Artificial intelligence increasingly produces real, measurable consequences in everyday life — from medical diagnoses to credit decisions, from traffic systems to personnel selection. When an AI system makes a wrong decision or causes harm, a fundamental legal question arises: who is liable, and how can an injured party obtain compensation? The answer is not straightforward, and the EU has taken a pioneering role in attempting to establish a clear legal framework. This text is informational in nature and does not substitute individual legal advice.
Why Classical Tort Law Frameworks Are Insufficient
Traditional liability law rests on proving a causal link between the act (or omission) of a specific person and the resulting harm. In the case of AI systems, this model faces multiple challenges:
The opacity problem (black box) — many AI systems, particularly those based on deep learning, operate in ways that make it very difficult, and sometimes practically impossible, to explain why a specific decision was made. Proving causation becomes extremely challenging when the logic of the system cannot be reconstructed.
Distributed liability — the development and deployment of a single AI system typically involves an entire chain of actors: researchers who developed the algorithm, the company that trained the model, integrators who embedded the model in a specific product, and the company or individual who actually uses the system. Which of these actors bears liability, and to what extent?
System adaptivity — AI systems that learn and modify their behaviour during use in a production environment may cause harm through actions that their developer neither anticipated nor could have anticipated at the time the system was placed on the market.
Information asymmetry — the user or victim of harm rarely has access to technical documentation, training data, or the internal logic of the system that caused them harm.
The EU Legislative Framework: Three Pillars
The EU approaches AI liability through three interrelated instruments:
1. The AI Act as the Preventive Layer
The AI Act (Regulation (EU) 2024/1689 on Artificial Intelligence), which entered into force on 1 August 2024 and applies progressively, is primarily not a direct tort regulation — it establishes ex ante obligations (prior to harm) for the development and deployment of AI systems. However, breach of the AI Act carries direct implications for liability: failure to meet technical and organisational requirements (documentation, transparency, testing) may serve as key evidence in civil proceedings for compensation.
A company that has not conducted a risk assessment for a high-risk AI system, or has not established human oversight mechanisms, and that system subsequently causes harm, will be in an extremely difficult position to defend itself in civil or criminal proceedings.
2. The New Product Liability Directive
The Product Liability Directive of 1985 (85/374/EEC), which introduced strict liability for defective products, has been revised: the new Directive (EU) 2024/2853 on liability for defective products was published in the Official Journal of the EU on 18 November 2024, entered into force on 9 December 2024, and Member States are required to transpose it into national legislation by December 2026. The new directive explicitly includes software and AI systems in the category of “products,” meaning that in certain cases claims for compensation are available without the need to prove fault. The directive also provides for disclosure obligations and presumptions of defectiveness in favour of the injured party in certain situations.
3. The AI Liability Directive (Withdrawn Proposal)
In 2022, the European Commission put forward a proposal for a Directive on liability for artificial intelligence (the AI Liability Directive). This instrument was focused on adapting rules of evidence in civil proceedings, rather than on introducing a specific tort regime.
The key provisions of the proposal included:
Right to explanation — persons who suffered harm would have the right to request from deployers and providers of AI systems documentation and information about the functioning of the system relevant to the harm caused.
Presumption of causality — if the claimant proved that the defendant had breached the applicable rules (including the AI Act) and that there was a link between that breach and the harm suffered, a causal link would be presumed and the burden of proof would shift to the defendant.
These provisions directly addressed the problem of information asymmetry that places injured parties at a disadvantage before courts. However, the European Commission withdrew this proposal from the legislative procedure during 2025, and as of the date of publication of this text, no new instrument of the same purpose has been proposed. Some of the issues addressed by the proposal are covered by the new Product Liability Directive, while the remainder for the time being falls under general national rules on evidence.
Allocation of Liability Across the AI Value Chain
In practice, identifying the responsible party requires an analysis of the specific role of each actor:
Developer (developer/provider): Liable for design defects, errors in training data, insufficient testing, and inadequate documentation of the system. Obligations under the AI Act are most onerous precisely for this role.
Integrator (deployer): Liable for the appropriateness of the choice of AI system for the given application, compliance with the AI Act as a deployer, transparency towards end users, and monitoring of the system in production.
End user/operator: Liable for proper use of the system in accordance with instructions and intended purpose. Cannot invoke an AI system error if the system was used in a manner inconsistent with the instructions for use.
Where multiple actors contribute to causing harm, they may be jointly and severally liable, with each retaining a right of recourse against the others.
Sector-Specific Considerations: Medicine, Law, Finance
Liability for AI-caused harm is particularly sensitive in regulated sectors:
Medical applications — AI diagnostic tools are classified as medical devices and are subject to a dual regulatory framework — the MDR (Medical Device Regulation, Regulation (EU) 2017/745) and the AI Act. A physician using an AI tool retains professional liability for the final diagnostic or therapeutic decision; they cannot be released from liability by claiming that “the AI recommended” a particular course of action. This is a decisive issue for medical practice.
Legal and financial services — AI systems providing legal advice or financial recommendations enter areas of strict professional regulation. Lawyers and financial advisers who delegate professional judgment to AI systems remain liable to clients for the outcomes of those recommendations.
Employment and HR — AI systems used in candidate selection or performance evaluation may generate discriminatory harm. Employers who rely on such systems cannot escape liability for discrimination by attributing the decision to autonomous AI action.
Frequently Asked Questions (Q&A)
If an AI system made an error that caused me harm, whom do I sue? The answer depends on the specific circumstances. As a rule, there are two potential defendants: the company that developed the system (for design or training defects) and the company or person that applied the system in dealing with you (for improper use or inadequate oversight). In practice, claims are often brought against both actors, and the court determines the allocation of liability.
Can AI be a legal subject independently liable for harm? Under current EU and Serbian law — no. AI is not a legal subject and cannot be sued. Liability always falls on a natural or legal person in the AI value chain. Discussions about the possible legal personhood of AI are ongoing in academic circles, but legislative implementation is not on the horizon.
How is it proved that it was the AI system specifically (and not something else) that caused the harm? This is one of the most challenging evidentiary questions, particularly with opaque systems. The new Product Liability Directive (EU) 2024/2853 eases the position of the injured party through disclosure obligations and presumptions of defectiveness in certain situations, while the AI Liability Directive proposal — which provided for a presumption of causality in the event of a breach of the AI Act — was withdrawn from the procedure. Expert evidence in the IT and AI field will be of critical importance in such cases.
Can insurance cover AI-caused harm? The market for AI risk insurance is developing. Certain forms of professional liability insurance and product liability insurance may already cover some AI-caused harm, depending on the specific policy and its scope. Whether an existing policy covers AI risks is determined by interpreting the insurance terms in each individual case.
Conclusion
The question of liability for AI-caused harm is not an academic dilemma — it is a question that already arises before courts and in compensation negotiations today. The EU legislative framework is today more coherent than ever — the AI Act and the new Product Liability Directive have been adopted — but certain elements, such as specific rules of evidence for AI-caused harm, remain open following the withdrawal of the AI Liability Directive proposal. Companies that develop or deploy AI systems must proactively assess their position in the liability chain and align their documentation, oversight procedures, and insurance with the forthcoming requirements.
If you have questions about liability for AI systems that your company develops or uses, or if you have suffered harm caused by an AI system, schedule a consultation with our team specialising in digital law and AI regulation.
Sources: – https://eur-lex.europa.eu/eli/reg/2024/1689/oj (AI Act, Regulation (EU) 2024/1689) – https://eur-lex.europa.eu/eli/dir/2024/2853/oj (Directive (EU) 2024/2853 on liability for defective products) – https://digital-strategy.ec.europa.eu/en/policies/liability-artificial-intelligence – https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-liability-for-ai – https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4573801