Could Your Company Be Liable If Your AI Causes Harm?

As reliance on AI grows, CEOs must be aware of unintended risks.  

Over the last few years, I’ve had conversations with some of the world’s leading thinkers on AI, law, and governance. A recurring concern is that AI is moving faster than our ability to understand or control it.

For the first time in human history, machines can talk back. Conversational AI has brought artificial intelligence out of research labs and into our living rooms, workplaces, and schools. It’s no longer an abstract idea or an application; it’s a general-purpose technology that interacts with billions of people every day. It is very personalized.

But this new intimacy between humans and machines has raised a pressing question for business leaders: What happens when your AI causes harm, albeit unintentionally? Could your company be held liable if an AI system or chatbot damages someone’s mental health, reputation, or finances?

The answer, in principle, is yes. Tort law, the body of law that governs negligence and personal injury, could apply to AI just as it does to people or products. But applying those principles to intelligent, autonomous systems is not straightforward.

When Machines Cause Harm  

Tort law holds people and companies responsible when they owe a duty of care, breach that duty, and cause foreseeable harm. If a chatbot gives dangerous medical advice, promotes self-harm, or spreads falsehoods about a person, the company that built or operates it might be liable for negligence. Courts will have to decide when chatbot operators owe a duty of care to users, and whether emotional or psychological harm counts as compensable injury.

This isn’t a far-fetched scenario. In 2024, a 14-year-old boy in the United States reportedly committed suicide after being encouraged by an AI companion to “die together and be free.” His parents have filed a lawsuit against the AI operator. Earlier, a Belgian man took his life after weeks of intimate exchanges with a chatbot. In both cases, the AI simulated empathy. These tragedies raised uncomfortable questions: What obligations do the companies behind these systems have to prevent foreseeable harm? Can we trust machines that seem to care, but cannot truly understand human emotion?

We’ve been here before. In the 1960s, Joseph Weizenbaum’s ELIZA program, a simple chatbot designed to mimic a therapist, demonstrated how easily humans could form emotional attachments to computers. People confided in ELIZA and became upset when the program was turned off. Today’s large language models are exponentially more powerful, more persuasive, and more widely used, so the risks are correspondingly greater.

The Legal Theories in Play

If courts begin to apply tort principles to AI, several legal theories could come into play:

• Negligence. If a company fails to design reasonable safeguards, such as filters for suicidal or violent content, it could be seen as negligent.
• Product liability. If an AI system is treated as a “product,” developers might face liability for design defects or failure to warn users about foreseeable risks.
• Negligent infliction of emotional distress. If a chatbot’s design foreseeably causes serious psychological harm, a claim could arise.
• Defamation and misrepresentation. AI systems have generated false statements about real people as seen in defamation cases involving a Georgia radio host and an Australian mayor, and misrepresentations involving fictionalized legal research. The potential for reputational harm and litigation is real.

Each of these theories rests on one crucial question: Was the harm foreseeable? Did the company know, or should it have known, that its system could produce dangerous outcomes?

The Challenges Ahead  

Even if tort principles seem clear in theory, applying them to AI is legally and technically complex, and will hinge on the following considerations:

1. Does the duty of care apply? Courts have long recognized duties for professionals like doctors and engineers. But does a chatbot company owe the same duty to its users? Unlike a physician, an AI system does not have professional licensing or oversight. Yet if it provides advice that affects health or safety, the analogy is hard to ignore.
2. Does Section 230 immunity apply? In the United States, Section 230 of the Communications Decency Act shields platforms from liability for user-generated content. But AI systems generate their own content. Whether this immunity applies to machine-generated text is unsettled law, and early cases are testing these boundaries.
3. Is there causation and foreseeability? Emotional harm is notoriously difficult to prove. Plaintiffs would need to show that a chatbot’s design directly caused their distress and that the harm was reasonably foreseeable. This is a high bar, but not an impossible one.
4. Do free speech laws apply? Companies may argue that their systems merely provide information and that users are free to act on it or not. Courts will have to weigh these arguments against the growing evidence that AI systems can shape beliefs and behavior, especially among vulnerable users. Are they merely providing information, or engaging in a dialog, which they can shape, thereby impacting the user’s state of mind?

Guardrails for the Age of Autonomous Decisions  

AI systems are beginning to make decisions autonomously in transportation, medicine, law, and finance. This makes it imperative to design guardrails that contain the consequences of potential errors.

In medicine, for example, AI can analyze MRI images or pathology reports and integrate them into holistic assessments. Used wisely, such systems can help reduce diagnostic errors blamed for killing or disabling hundreds of thousands of people every year.

But AI also introduces new risks. In areas such as mental health, where trust and empathy are central, the cost of error can be catastrophic. Machines can simulate compassion, but they don’t truly understand pain or context. When someone in crisis turns to a chatbot for support, the machine’s words can have life-or-death consequences. The line between help and harm becomes perilously thin.

That’s why we need both technological and legal guardrails. Technologically, we must design AI systems with built-in constraints — ethical boundaries that limit how far they can go in influencing human behavior. Legally, we must establish accountability: Who is responsible when an AI crosses the line? The operator? The developer? The data provider? These questions are no longer theoretical.

Lessons From Regulation  

Some countries are taking action. In 2024, Australia passed a law banning social media use for children under 16 and requiring platforms to verify users’ ages. Interestingly, the justification for the law was not proof of demonstrated harm, something nearly impossible to quantify, but rather that children are not legally qualified to consent to the use of their data. This reframing of the issue from harm to consent may be a model for future AI regulation.

Still, regulation alone won’t solve the problem. Blanket bans can backfire, driving young users toward unsupervised alternatives. What we need instead are smarter rules that balance innovation with protection, freedom with responsibility. In financial services, “Know Your Customer” laws require institutions to verify identities and monitor for fraud. A similar “Know Your User” approach could help reduce psychological and informational harms in AI systems.

Trust and Transparency  

At the core of all of this is trust. AI now mediates much of our reality, influencing what we read, buy, and believe. Yet we still don’t fully understand how these systems work, or how risky it is to follow their recommendations. Unlike electricity or the internet, whose workings are transparent and predictable, AI operates in a “black box.” Its inner logic is often inaccessible even to its creators.

That opacity creates a dilemma: When should we trust the AI, and when shouldn’t we? And how can we control machines that we don’t fully understand? One answer lies in greater transparency: making sure users know when they’re interacting with an AI, what data it’s using, and what limits are built into its behavior. Another lies in oversight: ensuring that human accountability remains part of every automated decision loop.

The Path Forward for CEOs  

Corporate leaders must recognize that using AI comes with legal and ethical responsibility. As companies deploy chatbots, decision systems, and recommendation engines, they should ask three hard questions:

1. What are the foreseeable harms? Has the company identified risks, especially psychological or emotional ones, and put safeguards in place?
2. Who is accountable when things go wrong? Clear responsibility must be established between developers, deployers, and users.
3. How transparent are the systems? Users deserve to know when they are dealing with a machine, what it can and cannot do, and how their data is being used.

Negligence in these areas will invite lawsuits and erode public trust. And without trust, the promise of AI will collapse under its own weight.

A Critical Juncture  

AI, like the internet and electricity before it, is a general-purpose technology that will transform our lives. But unlike those earlier revolutions over which we have complete control, we don’t yet understand this one well enough to control it. Considering how fast it is advancing, it’s important to ask the right questions while there is time. If we fail to do so, we risk repeating the mistakes of the past: creating systems that exploit human weakness rather than empower human potential.

The stakes could not be higher. As we begin to trust machines more deeply, the question is no longer just what AI can do, but what we should allow it to do — and who should answer when it goes too far.

Written by Vasant Dhar, Ph.D.