Liability Guidelines for AI-Generated Content

MAJOR AI LEGAL NEWS. The revised EU Product Liability Directive came into force yesterday, 8 December 2024. It represents a fundamental shift in how liability for AI systems and software is addressed. The Directive could directly impact organisations using and developing AI, and they may wish to consider if they need to reassess their contracts, policies, and operational approaches to liability management. Under the new framework, AI system providers (treated as manufacturers in the legislation) are liable for defects in AI systems and software that cause harm, potentially including defects that emerge after deployment. This potentially includes harm linked to updates, upgrades, or the evolving behaviour of machine-learning systems. Organisations should also consider the liability implications for failing to have sufficient AI literacy among their staff which is a requirement under the AI Act from 2 February. AI training may now be a business imperative for some organisations. The Directive’s approach to defectiveness considers not only when a product is placed on the market but also whether the manufacturer retains control over it post-market, such as through updates or connected services. This means manufacturers may be held liable for defects that arise after deployment if they could reasonably foresee and mitigate risks but fail to act. Organisations, particularly those providing software or AI systems, should look at ongoing compliance and risk management to meet evolving safety expectations. The Directive's coverage of potential liability for post-market defects could have big implications for contracts. Organisations should consider whether their agreements with suppliers, integrators, and distributors include clear terms governing responsibility for defects. The focus is on whether the product provides the safety consumers are entitled to expect. A proactive approach to risk management, extending beyond initial product deployment to encompass ongoing updates and system monitoring may be prudent. Software providers should take note that they potentially could be held liable even if their product operates as a component of a larger system. This liability regime incentivises stronger warranties, indemnities, and cooperation agreements to allocate risk effectively across supply chains. Companies should review existing contracts to confirm they reflect the Directive's requirements and renegotiate where necessary to close gaps in accountability. The Directive also works in tandem with EU regulations like the AI Act. Businesses that fail to meet mandatory product safety requirements under the likes of the AI Act risk facing presumptions of defectiveness under the Product Liability Directive. With the AI Liability Directive in progress, organisations should also prepare for further changes that will make it easier for claimants to bring AI-related liability claims.

AI liability is about to get real. The lawsuit against OpenAI over a teenager’s ChatGPT-assisted death isn’t just about one tragic case. It could redefine how enterprises must treat AI. If courts accept these claims, AI will no longer be “just software.” It will be judged like a dangerous product - with strict liability, duty to warn, and negligence standards applied. For enterprises, the ripple effects are enormous: 1. Product liability exposure - Deploying AI could carry the same legal risks as selling a defective car or medical device. “Use at your own risk” disclaimers won’t be enough. 2. Duty to warn - Expect mandatory disclaimers, onboarding risk screens, and context-specific safety alerts when AI is used in HR, finance, or healthcare. 3. Governance as legal defense - Companies will need documented AI safety frameworks (NIST/ISO-style) to prove they took “reasonable care.” 4. Unlicensed practice risk - If courts rule AI engaged in psychology, similar arguments could apply to AI in law, medicine, or finance. Human oversight may become legally required. 5. Insurance shake-up - AI-specific liability coverage will become a must-have, not an afterthought. This could be the moment where AI moves from “experimental software” to regulated, high-liability product. Enterprise leaders should start planning now: • Demand transparency from vendors on safety testing and controls. • Implement “safety by design” in internal AI programs. • Review insurance, compliance, and risk frameworks before lawsuits force the issue. The question is no longer if AI liability will hit enterprises, it’s when, and how prepared you’ll be.

⚖️Generative AI in EU law 🔍 This paper serves as a critical analysis of the AI Act, identifying gaps and challenges in addressing the rapidly advancing applications of Generative AI. It provides recommendations to ensure the safe and compliant deployment of LLMs. 🚀 Regarding liability: 🎯 Benefits The Product Liability Directive and AILD provide valuable structures for addressing liability in GenAI applications by recognizing the potential liability from post-deployment learning. This scope supports claims for damages, including rights violations, and addresses AI opacity and information asymmetry between providers and users. Both directives shift the burden of proof, requiring providers to disclose relevant information if harm is suspected. 🎯Gaps Both directives rely on the AI Act, which has limitations when applied to General-Purpose AI (GPAI) models. Initially, the AI Act classified GPAI as high-risk by default, but it has since adopted a 'systemic risk' approach. Yet, it lacks clear criteria for defining societal risks specific to GPAI, creating ambiguity around liability and making it challenging to determine the conditions under which GenAI falls within AILD’s scope. 🎯 Recommendations for a Tailored Code of Practice (CoP) The authors recommend establishing a CoP for GPAI models presenting systemic risks. This CoP would clarify the model’s compliance with the AI Act and provide a framework for risk management specific to GenAI. Extending the disclosure mechanism and rebuttable presumption of causation to all GPAI models would also enhance accountability, as GenAI developers typically possess incident-relevant information and should be obligated to share it. 🎯Clarifying Model Development and Data Intent The lack of a singular purpose in GenAI models complicates risk prediction and compliance assessments as required by the AI Act. To manage risks more effectively, the authors propose emphasizing criteria such as model scalability, input diversity, and transparent data usage objectives. For models trained on restricted datasets that rely on few/zero-shot learning capabilities, developers may need to disclose auxiliary information, thereby clarifying links between observed and unobserved object classes and aligning with transparency goals. 🎯Incorporating Ethical and Technical Safeguards The paper suggests combining conventional fault criteria with additional ethical and technical safeguards within the CoP. These would guide GenAI developers to: 🔸 Enhance Data Transparency: Document data intent and collection methods. 🔸 Ensure Data Quality: Construct representative datasets of sufficient quality, reducing risks of overfitting and increasing generalizability. 🔸 Implement (Pro)Active Monitoring: Includes reporting potential harm incidents and forming alliances with credible third-party organizations for validation and evidence access. 🔗 https://lnkd.in/dERy5n9u #AI #AIAct

If you are an organisation using AI or you are an AI developer, the Australian privacy regulator has just published some vital information about AI and your privacy obligations. Here is a summary of the new guides for businesses published today by the Office of the Australian Information Commissioner which articulate how Australian privacy law applies to AI and set out the regulator’s expectations. The first guide is aimed to help businesses comply with their privacy obligations when using commercially available AI products and help them to select an appropriate product. The second provides privacy guidance to developers using personal information to train generative AI models. GUIDE ONE: Guidance on privacy and the use of commercially available AI products Top five takeaways * Privacy obligations will apply to any personal information input into an AI system, as well as the output data generated by AI (where it contains personal information).  * Businesses should update their privacy policies and notifications with clear and transparent information about their use of AI * If AI systems are used to generate or infer personal information, including images, this is a collection of personal information and must comply with APP 3 (which deals with collection of personal info). * If personal information is being input into an AI system, APP 6 requires entities to only use or disclose the information for the primary purpose for which it was collected. * As a matter of best practice, the OAIC recommends that organisations do not enter personal information, and particularly sensitive information, into publicly available generative AI tools. GUIDE 2: Guidance on privacy and developing and training generative AI models Top five takeaways * Developers must take reasonable steps to ensure accuracy in generative AI models. * Just because data is publicly available or otherwise accessible does not mean it can legally be used to train or fine-tune generative AI models or systems.. * Developers must take particular care with sensitive information, which generally requires consent to be collected. * Where developers are seeking to use personal information that they already hold for the purpose of training an AI model, and this was not a primary purpose of collection, they need to carefully consider their privacy obligations. * Where a developer cannot clearly establish that a secondary use for an AI-related purpose was within reasonable expectations and related to a primary purpose, to avoid regulatory risk they should seek consent for that use and/or offer individuals a meaningful and informed ability to opt-out of such a use. https://lnkd.in/gX_FrtS9

The European Commission published its first draft of the “Code of Practice on Transparency of AI‑Generated Content” designed as a tool to help organizations demonstrate alignment with the transparency requirements (Art. 50) of the AI Act. Article 50 of the AI Act includes obligations for providers to mark AI-generated or manipulated content in a machine-readable format, and for users who deploy generative AI systems for professional purposes to clearly label deepfakes and AI-text publications on matters of public interest. The document is divided into two sections. The first section covers rules for marking and detecting AI content, applicable to providers of generative AI systems, including to: - Use a Multi‑layered machine-readable marking of AI‑generated content - Use imperceptible watermarks interwoven within content - Adopt a digitally signed “manifest/provenance certificate” for content that can’t securely carry metadata - Offer free detection interfaces/tools, including confidence scoring, and complementary forensic detection that does not rely on active marking - Test against common transformations and adversarial attacks - Use open standards and shared/aggregated verifiers to enable cross-platform detection and lower compliance friction The second section covers labelling deepfakes and certain AI-generated or manipulated text on matters of public interest and is applicable to deployers of generative AI systems, including: - Deepfake labelling - Modality‑specific labelling rules for real-time video, non-real-time video, images, multimodal content, and audio-only - Operational governance: encourages internal compliance documentation, staff training, accessibility measures, and mechanisms to flag and fix missing/incorrect labels.

𝐇𝐚𝐥𝐥𝐮𝐜𝐢𝐧𝐚𝐭𝐢𝐨𝐧𝐬 𝐜𝐫𝐞𝐚𝐭𝐞 𝐫𝐞𝐚𝐥 𝐛𝐮𝐬𝐢𝐧𝐞𝐬𝐬 𝐫𝐢𝐬𝐤. Fake numbers enter reports. Wrong insights guide decisions. Sensitive data leaks. Costs silently explode. In AI agents, hallucinations are rarely a “model problem.” They are a system problem. 𝐇𝐞𝐫𝐞 𝐚𝐫𝐞 𝟖 𝐦𝐮𝐬𝐭-𝐤𝐧𝐨𝐰 𝐰𝐚𝐲𝐬 𝐭𝐨 𝐩𝐫𝐞𝐯𝐞𝐧𝐭 𝐡𝐚𝐥𝐥𝐮𝐜𝐢𝐧𝐚𝐭𝐢𝐨𝐧𝐬 𝐢𝐧 𝐀𝐈 𝐚𝐠𝐞𝐧𝐭𝐬 — 𝐛𝐲 𝐟𝐢𝐱𝐢𝐧𝐠 𝐭𝐡𝐞 𝐡𝐢𝐝𝐝𝐞𝐧 𝐜𝐨𝐬𝐭𝐬 👇 - Sensitive data gets pasted into chatbots, creating legal, trust, and compliance exposure unless strict DLP and approved tools are enforced. - Teams adopt random AI tools without visibility, making governance impossible unless usage is centralized through controlled portals. - Free tools lack audit trails, so investigations fail unless logging, access controls, and traceability are mandatory. - People trust outputs blindly, leading to wrong decisions unless validation layers, peer review, and retrieval grounding exist. - Hallucinations become “business facts” when fake numbers enter decks unless citations and trusted sources are enforced. - Token usage explodes quietly without prompt governance, caching, routing, and smaller models to control spend. - Generated content risks IP violations unless enterprise models and compliant workflows protect licensing. - Prompt injection enables security breaches unless prompt firewalls, sandboxing, and allow lists are implemented. The takeaway: Stopping hallucinations isn’t about better prompts. It’s about building guardrails across data, tooling, security, finance, and governance. Do this well, and AI becomes reliable. Ignore it, and AI becomes liability. Save this if you’re building AI agents. Share it with your engineering or security teams. This is how production AI stays grounded. ♻️ Repost this to help your network get started ➕ Follow Prem N. for more

CAUTION for marketing teams using agencies or contractors: Content generated solely by AI (whether it’s text, images, or video) is not copyright protected. That means if your agency uses AI without telling you, you may have just paid for work anyone else can reuse whenever and wherever the heck they want. And marketing agencies are among the heaviest users of AI right now. I know, kinda scary, right?! This came up on a call with a client recently who was concerned with an agency they're using (hint: this applies to fractionals too... ie me in his case LOL). Anyway, after looking into it more (and doing some ChatGPTing), I put together a quick checklist to make sure you're safe with your content: 𝐂𝐨𝐧𝐭𝐫𝐚𝐜𝐭 𝐂𝐥𝐚𝐮𝐬𝐞𝐬: Add language requiring agencies to disclose AI use, and confirm you must approve before delivery. 𝐀𝐩𝐩𝐫𝐨𝐯𝐚𝐥 𝐑𝐢𝐠𝐡𝐭𝐬: Reserve the right to reject any AI-generated content unless it’s supplemented with human authorship. 𝐃𝐨𝐜𝐮𝐦𝐞𝐧𝐭: Ask agencies to provide a record of the tools used and the level of human involvement. In other words, ask them to document everything. 𝐂𝐨𝐩𝐲𝐫𝐢𝐠𝐡𝐭 𝐑𝐞𝐠𝐢𝐬𝐭𝐫𝐚𝐭𝐢𝐨𝐧: For major assets (logos, campaigns, videos, etc), file copyright registrations (requires disclosure of AI use). 𝐑𝐞𝐠𝐮𝐥𝐚𝐫 𝐑𝐞𝐯𝐢𝐞𝐰𝐬: Build AI audits into quarterly agency reviews to check for compliance. 𝐄𝐝𝐮𝐜𝐚𝐭𝐢𝐨𝐧: Train your team to spot AI red flags in deliverables (e.g., odd image artifacts, inconsistent copy tone).

On December 8, 2024, the EU’s new Product Liability Directive (PLD) came into force, with its provisions set to apply fully to products placed on the market after 9 December 2026. The revised PLD has significant implications for AI. The Directive explicitly includes AI systems under its scope, to hold manufacturers liable for defects in AI applications, operating systems, or machine learning-enabled systems. The directive also extends liability to cover defects arising from updates, upgrades, or learning-based modifications made after release, addressing the evolving nature of AI technologies. Links: - European Commission Overview: https://lnkd.in/gn7yC6Cb - Text: https://lnkd.in/gh495jww * * * Who is in Scope? All economic operators involved in the design, manufacture, production, import, distribution, or substantial modification of products, including software and components, in the course of a commercial activity. This includes manufacturers, authorised representatives, importers, fulfilment service providers, and distributors. The Directive explicitly includes: - Products: Tangible goods, digital manufacturing files, software (e.g., AI systems), raw materials, and related services integrated into products. - Substantial Modifiers: Those who make significant modifications to products after their initial placement on the market. When Does It Apply to American Organizations? Any non-EU manufacturer or economic operator whose products or components are imported or made available in the EU market falls under this Directive. This includes: - American companies exporting to the EU. - Entities providing software, digital manufacturing files, or integrated services for products sold or distributed in the EU. * * * Key Points on the Product Liability Directive (EU) 2024/2853 Liability is strict (no-fault-based) and applies to all products, including software and AI systems integrated into or controlling tangible goods. Specific Inclusions: - Software is treated as a product if supplied in the course of commercial activity, regardless of how it is delivered (e.g., SaaS, cloud, or installed on devices). - AI providers are treated as manufacturers under the Directive. - Digital manufacturing files and integrated services (e.g., AI services enabling product functionality) are also in scope. Exemptions: - Free and open-source software is exempt unless distributed in the course of commercial activity. - Personal-use property and purely informational content are excluded. Manufacturer’s Responsibilities: - Includes liability for cybersecurity vulnerabilities. - Requires maintenance of software updates for safety but not necessarily functional updates.

🗞️ 🇪🇺 Last reads for 2025! Great one on the future of gen-AI & traceability: Draft Code of Practice to make AI content technically traceable & perceptible to humans, while protecting trust, democracy & the information ecosystem! 👉🏼The Code proposes a full-stack transparency regime: • Technical traceability by default (providers) • Human-facing disclosure at the point of consumption (deployers) • Harmonised EU signals (taxonomy + icon) • With democracy & info integrity as explicit policy goals 🖊️ Written to operationalise Article 50 of the #AI Act providing a concrete framework to safeguard democratic trust & integrity of the information space in the age of #genAI. 🧭The doc focuses on AI-generated or AI-manipulated content (text, image, audio, video) for : 🔹Providers (technical marking & detection) 🔹Deployers (visible disclosure) 🛠️ Key proposal for providers: mandatory technical marking 🔹make all AI-generated or manipulated content machine-readable, detectable, robust, reliable, interoperable 🔹Require multi-layered marking required (single technique not enough): • Metadata with cryptographic signatures • Imperceptible watermarks embedded in content • Fingerprinting or logging where needed 🧩 Model-level responsibilities Make sure Generative AI model providers: • Embed marking at model level (esp. foundation models) • Support downstream deployers’ compliance • prohibit removal or tampering of marks in terms of use. 🧬 From labels to provenance chains Strong push for content provenance chains, not just AI/non-AI labels: • Record each AI and human modification step • Synchronise markings across text, image, audio, video • Providers encouraged to also support provenance for human-authored content. 🔍 Detection obligations for providers • offer free detection tools (API or public interface): • Confidence scores • Human-understandable explanations • Accessibility compliance • Long-term goal: shared / aggregated EU verifiers. 👁️ Obligations for deployers & #EU harmonisation 🔹clearly disclose AI-generated or manipulated content: Deepfakes (image, audio, video), AI-generated or manipulated text on matters of public interest. Disclose at first exposure. ���🇺 Common EU taxonomy & icon: Introduction of a shared taxonomy 🔹Fully AI-generated, showing degree of AI involvement & explaining what exactly was generated or manipulated; including audio-only & accessibility features Context-sensitive disclosure rules 🔹Detailed rules per format 🔹non-intrusive Disclosure for Creative, artistic, satirical works 🔹Editorial exception for text: No disclosure if human review + editorial responsibility are documented. 📄 Document Prepared by the @European Commission, led by the AI Office & DG CONNECT, with contributions from independent experts, industry, civil society, and academic stakeholders. 🗞️ enjoy the read ! 👏🏼 Kalina Bontcheva Dino Pedreschi Christian Ries Anja Bechmann Giovanni De Gregorio Madalina Botan

🚨AI, IP Infringement & the Legal Gaps ............. Who Owns the Blame? 🔎 Rise of AI-Driven IP Infringement AI is now capable of generating art, music, literature, and even inventions. This has blurred the lines between creator, owner, and violator. The big question: When AI infringes, who is accountable : the developer, the user, or the AI itself? ⚖️ International Perspectives US & EU frameworks lean on traditional copyright and patent systems. AI-generated works are generally not recognized as authorship. Liability often falls back on the human programmer or deploying entity. Global legal systems are struggling to move beyond human-centric laws. 🇮🇳 The Indian Context: Laws & Loopholes Indian Copyright Act (1957) defines “author” as a human, leaving no clarity for AI outputs. Courts have not yet adjudicated directly on AI authorship or liability. Patent law loopholes: AI-generated inventions face rejection as inventors must be human. Lack of clear policy guidance puts businesses and creators at risk. 🚧 Key Challenges Identified Attribution Gap: No legal clarity on who gets credit. Accountability Gap: Ambiguity over liability in AI-driven infringements. Regulatory Lag: AI evolves faster than lawmaking. Cross-Border Conflicts: Different jurisdictions interpret AI rights differently. ✅ Recommendations proposed by Experts and legal luminaries Update Copyright & Patent definitions to account for AI. Consider a “shared liability model” between developer, deployer, and user. Introduce AI-specific IP guidelines for both ownership and infringement. Strengthen international cooperation for harmonized AI-IP laws. 📚 Sources Referenced SCC Online Blog: Legal Accountability for AI-Driven Intellectual Property Infringements – An Analysis of International and Indian Laws (2025) Comparative insights from US, EU, and Indian IP law frameworks. #Corporategovernance #Independentdirectors #IPR #AI #Copyrights #Infringement