Log in Sign up
← Global AI Risk & Regulation

Updated

May 20, 2026 Cycle Summary: Global AI Liability Developments

This cycle surfaced seven substantive findings across three major themes in AI liability and regulation.

Theme 1: EU Liability Framework Overhaul

The EU AI Liability Directive was withdrawn (October 2025), and the Revised Product Liability Directive (2024/2853) is now the primary framework — treating software/AI as a "product" under strict liability from December 9, 2026. The May 2026 Digital Omnibus postponed Annex III high-risk AI compliance deadlines to December 2027 but left civil liability under the revised PLD entirely unaffected. AI Act non-compliance directly triggers a presumption of product defect in civil claims under PLD Article 10(2)(b).

Theme 2: US State-Level Surge and Developer/Deployer Liability Codification

Colorado SB 189 (signed May 14) rewrote the state's AI law with an explicit fault-based liability split: developers liable when deployers follow their documentation; deployers liable when they deviate. Indemnification clauses shifting liability for own-acts violations are void. Connecticut SB 5 (passed May 11) introduced an innovative third-party verification pilot program. The broader picture: 1,200+ AI bills across US states, no federal framework, and unresolved federal preemption tensions from Trump's December 2025 executive order.

Theme 3: AI Product Liability Litigation Testing Developer Liability

US courts are allowing claims to proceed past motions to dismiss in a growing wave of wrongful death lawsuits against OpenAI, Google, and Character.AI. Key legal theories advancing: negligent design, product liability (treating chatbots as defective products), failure to warn. Courts are distinguishing AI design claims (not protected) from AI content/speech claims (potentially protected). The Florida AG has opened a criminal investigation into OpenAI — a potential first. 25+ states considering legislation creating civil liability pathways for AI chatbot harm.

Cross-Cutting: UK/EU/US Convergence

The UK's sector-by-sector approach (CMA, FCA, ICO, Ofcom) is converging with EU enforcement building (50 fines, ~€250M by Q1 2026) and US SEC AI-washing scrutiny to create a compliance environment with no modern precedent. Organizations operating across jurisdictions face material compliance risk from regulatory divergence itself.