Who Pays When AI Kills? Four Countries, Zero Answers
On February 28, 2024, a 14-year-old boy in Florida named Sewell Setzer III died by suicide. In the months before his death, he had spent thousands of hours talking to AI chatbots on Character.AI, including a role-playing character inspired by the Game of Thrones series. His mother, Megan Garcia, sued. In May 2025, a federal judge ruled the case could proceed, treating the AI chatbot as a product under strict liability law and rejecting the company’s First Amendment defense. Character.AI and Google settled in January 2026.
That single case broke open a legal question that four of the world’s largest economies are now scrambling to answer: when an AI system causes serious harm, who is responsible? The developer who built the model? The company that deployed it? The platform that distributed it? The investor who funded it?
Right now, the answer depends entirely on which country the harm happened in. And the answers are incompatible.
The Case That Changed Everything
Garcia v. Character Technologies, Inc. (Case No. 6:2024-cv-01903, M.D. Florida) is the first wrongful death lawsuit ever filed against an AI chatbot company in the United States. The claims included strict product liability for design defect, failure to warn, negligence, and wrongful death. Defendants included not just Character Technologies but also co-founders Noam Shazeer and Daniel De Freitas Adiwarsana, plus Google and Alphabet.
Judge Anne Conway’s ruling on May 21, 2025 mattered far beyond this single case. She was “not prepared to hold that Character AI’s output is speech”, which neutralized the most powerful defense available to AI companies: the argument that their outputs are constitutionally protected expression under the First Amendment. She treated the AI app as a product at the pleading stage. That framing, product not speech, is now rippling through every AI harm case filed since.
The settlement came January 7, 2026, with undisclosed terms and a commitment to new safety features for users under 18. It resolved the immediate litigation. It also prevented the appellate ruling that would have given every court in America binding guidance on the First Amendment question. That question remains open. And every plaintiff’s attorney in the country noticed.
The cases that followed came fast. In August 2025, the parents of 16-year-old Adam Raine sued OpenAI in California Superior Court, alleging ChatGPT fostered emotional dependency and provided self-harm instructions. Later that year, the estate of an elderly Connecticut woman filed a wrongful death action alleging that an AI chatbot’s interactions with her son materially contributed to a homicide-suicide. In March 2026, insurer Nippon Life sued OpenAI in federal court in Illinois to recover costs from AI-assisted legal filings that cited nonexistent cases.
The number of generative AI-related lawsuits in the US grew 978% between 2021 and 2025, passing 700 cumulative cases, according to a March 2026 report by Gallagher Re in conjunction with MIT and Testudo Global Inc. The year-over-year filing rate accelerated from 59% growth in 2023-2024 to 137% growth in 2024-2025. AI product liability litigation is no longer a hypothetical risk. It is a present operational one.
Four Jurisdictions, One Question
This is not a story about a single court case crossing borders. It is a story about four major legal systems each building their own answer to the same question, and those answers pointing in entirely different directions.
| Jurisdiction | Current Status | Key Mechanism | Timeline |
|---|---|---|---|
| United States | Case law developing; no federal AI liability statute | Product liability via tort; First Amendment question unresolved | AI LEAD Act and CHATBOT Act proposed; 1,000+ state bills filed in 2025 |
| European Union | EU Product Liability Directive in force Dec 2024 | Strict liability; AI = product; manufacturer presumption | Member state transposition deadline: December 9, 2026 |
| United Kingdom | Consultation closed Feb 2026; Law Commission review announced | Existing tort law; no AI-specific statute yet | Public consultation on “pure software” planned for H2 2026 |
| Canada | Landmark ruling Feb 2024 (Air Canada) | Negligent misrepresentation; corporate liability for chatbot output | No federal AI liability legislation enacted as of June 2026 |
Canada: The Air Canada Precedent
The most legally clean ruling in the entire AI liability landscape came not from a US federal court but from the British Columbia Civil Resolution Tribunal in February 2024. Jake Moffatt relied on Air Canada’s chatbot for information about bereavement fares while booking a flight to attend his grandmother’s funeral. The chatbot gave him incorrect information. Air Canada later refused to honor the discount, arguing its chatbot was effectively a “separate legal entity” for which the company bore no responsibility.
Tribunal Member Christopher C. Rivers dismissed that argument directly. Air Canada is responsible for all information on its website, the ruling stated, whether it comes from a static page or an AI chatbot. Customers cannot be expected to distinguish between human-provided and AI-provided information. Damages awarded: CAN$812.02. Precedent established: priceless.
This is the foundational principle now being applied in every jurisdiction: AI has no legal personality. The company does. The company owns the output.
The UK: Acknowledging the Gap
In January 2026, the UK Jurisdiction Taskforce published a draft Legal Statement on liability for AI harms. Its conclusion was honest about the problem in a way that most regulatory documents are not. The UKJT stated that “given that AI tools can act with a degree of autonomy, there is a potential gap in the law if there are circumstances in which neither the AI itself nor its operator can be held liable for harms arising from the AI’s actions.” They named the gap. They have not yet filled it. The UK Law Commission has announced a public consultation on “pure software” for the second half of 2026.
The EU: The December Deadline That Rewrites Everything
The EU moved fastest and furthest. The EU Product Liability Directive (Directive 2024/2853) came into force on December 8, 2024. It explicitly includes software, including AI systems, within the definition of “product” subject to strict liability. AI providers typically qualify as “manufacturers.” Cloud-based AI, on-device AI, and SaaS products are all covered. Member states must transpose this into national law by December 9, 2026, which is six months from today.
The directive contains a mechanism that should alarm every legal team deploying AI in Europe: a rebuttable presumption of defectiveness. If a defendant fails to meet its disclosure obligations, courts can presume the AI caused the harm. Companies cannot contractually exclude this liability. Non-compliance with the EU AI Act constitutes a product defect. The two frameworks are linked: fail the AI Act audit, and you have just handed plaintiffs a liability hook.
The Product Liability Turn
Understanding why product liability matters here requires understanding what it was built to do. Product liability law evolved to handle mass-distributed manufactured goods where individual causation is hard to prove but the defect is systemic. It assigns liability across a chain: designer, manufacturer, distributor, retailer. It does not require proving that a specific person was negligent. It asks whether the product was defective and whether that defect caused the harm.
Plaintiffs’ attorneys discovered this framing fits AI systems better than any other available doctrine. As attorneys Amy Wong and Jin J. To of K&L Gates wrote in March 2026: “Early AI cases that began through adjacent doctrines, consumer protection, privacy, defamation, and IP, are now consolidating around product liability.” The reason is structural. Product liability “is built to evaluate mass-distributed technologies through the lenses of defect, warnings, and foreseeability, with liability that can extend across a chain of entities.”
The key tactical insight driving this consolidation: plaintiffs are not suing the model. They are suing the deployed product experience, the interface, the defaults, the absence of guardrails, and the marketing claims. This sidesteps the First Amendment entirely. You are not claiming the AI’s speech is unlawful. You are claiming the product was defectively designed to reach and manipulate vulnerable users without adequate warnings.
The First Amendment Wildcard
There is one argument that could unravel the entire product liability wave. If a higher court rules that chatbot outputs are constitutionally protected speech, most of these tort claims fail. Plaintiffs would need to satisfy the demanding Supreme Court test for unlawful incitement to violence. That is a very high bar.
Judge Conway’s ruling in Garcia was explicit that she was “not prepared” to treat AI output as speech, but that was a motion-to-dismiss ruling, the lowest legal threshold. The Foundation for Individual Rights and Expression filed an amicus brief in Garcia pressing exactly this question. The settlement prevented the appellate ruling that would have resolved it. Per analysis from the American Enterprise Institute, without binding higher-court precedent, every new AI harm case is re-litigating the same threshold questions from scratch, creating expensive and inconsistent outcomes for everyone.
The Insurance Gap Is Now Contractual
The AI liability gap was theoretical until January 2026. Then it became contractual.
In January 2026, the Insurance Services Office introduced new endorsement forms giving commercial general liability carriers the option to formally exclude generative AI exposures from standard policies. Before that, the coverage was “silent”: ambiguous enough that a company might or might not be covered depending on how their specific incident was characterized. After January 2026, insurers can simply write “GenAI excluded” into the contract. Many are doing exactly that.
“AI is changing the risk landscape faster than traditional frameworks can adapt, and the organizations that invest early in transparent governance, scenario analysis and insurance alignment will be best positioned to adopt AI safely and to turn risk into a source of long-term advantage.” Brent Rieth, Head of Global Cyber Solutions, Aon
The data behind this transition is stark. Of companies that experienced AI-related losses and made claims in 2026, just over half were covered in full. 44% were only partially covered. 3% were entirely uninsured. That is according to Gallagher’s 2026 AI Adoption research. Nearly half of all companies that suffered an AI-related loss and tried to claim on their insurance did not get the full amount they expected.
AI incidents themselves are growing at roughly 50% year-over-year, according to WTW’s Willis Research Network. 2025 exceeded 2024’s total before the year had ended. The volume of incidents is increasing faster than insurance capacity is being created to cover them.
There is a structural concern beyond just pricing. Josephine Wolff, Professor of Cybersecurity Policy at Tufts University’s Fletcher School and a specialist in insurance and cybersecurity policy, identifies a systemic risk that goes beyond individual corporate exposure:
“It is not yet clear whether insurers will embrace having a role in managing AI risks and, if so, which risks they will be willing to cover and which they may view as fundamentally too large or unpredictable to insure.” Josephine Wolff, Associate Dean for Research, The Fletcher School, Tufts University (May 2026)
The concern she is raising is real. AI risk has a concentration problem that traditional catastrophe insurance does not. Geographic catastrophes like hurricanes and earthquakes affect specific regions. An AI defect in a widely adopted foundation model can trigger simultaneous harm and claims across thousands of organizations globally. There is no geographic limit. The risk is potentially uninsurable by conventional actuarial methods.
The insurance industry went through this same inflection point with cyber risk in the mid-2010s. Silent cyber gave way to explicit exclusions, which drove the creation of dedicated cyber insurance lines, which matured into a multi-billion dollar market. AI liability is at that same silent-to-explicit inflection point right now. The companies that acted during the silent cyber phase and built dedicated coverage while premiums were low were in a fundamentally better position than those who discovered the exclusion at renewal time. The window for that kind of strategic preparation is closing.
Boards Are in the Crosshairs
A survey published in 2026 by Diligent Institute and Corporate Board Member found that only 8% of boards rate themselves as having strong AI expertise. Yet 40% of directors named technological developments including AI as the single most challenging issue to oversee. 66% of directors already use AI for their own board work, and only 22% have governance processes governing their own usage of it.
This mismatch between exposure and expertise is not just embarrassing. Under Delaware’s Caremark doctrine, it is a legal liability.
Caremark derivative suits allow shareholders to sue board members personally for failing to adequately oversee risks that then caused the company financial harm. Cleary Gottlieb’s January 2026 board guidance publication identifies AI governance failures as a specific Caremark exposure. If a company suffers a major AI-related loss and the board had no designated AI risk owner, no regular reporting cadence on AI deployments, and no policy framework for third-party AI tools, those facts become evidence of a breach of the fiduciary duty of oversight.
88% of businesses now use AI in at least one function, according to Cleary Gottlieb’s analysis. The board fiduciary duty has not been narrowly construed for decades. It will not be narrowly construed here either.
“In 2026, we anticipate that the pace of AI regulation will remain unpredictable and increasingly stringent.” Nithya Das, General Manager, Governance at Diligent
There is also a gap between the perceived threat and the actual one. A Sentry Insurance survey cited in the March 2026 Gallagher Re report found that 69% of US executives believe a single AI-related verdict could shut their company down. Yet only 17% list AI lawsuits as a top business threat in their current risk registers. They fear the outcome. They are not managing the cause. That is the definition of a governance failure.
What Companies Must Do Now
The EU’s December 9, 2026 transposition deadline is the most concrete forcing function available. Any AI-powered product placed on the EU market after that date is subject to strict product liability across 27 member states. That deadline is six months away. Here is what legal, compliance, and board teams should already be doing.
- Audit every AI deployment against the EU PLD’s “product” definition if you operate in Europe or sell to European customers. Cloud-based AI qualifies. If you are unsure, assume it does and work backwards from there.
- Map your AI supply chain and find the indemnification gaps. The enterprise deploying a third-party model bears liability for that model’s outputs under current US and EU frameworks. Your vendor contract’s limitation-of-liability clause was written before this legal landscape existed. Review it with this exposure in mind.
- Commission an explicit AI coverage review of every relevant policy: CGL, D&O, E&O, professional indemnity. Ask specifically whether GenAI is excluded under current or upcoming renewal terms. Do not wait for a claim to find out.
- Put AI explicitly on the board risk register with a named executive accountable for AI risk governance. This is not just best practice. It is Caremark protection. Document that the board is receiving regular reporting on AI deployments, known risks, and mitigation actions.
- Document every testing, safety, and deployment decision for every AI system in production. This documentation becomes the evidentiary backbone of any legal defense. Courts and regulators will ask for it. Having it does not guarantee a win, but not having it is effectively a concession.
The Arguments Against the Wave
The liability wave has real legal and structural critics. Their arguments deserve attention from anyone building strategy around this issue.
Existing Law May Already Be Enough
The UK Jurisdiction Taskforce’s draft Legal Statement takes an explicitly optimistic view: English law, including existing tort doctrine and contract principles, can in principle address AI harms without new legislation. The contrarian case is that AI-specific liability regimes generate compliance overhead without improving victim outcomes, while suppressing beneficial AI deployment. Kevin Frazier, a policy researcher at AI Frontiers, argued in June 2025 that “in the absence of federal legislation, the burden of managing AI risks has fallen to judges and state legislators, actors lacking the tools needed to ensure consistency, enforceability, or fairness.”
He has a point about fragmentation. Over 1,000 AI bills were introduced at the federal and state level in the 2025 legislative session. AI products are not built on a bespoke basis for niche geographic markets. A patchwork of dozens of state laws creates compliance chaos without solving the underlying problem.
The First Amendment Could Reverse Everything
The American Enterprise Institute has argued directly that the entire AI liability wave is built on a legally fragile foundation. The Garcia ruling was at the motion-to-dismiss stage, the lowest legal threshold. If an appellate court holds that AI outputs are constitutionally protected speech, most tort claims evaporate. The Garcia settlement prevented exactly the appellate ruling that would have resolved this. Until a binding higher-court decision exists, plaintiffs and defendants will keep relitigating the same threshold questions.
The EU’s Two-Framework Problem
Academic analysis by legal scholar Philipp Hacker identifies a coherence problem in the EU’s dual-track approach: the AI Act handles ex-ante compliance, the PLD handles ex-post liability. The PLD does not define safety standards; it links liability to AI Act compliance. But AI Act compliance does not address individual rights of compensation. Victims can fall between the two frameworks. Hacker’s recommendation is a single, fully harmonizing regulation rather than two miscoordinated directives.
One More Thing to Scrutinize
The 978% lawsuit growth figure is striking, but it conflates copyright infringement cases (the largest category at 11.9%) with personal injury and harm cases, which are legally and factually very different. Boards receiving messaging about exploding AI litigation should ask specifically which type of litigation is relevant to their actual deployment profile before recalibrating risk budgets.
FAQ: AI Liability Law 2026
Who is liable when AI causes harm?
Under current law in the US, UK, EU, and Canada, AI systems have no legal personality and cannot themselves be held liable. Liability flows to the humans and organizations that developed, deployed, or used the AI. Courts are consistently treating AI as a tool, meaning the deploying organization owns both the benefits and the legal exposure from its outputs, even when those outputs are generated by a third-party model it did not build.
Can an AI company be sued for wrongful death?
Yes. The 2024 filing of Garcia v. Character Technologies established that wrongful death claims against AI chatbot companies can proceed in US federal court. Judge Anne Conway denied Character.AI’s motion to dismiss in May 2025, treating the chatbot as a product and rejecting First Amendment defenses. Character.AI and Google settled in January 2026. Additional wrongful death suits against OpenAI are currently pending in California.
What is the EU AI Product Liability Directive?
The EU Product Liability Directive (Directive 2024/2853) came into force in December 2024 and explicitly includes software and AI systems in the definition of “product” subject to strict liability. EU member states must transpose it into national law by December 9, 2026. After that date, AI providers qualify as manufacturers and cannot contractually exclude liability for defects, including AI Act non-compliance.
Is a company responsible for what its AI chatbot says?
Yes, according to current rulings in both the US and Canada. In Moffatt v. Air Canada (2024), British Columbia’s Civil Resolution Tribunal ruled that Air Canada could not disclaim responsibility for its chatbot’s misinformation by calling it a “separate legal entity.” Companies are responsible for all information on their platforms, whether it comes from a human employee or an automated system.
What is the AI liability gap?
The AI liability gap refers to the mismatch between where AI harm is occurring and where legal and insurance frameworks have clear rules. In January 2026, the Insurance Services Office introduced endorsements allowing carriers to formally exclude generative AI from standard commercial general liability policies, converting the theoretical gap into a contractual one. Companies that assumed coverage exists may find at renewal that it no longer does.
Do boards of directors face personal liability for AI decisions?
Potentially yes, under Caremark doctrine in Delaware. Boards of companies that suffer financial losses from AI failures may face shareholder derivative suits alleging directors breached their fiduciary duty of oversight. Cleary Gottlieb identified this as a specific board-level exposure in January 2026, noting that 88% of businesses use AI in at least one function while board AI expertise remains critically low across the S&P 500.
Can AI chatbot output be protected by the First Amendment?
This is the most consequential unresolved question in AI liability law. Defendants in US cases have argued chatbot outputs are protected speech, which would shield them from most tort claims. Judge Conway in Garcia ruled she was “not prepared” to treat AI output as speech at the pleading stage. That was not a binding appellate decision. The Garcia settlement prevented the ruling that would have resolved this, leaving it open for every subsequent case.
Where This Goes in the Next 18 Months
The next 18 months will not produce clarity. They will produce more cases, more settlements that prevent clarity, and one hard regulatory deadline that will force companies to treat AI liability as a compliance issue whether courts have resolved the doctrine or not.
The EU’s December 9, 2026 transposition deadline is the single most consequential near-term forcing function in global AI liability law. For the first time, a major jurisdiction with global market reach has legislated that software is a product under strict liability, and that manufacturer status attaches to AI providers. Companies that operate in Europe and have not yet aligned their vendor contracts, insurance coverage, technical documentation, and board governance against this framework have roughly 166 days to do so.
Watch three things. First, whether any US appellate court issues a binding ruling on the First Amendment question currently evaded by the Garcia settlement. Second, whether the AI LEAD Act or CHATBOT Act advances past the Senate Judiciary Committee, given the bipartisan coalition behind both. Third, whether the EU AI Act’s Digital Omnibus receives formal European Parliament adoption by July 7, 2026 as expected, which would solidify the link between AI Act compliance and product liability exposure across the single market.
The companies that treat this as a compliance checkbox will be the defendants in the cases NeuralWired covers next year. The ones that treat it as a strategic design constraint now will build the documentation, governance, and insurance infrastructure that actually holds up in court.
Stay ahead of AI law, governance, and enterprise risk. Subscribe to The Neural Loop, NeuralWired’s weekly briefing for technology decision-makers, at neuralwired.com/newsletter.