Skip to content

Liability for AI in the supply chain: an overview

Insight

ai risks

This is the first in a series of articles focusing on who bears responsibility when AI systems or tools do not work as intended or promised.

This article provides an overview of the issues and an explanation of the broad concepts that are in play when answering this question. In later articles, we will focus on particular uses of AI and specific sectors to see how those broad concepts play out.  

The idea is to raise awareness of the issues, but also to identify reasonable steps that can be taken to mitigate the risks. Our focus will be on organisations deploying AI; in other words, those who find themselves in the middle of the supply chain and are insourcing AI systems or tools to deliver services or products to their own customers or clients.    

Foundations

Artificial Intelligence (AI) is beginning to be deployed extensively, promising access to unprecedented levels of knowledge and enhanced decision-making, which in turn lead to efficiencies and better resource allocation.

We can see that deployment in a wide range of areas. To give just a few examples:

  • In the retail and leisure sectors, AI agents are beginning to be used to offer increasingly bespoke products and services to customers.
  • In the wider consumer community, chatbots are becoming ubiquitous in interacting with customers.
  • AI is being deployed in the financial services sector to determine who to offer products or services to, and in the wealth management sector to assess what to invest in.
  • in marketing, AI is already utilised to create advertising content and campaigns.
  • AI is being used to decide who should be awarded contracts in competitive tendering processes.
  • Lawyers and accountants are increasingly using AI to offer advice to clients or to conduct investigations or audits.
  • Employee performance is being monitored using AI, and decisions about who to hire are also being made using AI systems.
  • In the health sector, AI is used to diagnose medical conditions.
  • In government, AI is deployed to decide how to allocate resources and to whom.

The AI supply chain

One of the key features of AI is that AI systems and tools are often not developed by organisations themselves but instead are insourced from AI providers. This supply chain may consist of the provider of a large language model who has been responsible for obtaining and organising a massive pool of underlying data; an AI system designer who takes that data and creates a sector-specific or use-specific model for it; a consultant who advises an organisation on what is the most appropriate AI system or combination of systems to use; the organisation itself that deploys the AI; and then the clients or customers of that organisation who are then impacted by the use of the AI.      

Why does the use of AI give rise to liability issues?

We already know that AI systems are not perfect. To take a few examples: chatbots have been shown to give 'wrong' answers, leading to consumer dissatisfaction and reputational damage to the organisation using that tool. AI has also been known to 'hallucinate' case law or legislation, leading to lawyers giving advice to clients that is wrong or making fake citations to a court. And in the context of HR decisions, AI has shown bias which is sometimes derived from the base datasets it was originally trained on.

So, that leads to questions about who in the supply chain should bear responsibility when AI systems do not function as intended or as promised.

Broad principles

The answer to this is likely to depend on the following main factors:

  • Is the AI system 'off-the-shelf'? Where an organisation is insourcing a generic, publicly available AI system subject to standard terms and conditions, it is going to be difficult to suggest that the provider of that system should be liable if something goes wrong. The AI provider is unlikely to know what the organisation proposes to use its system for. And it is likely to be shielded by effective exclusion and limitations of liability in its standard terms, which would be difficult for an organisation to attack on the basis that they are unreasonable. Of course, this all might fall away if the provider has been selling 'snake oil' (ie fraudulently representing what its product can do) or seriously over-promising what the AI is capable of.
  • Alternatively, is the AI system bespoke and, if so, to what extent? The greater the extent to which the AI system is adapted by the provider for a particular use specified by the organisation insourcing it, the more likely it will be that the provider should be liable if something goes wrong. This contrast between the position regarding the off-the-shelf product and the bespoke one is common in the software industry (indeed, some say AI is software). This in turn is likely to lead to bespoke contractual provisions around performance levels and liability, as well as exclusions and caps on compensation should something go wrong. The other aspect for the organisation to have regard to is the extent to which the AI provider can meet any liabilities. Is it, for example, backed by insurance if something goes wrong and the organisation is relying on warranties and indemnities?
  • Then there is the question of the use to which the organisation puts the AI. For example, if business-critical decisions are being taken using off-the-shelf AI, then the organisation may well be considered to be the author of its own misfortune if the wrong conclusions are reached.
  • Allied to this is the question of the processes deployed around the use of the AI by the organisation. Did they test the AI before its deployment to iron out any problems? After deployment, have they critically assessed the outputs from the AI to see if they appear sensible? Have they trained their staff in the appropriate use of the AI? Have they thought about wider reviews and renewals of the AI system as time goes by? The base dataset may become increasingly unreliable and out of date due to the passage of time.
  • More fundamentally, if the AI has led to unexpected or incorrect results leading to loss, then is the AI provider responsible for that in the sense that they have breached some sort of reasonable standard in contract or in tort? That can lead to questions about why the AI behaved in the way it did, which may not always be explainable. The position can be even more complicated where the use of multiple AI systems or decision-making processes have led to 'wrong' results. Which one or ones were solely or primarily responsible?                     

Conclusion     

Use of AI in the supply chain offers significant opportunities but also introduces new and complex liability risks. The foundational principles are clear: understand the technology as far as possible; define responsibilities; allocate risk; and ensure compliance. As the legal landscape evolves, organisations must remain vigilant and proactive in managing AI liability.

We will follow up this article by looking at these issues in more detail and as applied to specific use cases and sectors.

This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP, October 2025

Want to know more?

Contact us

About the authors

Ian De Freitas lawyer photo

Ian De Freitas

Partner

Ian has nearly 35 years' experience as a commercial litigator. He specialises in disputes involving data, technology and intellectual property. Ian leads the firm’s Data, IP and Technology Disputes team. Ian’s sector experience includes retail, hotels and leisure, financial services, technology, betting and gaming, sport, media and publishing, education and private wealth.

Ian has nearly 35 years' experience as a commercial litigator. He specialises in disputes involving data, technology and intellectual property. Ian leads the firm’s Data, IP and Technology Disputes team. Ian’s sector experience includes retail, hotels and leisure, financial services, technology, betting and gaming, sport, media and publishing, education and private wealth.

Email Ian +44 (0)20 3375 7471
LBillett

Lucy Billett

Senior Associate

Lucy is a senior associate in the Disputes team. She acts for both claimants and defendants, and advises on all stages of the litigation process from pre-action through to trial. She assists with settlement options where appropriate in order to achieve the most desirable and commercial outcome for clients.

Lucy is a senior associate in the Disputes team. She acts for both claimants and defendants, and advises on all stages of the litigation process from pre-action through to trial. She assists with settlement options where appropriate in order to achieve the most desirable and commercial outcome for clients.

Email Lucy +44 (0)20 3375 7812
Constance Gillespie

Constance Gillespie

Associate

Constance has a broad litigation practice with a particular focus on commercial disputes and media and information law.

Constance has a broad litigation practice with a particular focus on commercial disputes and media and information law.

Email Constance +44 (0)20 33757147

More by the authors

Further reading

Related sectors & services

Continue to next section
Back to top