You can't blame the AI

· Carl Heaton · AI Security Commentary

If your business puts an AI in front of customers, you own what it says. The chatbot on your website, the AI that drafts a quote, the tool that summarises a customer's question and fires back an answer, the description it writes for a product page: in law, those are your words. "The AI got it wrong" is not turning out to be a defence. You can outsource the writing. You cannot outsource the liability.

That is the practical lesson under a court ruling worth knowing about. On 9 June the Regional Court of Munich held Google directly liable for false claims made by its AI Overviews, the summaries Google puts above its search results. Google's AI had tied two Munich publishers to scams and subscription traps, drawing connections that appeared in none of the sources it cited. The court called those "the defendant's own statements". Google built the AI, Google offered it to users, so Google owns what it produces.

Google's defence was the one every business reaches for. Users know AI can be wrong, the company argued, and they can check the sources themselves. The court rejected it. An AI summary that reads as a confident, self-contained answer is a statement in its own right, and the fact that a diligent reader could disprove it does not exempt the publisher who served it.

An AI is your agent, not your alibi

The security writer Bruce Schneier and the data scientist Nathan Sanders put the principle plainly in an essay on the ruling, flagged by the developer Simon Willison in his link blog. An AI agent, they argue, is an agent of the person or organisation that deploys it, and the law should treat it as such. If a company hired human writers to produce its summaries, it would be liable for inaccuracies in them. Letting businesses "hide behind the excuse of faulty AI" would be, in their words, "a massive handout to companies" with "disastrous incentives for corporate misbehavior". The cheap option cannot also be the one that absolves you every time it slips.

This is not new law so much as old law catching up. Two years ago a Canadian tribunal held Air Canada responsible for a discount its chatbot invented, rejecting the airline's claim that the bot was a separate entity answerable for its own mistakes. The chatbot's promises were the company's promises. The German ruling extends the same logic to AI that writes rather than just retrieves.

Why this lands on a UK SME

The Munich court applies German law, and the decision is not yet final. The underlying principle, though, is not a quirk of one jurisdiction. Under UK law you are already on the hook for what your business communicates. A false statement that damages someone's reputation can be defamation whether a person or a model wrote it. A misleading claim to a consumer engages consumer protection rules. A promise your chatbot makes can form part of a contract. Bad personal data your AI generates about a real person is your problem under the UK General Data Protection Regulation, the law that governs how you handle people's information. None of these rules contain an exception for "the software did it".

The exposure is larger than it looks because AI errors are not rare. Tests of Google's AI Overviews earlier this year found mistakes around 10% of the time. At Google's scale that is thousands of wrong answers a second, and most are harmless. The ones that are not get a name and an address. Your business runs smaller, but the maths is the same: a customer-facing AI answering hundreds of questions a week will, sooner or later, say something false, defamatory, or contractually binding that you did not intend.

What to actually do about it

You do not need a legal department. You need a few decisions written down before the wrong answer goes out, not after.

Put a human between the AI and the customer where the stakes are real. Marketing copy, internal drafts, and first-pass summaries can flow freely. Anything that makes a promise, quotes a price, gives advice, or describes a named person or company should be reviewed before it leaves the building. The review is the cheap insurance.

Log what your AI tells people. If you cannot reconstruct what your chatbot said to a customer on a given day, you cannot defend it, correct it, or learn from it. Keep the prompts and the outputs. A complaint six weeks later is a far smaller problem when you can pull the exact exchange.

Read what your vendor's terms actually disclaim. The supplier of the AI behind your chatbot has almost certainly written its contract so that accuracy is your responsibility, not theirs. That is the whole shape of the market: the provider sells the capability and pushes the liability for its output down to you. Know which vendor disclaims what before you put their model in front of a customer, because the gap they leave is the gap you are standing in.

Say so in your AI policy. If you have a policy, it probably covers what staff may paste into a chatbot. It likely says nothing about who owns the output that goes back out to a customer. That is the half worth adding: customer-facing AI output is the company's word, it gets reviewed in proportion to the risk, and a named person owns the call.

The comfortable assumption was that an AI sits between you and the customer like a contractor you can blame when it fails. It does not. It sits there like an employee whose mistakes are yours. Plan for the version where it is wrong, because that version is coming.

How Steelwise can help

Working out where a customer-facing AI needs a human in the loop, what your supplier contracts actually leave you carrying, and what your AI policy should say about liability for output is the kind of review we do. Get in touch.

Further reading

← All filings