Your AI Support Bot Just Became Your Legal Liability
Your AI Support Bot Just Became Your Legal Liability
Your AI Support Bot Just Became Your Legal Liability
A German court just drew a line that every company deploying a customer-facing AI chatbot needs to understand.
On May 28, 2026, the Regional Court of Munich issued a preliminary injunction against Google (case no. 26 O 869/26). The ruling is narrow in scope — it bars Google from repeating specific false claims made by its AI Overviews feature about two Munich-based publishers. But the legal reasoning behind it is sweeping, and its implications extend far beyond Google's search product to any organization that has deployed an AI system that speaks to users in natural language.
The court's logic, reduced to its core: when an AI generates a response in its own voice, that response is the company's own statement. Not a search result. Not a third-party summary. The company's words. And the company is liable for them.
What Happened in Munich
The two publishers — part of a Munich-based media group — discovered that searching their company names alongside the German word "Betrugsmasche" (fraud scheme) triggered AI Overviews linking them to scams, subscription traps, and dubious business practices. Connections the AI had fabricated. None appeared in any of the cited source pages.
When they sent a cease-and-desist, Google declined to issue one with a penalty clause attached — the standard mechanism under German law for acknowledging liability and committing to stop. The case went to court.
Google's defense rested on a familiar argument: it's a search engine. It aggregates third-party content. German courts have historically given search engines significant liability protection precisely because they are intermediaries, not publishers. Don't shoot the messenger.
The court rejected this entirely.
A traditional search engine, the court explained, lists links. AI Overviews do something categorically different: they synthesize, rephrase, and present information as a coherent, standalone answer in Google's own words. The AI had even generated connections between the publishers and other companies that did not exist in any source — pure fabrication presented as fact. That is not intermediary behavior. That is authorship.
"The AI Overview was understandable on its own," the court found, "and contained a self-contained statement with independently understandable content." Google "alone has influence" over those statements. Google owns what they produce.
The court also dismissed Google's secondary defense — that users could verify the claims by clicking the linked sources. The ability to disprove a statement through further research does not exempt whoever published it. The court drew an explicit parallel to press law: a misleading headline is actionable even if the full article is technically accurate.
Google must pay 80% of legal costs. Each violation of the injunction risks fines up to €250,000 per incident.
Why This Isn't Just a Google Problem
Read the court's reasoning again, but substitute "Google" with your company name and "AI Overviews" with your customer service chatbot.
The underlying principle doesn't care about the product. It cares about what the AI does: does it generate "independent, new, and substantive statements" in your company's voice? If yes — if it summarizes, synthesizes, explains, advises, or answers questions using its own language — then its outputs are your outputs, and you are responsible for their accuracy.
That logic applies to:
Customer service bots answering questions about refund policies, product specifications, warranty terms, or account eligibility
Financial services chatbots explaining fee structures, loan terms, or investment products
Insurance bots describing coverage, exclusions, or claims procedures
HR and benefits platforms telling employees what they're entitled to
Medical support bots triaging symptoms, explaining diagnoses, or advising on medication
Every one of these use cases involves an AI generating substantive, actionable statements — statements users will rely on, often without clicking a single source link.
The Precedent That Got Here First
The Munich ruling didn't emerge in a legal vacuum. The groundwork was laid two years earlier, eight time zones away.
In February 2024, the British Columbia Civil Resolution Tribunal ruled against Air Canada in Moffatt v. Air Canada. A passenger had asked Air Canada's chatbot about bereavement fares. The bot told him he could book at full price and apply for a retroactive discount within 90 days. He did exactly that. When he submitted the request, Air Canada told him he had misread the policy and denied the claim.
Air Canada's defense was extraordinary in its directness: the chatbot, it argued, "is a separate legal entity that is responsible for its own actions."
The tribunal's response was equally direct: "It should be obvious to Air Canada that it is responsible for all the information on its website. It makes no difference whether the information comes from a static page or a chatbot."
Air Canada was ordered to pay $812 in damages. The principle established was worth considerably more: you cannot outsource your liability to the AI you deployed. The chatbot is not a separate entity. It is your mouth.
The Medical Support Problem Is Worse
Customer service errors are embarrassing and expensive. Medical chatbot errors can kill people.
A 2026 audit published in BMJ Open tested five leading AI chatbots against a set of common health queries. The findings: 49.6% of responses were problematic, including 19.6% rated as highly problematic. Models answered in confident language even when the medically correct response was to decline. Only two refusals occurred across the entire study — both from Meta AI.
Citation fabrication was rampant. Average reference completeness across all five models was 40%. Not a single model produced a fully accurate reference list. Models generated citations that looked real — correct journal names, plausible author names, accurate page-number formats — pointing to papers that do not exist or do not say what the chatbot claimed.
Organizations deploying medical support bots face a specific and compounding liability stack:
Product liability — if the AI system itself is defective or undertested
Negligence — for deploying a system without adequate oversight or clinical verification
Consumer protection law — if patients rely on the bot in lieu of professional advice
Defamation (as in the Munich case) — if the bot makes false statements about specific conditions, providers, or treatments
Regulatory exposure — health regulators in the EU, UK, and US are actively examining AI-generated medical content under existing pharmaceutical and medical device frameworks
In every jurisdiction, the logic converges on the same point: the AI cannot be sued. The organization that deployed it can.
The Legal Shift Companies Aren't Ready For
The traditional liability shield for technology platforms rested on a crucial distinction: intermediary vs. author. Platforms that passively host or index third-party content get protection. Platforms that create content lose it.
For decades, search engines sat clearly on the intermediary side. The Munich court drew a line showing that AI-generated summaries sit on the author side — and it drew that line in the middle of a product most companies have deployed or are actively building.
This is the shift:
Old model | New exposure |
|---|---|
Bot links to policy page | Bot explains the policy in its own words |
User reads third-party source | User acts on the bot's synthesis |
Liability attaches to the source | Liability attaches to the AI output |
The difference in user behavior is the crux. Studies cited in the Munich ruling show that users almost never click through to sources in AI-generated summaries. They read the answer and act on it. The AI has already done what a publisher does — it has taken fragmented inputs and produced a statement that stands on its own, that users trust, and that determines what they do next.
If that statement is wrong, the company that generated it owns the outcome.
What This Means If You're Deploying AI in Customer-Facing Roles
The Munich ruling and Air Canada case together create a clear framework:
Disclaimers don't absolve you. "This chatbot may make mistakes — please verify" is not a legal defense. The Munich court rejected the argument that users can be expected to fact-check AI outputs. Air Canada's tribunal rejected the argument that correct information was available elsewhere on the same website.
You cannot externalize responsibility to the AI vendor. Your deployment of the model is your responsibility. You can potentially recover costs from a vendor whose system was defective, but the primary liability runs from user to your organization.
The stakes scale with the harm. A wrong refund policy answer costs hundreds. A wrong medication interaction answer can cost a life and invite criminal negligence claims. Courts and regulators will calibrate their scrutiny accordingly.
Governance needs to extend to outputs, not just inputs. Most enterprise AI governance frameworks focus on what data the model is trained on, what it's allowed to access, and who can prompt it. The Munich ruling adds a third requirement: organizations need to know what the AI is saying, continuously, and they need mechanisms to detect and correct false statements before they cause harm.
The Risk Is Structural, Not Accidental
Neither Google's AI Overviews nor Air Canada's chatbot were deployed carelessly. Both went through engineering, testing, and product review cycles. Both failed in ways their developers didn't anticipate — not because of bad code, but because of the fundamental properties of large language models: they generalize, they synthesize, they confabulate with equal confidence whether they are accurate or not.
The Munich court made that irrelevant. The AI's tendency to hallucinate is a known property of the technology. Deploying that technology in a context where users will rely on its outputs — and where those outputs can cause concrete harm — creates a foreseeable risk. Foreseeable risk is the foundation of legal duty.
The question courts will ask is not "did the AI make an error?" It is "did the company deploying the AI take reasonable steps to detect and correct errors before users were harmed?" Right now, for most organizations deploying customer-facing AI systems, the honest answer is no.
How We Can Help
Darkhunt is the security and compliance control plane for AI systems in production. For the risks in this article, that means continuous automated testing that surfaces false, misleading, or legally dangerous AI outputs before users encounter them — across customer service, financial, and medical support deployments — runtime monitoring that detects when AI responses deviate from verified source material, audit trails that provide full output-to-source traceability for every AI-generated statement, and red-team testing calibrated to the specific harm categories relevant to your deployment context: defamation, negligent misrepresentation, regulatory non-compliance, and patient safety.
The Munich ruling is a regional injunction. The cases that follow it will not be.
Request a Demo at darkhunt.ai →