How Does AI Affect Human Rights — and How Should It Be Governed?
AI now mediates hiring, healthcare, education, policing and public benefits. A rights-based analysis of where AI presses hardest on internationally recognised human rights — and the ten-pillar governance framework that closes the gap between principle and enforceable accountability.
Artificial intelligence no longer sits at the margins of institutional decision-making. AI systems now help determine who is surveilled, who is hired, who is admitted to education, who is prioritised for healthcare, and who receives public benefits. As the OECD’s definition makes clear, an AI system infers from its inputs how to generate predictions, recommendations and decisions that influence real environments, which means AI does not merely process information. It distributes power.
That is why the most useful lens for governing AI is not ethics, innovation policy, or technical safety. It is international human rights law. This article sets out where AI presses hardest on internationally recognised rights, why existing law is strong in principle but weak in operation, and what a rights-based governance framework actually requires.
The rights framework already exists
Three instruments form the backbone of international human rights law. The Universal Declaration of Human Rights recognises inherent dignity, equality, privacy, freedom of expression, work, health and education. The International Covenant on Civil and Political Rights protects privacy, expression, liberty, fair-trial guarantees and effective remedy. The International Covenant on Economic, Social and Cultural Rights protects the rights to work, health, education and the benefits of scientific progress.
These instruments are technology-neutral, and that is both their strength and their weakness. They apply to AI-mediated harm, but they were not written for harms that are opaque, probabilistic, cross-border, privately mediated and hard to attribute. As Lane (2022) observes in the International & Comparative Law Quarterly, AI governance initiatives have improved legal certainty, but critical questions remain unanswered: when does an AI system become unlawful, who is accountable, and what remedies exist?
Five places where AI meets human rights
Biometric surveillance. Facial recognition and remote biometric identification create enduring vulnerability because biometric identifiers cannot be changed. The EU AI Act prohibits untargeted scraping of facial images and tightly restricts real-time biometric identification in public spaces, while the UNESCO Recommendation on the Ethics of AI states plainly that AI should not be used for social scoring or mass surveillance. The emerging consensus: some biometric uses are incompatible with human rights even when technically accurate.
Predictive policing. When algorithms convert historical policing data into future enforcement priorities, past discrimination is laundered into ostensibly neutral prediction. The UN human rights office documents this feedback loop precisely: “bias from the past leads to bias in the future”: over-policed communities generate more recorded offences, which teach the algorithm to send more police.
Automated decisions in employment, health and education. Research published in Humanities and Social Sciences Communications (Chen, 2023) shows AI-enabled recruitment can encode discrimination by gender, race and personality traits, typically inherited from limited datasets and the assumptions of system designers. The EU AI Act classifies AI used in education, employment, essential services, law enforcement and justice as high-risk for exactly this reason.
Generative AI and expression. Generative systems cut both ways: they broaden access to information and creativity, and they industrialise misinformation, impersonation and manipulation. The United Nations warns that synthetic content can be highly believable, hard to detect, and corrosive to public trust. A recent study in Policy and Society (Taeihagh, 2025) catalogues the governance risks: hallucination, jailbreaking, opacity, bias amplification, privacy leakage and profound power imbalances.
Algorithmic profiling. Profiling produces what might be called invisible discrimination: differential treatment whose causes are hidden inside data features, model weights and proprietary logic. A person who cannot see why they were treated differently cannot challenge it, which is why UNESCO links opacity directly to the erosion of fair-trial and effective-remedy rights.
The gap is operational, not normative
Here is the paradox of AI governance in 2026: the principles have never been more abundant, yet an affected person may still be unable to learn whether AI was used in a decision about them, what data it relied on, or how to contest the outcome.
The instruments are converging: the OECD AI Principles set the trustworthy-AI baseline, UNESCO provides the ethical architecture, the EU AI Act converts risk into binding obligation, and the Council of Europe Framework Convention, the first legally binding international AI treaty, anchors the full AI lifecycle to human rights, democracy and the rule of law. The UN’s guidance on human rights due diligence for digital technology extends these duties to states and the businesses they procure from.
Yet enforcement remains fragmented across borders. Private actors control the evidence needed to prove harm. Human oversight is too often nominal. And remedies are individual, while algorithmic harms are structural.
A ten-pillar rights-based framework
Ethics can guide design; only law supplies standards, duties and remedies. Our proposed framework translates human rights doctrine into ten operational requirements for any consequential AI system:
| Pillar | Governance requirement | Human rights function |
|---|---|---|
| Legality | Clear legal basis for AI use | Prevents arbitrary interference |
| Legitimate aim | Rights-compatible purpose | Prevents function creep |
| Necessity | Demonstrable need for AI | Avoids unjustified automation |
| Proportionality | Impacts balanced against benefits | Limits excessive intrusion |
| Dignity | No objectification or manipulation | Protects personhood |
| Equality | Bias testing, substantive non-discrimination | Prevents exclusion |
| Transparency | Notice, documentation, explainability | Enables scrutiny |
| Human oversight | Competent, empowered human review | Preserves accountability |
| Contestability | Appeal, correction, remedy | Protects due process |
| Lifecycle auditability | Monitoring, logs, reassessment | Addresses evolving risk |
The test this framework applies is deliberately different from the one most organisations start with. Not “is this system innovative?” but “is this system compatible with dignity, equality, transparency and remedy?” Where the answer is yes, AI can genuinely expand access to healthcare, education and information. Where it is no, the law should require redesign, restriction or outright prohibition.
What each actor must do
- Governments must not deploy rights-violating systems, must regulate private actors, and should publish registers of AI used in policing, welfare, health, education and justice.
- Technology providers owe lifecycle due diligence: data governance, bias testing, documentation, red-teaming, monitoring and incident reporting.
- Regulators need the powers, and the technical competence, to inspect evidence, mandate impact assessments, and impose restrictions or bans.
- Independent auditors verify that controls work in practice, not just on paper: real-world performance, bias, robustness, security, logging and remedy.
- Deploying organisations should maintain AI inventories, conduct human rights impact assessments, disclose AI use where rights are affected, and guarantee meaningful human review.
From framework to verification
A rights-based framework only matters if somebody independently checks it is being followed. That is where certifiable AI governance enters: ISO/IEC 42001, the world’s first auditable AI management system standard, operationalises many of these pillars (risk and impact assessment, human oversight, transparency and continual improvement) as requirements an independent audit team can actually test. Adoption is still early: our research on the state of ISO/IEC 42001 in New Zealand and Australia shows only a handful of organisations in the region hold certification while AI deployment accelerates.
Human rights law tells us what AI must not do to people. Auditable governance is how organisations prove it. The organisations that close that gap first will not just be compliant. They will be trusted.
References
- Chen, Z. (2023). Ethics and discrimination in artificial intelligence-enabled recruitment practices. Humanities & Social Sciences Communications, 10, 567.
- Council of Europe (2024). Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law.
- European Commission. AI Act: Regulatory framework for artificial intelligence.
- Lane, L. (2022). Clarifying human rights standards through artificial intelligence initiatives. International & Comparative Law Quarterly, 71(4), 915–944.
- OECD. OECD AI Principles.
- OHCHR (1966). International Covenant on Civil and Political Rights.
- OHCHR (1966). International Covenant on Economic, Social and Cultural Rights.
- OHCHR (2024). Racism and AI: “Bias from the past leads to bias in the future”.
- OHCHR. Human rights due diligence for digital technology use: Guidance of the Secretary-General.
- Taeihagh, A. (2025). Governance of generative AI. Policy and Society, 44(1), 1–22.
- UNESCO (2021). Recommendation on the Ethics of Artificial Intelligence.
- United Nations (1948). Universal Declaration of Human Rights.
- United Nations. Safeguarding Human Rights and Information Integrity in the Age of Generative AI. UN Chronicle.
Talk to Cianaa Technologies
ISO 42001 readiness and AI risk assessments aligned to the EU AI Act and emerging Australian guidance.
Book a discovery callGet the next one in your inbox
One email when we publish. Written by named auditors, never by a marketing robot. Unsubscribe anytime with one click.

