Liability and risk allocation
Bizzi’s Terms of Service make one position explicit. AI at Bizzi is a supporting assistant. The final financial decision belongs to the human user. Payment approval, posting, sign-off. That position is technical (AI is wrong sometimes), legal (humans cannot outsource accountability to a machine), and commercial (it is what enterprise auditors require). This section explains how the position propagates into product, contracts, and incident response.
Context
Section titled “Context”If the TOS suggested AI made the final call, three things would break. First, the audit trail would not satisfy ISO 42001 A.6.2. No accountable human. Second, GDPR Article 22 and Decree 13 Article 19 prohibit decisions with material legal effect being made solely by automated processing. Third, the liability cap and indemnification structure would absorb decisions the customer should rightly own. You solve the problem by drawing the line in the TOS and enforcing it everywhere downstream.
How we implement
Section titled “How we implement”The “AI is the assistant” position translates into three operational rules.
- Every material financial decision requires a human approver. This is the human-in-the-loop control documented in Pillar III §3 for high-value or anomalous transactions. AI suggests an approval. The accountant grants it.
- The UI visually separates AI input from human input. Fields populated by AI carry a different visual treatment, typically a confidence-coloured chip. Users never mistake an AI suggestion for verified fact.
- The audit trail names the human approver. Every action with financial consequences logs the identity of the human who signed off. The machine call is logged too, but it is not the accountable party.
Legal risk categories and the controls bounding them
Section titled “Legal risk categories and the controls bounding them”| Risk | What it looks like | How we contain it |
|---|---|---|
| Misrepresentation | A customer claims our AI made a legal decision on their behalf | Explicit TOS language. UI disclaimer. Mandatory HITL on high-value transactions |
| Data breach liability | Personal data leaks through an LLM vendor | PII Redaction. Zero Data Retention contracts. Binding DPA |
| Hallucination liability | AI produces fabricated information driving a wrong decision | Confidence thresholds in the UI. Grounded Reasoning is mandatory |
| IP infringement | AI suggests language infringing a third-party copyright or template | OSS license review. Vendor contracts exclude training on infringing IP |
| Discriminatory output | AI applies bias across customer segments | Periodic fairness audits |
Indemnification structure
Section titled “Indemnification structure”Bizzi’s standard Master Services Agreement allocates liability along three lines.
- Bizzi indemnifies the customer for IP claims against the Bizzi platform itself.
- The customer indemnifies Bizzi for the data they place into the system. They assert ownership and right to license.
- Liability is capped per industry-standard terms. Bizzi does not indemnify business decisions the customer makes on top of an AI suggestion. That is the line the TOS draws.
The exception. Bounded full automation
Section titled “The exception. Bounded full automation”Some customers ask you to fully automate a narrow path without HITL. For example, low-value, repeat-vendor, pre-verified invoices. You allow it under four conditions.
- A written threshold. For example, invoices under 5 million VND, vendor previously verified, not first transaction.
- The customer’s DPO signs off on the HITL bypass.
- A Human-on-the-loop rollback dashboard is live and accessible.
- A periodic auto-approval report goes back to the customer for internal audit.