AI Liability: Who Is Responsible When AI Gets It Wrong?
Published
17 July 2026
Listen to this post using the player at the bottom of the page.
I'm a software engineer and AI practitioner, not a lawyer. Nothing in this post is legal advice. This is me sharing what I've been reading and watching in a space I think anyone deploying AI needs to pay attention to. The situation is moving fast, and this reflects what I understand to be the state of things as of July 2026.
I've been following the AI liability conversation for a while now, partly because of the governance work I do at Jumbo and partly because I think it's one of the most underappreciated operational risks for any business deploying AI right now. Not the existential stuff, but the practical question: when an AI system causes real harm, who is on the hook?
The legal profession is actively trying to work this out, and some genuinely interesting things are happening. Cases are being decided. Academics are publishing. Law firms are writing guidance for clients. What I haven't seen much of in Australian tech circles is people actually paying attention to it, so here's my attempt at a summary of what I've been reading.
The first clear precedent: Air Canada's chatbot
The case everyone in AI liability circles keeps coming back to is Moffatt v Air Canada, decided in early 2024 by the British Columbia Civil Resolution Tribunal. A passenger named Jake Moffatt used Air Canada's chatbot to ask about bereavement fares after his grandmother died. The chatbot told him he could book at regular fare and then apply for a bereavement discount retroactively within 90 days. That wasn't Air Canada's actual policy. He followed the chatbot's advice, paid full price, applied for the discount, and Air Canada refused it.
Air Canada's defence was extraordinary: they argued they couldn't be held liable for information provided by one of their own "agents, servants, or representatives — including a chatbot," effectively suggesting the chatbot bore its own independent responsibility. The tribunal rejected this, finding that Air Canada is responsible for all information on its website, including what its chatbot tells customers. They awarded Moffatt the difference in fare.
It wasn't a huge amount of money. But the principle matters. A company cannot disclaim responsibility for its AI by treating it as a separate actor. The business that deploys the AI owns what the AI does. That's the direction courts are heading, and Australian lawyers are paying attention to it.
What's happening in Australia
Australia hasn't had a landmark AI liability case yet, but we've had a preview of where things could go. In 2023, Brian Hood, then Mayor of Hepburn Shire, threatened to sue OpenAI after ChatGPT falsely claimed he had been convicted of bribery and sentenced to prison in a foreign corruption scandal. He hadn't. He was actually a whistleblower in the case. The story made international headlines, partly because it would have been the first defamation lawsuit against an AI company anywhere in the world.
OpenAI corrected the output before a lawsuit was filed, but the episode prompted serious commentary from Australian legal academics and practitioners about how our defamation law, which is notably stronger than in the US, might apply to AI-generated content. Australian legal academics and practitioners, including technology law specialists, published on the question of whether a defamation claim could succeed when the "publisher" is an AI system and the "author" is a company that didn't write the specific content but deployed the system that produced it.
Australian law firms have been writing about the broader liability picture extensively. Allens and MinterEllison both publish regularly on AI governance and liability risk for Australian businesses, and their client guidance is worth reading even if you're not their client. The general picture they paint is consistent: Australia's existing legal frameworks, the Australian Consumer Law, the Privacy Act, anti-discrimination legislation, and common law negligence, all create exposure for businesses deploying AI, but none of them were designed for it. The gaps are real and the case law to navigate them doesn't exist yet.
The Law Council of Australia has been pushing for legislative action and submitted to multiple government consultations making the case that voluntary guidance isn't enough. Their position, which several academics have echoed, is that we need clarity on which party in an AI supply chain carries liability when harm occurs, because right now no one really knows.
The part that isn't getting enough attention: AI that takes actions
Most of the early legal commentary focused on AI making decisions, a hiring tool rejecting a candidate, a credit model declining a loan. That framing is already behind where the technology is.
The more interesting liability question right now is what happens when AI doesn't just recommend but acts. Agentic AI tools that can send emails, write to databases, delete records, call APIs, or interact with external services on your behalf are being deployed today, and the legal frameworks don't have clean answers for what happens when they go wrong.
Consider the scenario that comes up more than people admit: an AI assistant drafts and sends an email autonomously, pulls a contact from the CRM, and fires off a client update that contains financial projections to the wrong recipient. That's a potential notifiable data breach under the Privacy Act, a possible breach of confidentiality obligations, and depending on what was in the email, a commercial dispute. The AI didn't malfunction. It did exactly what it was configured to do. The harm came from the configuration, the data access it was given, and the absence of any human review step before the email went out.
Or an AI agent with write access runs a cleanup task and deletes records outside its intended scope. No malice, no attack, just an AI doing something it was technically permitted to do in a context where it probably shouldn't have had that permission at all.
I haven't seen these specific scenarios tested in Australian courts yet, but legal commentary is starting to engage with them. The question under negligence law is whether giving an AI those permissions without a human review step constitutes a breach of the duty of care owed to the people affected. "We didn't know the AI would do that" is not a strong defence when the risk was foreseeable and no one took steps to mitigate it.
The supply chain problem lawyers keep writing about
One theme that keeps coming up in the legal writing I've read is what practitioners are calling the "AI supply chain" liability problem. A company uses a third-party foundation model. They fine-tune it on their own data. They integrate it into a product. That product gets deployed to customers. When something goes wrong, the harm might trace back to the model's original training, the fine-tuning, the integration, the deployment configuration, or some interaction between all of them.
Nobody in that chain has formally agreed who owns the liability. And as multiple law firms have pointed out in client guidance, AI vendor contracts typically cap liability and push output-accuracy responsibility toward the deploying business. Vendors commonly indemnify against third-party IP claims tied to model output, but for most other harms — regulatory breaches, defamatory outputs, reliance-based losses — the business deploying AI has limited contractual recourse against the vendor while still facing full exposure from whoever was actually hurt.
That asymmetry is significant. It means anyone using a third-party AI model or platform needs to treat the liability risk as their problem to manage, not something they can pass upstream through a contract.
Human-in-the-loop: what it means for liability
One of the concepts getting real attention from legal practitioners is human-in-the-loop oversight, specifically whether having a human approve AI outputs before they cause harm actually shifts or reduces liability. The short answer, based on what I've read, is: it can, but only if the oversight is genuine.
There's a spectrum of what "human in the loop" actually means in practice:
Approval-gated actions are the strongest form. The AI prepares or drafts something, but nothing happens until a human explicitly approves it. The email sits in drafts. The database change waits for confirmation. The contract amendment needs sign-off. If something goes wrong after an approval gate, the liability analysis has to grapple with the fact that a human had the opportunity to catch the error and didn't.
Supervisory review is weaker. The AI acts, a human reviews the output after the fact and can reverse it. This reduces the window for harm but doesn't prevent it, and it doesn't create the same clear break in the causal chain.
Notification only is barely oversight at all. A log exists. Someone might look at it someday. Calling this human-in-the-loop is marketing, not governance.
The important nuance that legal commentary is starting to work through is that even a genuine approval gate doesn't fully transfer liability away from the deploying business. Vendors still own responsibility for their systems behaving within their documented capabilities. But an approval gate does change the picture, because it demonstrates that the business took reasonable precautions and created an opportunity for harm to be caught.
What makes an approval gate actually meaningful in a legal context? A few things come up consistently:
The review has to be real, not perfunctory. If the workflow queues two hundred AI-drafted emails for "approval" and employees batch-click through them without reading, that's not oversight. The question is whether a reasonable person in that role could have been expected to catch the error given the time and information they had.
The reviewer needs enough context to exercise judgement. If the AI surfaces a recommended action without showing the data or reasoning behind it, approving it is just rubber-stamping. Real oversight requires the reviewer to see enough to make a genuine call.
Access controls need to match the risk. If the AI has write access to systems it doesn't need to touch, the approval gate is downstream of a configuration problem that already created unnecessary exposure. The principle of least privilege, giving the AI only the access it needs for its task, is the upstream control that makes downstream oversight meaningful.
The process needs to be documented and enforced consistently. An informal understanding that "someone will check" doesn't carry weight. A written policy that specifies who approves what, under what conditions, does.
What's happening globally
The EU AI Act is the most significant piece of AI-specific legislation anywhere in the world and it matters for Australian companies with European exposure. The high-risk AI provisions covering hiring, credit, medical devices, critical infrastructure, and law enforcement are due to apply from December 2027 at the earliest — deferred from earlier timelines by legislative amendments finalised in mid-2026.
The EU had been progressing a dedicated AI Liability Directive, whose centrepiece was a proposed presumption of causation: if a claimant could show the defendant failed to comply with the AI Act and that failure was plausible as a cause of the harm, the court would presume it caused the harm — a significant burden shift designed to address the fact that proving an AI caused specific harm is extremely difficult when the systems are opaque. That directive was withdrawn by the European Commission in February 2025. The revised Product Liability Directive, due for national transposition by December 2026, now extends strict product liability to AI software, though through different presumption mechanisms.
In the US, there's no federal framework and the current administration isn't creating one. But state action is accelerating. Colorado's 2024 AI law used a high-risk AI framework for consequential decisions, though it was significantly revised in May 2026 — the current version uses the term "automated decision-making technology" rather than "high-risk AI" and takes effect January 2027. California, New York, and others have bills moving. The gig economy algorithmic management cases in Europe, where platforms like Uber and Ola have faced legal challenges over automated decisions affecting workers, are being watched carefully as a preview of where employment AI liability might go.
The UK is taking a deliberately lighter approach, asking existing regulators to apply existing powers rather than creating AI-specific law. Whether that works in practice is an open question. A number of UK legal commentators have argued it creates uncertainty because different regulators interpret their mandates differently when applied to AI, and affected parties don't always know which regulator to go to.
What I take from all of this
I find myself thinking about this through the lens of the governance work we do at Jumbo. We built a dedicated AI governance function before we shipped anything to customers, and part of the reason was exactly this: the "we'll add governance later" approach is how you end up with liability you didn't plan for.
What the legal commentary seems to be converging on is that "reasonable precautions" will be the standard courts and regulators apply, even in the absence of specific AI legislation. The question in any case will be: did this business take reasonable care given what it knew and what was foreseeable? The businesses that will be in the strongest position when cases do land in Australian courts are the ones who can demonstrate they understood what their AI was doing, limited its access to what it needed, and had genuine human oversight for consequential actions.
That's not a legal opinion. It's just what I keep reading from the people whose job it actually is to think about this stuff. And I think it's worth more attention in Australian tech circles than it's currently getting.
If you want to go deeper, the Allens and MinterEllison AI publications are publicly available and worth bookmarking. For the academic side, the work coming out of UNSW Law on technology and liability is some of the best Australian thinking on this. And the EU AI Act text itself is readable and worth at least a skim if your product touches European users.
Similar articles

Building Minesweeper in React, Part 1: Client-Side Architecture
Part 1: building a fully playable Minesweeper in React. Board generation, safe first click, flood fill, and Web Audio effects. Then examining what "client-side only" actually means for trust, cheating, and what breaks the moment you want a scoreboard.
16 July 2026

MCP Explained: How AI Models Talk to Your Tools (and What Comes Next)
MCP is the protocol that lets Claude, ChatGPT, and Gemini all talk to your GitHub repo, your database, and your calendar without three different integrations. It's not a ratified standard yet, it's a fast-moving spec under a young foundation, and it's about to change shape again.
15 July 2026

Sorting Algorithms Explained
Bubble, selection, insertion, merge, quick, and heap sort: how each one works, where it shines, where it struggles, and animated demos that run the real algorithm code on the same starting data every time.
13 July 2026

Set Membership Testing: From Arrays to Bloom Filters
Every time Chrome warns you a site might be malicious, it just answered a membership question: is this URL in a set of bad ones? Here's how that check works, from a plain array to the probabilistic Bloom filter that makes it possible at scale.
10 July 2026
