AI in Customer Service: Chatbots, Disclosure Obligations, and What Can Go Wrong

The customer service AI governance gap

Customer service AI, chatbots, virtual assistants, automated voice systems, has been deployed at scale faster than governance has kept pace. Organisations that would never deploy a new human-staffed service channel without training programs, quality monitoring, complaints processes, and management oversight have deployed AI customer service with none of these structures in place.

The consequences are predictable: AI systems that provide incorrect product information, fail to recognise vulnerable customers, handle complaints inappropriately, and, most damagingly, interact with customers in distress without appropriate escalation to human support.

Governance in customer service AI is not primarily a technical problem. The technology largely works as specified. The governance problems arise when what was specified was insufficient, when no one thought carefully about how the system would handle a customer threatening self-harm, disputing a charge that resulted from fraud, or trying to cancel a service after a bereavement.

Disclosure: the legal minimum

The EU AI Act's prohibition on AI systems that "deploy subliminal techniques" or deceive users extends explicitly to AI that impersonates humans in consumer interactions. From August 2026, AI systems interacting with EU consumers must disclose their AI nature at the beginning of the interaction, in a clear and conspicuous way.

This obligation applies regardless of how the chatbot is named or branded. An AI assistant called "Sophie" or "Max" that interacts with consumers in natural language without disclosing it is an AI system violates this requirement. The disclosure must be proactive, not buried in terms and conditions or available only if the customer asks.

Australia does not yet have an equivalent explicit requirement, but the ACCC's misleading conduct provisions under the Australian Consumer Law are potentially applicable to AI systems that create a false impression of human interaction. The UK FCA's Consumer Duty creates obligations around consumer understanding that may extend to AI disclosure in financial services contexts.

Accuracy and contractual exposure

When a customer service AI provides incorrect information, quoting the wrong price, misstating a product's features, incorrectly describing entitlements under a policy, the organisation that deployed the AI has a problem that is independent of the AI's technical performance.

Under consumer law in Australia and most comparable jurisdictions, representations made by an organisation's customer service channel, including AI, may be binding. A customer who acts in reliance on an AI's incorrect statement about a price or product feature has a potential claim against the organisation, not against the AI vendor.

This creates a governance obligation to ensure AI customer service systems have accurate, current product and service information; that information updates are reflected in AI systems promptly; and that there are clear escalation paths for queries the AI cannot handle accurately.

Vulnerable customer identification

The most significant governance gap in customer service AI is the handling of vulnerable customers. Financial services regulators, ASIC, the FCA, and equivalents across major jurisdictions, have published extensive guidance on vulnerable customer identification and appropriate handling. Most of this guidance was written for human agents. The extension to AI systems is not always explicit in the guidance, but the underlying obligation is clear: organisations must identify and appropriately support customers who may be vulnerable due to financial difficulty, health conditions, life events, or other circumstances.

AI systems can be designed to recognise signals of vulnerability, language patterns, query types, escalating distress in repeated contacts, and to escalate to human agents appropriately. They can be designed to refrain from pursuing commercial outcomes (cross-selling, payment collection) in interactions where vulnerability signals are present. These design choices are governance decisions, and they must be made deliberately.

The consequences of not making them are severe. An AI debt collection system that applies standard collection messaging to a customer who is in a mental health crisis causes harm that is not mitigated by the AI's technical performance metrics. The reputational and regulatory consequences for the organisation are significant.

Privacy governance in AI customer interactions

Customer service AI interactions routinely collect personal information, account details, issue descriptions, preferences, and sometimes sensitive categories of information disclosed in the course of resolving a complaint. This data is subject to the same privacy obligations as information collected by human agents: it must be collected for a specified purpose, retained only as long as necessary, and protected appropriately.

Governance requires: a data map that covers AI customer service interactions; retention policies specific to AI interaction data; training data governance for AI systems trained on historical customer interactions; and a process for handling customer requests to access, correct, or delete data collected in AI interactions.

Escalation paths and human oversight

Every customer service AI system must have a genuine, accessible path to human assistance. This is a regulatory requirement under the EU AI Act for high-risk systems, a consumer law expectation in most jurisdictions, and a basic service quality requirement.

"Genuine" and "accessible" are the operative words. A human escalation option that requires navigating three additional menus, waiting 45 minutes, and repeating the entire conversation does not satisfy the requirement. The human escalation path must be clearly signposted, reasonably prompt, and effective, the human agent must have access to the AI interaction history so the customer does not need to repeat themselves.

Governance also requires monitoring the human escalation rate. A customer service AI with a very low escalation rate is not necessarily performing well, it may be suppressing escalation through poor UX design. Monitoring the reasons for escalation, and the outcomes when customers reach human agents, provides a governance signal about AI system performance that aggregate customer satisfaction metrics do not.