The Liability Tsunami: Why Irresponsible GenAI Development Will Be Your Startup’s Next Litigation Crisis

Executive Summary: The Rising Standard of Care for AI Developers

The rapid proliferation of Generative Artificial Intelligence (GenAI) technologies has fundamentally altered the risk landscape for technology developers. What were previously considered aspirational ethical guidelines for AI development have swiftly morphed into non-negotiable legal mandates, setting an emerging, rigorous standard of care. The core thesis of this report is that irresponsible development practices—characterized by inadequate risk management, poor data governance, and a lack of system transparency—now constitute a demonstrable failure to meet this emerging legal standard, thereby creating direct pathways for catastrophic litigation against GenAI providers.

This paradigm shift is driven by a convergence of forces: proactive global regulation, the application of flexible existing common law doctrines (like negligence and product liability) to novel technology, and a proliferation of high-profile lawsuits targeting the entire GenAI supply chain. The financial and reputational exposure is unprecedented, with regulatory fines potentially reaching 7% of global turnover 1 and common law tort claims challenging the very foundation of proprietary models.

The legal exposure can be analyzed through six interlocking pillars of litigation risk, each detailed in this report: Intellectual Property Infringement, Tortious Negligence and Product Liability, Regulatory Non-Compliance, Data Privacy Violations, Harmful Output Claims (Defamation and Fraud), and Algorithmic Discrimination. Startups that fail to integrate comprehensive legal diligence into their core engineering processes are effectively guaranteeing their place in the next wave of major technology litigation.

Section I: The Global Regulatory Shift: Mandated Compliance and Catastrophic Fines

The expectation of future lawsuits against GenAI developers is firmly supported by the trend toward comprehensive, strict, and extraterritorial AI regulation. These frameworks transform abstract concepts of responsible AI into auditable legal requirements, providing courts and regulators with clear benchmarks for assessing developer conduct.

1.1 The European AI Act: Defining High Risk and Strict Obligations

The European Union’s Artificial Intelligence Act (AI Act) stands as the most comprehensive regulatory framework globally, establishing a risk-based classification system for AI.2 This classification determines the regulatory burden, ranging from unacceptable risk (prohibited systems like manipulative AI or social scoring) to minimal risk (unregulated).3

For developers, the focus is squarely on "high-risk" AI systems. High-risk systems are those intended for use as safety components in products covered by specific EU laws or those listed under Annex III use cases, particularly if they involve profiling individuals to assess aspects of their lives, such as work performance, economic status, or reliability.3 Given the general-purpose nature and wide applicability of many GenAI systems, especially in professional or sensitive applications, many providers will fall under this high-risk classification.

The legal obligations imposed on providers (developers) of high-risk AI systems are mandatory and extensive, applying even to third-country providers whose output is used within the EU.3 Key requirements include:

• Risk Management System: Establishing a formal risk management system that operates throughout the high-risk AI system's lifecycle.
• Data Governance: Conducting meticulous data governance, which involves ensuring that training, validation, and testing datasets are relevant, sufficiently representative, and, to the maximum extent possible, error-free and complete according to the intended purpose.3
• Technical Documentation: Drawing up exhaustive technical documentation to demonstrate compliance and provide authorities with the necessary information to assess that compliance.3

A critical consideration for any startup pursuing global scale is that the EU AI Act establishes a global de facto standard of care. Because the Act applies to any system placed on the EU market, irrespective of the developer's location, compliance with the EU's highest technical bar—mandating robust risk management and audited data governance—becomes essential. A failure to adhere to these strict, detailed technical requirements, even if operating solely in the US, could provide strong evidence of negligence in subsequent common law litigation, demonstrating that the developer failed to adopt globally recognized measures to mitigate foreseeable risk.4

Catastrophic Financial Consequences

The AI Act is intentionally punitive, establishing fines that significantly surpass those levied under GDPR. The scale of these administrative fines is designed to deter non-compliance and underscores the severity of the developer’s obligations.

The financial exposure represented by these Tier 2 fines—up to €15,000,000 or 3% of global turnover for failing to implement proper data governance or risk management systems 1—translates a failure of corporate procedure directly into a critical financial crisis.

1.2 US Regulatory Patchwork: Applying Existing Laws to Novel Technology

In contrast to the EU, the US currently lacks comprehensive federal legislation directly regulating AI based on risk categorization.6 Nevertheless, the absence of new federal AI law does not provide a shield from legal liability.6

Instead, the US regulatory landscape is characterized by the application of existing common law and statutory frameworks to AI-driven activities. Developers, users, operators, and deployers should anticipate that existing law will apply to any regulated activity that uses AI.6 For instance, general consumer protection laws, such as state-level Unfair and Deceptive Acts and Practices (UDAP) statutes, prohibit deceptive or unfair methods in broad, technology-neutral language, making them applicable to AI-driven misconduct like fraud or discrimination.7

Furthermore, although not yet codified into a unified federal AI law, congressional signaling establishes de facto standards of due diligence. Statements from legislative committees emphasize key steps necessary to manage AI risk, including conducting rigorous safety assessments both pre- and post-deployment, implementing transparent documentation of AI decision-making, and providing clear warnings and disclosures, particularly for vulnerable populations.8 These actions define the necessary level of due diligence that will be required to defend against future common law negligence claims, indicating that regulatory inaction is being replaced by judicial and governmental expectation.

1.3 Eastern Frameworks: China’s Stance on Content and Training Data

Beyond Western jurisdictions, frameworks such as those emerging in China underscore a global consensus regarding developer responsibility for content and training data legality. Chinese regulations require providers of generative AI to promptly remove any illegal content and employ measures for model optimization training.9 They must also establish clear complaints and reporting mechanisms.9

Crucially, Chinese regulations impose strict requirements on data sourcing, mandating that training data must not infringe intellectual property and that any personal information involved must be obtained with the data subject’s consent.10 This sets an extremely strict bar for initial data sourcing and IP diligence.

These Eastern frameworks demonstrate that compliance roles are merging, forcing the developer into a quasi-regulatory role. Providers are required to adopt measures to filter inappropriate content and optimize algorithms to prevent the generation of such content within specific timeframes (e.g., three months).10 This statutory obligation shifts the burden of continuous self-monitoring and remediation onto the developer. A failure to perform this filtering and algorithm optimization becomes a clear breach of a legally imposed duty, which can translate directly into statutory liability or evidence of negligence in private litigation.

The following table summarizes the fundamental exposure risks created by irresponsible GenAI development across these regulatory environments, serving as a roadmap for the subsequent detailed analysis.

Table 2: Comparison of Generative AI Liability Pillars and Associated Legal Claims

Section II: The IP Infringement Battlefield: Training Data, Output Similarity, and Fair Use

Intellectual Property (IP) disputes represent the most active litigation frontier for GenAI startups, encompassing liability at both the input (training data) and output (generated content) stages.

2.1 The Training Data Tug-of-War: Fair Use vs. Unauthorized Ingestion

The dilemma facing GenAI developers is rooted in the practice of scraping vast amounts of copyrighted material from the internet to train Large Language Models (LLMs).11 AI companies frequently assert that this ingestion process constitutes fair use, arguing that the transformative nature of training a model exempts them from compensation or permission requirements. Conversely, creators and publishers maintain that this is outright theft.11

Judicial outcomes remain highly fact-specific and unsettled.12 For example, in the US, one court rejected the fair-use defense in Thomson Reuters v. Ross Intelligence, ruling that ingesting copyrighted data for AI training was not protected.11 Yet, in Bartz v. Anthropic, a different court found that the use of legally purchased, copyrighted books for training was fair use.14 However, the same decision excluded pirated sources, emphasizing that AI developers must ensure all training data is lawfully acquired.14 Relying on pirated works significantly increases litigation risk, as such use is unlikely to be protected by fair use, demonstrating a clear failure of due diligence in data sourcing.

The central issue for developers is that their data governance practices—or lack thereof—double as IP negligence. The failure to conduct rigorous data governance, which is a core mandatory obligation under the EU AI Act 3, directly exposes the startup to legal challenges regarding the lawful acquisition of training data.

2.2 Output Liability: Substantially Similar Content and Verbatim Reproduction

The risk of copyright infringement extends directly to the content generated by the AI system. To establish copyright infringement on the output, plaintiffs must prove the AI system (1) had access to their copyrighted work (i.e., trained on it) and (2) created an output that is "substantially similar" to the original work.12

For developers, access is typically established by the inclusion of the work in the training corpus.15 Irresponsible development that fails to implement rigorous filtering mechanisms or model optimization creates a direct route to output liability. For example, Retrieval-Augmented Generation (RAG) models, which retrieve specific data points to inform their answers, face allegations of reproducing copyrighted content verbatim, potentially infringing copyright at both the input and output stages.16 This structural approach heightens the risk of regurgitation of protected expression.

While generating works "in the style of" a specific artist may not constitute infringement, as copyright law protects specific works rather than general styles 12, the output still poses risks. Simulations of a human performer's voice, for instance, could violate state-level right-of-publicity laws.12

A crucial element emerging from the current litigation landscape is the strategic shift by plaintiffs: suing over the output is often a cleaner legal target than suing over the input. Claims based on demonstrably "substantially similar" or verbatim output are often less burdened by the technical and uncertain defense of "fair use" that accompanies input challenges.11 Therefore, even if a startup believes its training data acquisition strategy is sound, poor output filtering or model architectures that favor specific retrieval mechanisms introduce a simpler prima facie case for infringement liability. This moves the litigation risk from the legal team sourcing IP to the engineering teams managing model governance and output safety.

2.3 Mitigation Through Provenance and Indemnification

Given the volatility of IP law in this domain, companies deploying third-party AI tools cannot assume the underlying training data is legally sound. To mitigate risk, companies need to demand strong indemnification from the model providers they use and must verify the provenance of the training data.14 Startups that neglect these core diligence steps—such as training on pirated works 14 or failing to provide audit trails for data sourcing—are exposing themselves to certain liability once a pattern of infringement is established.

Section III: Tortious Liability: GenAI as a Product and the Duty of Negligence

Beyond statutory and IP claims, traditional common law tort doctrines—particularly negligence and product liability—are being actively applied to GenAI failures, providing an immediate pathway for legal redress against developers.

3.1 Is GenAI a Product? Implications for Product Liability Law

A fundamental, unresolved question in US courts is whether GenAI systems legally constitute a "product" for the purpose of product liability law.17 If they are classified as products, developers are exposed to standard product liability claims, including design defects and failure to warn.

The propensity for GenAI systems to make routine errors, often referred to as "hallucinations," coupled with their widespread deployment, has already generated at least 11 product liability cases in US courts.17 These lawsuits allege design defects, failure to warn, negligence, or a combination thereof, and in all these cataloged cases, the developer of the underlying GenAI model is named as the defendant.17

If GenAI is ultimately defined as a product, developers face two primary avenues of liability:

• Design Defect: Claiming the model's core architecture or training methodology was inherently flawed (e.g., constant, non-mitigable hallucinations or intrinsic bias).17
• Failure to Warn: Failing to provide adequate warnings and disclosures regarding known risks, particularly when the system is deployed in high-impact use cases or marketed to vulnerable populations.8

3.2 The Doctrine of Negligence and Failure to Exercise Reasonable Care

The tort of negligence, due to its inherent flexibility, is highly suitable for addressing novel harms caused by new technologies like GenAI.18 Negligence requires demonstrating a failure to exercise "reasonable care" to prevent foreseeable harm.4 This "reasonable care" is increasingly defined by globally accepted principles of responsible AI development.19

A failure of due diligence is a failure of care. Developers are expected to employ rigorous design, testing, monitoring, and safeguards to mitigate unintended or harmful outcomes.19 A failure to conduct comprehensive safety assessments either pre- or post-deployment constitutes a breach of this duty.8

Negligence also extends to failing to mitigate foreseeable security risks unique to LLMs. These risks include data poisoning, model inversion, prompt injection, and supply chain attacks.20 When these vulnerabilities are known to the engineering community, failing to implement defenses demonstrates a lack of reasonable care.21

A critical element in AI litigation is that established Responsible AI principles are becoming the de facto legal standard of proof. In the absence of prescriptive statutes, courts rely on ethical and engineering norms—such as Proportionality, Safety, Security, and Responsibility/Accountability 22—to define reasonable conduct. A startup that dismisses these as optional ethics guidelines exposes itself to claims that it failed to take "reasonable measures to mitigate against that harm or injury".4 Conversely, a developer who can provide comprehensive technical documentation proving safety assessments (as required by the EU AI Act 3) possesses a strong legal shield against negligence claims.

The integration of regulatory requirements and tort law is direct and immediate. The mandatory risk management systems and data governance obligations demanded by the EU AI Act for high-risk GenAI 3 are essentially codifying the steps necessary to avoid negligence and design defect claims. If a startup incurs a Tier 2 administrative fine for regulatory non-compliance 1 (e.g., lack of proper representative datasets), that violation serves as compelling evidence of unreasonable conduct in a subsequent US product liability or negligence case.

The table below illustrates how adherence to core responsible AI principles translates directly into a legal defense strategy against tort claims.

Table 3: The Standard of Care for GenAI: Mapping Ethics to Legal Defense

Section IV: Privacy and Data Governance: The Risk of Leakage, Inference, and Regulatory Action

GenAI’s operational reliance on massive datasets and continuous user interaction creates complex and amplified risks of violating data protection laws, most notably the European GDPR and US state laws like CCPA.

4.1 The Intrusiveness of Training Data Scraping

The first pillar of privacy risk originates in the sourcing of training data. Businesses that train AI applications on personal data must be fully aware of regulatory requirements, including the ability to justify data collection (such as web-scraping) according to GDPR mandates.23 This necessitates implementing technical safeguards, ensuring transparency by informing individuals about ongoing scraping operations, respecting the principles of purpose limitation and data minimization, and carrying out a Data Protection Impact Assessment (DPIA).23

Irresponsible data handling exposes developers to dual liability. A failure in data governance results first in administrative fines from regulatory bodies, as demonstrated by European national data protection authorities (DPAs) imposing fines on Clearview AI for GDPR violations related to scraping billions of publicly available personal data records without proper consent.25 Second, the same data handling failure (e.g., poor anonymization) creates the foundation for private civil litigation claiming breach of data protection laws.

The risk is magnified when the scraped data is used for "profiling"—the automated processing of personal data to assess various aspects of a person’s life.3 This practice is already classified as high-risk and has faced regulatory enforcement, reinforcing the need for strict compliance in data sourcing.25

4.2 Novel Privacy Threats: Inference and Memorization

GenAI introduces sophisticated privacy threats that go beyond simple data leakage.

The Danger of Inference Attacks

A crucial, often underappreciated threat is the model’s emergent ability to infer sensitive personal attributes from seemingly benign text inputs.26 Research demonstrates that pretrained LLMs can infer a wide range of personal attributes (e.g., location, income, sex) from real text profiles with high accuracy, reaching up to 85% top-1 accuracy.26 This capability is executed at a fraction of the cost and time required by human analysis, representing a massive shift in potential surveillance capability.

This ability to infer sensitive details means that current LLMs can violate privacy by processing personal data during inference, even if the user's input itself did not appear sensitive. Furthermore, common mitigations, such as text anonymization, are currently proving ineffective against LLM inference capabilities.26 This fundamentally expands the operational definition of "personal data." Because LLMs can now establish associations between non-sensitive input and identifiable characteristics, startups must treat a wider array of user interactions as "personal data," expanding their data minimization and protection obligations under major privacy laws.25

Data Leakage and Memorization Risks

During model development and training, the extensive processing of large-scale datasets increases the risk that the model will inadvertently memorize sensitive data.27 If this memorized data is subsequently exposed in the system's output—a documented failure mode—it constitutes a direct privacy violation and creates liability under data protection laws.20

Additionally, unauthorized access to user logs, which contain user inputs and outputs, can exploit vulnerabilities in security and lead to a data breach.27 Even if access is authorized, the aggregation of these logs over time can reveal comprehensive patterns about individuals or organizations, forming a dataset that itself poses a critical aggregation risk and can violate privacy principles.27

Section V: Harmful Output Claims: Defamation, Fraud, and Corporate Data Leakage

The output of GenAI models—particularly when unreliable—can lead to claims of defamation and fraud, exposing developers to lawsuits traditionally reserved for human publishers or conspirators.

5.1 Hallucinations and Defamation Liability

Generative AI models, especially Large Language Models (LLMs), routinely "hallucinate," generating incorrect answers with a high degree of confidence.28 When these hallucinations target individuals or entities, they can cause significant reputational harm and spread misinformation.24

A landmark 2023 case involving a defamation lawsuit against OpenAI demonstrated this risk, where ChatGPT generated a false legal complaint accusing an individual of embezzlement.24 These cases force the courts to determine the culpability of the AI company by assessing whether the model is a passive "tool" (potentially protected by Section 230 in the US) or an active "speaker/publisher" of the defamatory content.24

The narrative of irresponsible development directly impacts this legal distinction. A developer who fails to employ high-reliability design features or filter known harmful outputs makes it harder to maintain the defense that the model is merely a tool. The developer's failure to exercise reasonable care in controlling foreseeable harmful output increases the likelihood of finding direct liability for the resulting defamation.

5.2 Fraud and Deceptive Practices (Deepfakes and Impersonation)

The use of GenAI to create fraudulent content, specifically deepfakes and voice clones, is attracting direct regulatory attention. The Federal Trade Commission (FTC) in the US has taken a proactive stance, proposing rules that could extend liability to technology companies providing the "means and instrumentalities" for fraudulent activity.29

Specifically, the FTC is requesting comment on a rule that would prohibit the fraudulent impersonation of individuals and potentially extend liability to developers deploying AI tools used to create such deepfakes or voice cloning mechanisms.29 This regulatory approach is based on the argument that if a GenAI startup develops and deploys an uncapped tool that is predictably used for wire fraud or identity theft, the developer may be held liable under Section 5 of the FTC Act for providing the instrumentalities for an unfair and deceptive practice. This approach focuses on the foreseeability of misuse rather than the developer’s direct intent.

This regulatory action and the complexity of defamation cases demonstrate the erosion of platform immunity. GenAI output (hallucinations, deepfakes) are machine-generated results of the developer’s design choices, not third-party content. Regulators are likely to reject passive platform defenses for irresponsible developers who fail to implement mandatory safeguards against fraudulent or defamatory output.

5.3 Trade Secret Contamination and Leakage

GenAI models also introduce novel risks to the protection of corporate proprietary information. One major exposure stems from employees inadvertently sharing corporate trade secrets by inputting confidential information into commercial GenAI tools.30 If the GenAI tool then disseminates this information to competitors or third parties, the trade secret owner has a claim.

This dynamic raises the bar for companies attempting to maintain their trade secrets. They must adapt internal risk management strategies, including deploying strict policies and technical monitoring, to prevent their product from facilitating their clients' or partners' trade secret leakage.30 Developers of GenAI systems must design their platforms to minimize the risk of internal leakage or face liability for the subsequent misappropriation, even if unintentional.

Section VI: Algorithmic Bias and Discrimination: A New Frontier of Legal Exposure

Algorithmic bias represents a silent but profound failure of responsible development. When bias, stemming from non-representative or flawed training data, leads to discriminatory outcomes in high-risk applications (e.g., employment, credit lending, or legal analysis), it creates direct liability under existing anti-discrimination statutes.

6.1 The Failure to Mitigate Bias as Negligence

Failure to mitigate algorithmic bias constitutes a failure of due diligence that directly maps onto negligence claims. When bias leads to discriminatory outcomes across critical sectors 20, courts apply the negligence standard, holding entities accountable for harm unless they have taken reasonable measures to mitigate the harm.4 In the AI context, failing to audit or remove known bias in a system that profiles individuals (a high-risk activity under the EU AI Act 3) is a clear failure to mitigate foreseeable harm.

Moreover, proposals are emerging to shift the burden of proof in bias cases to the companies themselves, requiring them to demonstrate the fairness of their algorithms.31 This mandate necessitates proactive, well-documented fairness assessments and the mandatory use of debiasing algorithms and fairness constraints during model development.31

6.2 Mandatory Transparency, Auditability, and Explainability (T&E)

The ability to defend against discrimination or negligence claims hinges entirely on the auditable nature of the AI system. AI systems must be traceable, and developers must provide detailed documentation on algorithm design and conduct regular assessments of social impacts.22 This mandated technical documentation, a core requirement of the EU AI Act 3, transitions from a compliance burden into a necessary defense mechanism in litigation.

The inherent opacity of "black box" GenAI models creates a critical legal vulnerability if not compensated for by mandatory transparency and audit trails. If a startup develops a biased model and is subsequently sued, the defense strategy requires proving reasonable care was exercised to prevent the bias (negligence defense) or that the bias is not statistically significant (discrimination defense). Without auditable logs, technical documentation, and evidence of pre-deployment social impact assessments 22, the developer lacks the means to satisfy this burden of proof. The very lack of auditability transforms into legal liability.

Developers must balance the need for transparency with the protection of proprietary information. The technical documentation must provide meaningful insights into AI operations without compromising trade secrets.32 Legal mechanisms, such as strict confidentiality agreements for third-party auditors and regulatory oversight, are necessary tools to achieve this balance.32

Conclusion: The Cost of Irresponsibility

The data analyzed confirms that the era of treating GenAI development as an unregulated frontier has ended. The failure to adopt robust, legally defensible development practices, particularly concerning data governance, safety testing, and algorithmic transparency, will inevitably translate into significant, business-critical litigation.

The pathways to liability are numerous and interconnected: regulatory non-compliance in Europe sets a high financial penalty and simultaneously provides evidence of negligence in US tort claims; corner-cutting on data provenance guarantees IP infringement risk; and a failure to mitigate hallucinations or implement strong security controls exposes the developer to claims of defamation and consumer fraud.

The financial consequences of ignoring these standards are catastrophic for startups. They face Tier 1 EU AI Act fines up to €35,000,000 1, massive legal defense costs associated with complex IP and product liability cases 33, and irreversible reputational damage from claims of bias or fraud.24 Responsible AI development is no longer an ethical choice; it is a fundamental legal requirement. Startups must therefore integrate comprehensive legal diligence into the core of their design process, viewing the technical requirements of global regulation (such as the EU AI Act) not as obstacles, but as the essential blueprint for a legally resilient product.

Works cited

1. Penalties of the EU AI Act: The High Cost of Non-Compliance - Holistic AI, accessed on November 13, 2025, https://www.holisticai.com/blog/penalties-of-the-eu-ai-act
2. EU AI Act: first regulation on artificial intelligence | Topics - European Parliament, accessed on November 13, 2025, https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence
3. High-level summary of the AI Act | EU Artificial Intelligence Act, accessed on November 13, 2025, https://artificialintelligenceact.eu/high-level-summary/
4. Artificial Intelligence and Legal Malpractice Liability - Digital Commons at St. Mary's University, accessed on November 13, 2025, https://commons.stmarytx.edu/cgi/viewcontent.cgi?article=1166&context=lmej
5. Article 99: Penalties | EU Artificial Intelligence Act, accessed on November 13, 2025, https://artificialintelligenceact.eu/article/99/
6. AI Watch: Global regulatory tracker - United States | White & Case LLP, accessed on November 13, 2025, https://www.whitecase.com/insight-our-thinking/ai-watch-global-regulatory-tracker-united-states
7. Are Existing Consumer Protections Enough for AI? - Lawfare, accessed on November 13, 2025, https://www.lawfaremedia.org/article/are-existing-consumer-protections-enough-for-ai
8. AI as a Product: The Next Frontier in Product Liability Law - UIC Law Library, accessed on November 13, 2025, https://library.law.uic.edu/news-stories/ai-as-a-product-the-next-frontier-in-product-liability-law/
9. AI Watch: Global regulatory tracker - China | White & Case LLP, accessed on November 13, 2025, https://www.whitecase.com/insight-our-thinking/ai-watch-global-regulatory-tracker-china
10. How will China's Generative AI Regulations Shape the Future? A DigiChina Forum, accessed on November 13, 2025, https://digichina.stanford.edu/work/how-will-chinas-generative-ai-regulations-shape-the-future-a-digichina-forum/
11. AI’s Copyright Conundrum: Legal Battles Reshaping Tech’s Future, accessed on November 13, 2025, https://www.webpronews.com/ais-copyright-conundrum-legal-battles-reshaping-techs-future/
12. Generative Artificial Intelligence and Copyright Law - Congress.gov, accessed on November 13, 2025, https://www.congress.gov/crs-product/LSB10922
13. Generative AI – IP cases and policy tracker | Mishcon de Reya, accessed on November 13, 2025, https://www.mishcon.com/generative-ai-intellectual-property-cases-and-policy-tracker
14. A Tale of Three Cases: How Fair Use Is Playing Out in AI Copyright Lawsuits | Insights, accessed on November 13, 2025, https://www.ropesgray.com/en/insights/alerts/2025/07/a-tale-of-three-cases-how-fair-use-is-playing-out-in-ai-copyright-lawsuits
15. Infringement risk relating to creation and use of the output of a generative AI system, accessed on November 13, 2025, https://www.nortonrosefulbright.com/en/knowledge/publications/4e9b05b9/infringement-risk-relating-to-creation-and-use-of-the-output-of-a-generative-ai-system
16. Current Edition: Updates on Generative AI Infringement Cases in Media and Entertainment, accessed on November 13, 2025, https://www.mckoolsmith.com/newsroom-ailitigation-44
17. GenAI Product Liability Cases Are Making Their Way Through the Courts. Here's What We're Watching. - Verisk's, accessed on November 13, 2025, https://core.verisk.com/Insights/Emerging-Issues/Articles/2025/May/Week-4/GenAI-Product-Liability-Cases
18. Should Generative AI Have a Significant Effect on Questions of Liability in the Law of Tort?, accessed on November 13, 2025, https://blogs.law.ox.ac.uk/oxford-university-undergraduate-law-journal-blog/blog-post/2025/02/should-generative-ai-have
19. AI Principles - Google AI, accessed on November 13, 2025, https://ai.google/principles/
20. Current AI risks, accessed on November 13, 2025, https://macaudailytimes.com.mo/current-ai-risks.html
21. NEGLIGENCE AND AI'S HUMAN USERS - Boston University, accessed on November 13, 2025, https://www.bu.edu/bulawreview/files/2020/09/SELBST.pdf
22. Ethics of Artificial Intelligence | UNESCO, accessed on November 13, 2025, https://www.unesco.org/en/artificial-intelligence/recommendation-ethics
23. Scraping and processing AI training data – key legal challenges under data protection laws, accessed on November 13, 2025, https://www.taylorwessing.com/en/insights-and-events/insights/2025/02/scraping-and-processing-ai-training-data
24. Recent Lawsuits Against AI Companies: Beyond Copyright Infringement | Traverse Legal, accessed on November 13, 2025, https://www.traverselegal.com/blog/ai-litigation-beyond-copyright/
25. Privacy of Personal Data in the Generative AI Data Lifecycle - NYU Journal of Intellectual Property & Entertainment Law, accessed on November 13, 2025, https://jipel.law.nyu.edu/privacy-of-personal-data-in-the-generative-ai-data-lifecycle/
26. Beyond Memorization: Violating Privacy via Inference with Large Language Models, accessed on November 13, 2025, https://openreview.net/forum?id=kmn0BhQk7p
27. AI Privacy Risks & Mitigations – Large Language Models (LLMs) - European Data Protection Board, accessed on November 13, 2025, https://www.edpb.europa.eu/system/files/2025-04/ai-privacy-risks-and-mitigations-in-llms.pdf
28. Legal issues with AI: Ethics, risks, and policy - Thomson Reuters Legal Solutions, accessed on November 13, 2025, https://legal.thomsonreuters.com/blog/the-key-legal-issues-with-gen-ai/
29. Who's Liable for Deepfakes? FTC Proposes To Target Developers of Generative AI Tools in Addition to Fraudsters | Davis Wright Tremaine, accessed on November 13, 2025, https://www.dwt.com/blogs/artificial-intelligence-law-advisor/2024/02/ftc-targets-tech-companies-for-generative-ai-fraud
30. Trade Secrecy Meets Generative AI - Scholarly Commons @ IIT Chicago-Kent College of Law, accessed on November 13, 2025, https://scholarship.kentlaw.iit.edu/cgi/viewcontent.cgi?article=4489&context=cklawreview
31. Legal Challenges in Regulating Algorithmic Bias and Discrimination - ResearchGate, accessed on November 13, 2025, https://www.researchgate.net/publication/388122417_Legal_Challenges_in_Regulating_Algorithmic_Bias_and_Discrimination
32. Transparency and accountability in AI systems: safeguarding wellbeing in the age of algorithmic decision-making - Frontiers, accessed on November 13, 2025, https://www.frontiersin.org/journals/human-dynamics/articles/10.3389/fhumd.2024.1421273/full
33. The Impact of Artificial Intelligence on Law Firms' Business Models, accessed on November 13, 2025, https://clp.law.harvard.edu/knowledge-hub/insights/the-impact-of-artificial-intelligence-on-law-law-firms-business-models/