The Two-Year AI Liability Vacuum Just Closed

The Two-Year AI Liability Vacuum Just Closed

A Munich court ruled in November that Google is directly liable for what its AI Overviews say. Not as a search engine surfacing third-party content. As the author. Two German publishers got their names attached to fabricated accusations of scam-running, and the court called the AI's words exactly what they are: Google's own statements, generated by Google's own model, owned by Google.

A few weeks earlier, in a contractual dispute in Aberdeen, Mississippi, lawyers on both sides of the matter submitted briefs citing cases that don't exist. Federal Judge Sharion Aycock fined them and banned the lead attorneys from her courtroom for two years. Her phrase for what they did: serving as a rubber stamp.

These two rulings are not connected by jurisdiction. They are connected by something more interesting. The legal vacuum around AI-generated content has lasted about two years. It just started closing on two continents in the same quarter.

What Most Operators Are Getting Wrong About This

The reflex inside most firms reading these headlines is to treat them as a vendor problem. Google has a bad AI. Westlaw and Lexis have bad AI features. The lawyers in Mississippi used bad AI. The fix, in this framing, is to wait for the vendors to get better.

That reflex misreads what just happened.

The Munich court did not rule that Google's AI is bad. It ruled that Google is responsible for what the AI says, regardless of whether the AI was good or bad, regardless of whether a user could have clicked through to verify, regardless of whether the system was meant to be authoritative. The court's exact line on the verification defence: "the possibility of disproving a statement through further research does not exempt the person who published it from liability."

Translate that out of court language. If your firm puts an AI output in front of a client, a regulator, a counterparty, or the public, you own that output. The fact that a human could have checked it does not transfer the liability to the human who didn't. It stays with you.

That's a real shift in how the cost of AI errors gets allocated. For two years the working assumption across most operating firms has been the opposite. The vendor builds the model, the user takes the risk. Munich and Mississippi both say no. Whoever puts their name on the output owns the output.

The Mechanics: Why The AI Got It Wrong In The First Place

It's worth understanding what actually happened in Munich at a technical level, because the failure mode is structural and not specific to Google.

Google's AI Overviews are not pre-written. They get generated in real time per query, in roughly 1.4 to 5 seconds, by pulling search results from Google's index, feeding them into a Gemini model, and having the model write a summary in its own words with citations. Every overview is unique. Search the same query tomorrow and you may get different prose pointing to different sources.

Three failure categories sit underneath this architecture:

Retrieval failure. The model pulls the wrong documents. The two Munich publishers got confused with genuinely scammy companies that shared similar names. This is named entity disambiguation, and the academic solutions exist (knowledge graphs, entity linking, structured verification) but they cost time the real-time product cannot spare.

Synthesis failure. The model has the right sources but writes claims those sources don't actually contain. There is a published statistic floating in this space: roughly 56% of technically correct AI Overview answers cite sources that don't contain the information presented. The fix (a second-pass faithfulness check, asking whether the generated text is entailed by the cited documents) adds latency and compute cost. So it doesn't ship.

Confidence calibration failure. The model presents uncertain claims with the same visual authority as certain ones. Hedged language makes a product look weaker, so the incentive is to sound sure. Uncertainty quantification research has progressed in labs and not in production.

None of these failures are mysterious. They are known. They haven't been fixed because the market wasn't punishing them. Munich just started punishing them.

What Changes For Mid-Market Firms

Most operators reading this are not running a generative search product. The relevance is one step downstream.

If a court will treat Google's AI Overview as Google's own statement, courts and regulators will treat a wealth manager's AI-drafted client report as the wealth manager's own statement. They will treat a law firm's AI-summarised case research as the firm's own work product. They will treat a property manager's AI-generated tenant communication as the management company's own correspondence. The Munich doctrine (you cannot be both the author and the neutral host of the same content) generalises cleanly.

Which raises a concrete question most firms cannot answer today: what is currently being generated, by which tool, on which desk, with what level of human review before it reaches a client, a regulator, or a counterparty?

The honest answer in most mid-market firms right now is that nobody knows. Marketing has a generative tool. Operations has a different one. The associates are using ChatGPT to draft first cuts of memos. Relationship managers are pasting client context into Copilot to summarise. Each of these flows sits below the line of formal approval. Each of them produces content the firm now owns, under the doctrine the Munich court just set out.

This is what HIP calls the missing decision layer. The firm has AI outputs going to the outside world without a governance line that says: this output gets verified, that one doesn't, this category goes to a regulated party and requires sign-off, that category is internal and can flow freely. The layer is missing because nobody installed it. Nobody installed it because, for two years, the cost of skipping it was zero.

The Munich ruling priced that skip.

Why The Mississippi Case Matters Differently

The lawyers in Aberdeen were not relying on a hidden AI feature buried in a search engine. They consciously used AI to draft legal arguments and consciously signed their names to the result without checking the citations. Four lawyers, on opposite sides of the same matter, did the same thing in parallel. The judge's framing was right: the failure was not the AI's. The failure was treating the AI as a replacement for the work rather than as an input to it.

This is the pattern HIP sees across mid-market firms running AI without governance. The tool gets adopted on a productivity pitch ("you'll be twice as fast"), and the team reads the speed gain as permission to stop verifying. The lawyers in Mississippi were not trying to commit fraud on the court. They were doing what their incentive structure rewarded: ship the brief faster, charge the same, move on.

Without a governance line that explicitly says "AI output is augmentation, not substitution, and the verification step is non-optional," the speed gain eats the verification step every time. Judge Aycock's sanctions are the first version of the market correction. They will not be the last.

Which Leaves One Question

The Munich ruling is not yet final. Google will appeal. The Mississippi sanctions are one judge in one district. The EU AI Act becomes enforceable on 2 August 2026, with Article 15 requiring "appropriate levels of accuracy, robustness, and cyber security" for high-risk AI systems. The European Commission has opened a probe into AI Overviews. China issued its first AI hallucination ruling. Three economic blocks, simultaneously, are drawing lines.

The question for operators is not whether the lines hold. The question is whether your firm's current AI footprint would survive the lines being drawn around it.

That footprint is almost certainly larger than the executive team thinks. The tools approved on paper are a small subset of the tools in use. The outputs going to clients and regulators are a small subset of the outputs being generated. The governance line, if it exists at all, is informal and inconsistent across desks.

The diagnostic step is to map it. Every tool. Every workflow that produces outbound content. Every desk where AI sits in the production path between an analyst's keystroke and a client's inbox. Then a verdict on each: kill, fix, or build. Kill the tools producing risk no one is monitoring. Fix the workflows where verification got dropped on the speed gain. Build the governance line that says explicitly which categories of output require human sign-off before they leave the firm.

This is what the AI Operating Audit does. Fixed scope, fixed price, principal-led. The output is an Opportunity Map showing every AI surface in the firm with a verdict on each one, and a remediation sequence that protects throughput and the firm's name on the same page.

The two-year liability vacuum is closing. Firms that mapped their footprint while the vacuum was open will adjust quickly. Firms that didn't will discover what their footprint looks like the same way Google did, from a courtroom.

Pick the first option.