Introduction
The Employment Relations Authority’s (the Authority) decision in QTR v BXD [2025] NZERA 716 marks a foundational moment in New Zealand’s burgeoning AI jurisprudence. As one of the first determinations to grapple directly with generative artificial intelligence (AI) in an employment context, the case highlights the friction between innovative litigation tools and traditional confidentiality obligations.
By issuing a compliance order under s 137(1)(a) of the Employment Relations Act 2000, the Authority required an employee to cease uploading confidential employer information into OpenAI platforms, while expressly permitting AI use for tasks “decoupled” or “sanitised” from protected data. While pragmatic, the order raises significant questions regarding AI usage, litigation tactics, and the future of evidentiary standards.
Background
The applicant (QTR), an IT engineer, was dismissed in October 2025 and subsequently sought interim reinstatement and personal grievance remedies. During the disciplinary process and subsequent proceedings, the respondent (BXD) alleged that QTR had uploaded sensitive internal information into a generative AI platform to assist in drafting responses and legal submissions.
The Authority found, on the balance of probabilities, that QTR had used a generative AI tool to prepare documentation that contained:
-
- Hallucinated legal cases;
-
- Contextual references suggesting disciplinary correspondence had been uploaded in its entirety;
-
- Internal technical project data; and
-
- Personal information regarding colleagues and HR personnel.
The Authority concluded this constituted a disclosure of confidential information in breach of the employment agreement, an obligation that survived the termination of employment.
The Compliance Order
Under s 137(1)(a), the Authority ordered QTR to:
“…cease uploading or copying or pasting any of BXD’s confidential information into any OpenAI platform.”
Crucially, the Authority carved out an exception, noting:
“This order does not otherwise limit QTR’s AI use, including for case searches and the like decoupled/sanitised from the protected confidential information.”
The Authority further reminded the parties of judicial guidelines requiring AI outputs to be verified for accuracy and prohibiting the entry of private or privileged information into public generative tools.
Key legal and practical implications
1. Platform specificity vs. technological neutrality
The order was notably narrow, specifically citing “OpenAI.” This raises immediate questions regarding circumvention: could a party technically comply while simply switching to Anthropic’s Claude or Google’s Gemini? Future orders will likely need to be drafted in “technology-neutral” terms to prevent such “platform hopping” and ensure the spirit of the confidentiality remains intact.
2. Strategic prohibitions in litigation
QTR v BXD signals a new procedural lever in New Zealand litigation. We may see a rise in “AI Prohibition Orders”, where parties seek to restrict opposing counsel’s use of AI to process commercially sensitive or privileged material.
3. The “decoupled/sanitised” standard
The Authority permitted AI use where data is “decoupled,” yet offered no formal definition of what constitutes sufficient sanitisation.
This leaves several “grey areas” for practitioners:
-
- What is the threshold for effective anonymisation?
-
- Does summarisation count as “decoupling” if the underlying logic remains proprietary?
-
- How can a party provide evidentiary proof that a prompt was sufficiently “cleaned”?
4. The “two-tier” access risk
The determination touched on the distinction between free-tier AI (which often uses data for model training) and secure enterprise-grade AI. If courts begin to view enterprise AI as the only “safe” option, we risk creating a two-tier system where economically constrained litigants are restricted from using AI tools that their counterparts can afford to access securely.
Lessons for the workplace
The case underscores that AI use during disciplinary or Authority processes is not a “private” act. Uploading correspondence or internal data into external large language models may constitute:
-
- A breach of contractual confidentiality;
-
- A violation of privacy obligations; and
-
- Misconduct justifying disciplinary action.
Recommendations for employers:
-
- Consider updating confidentiality clauses in Individual Employment Agreements to explicitly include AI processing.
-
- Implement clear AI policies regarding permissible tools and data handling.
-
- Provide training on “sanitisation” practices to avoid accidental data leaks.
Broader context: AI and the administration of justice
The Supreme Court’s warning in Jones v Family Court at Whangarei [2026] NZSC 1 reinforces this judicial caution. The Court noted that reliance on hallucinated authorities may, in serious cases, amount to an obstruction of justice. This aligns with QTR v BXD, where hallucinations served as the primary evidentiary “smoking gun” that AI had been misused. Together, these cases signal that AI-assisted work will be held to the same professional and ethical standards as traditional legal research.
Conclusion
QTR v BXD is a pivotal entry in New Zealand’s emerging AI case law. While it confirms that the Authority is willing to restrain AI misuse, it also leaves a trail of unresolved questions regarding technology-specific wording and the definition of “sanitised” data. For now, the case serves as a blueprint for the next phase of AI governance: a world where “I was just using a drafting tool” is no longer a valid defence for a breach of confidence.
Need advice? The team at Copeland McAllister are happy to support you on policies, privacy and all elements of workplace law. Give us a call on 03 211 0153 or email admin@cmalaw.co.nz.
Disclaimer: This update provides commentary on employment law, health and safety and immigration topics, it should not be used as a substitute for legal or professional advice for specific situations. Please seek legal advice from your lawyer for any questions specific to your workplace.