When AI gets it wrong — your rights and options
When AI makes a wrong decision that affects you — a credit denial, a job rejection, an insurance price increase, a benefits refusal — you have legal rights in most jurisdictions. Under GDPR Article 22, you can demand human review of automated decisions. Under the UK DUAA 2025, you gain expanded rights from February 2026. In the US, ECOA and FCRA require adverse action notices for credit decisions. In Australia, the Privacy Act ADM transparency obligation takes effect 10 December 2026. This guide explains your rights by context and jurisdiction.
The fundamental legal principle
The organisation that deploys the AI is legally responsible for its outputs. Not the AI vendor. Not the algorithm. The organisation chose to use AI, and the consequences are theirs. This principle is established across jurisdictions: the Air Canada chatbot case (Moffatt v Air Canada, 2024 BCCRT 149) confirmed that organisations are liable for incorrect information provided by their AI systems. Under EU AI Act Article 22, deployers of high-risk AI systems bear primary responsibility. Under negligence and consumer protection law in most common law jurisdictions, the entity making the decision is responsible regardless of the tool used.
Your rights by context
Credit decisions. If AI denied your credit application or offered worse terms: you are entitled to an adverse action notice with specific reasons (ECOA/FCRA in the US); you can request human review (GDPR Article 22 in the EU, DUAA Articles 22A-D in the UK); you can access your credit report and dispute inaccuracies; you can complain to the CFPB (US), ICO (UK), OAIC (Australia), or PDPC (Singapore).
Hiring. If AI screened you out of a job: Illinois HB 3773 (effective 1 January 2026) requires employers to notify you of AI use in hiring decisions; NYC AEDT law requires bias audits and notice; Colorado AI Act (effective 1 February 2026) requires transparency for high-risk AI employment decisions; GDPR Article 22 gives EU candidates the right to contest automated hiring decisions.
Insurance. If AI affected your insurance pricing or claim: state insurance regulators have jurisdiction (US); the Equality Act 2010 and FCA Consumer Duty apply (UK); ASIC and Privacy Act apply (Australia); MAS FEAT Principles apply (Singapore).
Healthcare. If AI was involved in a clinical decision you believe was wrong: request your medical records under HIPAA (US) or UK GDPR; ask your clinician directly about AI involvement; get a second opinion from a clinician not using the same AI system; report adverse AI medical device events to FDA MedWatch (US) or MHRA Yellow Card (UK).
Benefits and welfare. If AI affected your government benefits: request Mandatory Reconsideration (UK), appeal to the relevant tribunal, or contact your caseworker; file a complaint with the relevant ombudsman; contact Citizens Advice (UK), Legal Aid (Australia), or Legal Services Corporation (US).
What to do right now
Step 1: Ask the organisation directly: "Was AI or automated processing involved in this decision?" Most jurisdictions require them to answer truthfully.
Step 2: Request human review. Say explicitly: "I would like a human to review this decision independently."
Step 3: Request the data used. Under data protection law (GDPR, UK GDPR, Privacy Act, PDPA, DPDP Act), you have the right to access the personal data the organisation holds about you, including data used in the AI decision.
Step 4: Document everything — the decision, when it was made, what you were told, what data was used, and any communications.
Step 5: If the organisation doesn't respond adequately, escalate to the relevant regulator, ombudsman, or complaints body.
Primary sources: ICO — ADM Rights · CFPB · OAIC
Related reading
AI in Credit Decisions: Your Rights · AI in Hiring: What Candidates Need to Know · AI in Insurance Pricing: Your Rights
