23/02/2026

It’s Quality Time again. Welcome to a new episode in our series of interviews with experts about language services. This time, Jasmin Nesbigall, our Head of MTPE, spoke with Carmen Canfora from RisikoScouts and enjoyed an interesting discussion about risk management in machine translation and the implications of the AI Act.

Carmen Canfora is a risk management consultant at RisikoScouts and, as a lecturer in translation studies at the University of Mainz in Germersheim, trains the next generation of translators and language experts. Once again this year, oneword is a guest at the Careers Day organised by the Department of Translation, Linguistics and Cultural Studies at the University of Mainz in Germersheim

Jasmin Nesbigall (JN): Hello Carmen, thank you for taking the time to talk to me today about the risks associated with machine-generated translation. In the Allianz Risk Barometer 2026, this year AI ranked fourth as a business risk in Germany, and second globally. It ranks behind cyber incidents and business interruptions, but ahead of natural disasters. How did you come to be interested in risk management for translation?

Carmen Canfora (CC): Thank you for inviting me! When I started out in 2013, AI translation wasn’t even on the radar. I became interested in risk management following a lightbulb moment at a tekom event on “Procuring Translation Services”. The discussion focused largely on translation quality, but at one point a technical writer stood up and said, “It’s all very well talking about quality, but if our manuals are translated incorrectly, people could die, and that keeps me awake at night.” That’s when I realised that risk is actually the key factor in translation workflows.

JN: How has this risk changed now that translation is no longer carried out solely by humans, but by machines – whether through traditional machine translation or Large Language Models?

CC: Machine translations generally carry the same risks as human translations: liability risks, financial risks, risks of personal injury and damage to property, and operational risks, such as inefficient processes and human or technical error. However, AI translations entail additional risks, particularly compliance risks and data protection risks, as data processing is less transparent. Once personal and sensitive data has been fed into an AI system, it is very difficult, if not impossible, to retrieve it. The systems are simply a black box. So, for example, we quickly find ourselves facing issues relating to the GDPR.

JN: One of the key aspects of the GDPR is server locations, i.e. where data is processed. With DeepL, this server location is currently shifting to the US due to the use of the Amazon Cloud. So that does pose a risk or a compliance issue for companies, doesn’t it?

CC: Absolutely, but many people aren’t even aware of where their data is being processed.

JN: What about copyright infringements? There has been much debate about where the major providers sourced the text used to train their systems, and whether it was even legal to use it.

CC: That’s true, and it also shows that the issue of liability in relation to AI has not yet been properly regulated. Liability is, of course, a complex issue in general, and it is only recently that the EU Product Liability Directive has come into force, which also applies to AI systems. There are also ethical risks associated with the use of AI, such as the issue of a lack of sustainability. If a company systematically relies on AI for translation, this should really be mentioned in its sustainability report. From a compliance and liability perspective, when compared with human translations, AI translations are therefore significantly more complex and carry greater risks.

JN: But what exactly is the situation regarding liability for content? For example, as part of its transparency requirements, the EU’s AI Act mandates disclosure for AI-generated texts. However, this is not necessary if the results are checked by a human. In the case of AI translation, this checking is carried out through subsequent post-editing. Does this mean that all the liability lies with the post-editors?

CC: I would like to emphasise that I am not a lawyer and cannot offer a legally binding opinion. In principle, however, things can become problematic for post-editors if their working conditions force them to edit an AI translation within a very short timeframe and, due to the circumstances, they can only check it superficially. Because the translation process is so automated, they are sometimes the only humans involved in the entire process. In that case, the liability lies with them as the machines certainly cannot be held liable. I would take that into account when drafting contracts and designing processes.

JN: The AI Act will come into full effect from August 2026, and you’ve studied it in depth both as part of your work in risk management and in your role as a lecturer at FTSK Germersheim. What fundamental principles are applied in the Act?

CC: The AI Act is a really fascinating document because it takes a risk-based approach to the assessment of AI systems. AI systems are therefore categorised into different risk classes.

JN: What are these classes?

CC: There are four classes: minimal risk, limited risk, high risk and unacceptable risk. The latter includes, for example, AI systems for social scoring. These systems are banned.

Of particular interest is the high-risk category, which includes all systems used in particularly sensitive areas and which have the potential to cause damage or harm. This includes any situation in which citizens could suffer harm or have their fundamental rights infringed: public services, education, healthcare, critical infrastructure. In this class, AI is not permitted to make decisions independently, but merely to support them. Human oversight is therefore required as a matter of principle.

Where the risk is limited, users should be aware that they are dealing with AI. The minimal risk class includes AI systems that pose no risk, for example those used in spam filters. Certain requirements must be met for each class, and it goes without saying that these are more stringent for high-risk systems than for those with limited risk.

JN: Large Language Models can’t really be lumped into a single category because it all depends on what they’re being used for, doesn’t it? When an LLM is being used to translate a high-risk text, this carries a greater risk than the translation of an internal e-mail.

CC: Exactly, and that’s what we’ve been calling for in translation risk management right from the start. This means that it’s permissible for translations falling within the high-risk category of the AI Act to be supported by AI systems, but they always require human oversight – in other words, at least some post-editing. Automatic post-editing alone is therefore not enough. It’s also important to note that the AI Act does not address liability, but only compliance – in other words, what is and is not permitted.

JN: From a translation perspective, then, both the risk-based approach and the requirement for human checks on high-risk texts are key ways in which the AI Act supports professional translation, aren’t they?

CC: Yes, if it weren’t for Recital 53… This is an extension of Article 6, which sets out the classification rules for high-risk systems. Recital 53 states that certain AI systems are not included in the high-risk class if they are used within narrow procedural tasks and if they merely support or perform tasks preparatory to decisions. Examples given there include data indexing, text processing and speech processing. That would be considered to be OK as revising the linguistic content of a text – for example, rephrasing it or adapting it to a different style – does not, in fact, pose a significant risk. However, it does also include the translation of initial documents as an example. I think that’s a gross misjudgement: this equates translation with text editing, which is simply not right.

JN: What does this assessment mean in practical terms for the translation industry?

CC: It’s problematic because it can be used as a free pass. Anyone who focuses solely on efficiency when it comes to translation might say, “Take a look at the AI Act, Recital 53 – it states that AI translations are not risky. So let’s just get AI to do the translation and do it quickly!” However, this assessment goes against the spirit of the AI Act, which is very much values-based and for which the protection of citizens is paramount. And harm can certainly result from translations.

JN: Who is responsible for the risk evaluation, i.e. for deciding which category a text falls into? Is that the responsibility of clients, the service provider or translators themselves?

CC: There is no one-size-fits-all answer to that. Amongst other things, the AI Act defines the roles of provider and operator, both of whom are required to carry out a risk impact assessment. This assessment cannot simply be outsourced to a service provider. Regardless of the AI Act, however, the obligation to assess risk may apply to all roles throughout the process chain.
In my view, the client and the service provider – be that an agency or a freelancer – should always jointly assess the translation risks at the outset, as part of the process of clarifying the specifics of the translation project. Risk management must be carried out in advance in order to make sound decisions, rather than after the event. Based on this assessment, an appropriate, risk-based translation process can then be defined. ISO 11669, the standard governing guidelines for translation projects, identifies risk management as a cross-sectional task that applies to the entire process and must be carried out at the outset in collaboration between clients and service providers.

JN: Let’s go back to the providers of AI systems. As part of their disclosure obligations, are providers required to clearly indicate that a text has been generated using AI, for example, by means of a disclaimer?

CC: In this case, the providers are the manufacturers of the systems, who have very extensive obligations and must also highlight the risks associated with use of their systems. However, the actual obligation to ensure transparency lies with the operators who use the system and work with the AI output. In my view, it must always be made clear that a translation has been produced using AI.

JN: In your experience as a risk consultant, has risk awareness in companies increased since the adoption of AI, or has it actually decreased because AI is suddenly being used everywhere and by everyone?

CC: Over the past 10 years, companies have become increasingly aware of the importance of translation risk management. Employees in language service providers and translation departments, in particular, are well aware of the risks that can arise from translations. We generally find significantly less awareness one level higher, that is, among C-level decision-makers. This is because, at this level, translations are primarily seen as a cost factor and the compliance, liability and cyber risks are overlooked.
Looking at the Allianz Risk Barometer in particular, it should actually be quite straightforward to show companies that all these risks may arise as a result of translations. However, the focus is currently very much on efficiency and costs, to the extent that everything else is overshadowed. I get the impression that right now everyone just has to learn the hard way. Ideally, the AI Act and the EU Product Liability Directive will help people realise that there are a number of risks that need to be taken into account during the translation process.

JN: Efficiency and costs bring us to the issue of Quality Estimation (QE), which is currently attracting a great deal of interest. The idea behind this is that a machine assesses the quality of a translation and, in the case of machine translation, determines which translation outputs still need to be checked. So, one machine is evaluating another machine. This also entails a risk: if I trust the assessment and no longer task people with checking segments rated as good, I have to accept that the machine may have been wrong.

CC: This is one of my favourite topics. The question is not so much whether QE is a good thing or not, but rather is it even possible to use QE in certain situations? In my view, quality estimation cannot be used to make decisions about the translation workflow in high-risk areas. Ultimately this would mean that a machine was deciding whether a human being is involved at all. However, high-risk systems need human oversight and the basic principle is that AI systems must not be allowed to make decisions on their own.

Quality estimation can certainly help to improve efficiency. However, efficiency must not be the most important factor in deciding on translation workflows. From a risk management perspective, quality estimation is not a risk-based approach as it does not define the process in advance but is only applied once the process is already underway.

JN: But quality estimation can also be used to help with post-editing. Segments are not ‘pre-sorted’; instead, the results of the QE are used to identify the potential for error and draw the post-editors’ attention to specific segments. However, here too there is a risk that the segments rated as good will be overlooked because people trust the machine.

CC: Yes, that’s correct. I would therefore consider it to be of greater use after post-editing. Say if you run the final text through a machine again to check whether you’ve missed anything or if any parts are unclear, this adds an extra layer of security. However, this step should definitely be carried out after post-editing. After all, cognitive science has shown us exactly what you’ve highlighted: if something has already been flagged in advance as an error, the other, unflagged areas tend to be overlooked. And the unflagged areas could still contain critical errors.

JN: AI is introducing many new issues and challenges to the field of translation. In your view, as a lecturer at the University of Germersheim, how has this changed translator training?

CC: At FTSK Germersheim, we are continuously changing what we deliver and keep a very close eye on how the industry is developing and in which direction it is heading. As a lecturer, my focus is on the critical use of AI tools. I don’t condemn these tools; rather, I highlight their strengths and weaknesses, the role humans play in this context and how translation processes can be designed to incorporate LLMs. In the master’s specialisation Professional Translation, Language Management and Artificial Intelligence, we place great emphasis on AI risk management and AI ethics. My colleague Ralph Krüger from the Technical University of Cologne coined the term ‘AI literacy’, and this is an approach that we in Germersheim also find very exciting and intend to pursue further.
However, it’s important that we continue to build a solid foundation of translation competence. We still have traditional translation exercises that our students have to ‘get through’. After all, you only learn to use AI tools critically by producing translations yourself, rather than simply checking AI output.

JN: Do you sense any uncertainty among students as to whether translators will still be needed in the future or is there a general confidence that language proficiency will always remain important?

CC: Both. The humanities as a whole do not seem particularly appealing at the moment, and of course translation studies are no exception. And there is a sense of uncertainty about how the industry will develop and where students will find their place within it. I’m certain that translators will still be needed in the future but also that the nature of the profession has changed significantly. Students need to be aware of this and we make that clear to them.

In light of the risk barometer, we should redefine the role of translators and approach decision-makers differently: we are not selling words, language or texts. What we sell is security and trust. That is the decisive factor in the ‘brave new world of AI’. If we see ourselves as the ones who ensure security and say, “You’re operating in a highly regulated and high-risk sector, and I’ll make sure you don’t take any major risks with your translations”, then we have a clear chance of survival. We are something akin to underwriters in the insurance industry. I would therefore describe our new role as ‘translation underwriters’.

JN: That new job title makes for a nice closing remark. Thank you very much for talking to us, Carmen!