The scale and scope of artificial intelligence is well-described. Merrill Lynch predicts an “annual creative disruption impact” of $14 to $33 trillion by 2025. Accenture estimates AI could double annual economic growth for 12 developed nations by 2035. Stephen Hawking predicts “the rise of powerful AI will be either the best, or the worst thing, ever to happen to humanity.”

Already, AI technologies are being adopted in medicine, law, finance, manufacturing, transportation, policing and retail, to name a few examples. And it’s been well-reported that AI has the potential to transform our legal system. But how? AI undermines basic assumptions about causation, reliance and the role of human agency and supervision.

While legal efforts are underway to address the military applications of AI, including lethal autonomous weapons, civil commercial law is unprepared. Companies and their lawyers should be thinking now about the changes AI may bring and how to manage the risks where possible.

What Becomes of Tort Law?

High among AI’s risks is safety, and AI will test the normal checks and balances of tort law. AI blurs the line between product and service, but even under a strict products liability approach, where questions of fault are set aside, AI can render even basic causation unknowable.

What makes AI powerful—its ability to detect connections among, and perhaps derive meaning from, vast data sets where humans cannot—can make its mistakes inscrutable as well.

Occasionally, in hindsight, a cause might be plain—like the data entry error that led an algorithm to recommend bail for a defendant who then committed murder shortly upon release. More often, causation will be impractical if not impossible to show: AI is coded by programmers, trained on data that may be labeled by people, allowed to evolve, often under human monitoring, producing recommendations that machines or people may act upon (or not).

Add to this complexity the fact that the central algorithms at work may be completely opaque to human minds, even in retrospect. As one court noted recently in the unintended acceleration cases: “To the extent that a software’s complexity renders testing unreliable (and thus, useless), sound scientific principles counsel against such testing.” As courts find causation increasingly impossible to untangle, lawmakers may adopt stricter forms of liability that spread costs up and down supply chains, for products and services. Companies should negotiate contractual solutions on the front end, to mitigate this risk.

Professional Judgment

AI will change the way workers interact with technology, testing basic principles of due care and professional liability.

Take the medical field: Fifty percent of hospitals will adopt some form of AI within the next 5 years. While human monitoring predicts heart attacks 30 percent of the time, AI systems reach 80 percent. For the moment, human monitoring of AI systems can improve outcomes. But for how long?

The law rests on traditional notions of human-monitored technology as safer—from the “informed intermediary doctrine” to the exclusion of clinical software from FDA regulation where health care professionals “independently review the basis” for software’s recommendations.

But soon, AI may be the better-informed intermediary, and professionals may fail to understand the basis for software’s superior suggestions. What then of the doctor, lawyer or air traffic controller who departs from a machine’s counterintuitive, data-driven instructions? Companies will need to monitor industry standards, arrange their human/machine systems accordingly, and allow those systems to evolve as AI and standards of care evolve.

How About Privacy?

Privacy is another area where companies will surely misstep. Already, trace signals in vast data sets are revealing deeply personal traits. One retailer accidentally disclosed a teenager’s pregnancy to her father, through algorithms that mailed coupons for maternity products based on shifts in cotton ball and lotion purchases.

In test studies, AI has inferred race, gender, personality, sexual orientation, politics, suicidality and more from opaque data. As our digital footprints disclose more with increasing certainty, companies should anticipate a shift in privacy law from the reasonable expectation of privacy to the reasonable demand for it, changing the question from what is knowable to what should be usable. To paraphrase Supreme Court Justice Sonia Sotomayor, secrecy may cease to be a prerequisite for privacy.

Already, state and federal legislation, some adopted, some proposed, is carving out protected classes of information: genes (GINA); health (HIPAA); children’s data (COPPA); biometrics (BIPA); intimate images (IPPA); geolocation (GPS Act); and booklists (RPA), to name a few. But why genes and not other biomarkers? Why books but not magazines? Companies should anticipate and protect such emerging zones of privacy now to minimize risk.

The list of affected bodies of law is vast. For example, algorithms, even facially neutral ones, can discriminate, and creative algorithms can produce IP with no clear owner. All of these issues are better addressed in advance—if they can be clearly identified. AI will soon be an important, if not required, tool across industries. We cannot be sure how fast, but we know it’s coming. Companies and their counsel should be planning now to predict and manage risk as these technologies arrive.

Danny Tobey, a Vinson & Elkins partner, is a graduate of Harvard College and Yale Law School. A former software entrepreneur and medical doctor, he has spoken on AI with companies ranging from startups to Fortune 100.