A regional court in Munich has done something no UK regulator has yet had to: it has told Google that when its AI feature makes a false statement about a company, that statement is Google’s own — not a neutral pointer to someone else’s words, and not shielded by the rules that have protected search engines for two decades. The case is small, German, and only a temporary injunction. The principle underneath it is none of those things. For any UK organisation that has bolted a generative AI summary, chatbot or assistant onto its product, this ruling is the first court anywhere to answer the question that matters: when your model speaks, who is liable for what it says?
The business problem hiding behind a publisher dispute
It would be easy to read this as a story about Google and two Munich publishers and file it under “German defamation law, not my concern.” That filing is a mistake, and the reason is structural rather than geographical.
The Regional Court of Munich found that Google’s AI Overviews — the AI-generated summaries that sit above the blue links — wrongly tied two publishers to scams, subscription traps and questionable business practices. The claims did not appear in any of the linked sources. Google’s defence was the one every platform reaches for: search engines are intermediaries, they surface third-party content, and established case law treats them as indirect infringers rather than authors. The court rejected it. Because Google built the feature, controls how it is presented and controls the algorithms that produce it, the court treated the output as Google’s own content — and direct liability followed.
Strip out the names and you have a test that applies to a great deal more than one search product. Any system that takes source material, then “rewrites, combines and evaluates” it — the court’s own description — into a new substantive statement is generating content, not relaying it. That description fits an AI Overview. It also fits the retrieval-augmented generation assistant a UK insurer puts on its website, the summarisation feature a fintech ships to its users, and the internal copilot that drafts a supplier assessment. The legal question the court answered was narrow. The category it answered it for is enormous.
Strategic Reality: The search-engine liability shield was built for a product that points at other people’s words. A generative system does not point — it speaks. The moment your AI writes an original sentence about a third party, the comfortable “we just surface what’s out there” defence stops describing what your product actually does.
What the court actually decided
The reasoning matters more than the outcome, because the reasoning is what other courts — including British ones — will read. Four moves carried the judgment, and each one closes a door that AI deployers have been quietly relying on.
| The court’s move | What Google argued | Why it failed |
|---|---|---|
| AI Overviews are not search results | Treat them like links to external pages | The summaries generate new statements from multiple sources “in their own words and according to their own structure” |
| The search-engine shield does not apply | Apply the case law that limits liability for search and autocomplete | Those rules cover surfacing third-party content; an AI Overview produces its own |
| ”Users can check the links” is no defence | Readers could verify the claim against cited sources | The summary “stood on its own” and presented its claims as a complete answer |
| Control equals authorship | Google merely operates the system | Google built the feature, controls its presentation and owns the algorithms, so the output is its content |
The third move is the one UK deployers should sit with longest. The instinct of every product team shipping an AI feature is to bolt on a disclaimer and a row of citations — “AI-generated, verify before relying on it” — and assume that transfers the risk to the reader. The Munich court looked straight through that. If the summary reads as a complete, authoritative answer, the presence of links beneath it does not turn the statement back into someone else’s. The citation is decoration; the sentence is yours.
Critical Context: Citations and “verify this” disclaimers do not relocate liability if your output presents itself as a finished answer. The court treated the AI Overview as a standalone statement precisely because that is how users read it. Designing an interface that looks authoritative and then disclaiming authority is the worst of both worlds.
There is one more detail worth weighting. The court noted that Google can compare its AI-generated statements against the underlying sources, at least in cases like this — which is to say the technical ability to check exists, so the failure to check is the platform’s. And it left the injunction in place partly because Google offered no cease-and-desist undertaking with a penalty clause, and “the same algorithms could generate similar claims again.” The risk was treated as systemic, not as a one-off hallucination to be apologised for and moved past.
Why this reaches the UK even though it is a German ruling
Three reasons, and none of them depends on the judgment being binding here — it is not.
The first is that the legal architecture rhymes. The UK’s intermediary protections — the hosting, caching and mere-conduit defences retained from the e-Commerce regime, and the publication defences in the Defamation Act 1996 and 2013 — all rest on the same fault line the Munich court walked along: they protect a party that transmits or hosts someone else’s content, not one that authors its own. A British court asked whether an AI summary is “publication by the operator” would be reaching for the same distinction between relaying and creating. The Munich court has now shown how that distinction cuts once a generative system is in the frame.
The second is that the UK has no AI-specific statute to override the analogy. As we have argued before on this site, Britain has an institute but not an architecture — a respected technical body in the AI Security Institute, but no frontier-specific law and no bespoke liability regime for AI outputs. In that vacuum, the existing law of defamation, malicious falsehood, data protection and consumer protection is what applies, and those are precisely the doctrines the German court was reasoning within. The absence of a special AI carve-out does not protect deployers; it leaves them exposed to general law that was never written with generative systems in mind but adapts to them uncomfortably well.
The third is commercial gravity. Google will not run one liability model for Munich and another for Manchester. If AI Overviews are reworked to reduce direct-liability exposure — more hedging, fewer standalone factual assertions, tighter grounding to sources — UK users will get the reworked product. The ruling shapes what lands here whether or not a British court ever cites it.
Reality Check: “It’s not binding in the UK” is true and beside the point. The doctrines a UK court would use — author versus intermediary, publication by the operator, the accuracy duty under data protection — already exist and already point the same way. The Munich ruling is a preview of an argument UK businesses will eventually have to make or answer, not a foreign curiosity.
Who carries the new risk, and where it lands
The exposure is not evenly spread. It concentrates wherever a generative system makes checkable factual claims about identifiable third parties or customers, and where the output is presented as an answer rather than a draft.
| Where AI output appears | Liability exposure | What changes after Munich |
|---|---|---|
| Customer-facing chatbot or summary making claims about named firms or people | High — defamation, malicious falsehood | ”It’s the model, not us” weakens as a defence |
| AI feature describing your own customers (eligibility, risk, conduct) | High — data protection accuracy, reputational harm | Inaccurate generated statements about a person become your statements |
| Internal copilot drafting assessments of suppliers or candidates | Medium — acted-upon errors, discrimination risk | Provenance and review become evidence you exercised control |
| Pure retrieval that quotes sources verbatim without rewriting | Lower — closer to genuine intermediation | The verbatim/rewrite line is now the line that matters |
The pattern across that table is a single design question: does your system relay or does it author? Verbatim quotation with clear attribution sits nearer the old intermediary world. Rewriting, combining and evaluating sources into a fresh assertion — the thing generative models are built to do — sits squarely in the authored world the Munich court described. Most deployments have drifted from the first towards the second without anyone deciding they should.
Hidden Cost: The features that delight users are the ones that rewrite and synthesise rather than quote. That is also exactly the behaviour the court treated as authorship. The product instinct to make AI output smoother, more confident and more complete is, in liability terms, the instinct to take on more of it.
What a UK organisation should do now
This is not a reason to pull generative features. It is a reason to deploy them as a party that knows it owns the output, rather than one hoping a disclaimer will hold. The work splits cleanly by maturity.
For organisations still piloting, the priority is to map exposure before it ships. Inventory every place a generative system makes a factual claim about a named third party or about a customer, and separate the genuine retrieval (quoting sources) from the genuine generation (rewriting them). The second list is your risk register.
For organisations already in production, the priority is grounding and review. Constrain customer-facing outputs to what the sources actually support, log the source-to-statement mapping so you can show what the model was given, and put human review on the claims that carry legal or reputational weight. The court pointedly noted that Google could have compared output against sources — build the system that can, and does.
For mature deployers, the priority is governance and contracts. Decide who owns AI-output liability across your vendor stack before an incident forces the question, write indemnity and accuracy terms into model and platform agreements, and give affected parties a fast correction route — the equivalent of the cease-and-desist undertaking whose absence kept Google under injunction.
Take Action: Treat every customer-facing AI statement as something your organisation has said in its own name, because a court has now found that it has. The test is simple and worth circulating to product and legal together: if a member of staff had written this sentence, would we stand behind it? If not, your model should not be publishing it either.
The challenges this ruling does not solve
Four problems sit beneath the clean headline, and a UK organisation relying on “we’ll just add guardrails” should see all four.
The first is that grounding reduces error but does not eliminate it. A model constrained to its sources still combines them, and combination is where the Munich AI Overview went wrong — it conflated information about other companies with the publishers and invented connections the sources never made. Mitigation: review the synthesis step, not just the retrieval step; the danger is in how facts are joined, not only in which facts are fetched.
The second is that the ruling is temporary and may be challenged, so the precedent is directional rather than settled. Mitigation: do not wait for finality to act on the principle — the cost of grounding and review is low and the doctrines it guards against are not unique to this one case.
The third is the disclaimer reflex. The natural response to liability is heavier “verify before relying” language, and the natural result is a product that looks authoritative and disclaims authority — exactly the posture the court saw through. Mitigation: change what the output claims, not just what the small print says; a hedged, source-bound statement is safer than a confident one wrapped in a warning.
Implementation Note: The cheapest defensive move and the most useless one are the same move — adding a disclaimer. The court read past it. Spend the effort on constraining the model’s confidence and grounding its claims, which changes the statement itself, rather than on warning text that changes only the framing around an unchanged statement.
The fourth is the vendor gap. Most UK businesses do not build their own models; they deploy someone else’s. When that model defames a third party through your interface, your customer sees your brand, and your contract may not say who pays. Mitigation: read the liability and indemnity clauses in your AI vendor agreements now, whilst it is a procurement question rather than a litigation one.
The takeaway: the shield was never built for systems that speak
For two decades the deal for online platforms was clear — surface other people’s content and the law treats you as a conduit, not an author. Generative AI quietly broke that deal, because a system that rewrites and synthesises is not surfacing content, it is producing it. The Munich court is the first to say so out loud and attach a liability to it. The ruling is small and provisional, but the logic is general, and the doctrines it leans on exist in UK law too.
For UK organisations, three things separate a business that navigates this well from one that gets caught by it.
- Know which of your features author and which relay. The verbatim/rewrite line is now the liability line. Most teams have never drawn it; draw it before a complaint draws it for you.
- Ground the claims and review the synthesis. The technical ability to check output against sources is, after Munich, evidence of the control that creates the duty. Build the system that checks, and keep the logs that prove it.
- Settle who owns the output across your stack. If you deploy a third party’s model under your brand, the liability lands on your brand. Make that a contract term, not a discovery you make during an incident.
Success Factor: The organisations that come through this well are not the ones that disclaim hardest. They are the ones that decided early that their AI’s words are their words, designed for that reality, and can show a court the grounding, the review and the correction route when asked. Ownership accepted in advance is far cheaper than liability discovered in retrospect.
Next steps for your organisation
- Inventory every generative feature that makes factual claims about named third parties or customers
- Separate genuine retrieval (verbatim, attributed) from genuine generation (rewritten, synthesised) — the second list is your risk register
- Add source-to-statement logging so you can show what the model was given versus what it said
- Put human review on AI claims that carry legal, financial or reputational weight
- Review AI vendor contracts for liability, indemnity and accuracy terms before an incident tests them
- Build a fast correction route for third parties who say your AI got them wrong
Source and attribution
This analysis is based on reporting by Search Engine Land on a ruling by the Regional Court of Munich, which issued a temporary injunction barring Google from repeating false claims made in AI Overviews about two Munich publishers. The court found that AI Overviews are Google’s own content rather than protected search results, rejected the application of search-engine and autocomplete liability limits, and rejected the argument that cited links allowed users to verify the claims. Google was ordered to pay 80% of the legal costs, with each publisher paying 10%. The ruling is temporary and may still be challenged.
Source: Google can be directly liable for false AI Overview claims: German court, Search Engine Land, citing reporting by The Decoder.
Resultsense provides independent strategic analysis of AI developments for UK professionals and businesses. We make sense of AI in the UK — including the liability that arrives with the features. For related analysis, see our coverage of where the UK’s AI architecture actually sits and how governance written elsewhere reaches UK organisations. This article is analysis, not legal advice; organisations facing specific AI-liability questions should take their own professional advice.