What companies should know about AI risks

Artificial intelligence (AI) has long been more than just a technological hype – it is fundamentally changing business practices. Whether through automated processes, data-driven decisions, or intelligent chatbots, the use of AI systems is growing rapidly. But with the opportunities come risks. Dr. Nico Deistler, professor of ERP technologies at the University of Applied Sciences Kufstein Tirol, analyzes the challenges facing companies and how they can address them in a recent article for the trade journal Wirtschaftsinformatik & Management (Springer Verlag).

“My intention was to examine the topic of AI from a regulatory perspective,” explains Deistler. In his daily work, he observes a great deal of uncertainty in companies: “Many want to jump on the bandwagon, but have no clear idea of the risks associated with AI applications.”

FROM BIAS TO LIABILITY: NEW RISK CATEGORIES

His analysis focuses on the EU AI Act – the first comprehensive set of rules for regulating artificial intelligence in Europe. It takes a risk-based approach and distinguishes between unacceptable, high, limited, and low risks. “This is an important framework for companies,” says Deistler. High-risk systems, such as those used in recruiting, healthcare, or critical infrastructure, are particularly controversial. These are subject to strict requirements regarding data quality, transparency, and human oversight.

A real-life example: A company tested an AI recruiting tool that automatically assessed resumes – and quickly discontinued its use. The reason: The AI showed a clear bias toward female applicants. “Such biases often arise from flawed or one-sided training data,” warns Deistler. “They are difficult to avoid completely, but can be mitigated through standards and controls.”

KI-Governance muss Chefsache sein

Deistler advises companies looking to introduce AI to take a realistic, target-oriented approach – not to pursue AI for AI's sake. It is particularly important to establish sound AI governance. This differs significantly from traditional IT governance: “With AI, it's not just about whether a system works – it's about what it does, how it develops, and whether it discriminates.” Risks such as information insecurity, liability, failure, data breaches, and reputational damage must be systematically taken into account.

According to Deistler, most companies are still ill-prepared for the upcoming regulations. “There is a widespread lack of internal expertise. Many are just starting to set up working groups or are seeking external expertise.”

HIGHER EDUCATION INSTITUTIONS AS SOURCES OF INSPIRATION

Deistler also believes that educational institutions have a duty to act: “We have a dual responsibility—on the one hand, to provide technical training and, on the other, to teach ethical, social, and economic contexts.” Understanding AI means not only mastering algorithms and data models, but also being able to reflect on them: What decisions does a system make? Who is liable? What are the potential social consequences?

An interdisciplinary approach is crucial here – in other words, combining computer science, law, economics, and social sciences. “This is the only way our graduates will be able to not only use AI, but also shape it responsibly.”

When Deistler looks to the future, he sees 2025 as a turning point: “Looking back, we will be surprised at how quickly AI went from being a tool to a co-creator – in business, in everyday life, in politics.” The key to positive development? Responsibility, regulation – and education.

ABOUT THE PUBLICATION:

Dr. Nico Deistler's article has been published in the trade journal Wirtschaftsinformatik & Management (WUM). This practice-oriented magazine from Springer Verlag is aimed at specialists and managers working at the interface between IT and business.

Links:

• AI Competence Center
• ERP Competence Center
• ERP systems & business process management | bb