AI Litigation Across the EU, the UK and the United States

A practical survey of where the cases stand – including the liability of companies that embed third-party AI

Litigation over artificial intelligence has moved, in barely eighteen months, from a handful of novel claims to a sprawling body of disputes spanning the United States, the European Union and the United Kingdom. Courts are now being asked to apply long-established doctrines – copyright, product liability, defamation, consumer protection, data protection and trade mark – to a technology that does not sit comfortably within any of them. By early 2026, more than 160 AI-related copyright cases alone were being tracked through the US federal courts, alongside a fast-expanding tranche of personal-injury, wrongful-death and regulatory actions.

This article surveys the principal strands of AI litigation in each of the three jurisdictions, then turns to a question of growing commercial importance: where liability falls when a company does not build its own model but instead embeds a third party’s AI into its own product or service. The short answer is that integrating someone else’s model does not insulate a business from claims – and in some respects it increases the number of potential defendants in the chain.

Integrating a third party’s AI does not transfer the risk away. It changes its shape – and often adds your name to the list of defendants.

⚠  A fast-moving landscape – check the current position AI litigation is developing at unusual speed and the picture below is current only to mid-2026. Several of the cases described are mid-flight: rulings may be appealed, claims may settle, and courts in different jurisdictions are already reaching different conclusions on similar facts. The EU AI Act’s most demanding obligations are due to apply from 2 August 2026. Treat this article as a map of the terrain, not a final word, and confirm the position on any specific case before relying on it.

United States

The United States is the busiest forum for AI disputes, and the litigation falls into two broad camps: intellectual-property claims brought by rights-holders, and personal-injury or consumer-harm claims brought by users and regulators.

Copyright and training-data claims

The central question, whether training a model on copyrighted works is fair use, remains unsettled, with district courts split.

• Bartz v. Anthropic. A class of authors alleged their books were copied to train Claude. The court drew a sharp line: training on lawfully acquired books was held to be fair use, but downloading and storing pirated copies was not. The case then settled for around US$1.5 billion the largest copyright settlement in US history, at an estimated US$3,000 per work.
• Kadrey v. Meta. A parallel claim over the training of Llama. The court dismissed the training claim on fair-use grounds in part, while allowing claims tied to the reproduction of pirated works during torrenting to proceed.
• In re OpenAI (incl. New York Times v. OpenAI & Microsoft). The Times alleges mass copying of its articles to train ChatGPT and seeks substantial statutory damages. Discovery has been hard-fought, with rulings on access to model logs and expert depositions; summary judgment on fair use was anticipated around mid-2026 and is expected to produce the most detailed judicial analysis yet.
• Disney v. Midjourney / Disney v. MiniMax. Studios have targeted image-generation companies over outputs said to reproduce protected characters, including a Chinese developer where service of process across borders has itself become contested.
• Thaler v. Perlmutter. On authorship, the Supreme Court declined to review the refusal to register a wholly AI-generated work, leaving intact the position that copyright requires human authorship.

The emerging through-line is that how a model was trained matters as much as what it produces. Lawful sourcing has become the decisive fair-use threshold, and the use of pirated or shadow library material is the feature most likely to defeat a defence.

Product liability, personal injury and consumer harm

A distinct and fast-growing line of cases treats consumer-facing AI not as protected speech but as a product,  importing the doctrines courts already use for mass-distributed goods.

• Garcia v. Character Technologies. Following allegations that a chatbot contributed to a teenager’s death, the court treated the app as a product for strict-liability purposes and allowed claims to proceed against both the app operator and an upstream technology provider as a possible component-part manufacturer. This is significant: courts may look past the branded application to the supplier of the underlying model.
• In re ChatGPT Product Liability Cases. A California court consolidated multiple actions against OpenAI in 2026, alleging the product reinforced delusional or self-harming behaviour. A pivotal threshold dispute is whether ChatGPT is a product or a software-based service, the latter framing, if accepted, would sidestep strict liability.
• State enforcement. Government action has broadened sharply: Florida sued OpenAI (naming its chief executive personally) over child-safety concerns; Kentucky and others sued Character Technologies; Utah sued Snap over its AI chatbot; and Pennsylvania sued Character.AI for allegedly enabling the unlawful practice of medicine where personas presented themselves as licensed professionals.

Defendants frequently argue that chatbot outputs are expressive content shielded by the First Amendment or Section 230. Whether those defences hold against product-design theories, which target how the system was built rather than any particular statement, is one of the defining open questions of 2026.

United Kingdom

The UK’s landmark decision is Getty Images (US) Inc & ors v Stability AI Limited [2025] EWHC 2863 (Ch), handed down on 4 November 2025 , the first substantive UK judgment on copyright and generative AI.

• Getty’s case narrowed dramatically during trial. Critically, it accepted there was no evidence that training took place in the UK, which undermined its primary copyright claims; those were abandoned before closing submissions.
• On the remaining secondary-infringement claim, the court held that Stable Diffusion was not an infringing copy of an article imported into the UK, because the model’s weights do not store or reproduce the training images. Importing or making the model available in the UK therefore did not amount to secondary infringement on these facts.
• Importantly, the judge accepted in principle that an intangible object can be an article, and that storage can occur by intangible means such as cloud storage. So a developer could in principle commit secondary infringement by making a model available in the UK, but only if the model itself stores or reproduces protected works.
• Getty succeeded only on limited trade mark points, where its watermarks appeared in some outputs of early model versions; broader unfair-advantage and passing-off claims failed.

Two practical takeaways follow. First, territoriality is decisive: where training happens largely determines whether UK copyright bites. Second, the judgment turns on the technical finding that model weights are not themselves copies, a point that may be revisited on appeal or on different evidence. Beyond copyright, the UK currently regulates AI through existing frameworks, data protection, consumer law and sector regulators, rather than a single AI statute.

European Union

EU developments combine court decisions, competition enforcement and a comprehensive new regulatory regime under the AI Act.

Litigation and enforcement

• GEMA v. OpenAI (Munich). On 11 November 2025 the Regional Court of Munich I issued the first European court decision directly addressing whether training on copyrighted works infringes, in a claim by Germany’s music collecting society over song lyrics used to train GPT-4 / GPT-4o. Subsequent rulings found OpenAI liable in respect of lyric memorisation, a notable contrast with the UK’s weights-based reasoning.
• Competition enforcement. France’s competition authority fined Google €250 million in connection with the use of news content, including in relation to its Gemini model, illustrating that regulators may reach AI conduct through competition and neighbouring-rights routes, not only copyright suits.

The EU AI Act

The AI Act is being phased in, with the bulk of the high-risk-system obligations due to apply from 2 August 2026. It regulates by role rather than by company, and the role determines the obligations:

• Providers – those who develop an AI system or general-purpose AI (GPAI) model or place it on the market under their own name, carry the heaviest obligations: risk management, technical documentation, data governance, human-oversight design, conformity assessment, CE marking, registration, post-market monitoring and incident reporting.
• Deployers – those who use an AI system in a professional capacity, carry lighter but real obligations, such as human oversight, monitoring and transparency to affected users.
• Transparency duties require users to be told when they are interacting with AI and require the marking of synthetic or deepfake content.

Non-compliance can attract substantial administrative fines and, depending on the member state, civil or criminal liability, layered on top of any IP or personal-injury exposure under national law.

Embedding third-party AI: where does liability fall?

A central commercial concern is the position of companies that do not build a model but license and embed a third party’s AI, for example, calling a foundation model via API inside a SaaS product, or shipping a feature powered by an external model. Integrating third-party AI does not transfer the risk away; it changes its shape.

Under the EU AI Act

The Act’s role-based design is decisive here:

• A company that merely licenses and integrates a third-party model into its platform without substantial modification is generally a deployer, with the lighter (but non-trivial) deployer obligations.
• Under Article 25, however, a deployer, distributor or other party can be reclassified as a provider, and assume the full provider obligations, if it puts the system on the market under its own name or trade mark, substantially modifies it, or changes its intended purpose. The AI Office’s indicative threshold for substantial fine-tuning is, broadly, where fine-tuning compute exceeds about one-third of the base model’s original training compute.
• The Act also imposes a documentation cascade: GPAI providers must give downstream integrators the technical information they need, and providers of high-risk systems must contract carefully with suppliers of integrated components. Original providers can limit exposure by clearly specifying that their system is not intended for high-risk use – shifting responsibility to a downstream party who repurposes it.

Under copyright law

• An integrator can face output-based claims where the embedded model reproduces protected works in what the company ships to its own customers, regardless of who trained the model.
• The Getty reasoning suggests a UK integrator who merely makes available a model that does not store copies may avoid secondary infringement, but the analysis is fact- and technology-specific, and evidence of memorisation (as in GEMA) could change the result.
• Contractual indemnities and warranties from the model provider become the front line of risk management. Several major model providers now offer customer IP indemnities, but these are typically conditioned on the customer’s own conduct, such as not disabling safety filters.

Under product-liability and personal-injury law

This is where embedding third-party AI is most exposed. Garcia v. Character Technologies shows US courts willing to treat the supplier of an underlying model as a potential component-part manufacturer in a product-liability chain, meaning both the branded application and the upstream model provider can be named. In the EU, the modernised product-liability regime and the role-based AI Act together point toward shared and overlapping responsibility across the supply chain, reinforcing the need for clear contractual allocation.

A practical risk-allocation checklist

• Determine and document your role, provider or deployer, under the AI Act before launch.
• Avoid inadvertently becoming a provider through rebranding, material modification or changed purpose, unless you intend to take on those obligations.
• Negotiate IP and product-liability indemnities, warranties and cooperation rights with the model supplier, and understand the conditions attached.
• Diligence the supplier’s training-data provenance, lawful sourcing is the decisive fair-use factor in the US and a live issue everywhere.
• Implement transparency, human oversight and escalation or safety workflows, especially for consumer-facing or health-adjacent uses.
• Avoid any implication that the AI holds professional credentials, medical, legal or financial, given active regulatory enforcement.

Where this leaves businesses

AI litigation in 2026 is developing rapidly and not always in the same direction across borders. The United States leads on volume, with copyright fair-use battles and a fast-emerging product-liability playbook running in parallel. The UK’s Getty decision offers developers some comfort on secondary infringement but leaves the door open and turns heavily on territoriality and technical facts. The EU pairs early liability findings such as GEMA with the most comprehensive regulatory regime in the AI Act, whose high-risk obligations crystallise in August 2026.

For companies embedding third-party AI, the recurring lesson is that integration does not equal immunity. Liability is allocated by role, by contract and by conduct, and across copyright, product-liability and regulatory regimes alike, the businesses best protected are those that classify their role carefully, diligence their suppliers, allocate risk expressly, and build transparency and safety into the product from the outset.

How we can help

360 Business Law help businesses understand and manage their AI litigation and regulatory risk across the UK, EU and US assessing where you sit in the supply chain, reviewing the contracts and indemnities that govern embedded third-party models, advising on copyright, product-liability and consumer-protection exposure, and preparing for the EU AI Act’s obligations. If you are developing, deploying or embedding AI and want the comfort of knowing where you stand before a dispute or a regulator finds you first, we would be glad to help.

This article is general information current as of June 2026 and does not constitute legal advice. AI litigation is fast-moving and many of the cases described remain subject to appeal, settlement or further rulings; please obtain tailored advice before acting. To discuss AI litigation or regulatory risk for your business, contact Robert Taylor, CEO & General Counsel, at r.taylor@360businesslaw.com.