AboutBlogBusiness First AIFounder FreedomBook a conversation

When to trust AI and when to stay in charge

May 17, 2026
Person at a desk reviewing a document with a pen in hand, pausing to consider the content before proceeding
TL;DR

AI tools generate text that sounds considered and authoritative, but they are next-token predictors with no understanding or judgment. The decision UK SME founders face is whether to use AI as a drafting assistant, where a human reviews every output, or to let it influence actual decisions, where the cost of an error can include ICO investigations, FCA action, and professional negligence claims reaching tens of thousands of pounds.

Key takeaways

- AI tools like ChatGPT, Claude, and Copilot are next-token predictors, not reasoning systems. Fluent, confident output is not the same as accurate output. - Using AI to draft text that a human reviews is lower risk under UK GDPR than using AI to influence decisions about individuals' credit, employment, or access to services. - UK regulators, including the ICO and FCA, hold firms responsible for AI-influenced outcomes regardless of which vendor built the tool. - The cost of misclassifying an AI as a decision-maker includes ICO fines up to £17.5 million, FCA remediation programmes, and professional negligence claims that regularly exceed £50,000 in defence costs alone. - Before moving AI from drafting partner to decision influencer, be able to answer clearly who is accountable, how the AI can be overridden, and what your worst-case exposure is if it fails undetected for a month.

A few months ago, a consultant I know asked ChatGPT to summarise a supplier contract for a client. The output was fluent, structured, and confident. He sent it on with a brief covering note. Three weeks later, the client called. The AI had missed a break clause that cost them significantly to exit. The contract was real. The summary was plausible. The confidence was the problem.

Every founder using AI eventually faces the same underlying question, even if they have not framed it this way yet. You can use AI as a drafting partner, where a human reviews every output before it affects anything that matters. Or you can let AI influence actual decisions, where the output triggers an action without that review step. The gap between those two positions is where most of the avoidable risk lives.

What choice are you actually facing?

The UK’s Alan Turing Institute describes large language models as “statistical pattern matching at scale” rather than reasoning. That matters because fluent output is not the same as accurate output. ChatGPT, Claude, Gemini, and Copilot are next-token predictors: they generate the most probable continuation of whatever text they have been given. They do not check facts, hold beliefs, or understand consequences. The gap between sounding right and being right is where founders run into trouble.

When you ask AI to draft an email, write a proposal, or summarise a document, the cost of an error is the time it takes to catch and correct it. When you ask AI to score a lead, pre-screen a job applicant, flag a fraud risk, or make a pricing call, the cost of an error can reach an ICO investigation, an FCA remediation programme, or a professional negligence claim. The two uses look similar on the surface. The risk profiles are very different.

When does treating AI as a drafting assistant make sense?

For many UK SME owners, the drafting assistant role is where AI delivers the most value with the least exposure. The ICO’s guidance on AI and data protection confirms that using AI to assist staff without automated individual decision-making generally sits within standard UK GDPR controls, provided you have a lawful basis for any personal data involved and a named person signing off the output.

The use cases that fit this role well are text-heavy and repetitive: drafting client emails and proposals, summarising meeting notes or contracts, writing marketing copy variations, and generating code snippets for a developer to review. Founded.ai’s 2026 SME guide reports that early adopters in this mode see productivity gains of up to 133% in certain functions. The condition that makes those gains real without the liability is that a competent person reviews every output before it reaches a client, a customer, or a consequential internal decision.

The distinction is about matching the tool’s role to the reversibility of errors. A mis-drafted proposal gets caught before it goes out. A mis-scored loan application or a mis-screened job candidate may not get caught at all, or may only surface when the complaint arrives.

When can AI influence real decisions, and what conditions must be in place?

There are SMEs for which AI-driven decision support is appropriate, but the conditions that justify it are specific. The FCA’s discussion paper DP22/4 and its ongoing Consumer Duty guidance make clear that where AI is used in credit, affordability, claims, or advice, firms must demonstrate explainability, fair treatment, and genuine human oversight, not a rubber-stamp review that follows whatever the model recommends.

The conditions that make this defensible are: strong, clean historical data you can test models against rigorously; genuine in-house or contracted expertise in data science and compliance rather than just a vendor relationship; efficiency gains large enough to justify the governance investment; and a real human-in-the-loop for edge cases and complaints, with a documented escalation path. If you cannot point to a named person who reviews AI outputs, can explain to a regulator how the AI influences outcomes, and can demonstrate how someone affected can challenge a decision, you are not in a position to meet those conditions. Keep AI in the drafting role until you are.

What does it cost when you get this wrong?

The consequences of treating a confident AI output as a considered decision are not theoretical. In 2023, a New York law firm was sanctioned after submitting six fictitious case citations that ChatGPT had generated. Anthropic’s own documentation describes hallucinations as “confidently stated incorrect or unverifiable information,” and notes that even advanced models still fabricate citations under pressure to be helpful. The fluency is genuine. Accuracy still requires your verification.

For a UK services firm, the financial exposure is concrete. The ICO can fine up to £17.5 million, or 4% of global turnover, for serious GDPR breaches involving automated decision-making. The FCA, for regulated firms, can require remediation programmes, skilled-person reviews under section 166, and restrictions on activities. Professional indemnity insurers including Hiscox report that defence costs in negligence claims regularly exceed £50,000 before settlement, and these figures assume you catch the problem quickly. Decisions made by an AI system running unchecked for several weeks compound all of these.

There is also the reputational dimension. UK SMEs depend heavily on referrals and local reputation. A single AI-generated mis-advice reaching a client, or a discriminatory screening decision surfacing publicly, can affect the pipeline for years.

What should you ask before you commit to either path?

The ICO and the FCA both hold firms, not vendors, responsible for outcomes when AI is involved. That accountability principle is the right frame for any founder deciding how to deploy these tools. Before you let AI move from drafting partner to decision influencer, several questions are worth putting to yourself honestly rather than optimistically.

Does the AI output materially affect someone’s money, job, or access to services? If yes, treat it as high-risk from the start and design under Article 22 and Consumer Duty expectations. Can you explain in plain English how the AI influences the outcome, and how someone affected can challenge it? Who, by name, is accountable for the decision, and how often do they actually review the AI’s outputs rather than confirm them?

Two questions founders commonly skip: what does your vendor actually document about training data, limitations, and failure modes; and what is the realistic worst-case exposure if the AI produces bad outputs undetected for a month? If you cannot answer those honestly, the drafting role is the right starting point. The governance can grow as the use case matures. Starting with governance gaps and hoping to catch problems later is where the costly calls tend to get made.

A Stanford and UCLA study found that people given AI-generated summaries were 19 percentage points more likely to believe false statements they had read. Fluency raises perceived credibility, and AI tools are very fluent. For decisions that matter to your clients, your staff, or your regulators, that gap between sounding right and being right is the one worth watching. Use AI well and you get the productivity. Give it the wheel before the governance is in place and you carry the consequences.

Sources

- Alan Turing Institute (2024). Understanding artificial intelligence: what it is and how it works. Describes large language models as "statistical pattern matching at scale" rather than reasoning, the foundational claim about what AI actually does. https://www.turing.ac.uk/research/understanding-artificial-intelligence - OpenAI (2023). GPT-4 Technical Report. Describes GPT models as next-token predictors trained on internet text rather than reasoning agents, directly cited for the architecture claim. https://arxiv.org/abs/2303.08774 - Anthropic (2024). Hallucinations in large language models. Defines hallucinations as "confidently stated incorrect or unverifiable information," cited for the accuracy risk in the drafting assistant section. https://www.anthropic.com/news/hallucinations - Information Commissioner's Office (2024). Guidance on AI and data protection. Sets out when AI use triggers Article 22 GDPR obligations and what standard GDPR controls apply to assistive AI. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence - Financial Conduct Authority (2022). Discussion Paper DP22/4: Artificial Intelligence and Machine Learning. Establishes that outsourcing to AI vendors does not remove firms' responsibility for outcomes; cited for Consumer Duty and credit/advice contexts. https://www.fca.org.uk/publication/discussion/dp22-4.pdf - Stanford Human-Centered AI Institute (2023). How AI-generated text may shape belief. Reports that people given AI-generated summaries were 19 percentage points more likely to believe false statements, cited for automation bias in the closing section. https://hai.stanford.edu/news/how-ai-generated-text-may-shape-belief - ICO (2024). Guide to the UK GDPR: enforcement and fines. Sets out the £17.5 million / 4% of global turnover maximum penalty for serious GDPR breaches, cited in the cost section. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/enforcement/fines - BBC News (2023). Lawyers fined for using fake ChatGPT cases in US court. Reports the Levidow, Levidow and Oberman sanctions for submitting six fictitious ChatGPT-generated citations, cited as a documented real-world consequence. https://www.bbc.co.uk/news/world-us-canada-65735773 - Hiscox (2024). Professional indemnity insurance: typical claims and costs for SMEs. Reports that defence costs in negligence claims regularly exceed £50,000 before settlement, cited for the financial exposure in the cost section. https://www.hiscox.co.uk/business-blog/common-professional-indemnity-claims - Founded.ai (2026). The SME owners guide to winning with AI. Reports productivity gains of up to 133% in certain functions for early adopters, and warns that off-the-shelf tools are limited without structured governance. https://founded.ai/2026-ai-guide-for-smes/

Frequently asked questions

Does using AI for drafting count as automated decision-making under UK GDPR?

Using AI to help staff draft emails, summaries, or proposals does not typically constitute automated decision-making under UK GDPR, because a human reviews and approves the output before it affects anyone. The risk changes when AI outputs directly trigger decisions about individuals, such as credit scores, job screening results, or fraud flags, with no meaningful human review step in between. The ICO's guidance on AI distinguishes clearly between these two positions.

What is AI hallucination and why does it matter for UK business owners?

Hallucination is when an AI tool generates text that sounds confident and fluent but contains incorrect or fabricated information. Anthropic, the company behind Claude, defines it as "confidently stated incorrect or unverifiable information." It matters for business owners because the output looks credible, so errors get missed. When those errors reach clients, contracts, or regulatory submissions, the liability sits with the firm, not the AI vendor.

What is the practical difference between AI as a drafting tool and AI as a decision engine?

A drafting tool produces suggestions, summaries, or first drafts that a human reviews and approves before any action follows. A decision engine produces outputs that directly trigger actions, such as pricing a contract, scoring a loan application, or screening a job applicant. The practical difference is the review step. When that step disappears or becomes nominal, you are in decision-engine territory, with the regulatory and liability implications that brings.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

A person at a desk reviewing handwritten notes beside an open laptop

Prompt patterns that help LinkedIn posts sound human

The difference between LinkedIn content that sounds like a real practitioner and content that reads like an AI press release comes down to how well you brief the model.

A person at a desk with an open notebook and laptop, looking thoughtfully at handwritten notes

Picking AI tools for slower, higher-quality thinking

AI tools split into two camps: those that execute tasks faster and those that help you think harder. Here's how to tell which one you actually need.

A person sitting at a desk with a laptop and open notebook, pausing in thought with a pen in hand

How to work with AI as a better thought partner

A practical guide for service firm owners on using AI as a structured thinking partner for strategy, pricing and decisions, not just as a content tool.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd