Beyond Prompt AI Studio

Using AI responsibly

Who's liable when the AI gets it wrong?

A chatbot makes a false promise, an agent cancels the wrong order - who's responsible? The answer surprises many: almost always your company, not the tool vendor.

Four examples – to remember it

Try it yourself: staying a deployer, or becoming a provider?

Stays deployerBecomes provider

You use a vendor's off-the-shelf chat assistant for customer service, unchanged.

You stay a deployer – lighter obligations, you're responsible for the use, but no provider obligations.

The tool vendor is liable less often than you'd think

Anyone who buys an AI system and uses it for their own purposes is legally a deployer (see module 20) - and deployers bear responsibility for the specific use, not the provider who built the system. A chatbot vendor typically isn't liable for a false promise made in your name - you deployed the system in your customer-facing operations.

What this means for using AI at your company

Any AI response that goes out in your company's name is legally treated as if you made it yourself. So the question isn't "can the AI vendor be sued" - it's "what happens if OUR AI says or does something wrong." That's exactly why control mechanisms like human approval on critical steps (see module 13) aren't bureaucracy - they're risk management.

Where responsibility shifts

There are exceptions: anyone who builds a system themselves or substantially modifies it becomes a provider (see module 20, "the trap") and takes on its obligations too. And if a provider delivers grossly defective software - a demonstrable technical defect, not a normal AI error rate - product liability for the manufacturer can come into play. That's the exception, though, not the rule.

Why this matters for you as a decision-maker

Contract clauses claiming "the AI is at fault" typically don't protect you against your own customers. If you use AI in customer-facing or business-critical processes, plan from the start: where does a human check need to happen before something goes out or takes effect?

Key takeaways

  • Anyone who buys and uses an AI system (deployer) bears responsibility for the deployment - not the tool vendor.
  • An AI response issued in your company's name is legally treated as if you made it yourself.
  • Manufacturer product liability is the exception (a demonstrable technical defect), not the rule.
  • Anyone who builds a system themselves or substantially modifies it also takes on provider obligations (see module 20).
  • Human approval on critical steps is risk management, not bureaucracy.

The EU AI Act: what companies really need to know – and what's just panic

Quick check: did it land?

1 / 3

Who's typically responsible when a purchased chatbot makes a false promise?

Want to find out where a human approval step makes sense in your AI usage?