Navigating the artificial intelligence era: Legal risks for businesses in Zimbabwe

 

RUTENDO MANHIMANZI

As artificial intelligence (AI) rapidly permeates into various sectors, promising unprecedented efficiencies and innovation transforms in Zimbabwe, businesses are embracing these innovative technologies to boost efficiency and competitiveness.

However, this adoption also introduces a complex array of legal risks that companies must carefully navigate to avoid potential pitfalls.

Although Zimbabwe is actively developing a comprehensive AI governance framework, the current legal landscape presents both opportunities and challenges that require strategic management.

But as businesses race to adopt this technology, few stop to ask: what are the legal implications? Can a company be held liable if an AI system makes a discriminatory or damaging decision?

Does AI-generated content infringe copyright? Are Zimbabwean businesses compliant with data protection laws?

What is AI

Artificial Intelligence (AI) can be defined as the simulation of human intelligence by machines, especially computer systems that are designed to think, learn, and solve problems like humans. In simpler terms, AI enables machines to perform tasks that would normally require human intelligence.

Tendai, is a marketing manager at a leading retail company in Harare, Zimbabwe. Tendai’s team was struggling to keep up with the increasing demand for personalized customer service.

One day, their CEO introduced an AI-powered chatbot to handle customer inquiries. The chatbot was able to quickly respond to customer queries, freeing up Tendai’s team to focus on more strategic tasks.

As Tendai saw the impact of AI on their business, she realized that this technology had the potential to revolutionize the way they operated.

From improving customer service to optimizing supply chains, AI was opening up new possibilities for growth and innovation. This story highlights the potential benefits of AI in business, from improved efficiency to enhanced customer experience.

 

Data Privacy at the Forefront

One of the most significant legal risks for businesses utilizing AI in Zimbabwe stems from data privacy.

The Cyber and Data Protection Act [Chapter 12:07] and bolstered by Statutory Instrument 155 of 2024 (Cyber and Data Protection Licensing Regulations), forms the cornerstone of data protection in the country.

This legislation, enforced by the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ), mandates strict requirements for the processing and storage of personal data.

Companies utilizing AI systems to process personal data, such as customer details for targeted marketing or operational information for predictive analytics, must adhere to stringent compliance requirements to protect sensitive information.

Key obligations include:

To ensure compliance with data protection regulations, businesses employing AI systems must adhere to key principles:

• Lawful, Fair, and Transparent Processing: – Collect and use data in a lawful, fair, and transparent manner.
• Purpose Limitation and Data Minimization:- Collect data for specific, legitimate purposes and process only necessary information.
• Consent and Data Subject Rights:- Obtain explicit consent for sensitive data and respect data subjects’ rights to access, modify, and delete their information.
• Security Safeguards and Breach Notification:- Implement robust security measures and report data breaches to POTRAZ within 24 hours.
• Data Controller Licensing and DPO Appointment:- Obtain a Data Controller Licence and appoint a qualified Data Protection Officer (DPO) to oversee compliance. Failure to do so can result in significant fines or imprisonment.

Businesses must conduct thorough data audits to understand what personal data their AI systems process and ensure necessary consents and security measures are in place making compliance with these data protection principles paramount to avoid significant fines or imprisonment.

 

Liability for AI Errors and Harms

A major challenge in AI adoption is determining liability when systems cause harm or produce incorrect decisions due to their autonomous nature and self-learning capabilities. This raises complex questions about accountability and responsibility. A key question arises: who bears responsibility when AI systems malfunction or make erroneous decisions?  Potential liable parties include:

1. AI Developer: Creator of the AI system
2. Deploying Business: Company using the AI system

• Data Provider: Supplier of training data

1. User: Person interacting with the AI system

Zimbabwe’s current legal framework lacks specific AI liability legislation, leaving uncertainty. Existing laws, such as the Consumer Protection Act and Tort law, may apply, but establishing causality and apportioning blame can be difficult.

Moreover, AI systems can perpetuate biases from training data, leading to discriminatory outcomes. For instance, developers and programmers who create the AI algorithms.

These individuals are responsible for designing the systems and ensuring that they are accurate and reliable. If errors occur due to flaws in the programming or implementation of the AI, the developers should be held accountable for these mistakes.

For example, if an AI system used in a banking institution incorrectly approves a loan application due to a coding error, or biased hiring practices whereby a biased AI recruitment tool may unfairly favor male candidates the developers should take responsibility for the error and work to rectify it.

If such biases cause harm, businesses may face legal challenges under the Labour Act (Section 5) which Prohibits workplace discrimination and the Constitution(Section 56): Ensures equality and non-discrimination for all persons.

While there is no dedicated AI liability framework in Zimbabwe, businesses should anticipate that courts will likely adapt existing legal principles to address these emerging issues. This necessitates a proactive approach to risk mitigation, including:

• Thorough Testing: Conduct due diligence and pilot trials/tests on AI systems for any biases and errors before deployment.
• Human Oversight: Advance and promote human review mechanisms for high-risk AI applications.
• Explainable AI: Develop transparent AI systems that provide insight into decision-making processes.
• Clear Terms: Establish an all-inclusive service conditions clause outlining AI system limitations and potential liabilities.

Contractual Risks

When partnering with third-party AI vendors, businesses face contractual risks if terms are not carefully reviewed. Key risks include:

1. Poor AI tool performance without clear remedies- which can lead to reputational damages and unwarranted costs,
2. Lack of warranties or liability protections- an agreement or terms of an AI must have appropriate warranties and representations, and

• Limited access to AI decision-making processes- ability to comprehend and analyse data points or concepts.

To mitigate these risks, companies should ensure contracts cover:

1. Data ownership- it must be clear on data ownership and usage contractual agreements must clearly define IP ownership in contracts with AI developers or users ,
2. Right to audit AI decisions-this helps businesses maintain functionality, transparency and compliance, and

• Indemnity clauses for errors or misuse- the party providing AI-related products or services to compensate the other party for losses, damages and errors ad the user can be responsible for any misuse. Each agreement is negotiated according to the services desired and or provided by the parties involved.

1. Cybersecurity and Data Privacy:-Develop a Data Strategy and protection of personal data.
2. Training employees:- Employees must be trained on the proper use of AI tools and potential pitfalls. Further develop robust internal policies for AI development, deployment, and use.
3. Litigation:- Liability Limitations: Clearly outline liability terms for AI-related issues, Warranties and Indemnities: Ensure warranties and indemnities cover AI-specific risks, Representations: Verify representations about AI applications are accurate and reliable.

• Infringement Risk:- Monitor potential IP infringement when using AI systems trained on copyrighted material or generating similar outputs.

 

Businesses often rely on third-party vendors for AI tools. But few scrutinize the terms of service or service agreements.

Intellectual Property Challenges

Zimbabwe’s intellectual property laws face new challenges with AI-generated content. The country’s IP framework, governed by various Acts and administered by the Zimbabwe Intellectual Property Office, primarily recognizes human authorship and inventorship.

Key issues include:

1. AI Authorship: AI-generated works lack human authorship, making them ineligible for copyright protection.
2. Ownership Complexity: Determining ownership is challenging without clear agreements.

• AI Developer: Creator of the AI system

1. User: Person who prompted the AI to generate content
2. Dataset Owner: Owner of the data used to train the AI model

 

Key challenges with AI-generated content and Patents:

1. Patent Protection: AI-generated patents are unclear on inventorship and ownership, as traditional laws assume human inventors.
2. Liability for Infringement: Responsibility for AI-generated content infringing on existing copyrights is uncertain, potentially involving the AI developer, user, or both.

• Fair Use Debate: Courts have been faced with a debate on whether AI training on copyrighted materials qualifies as fair use, considering factors like purpose and market impact.

 

Conclusion

Artificial intelligence is a current reality transforming businesses worldwide. To harness its benefits, companies must balance AI adoption with ethical responsibility, legal compliance, and human oversight. Success in the AI era requires thoughtful, transparent, and inclusive implementation.

The future of business lies in empowering people with intelligent tools, not replacing them.

The government’s commitment to responsible AI deployment is evident in its adoption of the UNESCO Recommendation on the Ethics of Artificial Intelligence and participation in the AI Readiness Assessment Methodology pilot program.

This ongoing development will eventually result in the introduction of specific legislation and regulatory bodies for AI.

 

Rutendo Manhimanzi is a registered Legal Practitioner, and she practices in Avondale, Harare under the Law Firm Ruzvidzo Legal Counsel. She can be reached on +263 773 589 263 or email rmanhimanzi@yahoo.com