, consider the risks, and put reasonable controls in place. That standard is achievable for a firm of five people and requires a conversation, not a compliance department.
If you want to think through your specific chatbot setup and what governance might look like for your firm, book a conversation.
