As a board member of AWSI responsible for legal affairs, Gabriela Bar has launched a new videopodcast series — AI LAW Coffee. It’s a series of conversations about AI law and ethics, bringing together experts from different fields: legal, technology, and business.
Is compliance with the AI Act and GDPR enough to call AI “responsible”?
In this episode of AI Law Coffee, Gabriela Bar speaks with Ley Muller about why compliance is only the starting point — not the end goal.
This is a conversation about the real tension between declarations and practice: organisations talk about “decision support”, but in reality it often means accelerating decisions at the expense of their quality and reflection.
In this episode, we discuss:
- human oversight vs. overreliance on AI,
- the risk of standardisation and ignoring “edge cases”,
- why organisations should actively seek diversity and outliers instead of homogenising AI-supported processes and decisions.
Key takeaway? If AI is to be truly responsible, it must account for different perspectives, context, and uncertainty – not just optimise processes.
🎧 Listen to the conversation.
Responsible AI beyond compliance – a conversation with Ley Muller. Summary and Key Takeaways
Public debate on artificial intelligence (AI) is increasingly framed through the lens of compliance, the AI Act, GDPR, risk assessments. These are important frameworks. But the key question is whether compliance alone is enough to claim that AI is used responsibly.
In the conversation with Ley Muller – CEO of Values-driven AI and an expert in AI governance – we explore what lies beyond formal regulatory requirements.
Responsible AI is more than avoiding harm
Many organisations treat “Responsible AI” as an extension of compliance. Yet, as Ley Muller points out, AI systems are never neutral. Their impact goes beyond their intended use.
Responsible AI therefore means more than preventing harm. It requires explicitly holding AI systems – from development to deployment – to defined standards. Not only non-discrimination, but equality. Not only safety, but care.
There is no single universal set of values. Attempts to impose one often lead to oversimplification. What matters in practice is that organisations clearly define their own standards and consistently translate them into how AI systems are designed and used.
“Decision support” or de facto automation?
Many AI systems are described as “decision support,” with the assumption that humans remain in control. The problem is that “decision support” is an extremely vague term.
As Ley Muller argues, a more useful approach is the one reflected in the AI Act: being explicit about what the system actually does – how it processes information, and where exactly it influences human decisions. In practice, AI often reduces the amount of information a human sees — for example, through summaries generated by LLMs. The user no longer engages with the full source material, because doing so would eliminate the time savings. Combine this with well-documented phenomena such as automation bias and cognitive offloading, and the idea of “decision support” becomes questionable.
If your organisation is using an AI tool and it’s only meant to support employees, not automate decision-making – but your KPIs include 90% adoption and a 30% improvement in speed – then an org doesn’t want decision support, it wants faster decision-making, through less information being processed. That’s fine, but that’s not decision support.
According to the EU AI Act’s definition of human oversight means that humans also have to be aware of what can go wrong, what bias exists, what over-reliance looks like, etc, and be actually able to intervene at appropriate points. As with everything in the field of AI, being as clear as possible is crucial, so it is advisable to focus on providing or demanding human oversight, rather than expecting or providing decision support.
The overlooked risk: standardisation and the “flattening” of reality
Public debate on AI tends to focus on bias. Important, but incomplete. A more subtle risk, as Ley Muller highlights, is that AI technologies, no matter the application – they are intended to find and uncover patterns, or to solve problems, but not to value uniqueness. Deep learning to diagnose covid-19 through a chest x-ray is meant to find the very small signs of covid-19 – it’s not meant to tell you whether that person has the potential to win the world record for holding their breath.
In practice, this leads to standardisation, simplification, and the marginalisation of atypical cases.
Even the most advanced language models, despite their scale, exhibit clear linguistic and cultural biases – such as the dominance of English or Western perspectives. This is not a flaw; it is a reflection of the data they are trained on.
At the organisational level, the issue runs deeper. Teams that do not actively seek out contradiction or alternative perspectives become cognitively insulated. This is basic leadership theory — and it applies equally to AI systems.
In an increasingly homogenised environment, the ability to maintain a distinct voice may soon become a competitive advantage.
Questions to always ask AI vendors
When asked what question organisations should ask AI vendors, Ley Muller’s answer is clear: Whose perspectives were included? Who did you talk to during development? Who made your adversarial testing plan? Have you talked to labour unions? Because diversity really matters and the people and communities who have been historically marginalised by AI systems, need to be at the table to assert their rights. AI vendors have plenty of ways of doing this.
Conclusions
Compliance is a starting point, but it is not enough. Responsible AI requires a precise understanding of how systems influence decisions, awareness of over-reliance risks, active resistance to standardisation and marginalisation of atypical cases, and meaningful inclusion of diverse perspectives. And less talk about “AI as support,” and more honesty about what actually changes in decision-making.
