AI Guide

AI Liability: Legal responsibility for AI-caused harm under EU law

May 20, 2026

AI liability defines who bears legal responsibility when an AI system causes harm - whether a wrong hiring decision, a defective product released by AI quality inspection, or a chatbot providing incorrect advice. The EU AI Liability Directive was withdrawn in October 2025; the revised EU Product Liability Directive (2024/2853), in force since December 2024, is now the primary framework. This article explains the provider-deployer distinction, how the EU AI Act creates civil liability exposure, and what Mittelstand companies deploying AI tools must do to manage their risk.

Key Facts
  • The EU AI Liability Directive was withdrawn in October 2025; the Revised EU Product Liability Directive (2024/2853) - in force since December 2024 - is now the primary EU framework for AI-caused harm.
  • From December 9, 2026, software including AI systems counts as a product under EU strict product liability law - providers face claims without claimants needing to prove fault.
  • A company that substantially modifies an AI tool by fine-tuning it, changing its purpose, or rebranding it automatically becomes its provider and assumes full strict liability obligations.
  • AI Act non-compliance directly triggers a presumption of product defect in civil claims under PLD Article 10(2)(b) - making regulatory compliance a liability shield.
  • 57% of companies identify AI errors, hallucinations, and misinformation as their top AI risk, according to a Gallagher survey of 1,250 organizations.

Definition: AI Liability

AI liability is the legal framework that determines who bears responsibility for harm caused by an AI system, covering strict civil claims against providers under the EU Product Liability Directive, fault-based tort claims against operators, and administrative penalties under the EU AI Act.

Core characteristics of AI liability

AI liability differs from conventional product liability because AI systems are opaque by design, change behavior through updates and self-learning after deployment, and operate across a chain of providers, integrators, and deployers - each of whom may bear different portions of legal exposure.

  • Provider vs. deployer distinction determines who carries strict liability vs. fault-based exposure
  • AI Act non-compliance triggers a presumption of product defectiveness in civil proceedings
  • Disclosure obligations allow courts to compel AI vendors to release training data and source code
  • Insurance gaps: standard professional and product liability policies often exclude AI-specific risks

AI Liability vs. general product liability

General product liability under the 1985 EU directive required claimants to prove defect, damage, and causation - a near-impossible standard for AI systems whose failures emerge from statistical model behavior rather than manufacturing flaws. The revised Product Liability Directive (2024/2853) closes this gap: it includes software and AI systems as products, extends liability throughout the product lifecycle (including via cloud updates), and introduces presumptions of defect where scientific or technical complexity makes conventional proof difficult. AI systems qualify for this exception by design.

Importance of AI liability in enterprise AI

With 13% of organizations already reporting breaches of AI models or applications (IBM 2025) and 53% of German companies citing legal uncertainty as their primary adoption barrier (Bitkom 2025), liability exposure is the practical reality behind abstract compliance conversations. Three simultaneous legal tracks apply to any company using AI in consequential business decisions: the revised PLD (strict liability for providers from December 2026), GDPR Article 22 (right not to be subject to automated decisions), and EU AI Act administrative penalties reaching €35 million or 7% of global turnover for prohibited practices.

Methods and procedures for AI liability management

Three core operational approaches reduce legal exposure for companies deploying AI.

Risk classification before deployment

Classify every AI tool against EU AI Act Annex III before use. CV screening, credit scoring, employee monitoring, and safety-critical quality inspection are explicitly listed as high-risk categories.

  • Map each AI tool to an Annex III category and document the classification rationale
  • For high-risk systems: assign a trained human oversight officer with authority to override AI decisions
  • Retain AI system logs for at least six months (EU AI Act minimum); longer for litigation preparedness

Human oversight as primary defense

Human-in-the-loop review that is documented - not merely available - is the single most effective liability control. The Moffatt v. Air Canada ruling (British Columbia Civil Resolution Tribunal, 2024) established that companies bear full responsibility for their AI system outputs regardless of the underlying vendor; a documented human review layer shifts claims from absolute liability to negligence in the oversight process, which is a far narrower and more defensible exposure.

Vendor contracts and AI Act compliance

Under PLD Article 9, courts can compel vendors to disclose training data, source code, and test reports. Vendors who fail to comply or whose documentation is inaccessible trigger an independent presumption of defect - but the deployer’s procurement due diligence is also scrutinized. Contracts with AI vendors should require: AI Act compliance warranties, data processing agreements for GDPR, indemnification provisions covering third-party claims from AI defects, and explicit IP rights over the documentation needed to respond to court disclosure orders.

Important KPIs for AI liability management

Liability exposure requires active monitoring across three dimensions.

Operational compliance metrics

  • AI inventory coverage: 100% of deployed AI systems classified and documented
  • Human oversight log rate: 100% for high-risk systems, 80%+ for limited-risk systems
  • Article 50 disclosure compliance: 100% of customer-facing AI tools disclose AI nature at first interaction (mandatory from August 2026)
  • Regulatory response time: ability to respond to supervisory inquiry within 5 business days

Financial exposure baseline

Administrative penalties alone create material exposure: €35 million or 7% of global turnover for prohibited AI use, €15 million or 3% for Article 50 transparency violations, and €7.5 million or 1% for providing false information to regulators. Civil claims under the revised PLD add strict liability for providers and negligence exposure for operators on top. BCG estimates 70% of AI transformations fail to achieve initial goals without proper governance - the financial cost of poorly governed AI extends well beyond legal penalties.

Insurance coverage assessment

Review professional liability (Berufshaftpflicht) and product liability (Produkthaftpflicht) policies for AI-specific exclusions. The AI insurance market grew from USD 5.3 billion in 2024 and is projected to reach USD 45 billion by 2035 at a 21.5% CAGR (market research 2025). Nine in ten businesses express interest in dedicated GenAI liability coverage (Geneva Association). Standard policies are increasingly insufficient as insurers begin excluding AI risks explicitly.

Risk factors and controls for AI liability

Three structural risks require explicit management.

Inadvertent provider status

A deployer that substantially modifies an AI system - by fine-tuning it on company data, changing its intended purpose, or deploying it under their own brand to customers - automatically becomes a provider under the EU AI Act and assumes full strict liability obligations. This shift is automatic; no notification or formal registration triggers it.

  • Fine-tuning a vendor model on proprietary data for internal use: potential provider status
  • Building a customer-facing product on top of an LLM: likely provider status
  • Deploying any AI tool under the company’s own brand to external clients: provider status regardless of the underlying technology

Black-box opacity and evidence

AI governance documentation - risk assessments, model cards, testing logs - is both a compliance requirement and the primary courtroom defense. PLD Article 9 allows claimants to compel disclosure of technical AI documentation; if a defendant fails to produce accessible documentation, the court may independently presume the product is defective. For AI operators, this creates a procurement obligation: verify before purchase that vendors can produce interpretable documentation.

Shadow AI and unauthorized use

Employees using shadow AI tools create employer liability for harm caused in the scope of employment - even for tools never sanctioned by the company. IBM 2025 data shows 63% of breached organizations lack AI governance policies. A published AI acceptable use policy and mandatory training does not eliminate this exposure but substantially reduces it by establishing that reasonable care was taken.

Practical example

A 90-employee logistics company in NRW deployed an AI chatbot to handle customer inquiries about shipment status, delivery windows, and claims procedures. The chatbot provided a commercial customer with incorrect information about the contractual liability cap for damaged freight, leading the customer to miss the formal claims deadline. When the error emerged, the court applied the principle established in Moffatt v. Air Canada: the logistics company bore full responsibility for its chatbot’s statements regardless of the underlying AI vendor. The company had no documentation that chatbot outputs were reviewed against contract terms, no human-in-the-loop protocol, and no disclosure that customers were interacting with AI.

  • Full contractual liability for AI-generated statements to customers regardless of the underlying AI provider
  • No Article 50 AI disclosure constitutes a separate regulatory violation from August 2026
  • Absence of content review documentation eliminates the reasonable-care defense
  • No human override protocol leaves no defense against negligence claim

Current developments and effects

Three regulatory developments are reshaping AI liability exposure in 2025 and 2026.

Revised PLD now in force, German transposition due December 2026

The revised Product Liability Directive (2024/2853) entered into force on December 8, 2024. Germany’s Federal Ministry of Justice published the draft transposition law (ProdHaftG-E) in September 2025. From December 9, 2026, AI systems are explicitly subject to strict product liability in Germany.

  • AI-as-a-Service covered: liability extends as long as the provider retains control via updates and patches
  • Privacy-related harms from AI-linked data breaches are explicitly recoverable alongside personal injury
  • Providers who fail to address known AI vulnerabilities post-deployment face ongoing liability exposure

AI Omnibus postpones compliance but not civil liability

The May 2026 AI Omnibus agreement postponed Annex III high-risk AI obligations from August 2026 to December 2027. This only delays administrative compliance deadlines - civil liability under the revised PLD and GDPR Article 22 is entirely unaffected by the postponement. Companies treating the Omnibus as a signal to delay governance preparation face increased exposure during the gap between regulatory deadlines and the PLD’s December 2026 application date.

Sector-specific guidance expanding the liability standard

BaFin published its December 2025 guidance on ICT risks for AI in financial services; deviation from it requires proof of equivalent alternative protection in supervisory audits. BSI published security guidance for AI in OT/industrial systems in December 2025. These create de facto liability standards in regulated sectors beyond the core EU legislation.

Conclusion

AI liability is no longer a future risk - the revised EU Product Liability Directive is in force, the AI Act enforcement clock is running, and courts are already establishing that companies cannot outsource responsibility for their AI systems to vendors. For most Mittelstand companies operating as deployers rather than providers, the practical liability toolkit is straightforward: classify AI tools before deployment, document human oversight, verify vendor AI Act compliance contractually, and publish an acceptable use policy. The organizations that build these foundations before December 2026 will face enforcement and any civil claims from a substantially stronger position.

Frequently Asked Questions

Who is liable when an AI system causes harm - the software vendor or the company using it?

Under the revised EU Product Liability Directive (2024/2853), the AI software manufacturer (provider) faces strict liability for defective products from December 2026. The deploying company (operator) faces fault-based tort liability under §823 BGB if it operated the system negligently - for example, without adequate human oversight or contrary to the vendor’s instructions. Both can face claims simultaneously; the deployer may seek indemnification from the vendor through contractual provisions.

Does the EU AI Liability Directive still apply?

No. The European Commission withdrew the draft AI Liability Directive in October 2025 after it failed to reach agreement. Its intended protections - presumption of causality and disclosure obligations - are now partially covered by the revised Product Liability Directive (2024/2853), which entered into force in December 2024 and applies to new products from December 2026.

Is a small Mittelstand company that only uses AI tools (not builds them) at risk?

Yes, primarily under two tracks. First, tort liability under §823 BGB applies if the company deploys AI negligently - for example, without human oversight in consequential decisions. Second, a deployer that substantially modifies an AI tool (fine-tuning, purpose change, rebranding) automatically becomes its provider and acquires strict liability obligations. The simplest protection: use AI tools only according to vendor instructions and document human review of consequential decisions.

When exactly does the new product liability apply to AI in Germany?

The revised EU PLD entered into force on December 8, 2024. Germany must transpose it by December 9, 2026 - the Federal Ministry of Justice’s draft transposition law is progressing through the Bundestag. From December 9, 2026, any AI software placed on the German market is subject to strict product liability under the new rules, regardless of how it is delivered (installed, SaaS, API).

What if our employees use unauthorized AI tools at work?

Employer liability for employee actions within the scope of employment extends to unauthorized AI tools. IBM’s 2025 data shows 40% of organizations know staff use private AI accounts for work tasks. A written AI acceptable use policy that defines permitted tools and mandatory training reduces - but does not eliminate - this exposure. Employers who can demonstrate reasonable preventive measures (policy, training, monitoring) are in a significantly stronger position than those with no governance framework at all.

How does AI Act non-compliance affect civil liability - separate from fines?

Directly. Under PLD Article 10(2)(b), a claimant who demonstrates that an AI system does not comply with the EU AI Act can trigger a presumption that the product is defective. The defendant (manufacturer) must then disprove the presumption. This means AI Act compliance is not merely a regulatory obligation but a civil liability shield - non-compliance in one proceeding creates presumptive evidence of defect in the other.

Related Terms

EU AI ActAI ComplianceAI GovernanceHuman-in-the-LoopShadow AIAI Officer

Further Resources

DPIA for AI Agents: How the German Mittelstand Implements GDPR Article 35 for Agent Rollouts in 2026
AI Compliance

DPIA for AI Agents: How the German Mittelstand Implements GDPR Article 35 for Agent Rollouts in 2026

Practical guide for German SMEs on running a DPIA for AI agents. WP248 nine-criteria test, DSK Orientierungshilfen, DPIA vs. FRIA (EU AI Act Art. 27), 7-step process, RAG-specific risks, costs and timelines.

 AI as a Compliance Assistant: How the Mittelstand Automates Audit Trails, Policies, and Reporting
AI Compliance

AI as a Compliance Assistant: How the Mittelstand Automates Audit Trails, Policies, and Reporting

How AI agents handle GoBD archiving, DSGVO monitoring, ISO 27001 audit trails, internal policy violation detection, and compliance reporting for German SMEs - cutting manual compliance work by 40-80%.

 Shadow AI in the Mittelstand: The Governance Playbook
AI Compliance

Shadow AI in the Mittelstand: The Governance Playbook

40% of German companies know their staff use private ChatGPT accounts at work, and IBM reports shadow AI adds USD 670,000 per breach. This guide covers the 5-layer governance model, EU AI Act Article 4 training duties, works council alignment, tool selection, and a 90-day rollout plan for the Mittelstand.

 AI Agent Security: Prompt Injection, Data Leakage, and the OWASP LLM Top 10 for the Mittelstand
AI Security

AI Agent Security: Prompt Injection, Data Leakage, and the OWASP LLM Top 10 for the Mittelstand

Practical AI agent security guide for German SMEs. The OWASP LLM Top 10, the lethal trifecta, real 2025 incidents (EchoLeak, Cursor, GitHub Copilot), 7-layer defense in depth, EU AI Act and BSI compliance, and a 90-day hardening playbook.
Building better software Contact us together