{"id":81240,"date":"2026-01-13T09:30:08","date_gmt":"2026-01-13T08:30:08","guid":{"rendered":"https:\/\/www.humanlevel.com\/uncategorized\/guia-2026-implantar-inteligencia-artificial-sin-riesgos-legales"},"modified":"2026-02-17T10:41:37","modified_gmt":"2026-02-17T09:41:37","slug":"guide-2026-implement-artificial-intelligence-without-legal-risks","status":"publish","type":"post","link":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks","title":{"rendered":"AI in companies 2026: a complete guide to implementing artificial intelligence without legal risks"},"content":{"rendered":"<div id=\"toc_container\" class=\"no_bullets\"><p class=\"toc_title\">Index<\/p><ul class=\"toc_list\"><li><a href=\"#The_story_that_illustrates_everything_a_real_experiment_shared_on_LinkedIn\">The story that illustrates everything: a real experiment shared on LinkedIn<\/a><\/li><li><a href=\"#Current_status_of_the_AI_Act\">Current status of the AI Act<\/a><\/li><li><a href=\"#The_digital_Chernobyls_that_have_already_happened_and_justify_this_protocol\">The \u201cdigital Chernobyls\u201d that have already happened (and justify this protocol)<\/a><\/li><li><a href=\"#AI_Protocol_the_7_mandatory_phases_before_automating_with_AI\">AI Protocol: the 7 mandatory phases before automating with AI<\/a><ul><li><a href=\"#PHASE_1_Classification_of_the_use_case\">PHASE 1 \u2013 Classification of the use case<\/a><\/li><li><a href=\"#PHASE_2_Data_evaluation_and_architecture_DPIA_IA_DPIA\">PHASE 2 \u2013 Data evaluation and architecture (DPIA + IA DPIA)<\/a><\/li><li><a href=\"#PHASE_3_Contractual_shielding_Legal_Pack\">PHASE 3 \u2013 Contractual shielding (Legal Pack)<\/a><\/li><li><a href=\"#PHASE_4_Mandatory_transparency_NOW_applicable\">PHASE 4 \u2013 Mandatory transparency (NOW applicable)<\/a><\/li><li><a href=\"#PHASE_5_Human_supervision_and_technical_safeguards\">PHASE 5 \u2013 Human supervision and technical safeguards<\/a><\/li><li><a href=\"#PHASE_6_Quarterly_continuous_evaluation\">PHASE 6 \u2013 Quarterly continuous evaluation<\/a><\/li><li><a href=\"#PHASE_7_Internal_corporate_governance\">PHASE 7 \u2013 Internal corporate governance<\/a><\/li><\/ul><\/li><li><a href=\"#My_recommendation_for_compliance_tools\">My recommendation for compliance tools<\/a><\/li><li><a href=\"#Checklist_The_7_mandatory_phases_before_automating_with_AI\">Checklist: The 7 mandatory phases before automating with AI<\/a><\/li><li><a href=\"#Conclusion_AI_won8217t_replace_you_but_it_can_ruin_you_if_there_is_no_governance\">Conclusion: AI won&#8217;t replace you\u2026 but it can ruin you if there is no governance<\/a><\/li><\/ul><\/div>\n<ul>\n<li><strong>For today&#8217;s article, we have the collaboration of <a href=\"https:\/\/www.linkedin.com\/in\/marinabrocca\">Marina Brocca<\/a>, an expert in GDPR and legal marketing. The expert has prepared this complete guide to safely integrate AI in companies and marketing departments. <\/strong>Without legal risks, without reputational problems, and without &#8220;digital Chernobyls.&#8221;<\/li>\n<\/ul>\n<p>How much content about AI automation and integration have you already read or heard? I am sure a huge amount, just like me. But there is one detail: none has explained how to do it without risks, without flaws, and without sanctions\u2014and believe me, those sanctions will come and they will be scandalous.<\/p>\n<p>If your company already uses chatbots, AI-generated copy, advanced personalization, smart price adjustment, automated campaigns, or complex integrations in n8n, Make, or Zapier\u2026 this guide is not an option: it is your only legal and strategic shield.<\/p>\n<p>Today, artificial intelligence can generate double-digit margins for any company, but it can also destroy its reputation in less than 7 seconds. The difference between a company that bills \u20ac5,000 and another that charges \u20ac12,000 for its governance boils down to one word: shielding.<\/p>\n<p>This guide is not a simple post. It is a high-value professional protocol, ready to implement in your company. A framework that you can establish as a standard of excellence and for which you can charge an AI Responsibility Fee of between \u20ac18,000 and \u20ac45,000.<\/p>\n<h2><span id=\"The_story_that_illustrates_everything_a_real_experiment_shared_on_LinkedIn\"><strong>The story that illustrates everything: a real experiment shared on LinkedIn<\/strong><\/span><\/h2>\n<p>Recently, a professional in the sector <a href=\"https:\/\/www.linkedin.com\/posts\/i%C3%B1aki-gorostiza-0749354_una-cosa-es-hablar-del-amor-y-otra-hacer-activity-7393722046662463488-J66L?utm_source=share&amp;utm_medium=member_desktop&amp;rcm=ACoAAACqs1oBQSVlrFBy5_kchziNW96caFqvTGQ\">shared a very revealing experiment on LinkedIn<\/a>. He had configured a seemingly simple flow in <strong>n8n<\/strong>: based on CRM data (name, email, location, company\u2026), an AI agent generated a personalized email for each contact. The idea was good: that each person would feel personalized treatment without investing hours reviewing hundreds of messages.<\/p>\n<p>He launched the flow: 750 emails in queue, 40 minutes of execution, everything seemed perfect.<\/p>\n<p>Until the replies started coming in.<\/p>\n<p>In <strong>less than 2% of cases<\/strong>, the AI <strong>hallucinated<\/strong>: it invented personal information about the recipient that never appeared in the CRM. Small but completely false things: home cities, non-existent job titles, random hobbies\u2026 personalizations that looked human but were not. \u201c<em>Small delusions<\/em>,\u201d he called them.<\/p>\n<p>The professional discovered it through the replies of the recipients themselves\u2014some with humor, others with surprise\u2014pointing out the \u201ccreative touches\u201d that the automation had decided to add on its own.<\/p>\n<p>The reflection he shared was blunt: <em>\u201cThis anecdote left me thinking about the real risks of automating with AI without guardrails appropriate to the risk of the process.\u201d<\/em><\/p>\n<h2><span id=\"Current_status_of_the_AI_Act\"><strong>Current status of the AI Act<\/strong><\/span><\/h2>\n<p>Regulation is no longer a future promise: it is in force right now and directly affects every action you implement with AI. Ignoring it is no longer an option; every decision, automation, or integration must consider compliance. Let&#8217;s see how this translates into specific obligations, key dates, and real risks for your company:<\/p>\n<ul>\n<li><strong>Prohibited.<\/strong> Since February 2, 2025: unmarked <em>deepfakes<\/em>, performing social scoring, or subliminal manipulation.<\/li>\n<li><strong>GPAI Models<\/strong> (OpenAI, Google, Anthropic, Meta): transparency obligations since August 12, 2025.<\/li>\n<li><strong>Limited risk<\/strong> (chatbots, synthetic content): mandatory transparency NOW.<\/li>\n<li><strong>High risk<\/strong>: mandatory documentation since August 2026 and full application in August 2027.<\/li>\n<li><strong>Sanctions:<\/strong> up to \u20ac35M or 7% of global turnover. Inspections are already underway in Spain, Italy, and France.<\/li>\n<\/ul>\n<p>Spain already has open inspections. The law is real and it is being enforced.<\/p>\n<p>If you want a summary of the new regulation, <a href=\"https:\/\/marinabrocca.com\/reglamento-de-inteligencia-artificial-en-la-ue-lo-que-necesitas-saber\/\">I recommend this post<\/a> that I have written in a very clear and educational way.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-80749 size-full\" src=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/regulacion-ia-2-scaled.jpg\" alt=\"AI regulation\" width=\"2560\" height=\"1707\" srcset=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/regulacion-ia-2-scaled.jpg 2560w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/regulacion-ia-2-720x480.jpg 720w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/regulacion-ia-2-1200x800.jpg 1200w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/regulacion-ia-2-768x512.jpg 768w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/regulacion-ia-2-1536x1024.jpg 1536w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/regulacion-ia-2-2048x1365.jpg 2048w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/p>\n<h2><span id=\"The_digital_Chernobyls_that_have_already_happened_and_justify_this_protocol\"><strong>The \u201cdigital Chernobyls\u201d that have already happened (and justify this protocol)<\/strong><\/span><\/h2>\n<p><strong>Google Gemini 2024\u20132025<\/strong><\/p>\n<p><a href=\"https:\/\/elpais.com\/tecnologia\/2024-02-24\/nazis-chinas-y-vikingos-negros-google-suspende-su-ia-de-imagenes-por-sobrerrepresentar-a-minorias.html\">Google suspended its Gemini AI feature<\/a> for generating images of people after users reported that it generated historically incorrect representations, such as Chinese Nazis or Black Vikings, by overrepresenting ethnic minorities.<\/p>\n<p>The AI output is your responsibility.<\/p>\n<p><strong>Air Canada 2024\u20132025<\/strong><\/p>\n<p><a href=\"https:\/\/www.cuatrecasas.com\/es\/spain\/tecnologia-medios-digitales\/art\/moffatt-v-air-canada-quien-responde-si-el-chatbot-se-equivoca\">Its chatbot invented a refund policy<\/a>. The court ordered it to pay.<\/p>\n<p>Lesson: you are legally responsible for your chatbot&#8217;s hallucinations.<\/p>\n<p><strong>Willy Wonka Glasgow 2024<\/strong><\/p>\n<p>They promoted <a href=\"https:\/\/www.eventoplus.com\/articulos\/cuidado-anunciar-evento-ia-evento-willy-wonka-desastre\/\">an event with AI-generated images<\/a> that didn&#8217;t exist. Massive complaints.<\/p>\n<p>The misleading use of AI generates lawsuits and impacts the company&#8217;s reputation.<\/p>\n<h2><span id=\"AI_Protocol_the_7_mandatory_phases_before_automating_with_AI\"><strong>AI Protocol: the 7 mandatory phases before automating with AI<\/strong><\/span><\/h2>\n<p>Forget about \u201c<em>let&#8217;s try it out<\/em>\u201d or \u201c<em>we&#8217;ll adjust as we go<\/em>.\u201d<\/p>\n<p>That is what companies do that end up in press headlines or in AEPD sanction files.<\/p>\n<p>Companies that bill more, retain enterprise clients, and sleep soundly <strong>always follow these seven phases, in this exact order<\/strong>.<\/p>\n<p>They are not optional. They are your legal shield, your competitive advantage, and your new source of margin.<\/p>\n<p>If you skip even a single phase, you are playing Russian roulette with the reputation and money of your company or your client&#8217;s.<\/p>\n<figure id=\"attachment_83570\" aria-describedby=\"caption-attachment-83570\" style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-83570 size-full\" src=\"https:\/\/ww1.humanlevel.com\/wp-content\/uploads\/steps-ai-en.jpg\" alt=\"Infographic of 7 phases for AI implementation in the company\" width=\"1920\" height=\"1185\" \/><figcaption id=\"caption-attachment-83570\" class=\"wp-caption-text\">The 7 phases for AI implementation in the company<\/figcaption><\/figure>\n<p>Here are the 7 phases, explained clearly and with everything you need to implement them tomorrow:<\/p>\n<h3><span id=\"PHASE_1_Classification_of_the_use_case\"><strong>PHASE 1 \u2013 Classification of the use case<\/strong><\/span><\/h3>\n<p>Before implementing any AI, classify the use according to legal and user rights risk:<\/p>\n<ul>\n<li><strong>Content generation<\/strong>: minimal\/limited risk. Requires clear labeling as \u201c<em>Generated by AI<\/em>.\u201d<\/li>\n<li><strong>Customer service or lead generation chatbots<\/strong>: limited risk. It is mandatory to inform the user that they are interacting with an AI and maintain conversation logs.<\/li>\n<li><strong>User segmentation with sensitive data<\/strong>: high risk. Requires a Data Protection Impact Assessment (DPIA) and EU registration starting in 2026.<\/li>\n<li><strong>Dynamic pricing or algorithms affecting user economics<\/strong>: high risk. Any decision affecting their economic rights requires strict controls.<\/li>\n<li><strong>Mass SEO content:<\/strong> limited risk, though it could be high if it impacts users. Requires human supervision.<\/li>\n<li><strong>Synthetic voice or <em>deepfakes<\/em>:<\/strong> prohibited unless there is visible marking and explicit consent.<\/li>\n<li><strong>Automation with n8n or other orchestration systems:<\/strong> minimal\/limited risk if they only execute technical tasks. However, they move to high risk when they trigger actions that make automated decisions with legal or economic effects on the user.<\/li>\n<\/ul>\n<h3><span id=\"PHASE_2_Data_evaluation_and_architecture_DPIA_IA_DPIA\"><strong>PHASE 2 \u2013 Data evaluation and architecture (DPIA + IA DPIA)<\/strong><\/span><\/h3>\n<p>(The moment you decide if the project is legal or a time bomb)<\/p>\n<p>Why do you have to answer these 6 questions IN WRITING before touching a single piece of your customers&#8217; data?<\/p>\n<p>Because if tomorrow the AEPD or a client asks you \u201cwhere is my data and who has seen it?\u201d, the answer \u201cuh\u2026 I think everything is fine\u201d costs you between \u20ac20,000 and \u20ac35 million in fines and, of course, the client relationship broken forever.<\/p>\n<h4><strong>The 6 key questions<\/strong><\/h4>\n<h5><strong>1. What exact data will enter the AI?<\/strong><\/h5>\n<p>Literal list: name, email, purchase history, location, income, etc.<\/p>\n<p>If you don&#8217;t know precisely, you are already violating the minimization principle of the <a href=\"https:\/\/eur-lex.europa.eu\/ES\/legal-content\/summary\/general-data-protection-regulation-gdpr.html\">GDPR<\/a>.<\/p>\n<h5><strong>2. Are they really necessary for what we want to do?<\/strong><\/h5>\n<p>If you can do the copy or segmentation without the ID number or salary, remove them.<\/p>\n<p>You avoid being classified as high risk and reduce the potential fine.<\/p>\n<h5><strong>3. Is it transferred outside the European Economic Area (EEA)?<\/strong><\/h5>\n<p>The USA, India, Singapore, etc. are obviously located outside the EEA.<\/p>\n<p>Yes: you need extra measures (see question 7).<\/p>\n<h5><strong>4. Does the provider use that data to train its models?<\/strong><\/h5>\n<p>Quick answer: OpenAI (free and normal plan) YES by default.<\/p>\n<p>OpenAI Enterprise, Claude Enterprise, Gemini Enterprise, Mistral, Groq, Cohere: NO.<\/p>\n<p>If the provider trains with customer data without permission, it is a serious violation of the GDPR + AI Act.<\/p>\n<h5><strong>5. Is there a signed DPA (Data Processing Agreement) with ALL subprocessors?<\/strong><\/h5>\n<p>It&#8217;s not just OpenAI. Also with Pinecone, Supabase, ElevenLabs, etc.<\/p>\n<p>Without a DPA: remember there is joint liability for you and the client.<\/p>\n<h5><strong>6. Is sensitive data automatically deleted after use?<\/strong><\/h5>\n<p>Example: the prompt with personal data should disappear in &lt;30 days (ideally &lt;24 h).<\/p>\n<p>Most Enterprise plans do this by default.<\/p>\n<h4><strong>How to document it in 5 minutes<\/strong><\/h4>\n<p>Create a one-page table per project in Notion, Google Docs, or Excel and fill it out like this:<\/p>\n<h5><strong>1. What exact data is used?<\/strong><\/h5>\n<ul>\n<li>Answer: Email, purchase history, location<\/li>\n<li>Supporting document: Screenshot of prompt \/ code<\/li>\n<\/ul>\n<h5><strong>2. Is it necessary for the purpose?<\/strong><\/h5>\n<ul>\n<li>Answer: <strong>No<\/strong>, it can be anonymized<\/li>\n<li>Supporting document: Written justification<\/li>\n<\/ul>\n<h5><strong>3. Is there a transfer outside the EEA?<\/strong><\/h5>\n<ul>\n<li>Answer: <strong>Yes<\/strong> (USA)<\/li>\n<li>Supporting document: List of providers<\/li>\n<\/ul>\n<h5><strong>4. Are models trained with this data?<\/strong><\/h5>\n<ul>\n<li>Answer: <strong>No<\/strong> (Model: Claude Enterprise)<\/li>\n<li>Supporting document: Screenshot of contract or website<\/li>\n<\/ul>\n<h5><strong>5. Has a DPA been signed with all providers?<\/strong><\/h5>\n<ul>\n<li>Answer: <strong>Yes<\/strong>, date: <strong>03\/12\/2025<\/strong><\/li>\n<li>Supporting document: Link to signed PDF<\/li>\n<\/ul>\n<h5><strong>6. Is there automatic data deletion?<\/strong><\/h5>\n<ul>\n<li>Answer: <strong>Yes<\/strong>, in <strong>24 hours<\/strong><\/li>\n<li>Supporting document: Provider settings<\/li>\n<\/ul>\n<h5><strong>7. Has a TIA (Transfer Impact Assessment) been performed?<\/strong><\/h5>\n<ul>\n<li>Answer: <strong>Yes<\/strong>, date: <strong>03\/15\/2025<\/strong><\/li>\n<li>Supporting document: TIA PDF<\/li>\n<\/ul>\n<p>Save that table signed by the AI Manager and the client.<\/p>\n<p>That is your life insurance and the simplest and most effective way to cover yourself in case something goes wrong.<\/p>\n<p>You can also use an automated tool that does 90% for you. With DataGrail, Ethyca, or Osano, you connect your tools and in 24 hours it generates the complete data map plus the answers to the 7 questions.<\/p>\n<p>Result: in one afternoon you have the perfect legal document for any enterprise client.<\/p>\n<h3><span id=\"PHASE_3_Contractual_shielding_Legal_Pack\"><strong>PHASE 3 \u2013 Contractual shielding (Legal Pack)<\/strong><\/span><\/h3>\n<p>Every AI provider must sign:<\/p>\n<p>Full Data Processing Agreement or GDPR DPA.<\/p>\n<p>AI-specific addendum, including:<\/p>\n<ul>\n<li>Absolute prohibition of using customer data to train models.<\/li>\n<li>Breach notification in less than 24h.<\/li>\n<li>Joint liability for damages.<\/li>\n<li>Right to annual audit.<\/li>\n<li>Model Card (a standardized document describing <strong>how a specific AI model works<\/strong>, its limitations, biases, performance, and recommended use cases) or System Card of the model (a broader and more detailed version than the Model Card; includes not only the model but the entire system surrounding it: infrastructure, safeguards, moderation policies, etc.). Google uses it for Gemini and it is the most demanding standard today.<\/li>\n<li>Written commitment to comply with the AI Act.<\/li>\n<\/ul>\n<h3><span id=\"PHASE_4_Mandatory_transparency_NOW_applicable\"><strong>PHASE 4 \u2013 Mandatory transparency (NOW applicable)<\/strong><\/span><\/h3>\n<p>It&#8217;s not optional. It&#8217;s not \u201cbest practice.\u201d It&#8217;s the law.<\/p>\n<p>If you don&#8217;t warn the user that they are interacting with an AI, you are violating the AI Act and exposing yourself directly to fines of up to \u20ac15 million or 3% of global turnover. And worst of all: if it&#8217;s an implementation you&#8217;ve done for another company, the final client (the data controller) pays the fine, but the client will claim it from you with interest because you were the one who proposed and implemented the solution.<\/p>\n<p>Specific and exact examples you have to apply:<\/p>\n<h4><strong>Email marketing \/ newsletters \/ automation:<\/strong><\/h4>\n<p>Mandatory text (in the subject line or in the first paragraph\/footer clearly visible):<\/p>\n<p><em>\u201cThis message was written with the help of artificial intelligence and reviewed by our team.\u201d<\/em><\/p>\n<h4><strong>Chatbots and assistants on web \/ WhatsApp \/ Instagram<\/strong><\/h4>\n<p>The first message the user sees must clearly say:<\/p>\n<p><em>\u201cHi, I&#8217;m an artificial intelligence assistant. I can make mistakes. Everything I say will be reviewed by a human if you need it.\u201d<\/em><\/p>\n<p>If you don&#8217;t include this, you are violating Article 52.1 of the AI Act as of now (I haven&#8217;t found examples of websites doing this yet).<\/p>\n<h4><strong>Images and videos generated or retouched with AI<\/strong><\/h4>\n<p>You have two legal options (choose one, but never none):<\/p>\n<ol>\n<li>Include a visible watermark (bottom right or left corner): \u201cAI-generated image\u201d or the \u201cAI\u201d symbol.<\/li>\n<li>Use C2PA metadata (the official standard already used by Adobe, Leica, Microsoft, Google, etc.)<\/li>\n<\/ol>\n<p>This embeds the information in the file and it cannot be deleted.<\/p>\n<p>Example: any Instagram carousel with Midjourney images must include a mandatory watermark.<\/p>\n<h4><strong>Paid ads on Meta, Google Ads, TikTok Ads, LinkedIn Ads<\/strong><\/h4>\n<p>Since January 2025, all platforms require marking the ad if it contains:<\/p>\n<ul>\n<li>Synthetic image.<\/li>\n<li>Video with <em>deepfake<\/em> or synthetic voice.<\/li>\n<li>AI-generated text (in some cases).<\/li>\n<\/ul>\n<p>On Meta and Google you have to click the box: <em>\u201cThis ad contains altered or AI-generated content.\u201d<\/em><\/p>\n<p>If you need templates to adapt privacy policies, clauses for chatbots, launch campaigns, promotions with AI images, etc., I have developed <a href=\"https:\/\/marinabrocca.com\/kits-legales\/\">AI Web Adaptation Template KITS.<\/a><\/p>\n<h3><span id=\"PHASE_5_Human_supervision_and_technical_safeguards\"><strong>PHASE 5 \u2013 Human supervision and technical safeguards<\/strong><\/span><\/h3>\n<p>(The phase that prevents your company from being the next viral case for the AI saying nonsense or causing harm).<\/p>\n<p>Clear explanation, without technical jargon and as if you were telling a client or superior who doesn&#8217;t know technology: this phase is the safety net.<\/p>\n<p>Here you put real controls so the AI never acts alone and uncontrollably.<\/p>\n<h4><strong>1. Gradual deployment<\/strong> (don&#8217;t release it all at once).<\/h4>\n<p>Never activate AI for all users on day one. Do it in four safe steps: first to 0.5% of users (almost no one notices, but you see if something fails).<\/p>\n<p>If it goes well after 3-7 days, move to 5%.<\/p>\n<p>If it stays perfect, expand it to 25%.<\/p>\n<p>Only when you&#8217;ve gone several weeks without problems, deploy it for everyone.<\/p>\n<p>Remember the example I gave at the beginning: there should always be a person reviewing the important stuff. AI lacks judgment. You don&#8217;t.<\/p>\n<p>Human review is 100% mandatory for:<\/p>\n<ul>\n<li>All text published or sent to the final client (ads, emails, posts, landing pages).<\/li>\n<li>Any segmentation or campaign moving more than \u20ac50,000 in budget.<\/li>\n<li>Any price that changes automatically (dynamic pricing).<\/li>\n<li>Any delicate chatbot response (refunds, complaints, personal data).<\/li>\n<\/ul>\n<p><strong>Easy rule to remember:<\/strong><\/p>\n<p>\u201cIf it can cost money, reputation, or a lawsuit, a human looks at it before it goes out.\u201d<\/p>\n<h4><strong>2. Kill-switch:<\/strong> the emergency red button.<\/h4>\n<p>Two types, both essential:<\/p>\n<ul>\n<li><strong>Manual kill-switch<\/strong>: a physical button or on a dashboard that stops the ENTIRE AI system in 3 seconds. You or the client press it and it&#8217;s over.<\/li>\n<li><strong>Automatic kill-switch<\/strong>: the tool autonomously blocks any response if the model says \u201cI&#8217;m not sure\u201d or confidence is lower than 85%.<\/li>\n<\/ul>\n<p>Example: the AI is going to send an email saying \u201cyour order arrives tomorrow,\u201d but it would actually arrive in 15 days. The system automatically blocks and moves to human review.<\/p>\n<h4><strong>3. Logs of everything the AI does (keep fingerprint for 24 months)<\/strong><\/h4>\n<p>You have to be able to prove what the company asked, what the AI replied, and what was sent to the final client. For that, you use a simple tool (I recommend them at the end of the post).<\/p>\n<p>These tools automatically save everything and allow you to search in seconds: \u201cWhat did the AI tell customer X on March 12?\u201d. It is the way to demonstrate diligence and evidence if there is a complaint or AEPD inspection.<\/p>\n<h3><span id=\"PHASE_6_Quarterly_continuous_evaluation\"><strong>PHASE 6 \u2013 Quarterly continuous evaluation<\/strong><\/span><\/h3>\n<p>Every 90 days, audit the AI:<\/p>\n<ul>\n<li>Review 100 random outputs.<\/li>\n<li>Bias test (Holistic AI or Fairlearn).<\/li>\n<li>Prepare executive report for client.<\/li>\n<li>Monitor model drift (changes in algorithm behavior).<\/li>\n<\/ul>\n<h3><span id=\"PHASE_7_Internal_corporate_governance\"><strong>PHASE 7 \u2013 Internal corporate governance<\/strong><\/span><\/h3>\n<p>(The intangible asset that turns compliance into a margin-generating machine).<\/p>\n<p>This is the phase that separates companies that \u201cuse AI\u201d from those that make money protecting the client while using AI. Without internal governance, everything before (classification, contracts, guardrails\u2026) collapses as soon as a junior copy-pastes a prompt into ChatGPT with sensitive data.<\/p>\n<p>The six mandatory elements that every serious company should have implemented before December 31, 2025:<\/p>\n<h4><strong>Internal Responsible AI Use Policy (2025 version<\/strong>)<\/h4>\n<p><strong>1. Document signed by management. Includes:<\/strong><\/p>\n<ul>\n<li>List of allowed and prohibited models (e.g., GPT-4o Enterprise yes, free ChatGPT NO).<\/li>\n<li>Golden rule: \u201cNo sensitive data leaves the company without DPA + non-training clause.\u201d<\/li>\n<li>Absolute prohibition of uploading sensitive data to public models.<\/li>\n<li>Procedure for approving new AI providers\/tools.<\/li>\n<li>Internal sanctions (warning and even dismissal).<\/li>\n<\/ul>\n<p><strong>2. Internal Registry of Use Cases and Risk Classification<\/strong><\/p>\n<ul>\n<li>A living table (Notion, Airtable, or Google Sheets) with one row per project\/client: Client.<\/li>\n<li>Use case (chatbot, AI copy, segmentation, etc.)<\/li>\n<li>AI Act classification (minimal\/limited\/high).<\/li>\n<li>Models used.<\/li>\n<li>Date of last audit.<\/li>\n<li>Project manager.<\/li>\n<\/ul>\n<p>This is your life insurance in case of an AEPD inspection or a lawsuit.<\/p>\n<p><strong>3. Mandatory annual training (minimum 8 certified hours)<\/strong><\/p>\n<p>Mandatory 2025 syllabus: GDPR + AI Act applied to marketing.<\/p>\n<ul>\n<li>Real risks and Chernobyl cases.<\/li>\n<li>Safe use of prompts and tools.<\/li>\n<li>How to detect hallucinations and biases.<\/li>\n<li>Emergency protocol if the AI says something illegal or toxic.<\/li>\n<li>Final certification with exam.<\/li>\n<\/ul>\n<p><strong>4. Official appointment of AI Manager (AI Officer)<\/strong><\/p>\n<p>It doesn&#8217;t have to be a new person (it can be the CTO, DPO, or a senior operations manager), but it must exist in writing.<\/p>\n<p>Functions:<\/p>\n<ul>\n<li>Approve or veto any new AI tool.<\/li>\n<li>Review the Use Case Registry quarterly.<\/li>\n<li>Lead the AI Committee.<\/li>\n<li>Be the spokesperson with clients on compliance issues.<\/li>\n<\/ul>\n<p><strong>5. Monthly AI Committee (30\u201360 minutes)<\/strong><\/p>\n<ul>\n<li>Mandatory attendance: management + AI Manager + legal\/operations.<\/li>\n<li>Fixed agenda: review of new AI projects.<\/li>\n<li>Incidents from the last month.<\/li>\n<li>Provider and tool updates.<\/li>\n<li>Compliance metrics.<\/li>\n<\/ul>\n<p><strong>6. AI Responsibility Fee \u2013 The bonus that skyrockets margin<\/strong><\/p>\n<p>Companies that have these 5 previous points implemented can (and should) charge a surcharge of 15\u201325% on any project that includes AI. How you sell it to the client (a phrase that converts 100%):<\/p>\n<p>\u201c<em>Due to the implementation of the AI Protocol and complete AI governance, we apply an AI Responsibility Fee of X%. This surcharge covers risk classification, contractual shielding, human supervision, quarterly audits, and the peace of mind that you will never have a fine or scandal due to our AI.<\/em>\u201d<\/p>\n<p>Real 2025 data (from 27 Spanish and Latin American companies that apply it): more than an 18.4% increase in their average net margin on AI projects.<\/p>\n<p>Sales closing in enterprise clients goes up 41%.<\/p>\n<p>Client retention of 96% (because no one else offers this level of protection).<\/p>\n<h2><span id=\"My_recommendation_for_compliance_tools\"><strong>My recommendation for compliance tools<\/strong><\/span><\/h2>\n<p>In an increasingly regulated and digitized environment, the adoption of <em>compliance<\/em> tools is not optional: it is key to ensuring that our operations with data and AI systems comply with GDPR, the AI Act, and technological governance best practices.<\/p>\n<p>I have selected these tools that will allow you to automate, audit, and control different critical aspects, reducing legal and reputational risks, and facilitating transparency and trust in your campaigns.<\/p>\n<p>Each type of tool serves a specific purpose within the compliance ecosystem:<\/p>\n<ul>\n<li><strong>CMP<\/strong>: <a href=\"https:\/\/usercentrics.sjv.io\/mO4NoD\">Usercentrics cookiebot<\/a> (undoubtedly the best for Consent Mode v2). It guarantees that consent collection is transparent and in accordance with cookie and privacy regulations. Plus, it&#8217;s very easy to implement.<\/li>\n<li><strong>Traceability<\/strong>: <a href=\"https:\/\/langfuse.com\/?tab=metrics\">Langfuse<\/a> (free open source). Allows logging and auditing how data and AI models are used, essential for complying with documentation and accountability obligations.<\/li>\n<li><strong>Guardrails:<\/strong> <a href=\"https:\/\/www.lakera.ai\/lakera-gandalf\">Lakera Gandalf<\/a> or Guardrails AI. These tools establish technical limits and controls to prevent misuse or unexpected AI results.<\/li>\n<li><strong>Governance<\/strong>: <a href=\"https:\/\/www.holisticai.com\/\">Holistic AI<\/a> (the most complete <em>enterprise<\/em>). I love this tool because it centralizes the supervision, audit, and risk management of AI and data systems.<\/li>\n<li><strong>Data mapping<\/strong>: <a href=\"https:\/\/www.datagrail.io\/\">DataGrail<\/a> \/ Ethyca. This tool makes it easier to know what data is collected, how it&#8217;s used, and where it&#8217;s stored, ensuring compliance with user rights and legal obligations.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-80772 size-full\" src=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/data-security-2.jpg\" alt=\"Data security\" width=\"1920\" height=\"1280\" srcset=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/data-security-2.jpg 1920w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/data-security-2-720x480.jpg 720w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/data-security-2-1200x800.jpg 1200w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/data-security-2-768x512.jpg 768w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/data-security-2-1536x1024.jpg 1536w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<h2><span id=\"Checklist_The_7_mandatory_phases_before_automating_with_AI\"><strong>Checklist: The 7 mandatory phases before automating with AI<\/strong><\/span><\/h2>\n<p>I summarize the <strong>Legal and Strategic Shielding Protocol<\/strong> that separates companies that bill more from those that take unnecessary risks. You can extract it and follow it step by step.<\/p>\n<p><strong>Phase 1: Use case classification<\/strong><\/p>\n<ul>\n<li>Goal and Golden Rule: Determine the level of legal and user rights risk (<strong>AI Act<\/strong>).<\/li>\n<li>Key Documentation: Use case registry (Classification: Minimal\/Limited\/High).<\/li>\n<\/ul>\n<p><strong>Phase 2: Data and architecture evaluation<\/strong><\/p>\n<ul>\n<li>Goal and Golden Rule: Answer the 7 key questions in writing (DPIA\/data minimization) before using any data.<\/li>\n<li>Key Documentation: <strong>7-Question Table<\/strong> (Traceability, minimization, TIA, DPA).<\/li>\n<\/ul>\n<p><strong>Phase 3: Contractual shielding (Legal Pack)<\/strong><\/p>\n<ul>\n<li>Goal and Golden Rule: Ensure AI providers are prohibited from using your data for training and that they assume liability.<\/li>\n<li>Key Documentation: Full DPA, AI-specific addendum, Model Card or System Card.<\/li>\n<\/ul>\n<p><strong>Phase 4: Mandatory transparency<\/strong><\/p>\n<ul>\n<li>Goal and Golden Rule: Inform the user clearly and visibly that they are interacting with AI (mandatory NOW by <strong>AI Act<\/strong>).<\/li>\n<li>Key Documentation: Warning clauses in Chatbots and Emails, Watermark\/C2PA metadata in images.<\/li>\n<\/ul>\n<p><strong>Phase 5: Human supervision and safeguards<\/strong><\/p>\n<ul>\n<li>Goal and Golden Rule: Implement the technical safety net so AI never acts uncontrollably.<\/li>\n<li>Key Documentation: Gradual deployment (0.5% \u2192 100%), Kill-switch (manual\/automatic), Activity logs (keep fingerprint for 24 months).<\/li>\n<\/ul>\n<p><strong>Phase 6: Quarterly Continuous Evaluation<\/strong><\/p>\n<ul>\n<li>Goal and Golden Rule: Audit model performance and biases periodically to prevent <em>drift<\/em>.<\/li>\n<li>Key Documentation: Quarterly executive report, bias test, review of 100 random <em>outputs<\/em>.<\/li>\n<\/ul>\n<p><strong>Phase 7: Internal corporate governance<\/strong><\/p>\n<ul>\n<li>Goal and Golden Rule: Turn compliance into a margin-generating machine and shield the company from within.<\/li>\n<li>Key Documentation: Internal Responsible Use Policy, Appointment of <strong>AI Officer<\/strong>, <strong>AI Responsibility Fee<\/strong>.<\/li>\n<\/ul>\n<h2><span id=\"Conclusion_AI_won8217t_replace_you_but_it_can_ruin_you_if_there_is_no_governance\"><strong>Conclusion: AI won&#8217;t replace you\u2026 but it can ruin you if there is no governance<\/strong><\/span><\/h2>\n<p>Marketing is no longer defined just by creativity, SEO, or flashy campaigns. Today, true competitive advantage lies in trust, compliance, security, and traceability.<\/p>\n<p>Companies that integrate AI in a serious, transparent, and controlled way:<\/p>\n<ul>\n<li>Increase margins without taking unnecessary risks.<\/li>\n<li>Compete at the level of large enterprise clients.<\/li>\n<li>Prevent legal problems and costly lawsuits.<\/li>\n<li>Consolidate themselves as market leaders, trustworthy and professional.<\/li>\n<\/ul>\n<p>The real difference is not in using AI, but in working with guarantees: having a solid, replicable, and profitable framework.<\/p>\n<p>Those who implement it correctly stop being \u201ca company that uses AI\u201d and become \u201cthe company that protects the client while others cause disasters.\u201d<\/p>\n<p>Because in a market saturated with empty promises, security and trust are the assets that truly generate lasting value.<\/p>\n<p><img class=\"gb-media-88239e6b\" alt=\"\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Artificial intelligence can generate double-digit margins for any company, but it can also destroy its reputation in seconds. This professional guide teaches you how to safely integrate AI into your company or marketing department, without legal risks, without reputational problems, and without &#8220;digital Chernobyls.&#8221;<\/p>\n","protected":false},"author":57,"featured_media":80791,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[459],"tags":[],"class_list":["post-81240","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-artificial-intelligence","entry"],"yoast_head":"\n<title>AI in companies 2026: Legal guide for its implementation | Human Level<\/title>\n<meta name=\"description\" content=\"Complete 2026 guide to implementing AI in companies without legal risks. A 7-phase protocol to shield your business against sanctions of up to \u20ac35M.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AI in companies 2026: Legal guide for its implementation\" \/>\n<meta property=\"og:description\" content=\"Complete 2026 guide to implementing AI in companies without legal risks. A 7-phase protocol to shield your business against sanctions of up to \u20ac35M.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks\" \/>\n<meta property=\"og:site_name\" content=\"Human Level\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-13T08:30:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/ai-business-2026-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marina Brocca\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@humanlevel\" \/>\n<meta name=\"twitter:site\" content=\"@humanlevel\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marina Brocca\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"18 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks\"},\"author\":{\"name\":\"Marina Brocca\",\"@id\":\"https:\/\/www.humanlevel.com\/en#\/schema\/person\/e95a672309af729b48b9d7afb991e24c\"},\"headline\":\"AI in companies 2026: a complete guide to implementing artificial intelligence without legal risks\",\"datePublished\":\"2026-01-13T08:30:08+00:00\",\"dateModified\":\"2026-02-17T09:41:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks\"},\"wordCount\":3456,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.humanlevel.com\/en#organization\"},\"image\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/ia-empresas-blog.jpg\",\"articleSection\":[\"Artificial Intelligence\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks\",\"url\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks\",\"name\":\"AI in companies 2026: Legal guide for its implementation | Human Level\",\"isPartOf\":{\"@id\":\"https:\/\/www.humanlevel.com\/en#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/ia-empresas-blog.jpg\",\"datePublished\":\"2026-01-13T08:30:08+00:00\",\"dateModified\":\"2026-02-17T09:41:37+00:00\",\"description\":\"Complete 2026 guide to implementing AI in companies without legal risks. A 7-phase protocol to shield your business against sanctions of up to \u20ac35M.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#primaryimage\",\"url\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/ia-empresas-blog.jpg\",\"contentUrl\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/ia-empresas-blog.jpg\",\"width\":272,\"height\":272,\"caption\":\"Gu\u00eda implantaci\u00f3n IA en empresas\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/www.humanlevel.com\/en\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AI in companies 2026: a complete guide to implementing artificial intelligence without legal risks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.humanlevel.com\/en#website\",\"url\":\"https:\/\/www.humanlevel.com\/en\",\"name\":\"Human Level\",\"description\":\"Web positioning and online marketing consultant Human Level\",\"publisher\":{\"@id\":\"https:\/\/www.humanlevel.com\/en#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.humanlevel.com\/en?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.humanlevel.com\/en#organization\",\"name\":\"Human Level\",\"url\":\"https:\/\/www.humanlevel.com\/en\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.humanlevel.com\/en#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/logo-human-negro-1.jpg\",\"contentUrl\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/logo-human-negro-1.jpg\",\"width\":268,\"height\":51,\"caption\":\"Human Level\"},\"image\":{\"@id\":\"https:\/\/www.humanlevel.com\/en#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/humanlevel\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.humanlevel.com\/en#\/schema\/person\/e95a672309af729b48b9d7afb991e24c\",\"name\":\"Marina Brocca\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.humanlevel.com\/en#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/cropped-marina-brocca-96x96.jpg\",\"contentUrl\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/cropped-marina-brocca-96x96.jpg\",\"caption\":\"Marina Brocca\"},\"description\":\"Especialista en normativa digital, protecci\u00f3n de datos y Reglamento Europeo de IA. Ayuda a negocios digitales y e-commerce a vender con seguridad jur\u00eddica, generar confianza y no asumir riesgos innecesarios. Es ponente, divulgadora y jurado en los E-commerce Awards. Autora del blog marinabrocca.com.\",\"url\":\"https:\/\/www.humanlevel.com\/en\/author\/marina-brocca\"}]}<\/script>\n","yoast_head_json":{"title":"AI in companies 2026: Legal guide for its implementation | Human Level","description":"Complete 2026 guide to implementing AI in companies without legal risks. A 7-phase protocol to shield your business against sanctions of up to \u20ac35M.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks","og_locale":"en_US","og_type":"article","og_title":"AI in companies 2026: Legal guide for its implementation","og_description":"Complete 2026 guide to implementing AI in companies without legal risks. A 7-phase protocol to shield your business against sanctions of up to \u20ac35M.","og_url":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks","og_site_name":"Human Level","article_published_time":"2026-01-13T08:30:08+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/ai-business-2026-1.jpg","type":"image\/jpeg"}],"author":"Marina Brocca","twitter_card":"summary_large_image","twitter_creator":"@humanlevel","twitter_site":"@humanlevel","twitter_misc":{"Written by":"Marina Brocca","Est. reading time":"18 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#article","isPartOf":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks"},"author":{"name":"Marina Brocca","@id":"https:\/\/www.humanlevel.com\/en#\/schema\/person\/e95a672309af729b48b9d7afb991e24c"},"headline":"AI in companies 2026: a complete guide to implementing artificial intelligence without legal risks","datePublished":"2026-01-13T08:30:08+00:00","dateModified":"2026-02-17T09:41:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks"},"wordCount":3456,"commentCount":0,"publisher":{"@id":"https:\/\/www.humanlevel.com\/en#organization"},"image":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#primaryimage"},"thumbnailUrl":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/ia-empresas-blog.jpg","articleSection":["Artificial Intelligence"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks","url":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks","name":"AI in companies 2026: Legal guide for its implementation | Human Level","isPartOf":{"@id":"https:\/\/www.humanlevel.com\/en#website"},"primaryImageOfPage":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#primaryimage"},"image":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#primaryimage"},"thumbnailUrl":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/ia-empresas-blog.jpg","datePublished":"2026-01-13T08:30:08+00:00","dateModified":"2026-02-17T09:41:37+00:00","description":"Complete 2026 guide to implementing AI in companies without legal risks. A 7-phase protocol to shield your business against sanctions of up to \u20ac35M.","breadcrumb":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#primaryimage","url":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/ia-empresas-blog.jpg","contentUrl":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/ia-empresas-blog.jpg","width":272,"height":272,"caption":"Gu\u00eda implantaci\u00f3n IA en empresas"},{"@type":"BreadcrumbList","@id":"https:\/\/www.humanlevel.com\/en\/blog\/artificial-intelligence\/guide-2026-implement-artificial-intelligence-without-legal-risks#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/www.humanlevel.com\/en"},{"@type":"ListItem","position":2,"name":"AI in companies 2026: a complete guide to implementing artificial intelligence without legal risks"}]},{"@type":"WebSite","@id":"https:\/\/www.humanlevel.com\/en#website","url":"https:\/\/www.humanlevel.com\/en","name":"Human Level","description":"Web positioning and online marketing consultant Human Level","publisher":{"@id":"https:\/\/www.humanlevel.com\/en#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.humanlevel.com\/en?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.humanlevel.com\/en#organization","name":"Human Level","url":"https:\/\/www.humanlevel.com\/en","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.humanlevel.com\/en#\/schema\/logo\/image\/","url":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/logo-human-negro-1.jpg","contentUrl":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/logo-human-negro-1.jpg","width":268,"height":51,"caption":"Human Level"},"image":{"@id":"https:\/\/www.humanlevel.com\/en#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/humanlevel"]},{"@type":"Person","@id":"https:\/\/www.humanlevel.com\/en#\/schema\/person\/e95a672309af729b48b9d7afb991e24c","name":"Marina Brocca","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.humanlevel.com\/en#\/schema\/person\/image\/","url":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/cropped-marina-brocca-96x96.jpg","contentUrl":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/cropped-marina-brocca-96x96.jpg","caption":"Marina Brocca"},"description":"Especialista en normativa digital, protecci\u00f3n de datos y Reglamento Europeo de IA. Ayuda a negocios digitales y e-commerce a vender con seguridad jur\u00eddica, generar confianza y no asumir riesgos innecesarios. Es ponente, divulgadora y jurado en los E-commerce Awards. Autora del blog marinabrocca.com.","url":"https:\/\/www.humanlevel.com\/en\/author\/marina-brocca"}]}},"_links":{"self":[{"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/posts\/81240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/users\/57"}],"replies":[{"embeddable":true,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/comments?post=81240"}],"version-history":[{"count":4,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/posts\/81240\/revisions"}],"predecessor-version":[{"id":81251,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/posts\/81240\/revisions\/81251"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/media\/80791"}],"wp:attachment":[{"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/media?parent=81240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/categories?post=81240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/tags?post=81240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}