This website will offer limited functionality in this browser. We only support the recent versions of major browsers like Chrome, Firefox, Safari, and Edge.

Search the website
Thought Leadership

Who is liable if AI goes wrong? UKJT statement on AI and civil liability published

Picture of Tom Whittaker
Passle image

The UK Jurisdiction Taskforce (UKJT) is an industry-led initiative, tasked with promoting the use of English law and the UK’s jurisdictions for technology and digital innovation. It has established itself as a leading voice on how English law applies to emerging technologies. Its previous Legal Statements on cryptoassets (2019) and digital securities (2023) have been widely cited by courts and practitioners alike. In December 2024, the UKJT established a subcommittee to address a question of growing practical urgency: whether and how English law provides adequate redress for harms caused by the use of artificial intelligence.

The resulting Legal Statement on Liability for AI Harms, published in July 2026 following a public consultation, is a substantial and authoritative piece of work.  It was written by leading technology barristers and supported by an expert group, including Burges Salmon's Head of AI Advisory, Tom Whittaker.

The purpose of the Statement is to address perceived uncertainty about civil liability for AI-related harms under English law. It is not a treatise, nor is it legal advice, nor is it proposals for legal reform. Rather, it is a practical legal statement of how existing legal principles apply to the challenges posed by AI. In a landscape where few AI liability cases have yet reached the courts, it provides much-needed guidance for lawyers, businesses, and developers.

Here, we summarise the key points. 

Scope

The Statement focuses on non-deliberate harm: that is, situations in which those who have not set out deliberately to cause harm may nonetheless be liable for harms resulting from the use of AI. It addresses English private law across a range of established legal bases, including negligence, vicarious liability, professional liability, product liability, and the law of false statements (including negligent misrepresentation, defamation, and deceit).

Certain areas are expressly excluded: economic torts, competition claims, intellectual property rights, data protection, issues arising from the use of AI by public authorities, and legal issues relating to AI contract formation.

The Statement adopts a technology-agnostic definition of AI, identifying its key characteristic as autonomy - capturing the unpredictable relationship between input and output, opacity of reasoning, and a limited ability on the part of a user to control output.

It uses the Ada Lovelace Institute’s actor framework to identify the key participants in an AI supply chain: data providers, foundation model developers, application developers, hosting suppliers, users, and affected third parties.

Key Legal Issues

The Statement identifies two broad sources of civil liability: voluntarily assumed responsibilities (principally contract) and liability imposed by law (principally tort). Its analysis then works through each in turn.

Contract. Contract will generally be the primary basis on which liability for harm is allocated among parties within an AI supply chain. The Statement concludes that the fact the subject matter is AI poses no special difficulty for contract law. Parties are free to allocate risk, define performance standards, and limit liability as they see fit. (Although, how negotiations work in practice is a different issue, one which is addressed in the Ada Lovelace Insitute report Risky Business).

Negligence. In the absence of contract, negligence is the main route to liability. A person is liable where a duty of care is owed, where that person fails to meet the required standard of care, and where this failure caused foreseeable harm. The Statement emphasises the flexibility and adaptability of the law of negligence and concludes there is no conceptual reason why it cannot be applied to AI harms. A careless user of AI is likely to be held liable for foreseeable harm. A developer of a narrowly targeted application is also likely to be liable. However, a foundation model developer is in most circumstances unlikely to be held liable for unforeseeable or insufficiently tested uses of their general-purpose models.

Vicarious liability. This is where a person to be held liable for wrongs committed by another, such as an employer for an employee, even if the employer is not personally at fault.  However, AI is not a legal person, so no one can be vicariously liable for the actions or failures of an AI system itself. But, an employer can be held vicariously liable for AI-related harm if that harm arose because a human employee acted wrongfully while using AI. The legal analysis in such a scenario is no different from any other situation in which an employer is held responsible for the actions or omissions of its staff. Similarly, a person who owes a non-delegable duty, such as an NHS trust’s duty to its patients, cannot escape liability by arguing that a defect in an AI tool was the fault of a third-party developer.

Professional liability. The Statement poses a question of real practical significance: in what circumstances can a professional be liable for using, or failing to use, AI in the provision of their services? Professionals such as lawyers, architects, and doctors have an obligation to exercise reasonable skill and care. That obligation applies to their use of AI just as it does to any other aspect of their work. What constitutes reasonable skill and care is determined by the standards ordinarily exercised by competent members of that profession, informed by expert evidence and the guidance of professional bodies. On that basis, a professional may be found negligent for using AI inappropriately, for using an unsuitable model, for failing to conduct proper due diligence, or for failing to test or validate AI outputs effectively. 

Equally, a professional could be liable for failing to use AI in circumstances where a competent member of their profession would have done so. As AI tools become more capable and more widely adopted, the standard of care will evolve, and the failure to use available technology may itself become a breach of duty.

Product liability. The Consumer Protection Act 1987 imposes strict liability for defective products. Currently, this applies only where AI is integrated into physical or tangible products such as robots or automated machines. An AI system that is purely software is unlikely to be characterised as “goods” under current law. The Statement notes that the Law Commission has announced it intends to review the CPA 1987, including the status of pure software.

Causation. The “but for” test applies and, in general, the Statement sees no particular difficulty in applying it in the AI context. Challenges may arise from the opacity and autonomous nature of AI, but these are not unique to AI. English law has mechanisms, such as the Fairchild exception for material increase in risk, that can address causation difficulties. Developers and deployers are unlikely to be liable for misuse by bad actors unless the AI was obviously dangerous, but are likely to be liable for harms caused by AI acting autonomously unless those harms were unforeseeable. Notably, the published report includes additions to the draft consultation version, including additional methods by which the courts may address the causation challenge. For example, the courts may not adhere ridigly to a ‘but for’ test but may ask whether an actor ‘materially contributed’ to the damage even if that party cannot by itself be said to have been the “but for” cause of the damage.

False statements and chatbots. The Statement addresses negligent misrepresentation, defamation, and deceit in the context of AI-generated content. Liability for negligent misrepresentation will generally be established where a legal person held out an AI chatbot as communicating on their behalf. For defamation, those deploying AI to publish content in the course of business will most likely be liable as commercial publishers, and several common defences will not be available for wholly AI-generated statements without human review.

Conclusions

The overarching conclusion of the Statement is that English common law is capable of addressing AI liability. The law of contract, negligence, and related doctrines provides a flexible and well-developed framework that can accommodate the novel features of AI. The courts have tools to address potential areas of uncertainty.  This is consistent with the English common law’s long track record of adapting to disruptive technologies.

The Statement does acknowledge areas of genuine uncertainty. The position of foundation model developers remains nuanced: liability will depend on the foreseeability of particular uses. The treatment of highly autonomous AI systems and questions of causation where AI decision-making is opaque present the most difficult challenges. And the current limitation of product liability to tangible goods leaves a gap that may require legislative intervention; a matter now under consideration by the Law Commission.

Significance

This Legal Statement arrives at a critical juncture. AI is being deployed at scale across virtually every sector of the economy, yet very few cases involving AI liability have reached the courts. Businesses, developers, and their advisers have been operating with limited practical guidance on where liability will fall when things go wrong.

The Statement provides that guidance. For lawyers, it offers a structured analysis of how established legal principles apply to AI, reducing the perception that AI creates an ungoverned space. For businesses, it signals clearly that existing duties of care apply to the deployment of AI and that the use of AI does not insulate anyone from liability for foreseeable harm. For developers, it draws important distinctions: those building narrowly targeted applications face greater exposure than those providing general-purpose foundation models, but all participants in the AI supply chain must be alive to their responsibilities.

Perhaps most importantly, the Statement demonstrates confidence in the common law’s ability to respond to technological change without the need for hasty or prescriptive legislation. That is a message of considerable practical importance at a time when jurisdictions around the world are grappling with how, and whether, to regulate AI. English law, the Statement suggests, already has the tools it needs. The task for practitioners is to apply them thoughtfully and with a clear understanding of the technology.

If you would like to discuss how current or future regulations impact what you do with AI, please contact Tom WhittakerBrian WongLucy PeglerMartin Cook or any other member in our Technology team

See more from Burges Salmon

Want more Burges Salmon content? Add us as a preferred source on Google to your favourites list for content and news you can trust.

Update your preferred sources

Follow us on LinkedIn

Be sure to follow us on LinkedIn and stay up to date with all the latest from Burges Salmon.

Follow us