More than two decades ago, internet lawyers were dealing with cybersquatting, trademark dilution, metatags, and domain name disputes, all of which at the time felt novel and disruptive.
Today, artificial intelligence presents a similar moment, except the scale is significantly larger. AI systems are now embedded into hiring, healthcare, finance, customer service, and even legal practice itself, often in ways businesses do not fully appreciate until liability questions arise.
As more businesses integrate AI into their daily workflow, companies and employees are forced to ask what legal exposure they are opening themselves up to. The answer depends on whether liability arises from misrepresentation, failure to do mandatory disclosures, copyright infringement, liability from defective product, or other harm caused by AI use or chatbot. In some cases, liability is further dependent on physical location but given the fluidity, it is best to always strive for compliance with the most restrictive provisions to remain compliant. For example, a company could be headquartered in Idaho but have employees or clients in Europe and therefore be impacted by stricter EU laws.
While specific laws regulating AI in United States are still evolving, courts are turning to the traditional theories to impose liability. Businesses should remain aware of the new laws and applicable theories when incorporating AI systems into their practices.
Product Liability Theory
Product liability may become one of the most important areas of AI litigation. Traditional product liability law was built around physical products that behave predictably once sold. AI systems are different. They learn, adapt, and sometimes generate outputs even their developers cannot fully anticipate. Courts are now wrestling with whether AI systems should be treated as products, services, or something in between.
Garcia v. Character Technologies, Inc., Case No. 6:24-cv-01903 (M.D. Fla.) was a Florida case that arose after allegations that a ‘Character.AI’ chatbot engaged a 14-year-old user in emotionally manipulative and sexually suggestive conversations before the minor’s suicide. The court allowed product liability theories to proceed, signaling a willingness to treat certain AI systems as products rather than merely online services. That distinction matters because product liability claims are generally easier for plaintiffs to pursue than ordinary negligence claims. The case was settled.
In Mobley v. Workday, Inc., 3:23-cv-00770-RFL (N.D. Cal. 2023), the plaintiff alleged that automated screening tools disproportionately filtered him out based on age, race, and disability. The court allowed the claims against Workday to proceed under an agency theory, reasoning that the company performed functions traditionally handled by human resources departments. The case is significant because it potentially expands liability beyond employers to the technology vendors themselves, potentially exposing them to liability under Title VII, the ADEA, and the ADA. This case is still active in California and is having a nationwide impact.
Negligent Misrepresentation
What happens when a chatbot on a commercial website provides misinformation? In Moffatt v. Air Canada, 2024 BCCRT 149 (B.C. Civil Resolution Tribunal, Feb. 14, 2024), Air Canada was held liable after its chatbot incorrectly advised a passenger regarding bereavement fare policies. The tribunal rejected the airline’s attempt to distance itself from the chatbot’s statements, effectively treating the AI-generated response as the company’s own representation.
Copyright Infringement
What happens when a copyrighted material of third party is used to train AI based system? This was addressed in Thomson Reuters Enterprise Centre GmbH v. Ross Intelligence, Inc., No. 1:20-CV-613-SB (D. Del. Feb. 11, 2025). Ross intelligence used Thomson’s headnotes for training its legal research model without a license. The court observed that Ross infringed Thomson Reuter’s Copyrighted material and rejected its fair use defense.
FTC Enforcements
The Federal Trade Commission (FTC) regulates Artificial Intelligence primarily through Section 5 of the FTC Act (15 U.S.C. § 45) which prohibits "unfair or deceptive acts or practices”. The FTC has pursued enforcement actions against businesses accused of overstating what their AI products capabilities.
In actions involving Air AI and Workado, the agency focused on alleged deceptive marketing practices and misleading claims regarding AI performance and reliability. The FTC is increasingly issuing orders to companies that provide consumer-facing AI-powered chatbots seeking information on how these firms measure, test, and monitor potentially negative impacts of this technology on children and teens.
AI is a tool, a tool whose use must be disclosed in certain sectors and jurisdiction, a tool which if used in a way which violates law or a mere use violates law or results in acts which violates law exposes not just the one who uses but others in that chain to potential legal exposure.
Some laws are generic, others are fine tuned to require specific disclosures for instance:
Healthcare & Medical Services
Healthcare has become one of the most heavily regulated areas for AI deployment. California’s AB 3030 requires disclosure when generative AI is used in patient communications, while California’s SB 1120 prohibits insurers from relying solely on automated systems for adverse coverage determinations. Other states have imposed restrictions on AI systems operating in mental health contexts without human oversight.
Employment Law
Employment law presents another major exposure point. Illinois requires disclosure when AI tools analyze video interviews, while New York City mandates independent bias audits for certain automated hiring tools.
Furthermore, employers should not assume that outsourcing hiring decisions to third-party vendors will eliminate risk. Regulators and courts are increasingly focused on outcomes rather than internal technical explanations.
Consumer Deception, Safety, & Privacy
State and federal laws are aggressively criminalizing or restricting deceptive autonomous applications:
- The "Bot" Disclosures: Under statutes like California's SB 1001, it is explicitly unlawful to deploy an online chatbot to market goods, services, or influence electronic voting behavior without conspicuously disclosing its non-human identity.
- Deepfakes and Criminal Statutes: Many states have passed targeted criminal measures banning deceptive political deepfakes within critical election windows (usually 90 days before a vote) and broadly criminalizing the distribution of non-consensual sexually explicit deepfakes (e.g., California's SB 981).
Regulations Outside the United States
The European Union AI Act, active since August 2024, creates a tiered regulatory regime based on risk classification.
Unacceptable-risk AI systems (including certain social scoring and subliminal manipulation tools) are prohibited.
High-risk AI systems (covering medical devices, critical infrastructure, employment screening, law enforcement, and education) face conformity assessment, registration, transparency, human oversight, and accuracy requirements before deployment.
Conclusion
Considering rapidly evolving landscape, the highest common denominator is the best way out.
Businesses deploying AI systems should begin with a basic question: where are AI tools already being used inside the organization? Many companies have implemented AI systems informally through HR departments, customer support teams, marketing personnel, or software vendors without a centralized governance structure. At minimum, organizations should maintain an internal AI inventory, conduct periodic bias and performance reviews, implement disclosure protocols where legally required, and revisit vendor agreements carefully. Standard software clauses are often inadequate for AI-related risks, particularly where discriminatory outputs, data misuse, or intellectual property issues are involved.
