fairlane.systems

AI LIABILITY · COMPLIANCE

Who is liable for AI errors? Swiss CO + EU Product Liability Directive 2024/2853 after the AI Liability Directive withdrawal

Swiss liability runs via CO Art. 41/55/97. The EU AI Liability Directive was withdrawn in Feb 2025. PLD 2024/2853 in force since 9 Dec 2024 – software incl. AI is covered as a product.

Researched & fact-checked by: · As of: 2026-05

What is the legal situation as of May 2026?

Liability for AI-caused harm is not regulated in a single statute in May 2026 but distributed across several legal layers. From the Swiss perspective three blocks matter: the Code of Obligations (CO) with general liability articles 41 (tort), 55 (employer's liability for auxiliaries), and 97 (contractual breach); the Product Liability Act (PrHG, SR 221.112.944) for damage caused by defective products; and – where there is business with the EU – the new EU Product Liability Directive 2024/2853, which must be transposed into national EU law by 9 December 2026.

Most important change 2025/2026: the European Commission withdrew the planned AI Liability Directive on 11 February 2025 in its work programme, formally confirmed in October 2025. It was meant to create a fault-based liability regime specifically for AI systems – with evidence-rule relief for plaintiffs. Without it, existing mechanisms remain, supplemented by the new Product Liability Directive. The industry got less regulation than feared, plaintiffs got fewer litigation options than hoped.

The EU Product Liability Directive 2024/2853 entered into force on 9 December 2024 and becomes national law by 9 December 2026. It replaces the old Directive 85/374/EEC and explicitly extends the notion of "product" to software, AI systems and digital manufacturing files. That means: a defective LLM output causing damage can be pursued via product-liability logic against the "manufacturer". Who counts as manufacturer is redefined – the provider of a substantially modified AI system can also be classified as manufacturer.

For Switzerland, not directly subject to EU law, practice is pragmatic: Swiss companies with EU business are bound to the new logic via the market-location rule of the PLD and via contractual obligations in EU dealings. The Swiss PrHG itself mirrors the old EU directive and has not yet been adapted – a revision is expected but not in preparation in May 2026.

Why it matters

The liability question is not academic. It determines who pays in a damage case – the LLM provider, the deployer (you), or the end customer. Four concrete scenarios show the range.

Scenario 1: AI chatbot gives wrong legal advice. A client asks a law firm's chatbot about a limitation period, receives a wrong answer, misses the deadline and suffers a CHF 200,000 financial loss. Who is liable? Contractually: the firm under CO 97 – the chatbot is a performance auxiliary (CO 101). In tort: the firm under CO 41 + 55 (employer's liability for the AI as an auxiliary). The LLM provider is typically not directly liable to the client, only via recourse against the firm and only if the LLM was demonstrably "defective" in the product-liability sense.

Scenario 2: AI document OCR misclassifies. A fiduciary office uses AI-OCR that books a supplier invoice wrongly. A tax auditor finds the error, VAT back-payment CHF 8,000 plus penalty. The fiduciary is contractually liable under CO 97 – the LLM provider is not liable in the internal relationship, because human review must be the last step.

Scenario 3: AI recruiting filters discriminatorily. An AI tool sorts applications with female names systematically lower. A rejected applicant sues under Art. 3 GlG (Gender Equality Act) and wins. The employer is liable – the argument "the AI did it" does not stand. With GDPR business, additionally Art. 22 GDPR (solely automated decision) and a supervisor fine.

Scenario 4: AI voice agent reveals confidential information. An insurer's voice agent answers a query and reads out another customer's data (prompt injection or context confusion). GDPR fine, damages to the affected customer, possible professional-secrecy breach by the insurance representative. The insurer is liable – the LLM provider typically only via recourse.

Pattern across scenarios: the liability front line sits with the deployer (you), not the model provider. Without careful architecture, without human-in-the-loop, without a documented audit trail, the defence line stays weak.

How the individual liability bases bite

CO Art. 41 – Tort. Damages for unlawful culpable conduct. Four requirements: damage, unlawfulness (breach of a legal rule or absolute right), causation (natural and adequate), fault (intent or negligence). For AI harms: negligence often via the omitted duty of care – no output check, no refusal prompt, no audit log. Burden of proof lies with the plaintiff – hard if the AI logic is opaque.

CO Art. 55 – Employer's liability. The principal is liable for damage caused by his auxiliary in the exercise of his duties – unless he proves he applied all care due under the circumstances to prevent the damage (exoneration proof). Is an AI an auxiliary? The Federal Supreme Court has not yet decided; legal scholarship tends to "yes, analogously" – which makes Art. 55 the central norm for AI liability. The exoneration proof is hard: careful selection, instruction and oversight of the AI is required.

CO Art. 97 – Contractual breach. If a contractually owed performance is not or not properly delivered, the debtor is liable – unless he proves the absence of fault. Using an AI does not change this: whoever deploys an AI to perform is attributed the AI's conduct (CO 101 – auxiliaries). This applies to work contract (Art. 363 CO), simple mandate (Art. 394 CO), professional mandate (Art. 398 – heightened duty of care), medical contract, lawyer contract.

PrHG (Swiss Product Liability Act). Strict liability of the manufacturer for personal injury and property damage from defective products. Currently applied primarily to physical products – software embedding is debated, but for AI-controlled devices (machinery, vehicles, medical devices) clearly covered. Pure financial loss is not covered (unlike CO 41).

EU PLD 2024/2853 – new Product Liability Directive. Product notion extended to software including AI systems. Manufacturer is also whoever substantially modifies a product – which makes the deployer of an AI system who fine-tunes it or enriches it with own data a potential manufacturer. Evidence-rule relief for plaintiffs: in particularly complex products the court can order disclosure by the manufacturer; defectiveness is presumed if the plaintiff faces excessive technical difficulty in proof. Applies to products placed on the market after 9 December 2026.

EU AI Liability Directive – withdrawn. The October 2022 proposal aimed to introduce fault-based liability with presumption rules for causation and fault. Withdrawal in February 2025 cited lack of agreement and industry resistance. No revival planned – the situation thus stays fragmented and national.

AI-liability foresight in 7 steps

  1. 01Risk inventory: which AI outputs can cause which damage? Map to direct damage / consequential damage / fine / reputational damage with likelihood and amount.
  2. 02Human-in-the-loop design: which outputs never go to the recipient without human review? Checklist per output category, release step technically enforced in the workflow.
  3. 03Set up the audit trail under CO 957a: model version, prompt, input data, output data, reviewer ID, release timestamp – all immutably persisted.
  4. 04Review + adjust contract clauses: mandate contracts, T&C, customer contracts extended explicitly to AI use. Liability cap within CO-100-compliant limits.
  5. 05Insurance check: IT-professional liability + cyber insurance reviewed for AI clauses, extension purchased if needed (premium typically CHF 800-3,000/year for SMEs).
  6. 06EU product-liability check for EU business: who is manufacturer under PLD 2024/2853? Are we a substantial modifier? Prepare evidence preservation for disclosure orders.
  7. 07Incident plan: who is informed, who fixes, who reports to supervisor, who communicates with the injured – step-by-step playbook before the first incident.

When liability foresight is mandatory

Before every productive AI deployment. In May 2026 the rule is "foresight too late", not "too early". Four mandatory building blocks.

Block 1: human release on critical outputs. Output with immediate legal effect or financial impact – invoice, contract text, tax filing, diagnosis, booking decision – must not go to the recipient without human review. This is not only best practice but mandatory in many professions (lawyer under BGFA, doctor under medical law, fiduciary under mandate with duty of care).

Block 2: audit trail under CO 957a. Every AI-supported business transaction with bookkeeping relevance needs a reproducible path: which model, which version, which prompt, which input data, which output data, who reviewed, when released. See the separate page ai-audit-trail-design.

Block 3: contractual clauses on accountability. Mandate and supply contracts should explicitly state: which tasks are AI-supported, which review steps are human, which liability cap applies (typically: liability limited to direct damage, consequential damage excluded, cap at fee amount). Caution: liability limitations are not arbitrary – Art. 100 CO forbids contracting out of gross fault, Art. 101(3) CO limits the contracting out of auxiliary-liability.

Block 4: insurance. IT-professional liability and cyber insurance must cover AI cases. In May 2026 many old policies implicitly exclude AI risks ("algorithmic decision" as exception). Newer policies (AXA "Cyber AI", Zurich "AI Liability Endorsement", Helvetia "Tech-E&O") close the gap from CHF 800-3,000 premium/year for SMEs. Check your own policy before go-live.

Particularly urgent at: law firms (BGFA duty to careful mandate handling), doctors (medical law), fiduciaries (KS-EXPERTsuisse), banks (FINMA supervision), insurers (FINMA), energy providers (critical infrastructure). In these sectors an AI incident can threaten the professional licence – not only the bank account.

What does not work – typical defence pitfalls

Four often-tried, rarely successful defence strategies.

Pitfall 1: "The AI did it, not me." Does not work. CO 101 attributes the auxiliary's conduct. In legal terms an AI is either a tool (then care of selection + instruction + oversight must be proven) or an auxiliary (then CO 55 / 101 with exoneration proof applies). In no case is the AI an independent responsible party.

Pitfall 2: "OpenAI has a disclaimer." Model-output disclaimers ("AI may produce inaccurate information") protect OpenAI against the ChatGPT end user, but do not protect the deployer against his client. Whoever embeds an AI in a mandate relationship cannot contract out of the duty of care through a US disclaimer.

Pitfall 3: full liability exclusion in T&C. CO 100 forbids exclusion for unlawful intent or gross negligence. A clause "we accept no liability for AI output" is void in case of gross fault. For slight negligence exclusion is possible – but only with an explicit, individually negotiated agreement; in standard T&C Art. 8 UCA (appearance of advantageousness) and consumer protection bite.

Pitfall 4: "We only use the model, OpenAI is the manufacturer." Under the new EU PLD the substantial modifier also qualifies as manufacturer. Whoever fine-tunes an LLM on own data, chains it with tool calls or enriches it with own RAG can become manufacturer in the sense of the directive – with the corresponding liability.

This is not legal advice. For binding assessment of your specific AI liability exposure, for contract clauses, for insurance review, and for incident defence, please consult a Swiss attorney specialised in liability or IT law. With EU exposure additionally an EU product-liability specialist. *Dies ist keine Rechtsberatung. Für verbindliche Auslegung CH-Anwalt / Datenschutzberater.*

Trade-offs

STRENGTHS

  • Clear Swiss basis in CO 41 / 55 / 97 – known doctrine, calculable risk
  • EU Product Liability Directive creates a uniform frame for EU business
  • Insurance market responds with specific AI endorsements from 2026
  • AI Liability Directive withdrawal relieves providers from procedural risk

WEAKNESSES

  • No precedent rulings in Switzerland – interpretation stays uncertain
  • CO 55 exoneration proof with AI as auxiliary is hard to mount
  • PLD 2024/2853 makes "substantial modifiers" liable – deployer risk rises
  • Insurance premiums for AI endorsements will rise sharply with claims in 2026-2028

FAQ

Can I shift AI liability entirely to the LLM provider?

No. Externally toward the client, you as deployer are liable. Internally toward the LLM provider you usually have only a limited recourse claim – provider contracts (OpenAI Business Terms, Anthropic Master Subscription Agreement) typically cap liability at annual licence turnover and exclude consequential damage. For direct model defects (e.g. documented bias or provider security flaw) recourse may be higher. In practice the main risk stays with you.

What does the AI Liability Directive withdrawal concretely mean for me?

Less harmonised evidence relief for plaintiffs in the EU – claims against you as provider become potentially a bit harder for the plaintiff. But the Product Liability Directive 2024/2853 brings its own evidence relief (disclosure orders, defectiveness presumption). Net effect: the withdrawal does not change the situation dramatically – national liability rules (Germany § 823 BGB, France Art. 1240 Code Civil, Switzerland CO 41 / 55 / 97) continue to apply. In Switzerland no specific AI liability act is in preparation; the Federal Council expects a consultation draft on AI regulation in general by end of 2026.

Do we need a separate AI liability insurance?

Not necessarily separate – but the existing product must explicitly cover AI. Check three clauses: (a) are algorithmic or automated decisions excluded from cover, (b) is damage from defective software covered, (c) is the sum insured adequate against your potential maximum loss. In professional liability for lawyers/fiduciaries an "AI Endorsement" is a standard offering from AXA, Zurich, Helvetia, Mobiliar from early 2026. Cost: CHF 500-3,000 extra per year for SMEs.

Are there already Federal Court rulings on AI liability?

Swiss Federal Supreme Court: no AI-specific leading ruling up to May 2026. Cases have been handled via CO 41 / 55 / 97 in practice without the Court developing an AI-specific doctrine. German Federal Court of Justice: BGH ruling VI ZR 489/19 of 2020 (online review platform) is cited analogously; a specific BGH ruling on LLM damage is pending. CJEU: no ruling on the AI Act in a materially relevant sense yet. Rule of thumb: do not count on precedent clarity. Track Lukas Bühlmann (lukas-bühlmann.ch) and Swiss Privacy Law Update (swissprivacy.law) for current commentary.

Related topics

ART. 957a CO · COMPLIANCEArt. 957a CO and AI bookings: audit trail, GeBüV, and 10-year retentionAUDIT TRAIL · AI CONCEPTAI audit trail design: what to log so an AI answer stays audit-readyEU AI ACT · COMPLIANCEEU AI Act 2026: high-risk duties from 2 August 2026 – what Swiss providers must do nowrevDSG · COMPLIANCErevDSG / revFADP and AI: what the revised Swiss Data Protection Act means for LLM useISO 42001 · COMPLIANCEISO/IEC 42001: the international standard for AI management systems

Sources

  1. Directive (EU) 2024/2853 on liability for defective products (PLD) – EUR-Lex · 2024-11
  2. European Commission withdraws AI Liability Directive (IAPP coverage) · 2025-02
  3. Bird & Bird – Proposed EU AI liability rules withdrawn (commentary) · 2025-03
  4. onlaw.ch – Wer haftet, wenn die KI einen Schaden verursacht? (CH-Kommentar) · 2025-08
  5. IT-Markt / Netzwoche – Wer haftet, wenn KI halluziniert? (CH-Praxis-Kommentar) · 2025-08
  6. Schweizer Obligationenrecht (OR, SR 220) – Art. 41, 55, 97, 100, 101 · 2026-01

FITS YOUR STACK?

What this looks like in your business – a 30-minute intro call.

Book a call