Carnegie Mellon
Policy & Law Review

Photo from Adobe Stock.

Artificial intelligence systems are no longer confined to science fiction or niche applications. They are already making decisions that affect people’s safety, finances, and access to opportunities. Self-driving cars are navigating city streets, hiring tools are screening applicants, and chatbots are advising on everything from banking to healthcare. But as AI systems grow more influential, they also bring new risks: accidents, biased decisions, or harmful misinformation. When those harms occur, a difficult question arises: who should be held legally responsible?

Unlike traditional products, AI operates in ways that can be opaque, adaptive, and unpredictable, which makes assigning accountability far from straightforward. Existing legal frameworks provide some guidance, but they were not designed with autonomous algorithms in mind. Policymakers, courts, and companies are now wrestling with how to adapt.

Consider Tesla’s Autopilot system, which has been linked to several high-profile crashes and lawsuits in the United States. These incidents have sparked ongoing debates among regulators, legal experts, and victims’ families over who bears responsibility, the driver who activated Autopilot, Tesla as the manufacturer, or the underlying AI system that failed to respond appropriately.

Or take hiring algorithms. In 2021, the U.S. Equal Employment Opportunity Commission (EEOC) launched an initiative to address discrimination in AI-driven hiring following reports that automated resume screeners disproportionately excluded women and minority applicants. Amazon famously scrapped their experimental AI recruiting tool after it was found to disadvantage female candidates.

Then there are the copyright lawsuits against OpenAI, Microsoft, and others, in which authors, artists, and media organizations argue that their works were used without permission to train large language models. These cases raise not only intellectual property issues but also broader questions about whether companies should be liable for harms flowing from how AI systems are built.

In all these examples, traditional liability frameworks strain under the weight of AI’s complexity.

Under conventional tort law, injured parties can sue for negligence or defective products. For instance, if a brake system fails, the manufacturer is often liable. But in AI systems, where the “defect” may lie in the training data, the learning process, or a complex chain of decision-making, it becomes less clear how to define a flaw. Courts considering Tesla Autopilot cases must weigh whether driver misuse or algorithmic unpredictability counts as the primary cause.

In areas like hiring, housing, and lending, U.S. law prohibits discrimination. Biased algorithms that disadvantage certain groups should, in theory, fall under these protections. However, enforcement is complicated: biases can be embedded deep in datasets, and decision-making processes are often opaque. For example, in 2023 the EEOC settled a case involving AI hiring software that allegedly discriminated against applicants’ ages, signaling that such laws do apply but leaving many gray areas unresolved.

AI-generated content raises additional disputes about intellectual property. The New York Times sued OpenAI and Microsoft in 2023, claiming ChatGPT reproduced parts of its articles. Similarly, visual artists have sued Stability AI and Midjourney, arguing their copyrighted works were used without consent. These lawsuits do not involve physical harm but illustrate how AI challenges foundational assumptions about ownership and fair use.

Different governments are responding to these challenges in distinct ways. The EU recently finalized its Artificial Intelligence Act. It imposes strict requirements on “high-risk” systems, including transparency, human oversight, and risk management obligations. However, the Act largely leaves questions of civil liability to national courts, meaning uncertainty remains for injured parties. 

China has introduced rules requiring transparency in recommendation algorithms and content moderation, focusing on state control and societal stability rather than liability for harms. These approaches reflect different priorities, consumer protection, innovation, state control, but none fully resolve the core issue of legal accountability.

On the other hand, the US has no comprehensive federal AI law. Instead, agencies like the Federal Trade Commission issue guidance, while states experiment with privacy and data laws. This patchwork approach creates uneven protections and leaves many liability questions unresolved. 

Several pressing questions cut across these frameworks:

• Causation: Can AI developers reasonably foresee the harms their models might cause? If not, does that absolve them of liability, or should strict liability apply?
• Accountability Chain: Should responsibility fall primarily on the coders who designed the system, the companies that deployed it, or the end users who interact with it? Each link in the chain has some influence but no complete control.
• Insurance Models: Some scholars and policymakers suggest requiring AI developers or deployers to carry liability insurance, similar to auto insurance, to ensure victims are compensated regardless of fault.
• Innovation vs. Regulation: Overly strict liability rules could chill innovation by making companies reluctant to deploy AI at all. Too little regulation, however, risks leaving victims without recourse and eroding public trust.

The road forward will likely involve a combination of approaches:

• Adapting Existing Laws: Courts may interpret tort and product liability doctrines more broadly to encompass AI harms. For example, they might treat AI as a product subject to strict liability, even if the defect lies in software rather than hardware.
• New Regulatory Regimes: Legislatures could establish AI-specific liability rules, perhaps creating categories of responsibility for developers, deployers, and users. Proposals include requiring transparency in AI decision-making to aid investigations and lawsuits.
• Risk-Sharing Mechanisms: Liability insurance or collective compensation funds could spread the risks of AI failures while ensuring victims are not left without remedies.
• Standards and Best Practices: Industry standards, ethical guidelines, and technical audits may help reduce risks upfront, even before courts intervene.

Artificial intelligence is rapidly transforming how decisions are made in society. But when those decisions cause harm, the question of accountability remains unsettled. Existing laws offer partial answers, but they were not built for technologies that learn, adapt, and act autonomously. Policymakers face a delicate balancing act: protecting the public from harm without stifling innovation.

The path forward is uncertain, but one thing is clear: as AI becomes more embedded in everyday life, clarifying who bears the blame when things go wrong will be essential for fairness, trust, and the responsible growth of this technology.