An AI agent that serves customers in multiple countries does not automatically fall under one liability regime. The question of which country's law governs a cross-border AI harm claim is resolved by conflict-of-laws rules that were not designed with autonomous AI systems in mind. Understanding the current framework, and its gaps, is essential for any operator deploying AI across national boundaries.

Key takeaways

  • In the EU, Rome II Regulation (Regulation (EC) No 864/2007) applies the law of the country where the damage occurs to non-contractual liability claims arising from AI agent failures, unless both parties are habitually resident in the same country.
  • Brussels I Recast (Regulation (EU) No 1215/2012) allocates jurisdiction to EU courts: for tort claims, Article 7(2) allows the claimant to sue in either the country where the harmful conduct occurred or the country where the damage materialised.
  • The EU AI Act applies extraterritorially to providers and deployers outside the EU whenever their AI system's output is used within the Union, under Article 2(1)(c) of Regulation (EU) 2024/1689.
  • Outside the EU, no binding international framework coordinates which jurisdiction's AI liability rules govern cross-border harm. Operators must assess each jurisdiction separately using domestic conflict-of-laws doctrine.
  • The 2024 revision of the OECD AI Principles strengthened the accountability language for cross-border AI deployments, but the Principles remain non-binding guidance rather than enforceable law.

The core problem: AI operates at network speed, law operates at state speed

A customer in the Netherlands interacts with an AI agent run by a company incorporated in Delaware, operating on servers in Ireland, using a foundation model trained in the United Kingdom. The agent provides incorrect information that causes the customer financial loss. Who is liable? Under which country's law? Before which court?

These questions are not exotic. They describe the ordinary operating environment of most commercially deployed AI agents in 2026. And the answers are not simple, because the conflict-of-laws frameworks that govern them were built for an earlier era of cross-border commerce where goods were shipped across borders, services were performed in specific locations, and the parties knew where each other were.

AI agents are different. They act instantly across borders. Their outputs are generated in one jurisdiction, transmitted through infrastructure in another, and received by users in a third. The harm they cause may be economic, reputational, physical, or a combination of all three. The chain of causation from model training to harm materialisation may pass through several legal systems before completing. The traditional conflict-of-laws tools were not designed for this architecture, and the gaps are significant.

Rome II: the EU framework for non-contractual liability

Within the European Union, Regulation (EC) No 864/2007 on the law applicable to non-contractual obligations, known as Rome II, provides the primary framework for determining which national law governs a cross-border tort claim. The regulation applies universally: it determines applicable law even when the law designated is that of a non-member state.

The general rule in Article 4(1) of Rome II is that the law of the country in which the damage occurs governs the obligation. This is the lex loci damni principle. For AI agent liability, this typically means the country where the harmed party was located when the harm materialised. The country where the AI was trained, where the servers are located, or where the operating company is incorporated is not the determining factor under Article 4(1). What matters is where the harm happened.

Two exceptions modify this general rule. Article 4(2) applies the law of the country of common habitual residence where both parties are habitually resident in the same country when the damage occurs. This exception is unlikely to apply in most AI agent liability scenarios, where the deployer and the harmed customer are typically resident in different countries. Article 4(3) allows a different law to apply where it is clearly more closely connected to the non-contractual obligation, a flexible escape clause that courts have used in complex multi-party situations.

For operators deployed into EU markets from outside the EU, Rome II creates an important structural point: a US-based AI company whose agent harms a French customer may find French law governing the claim even if the company has no presence in France. The place-of-damage rule operates independently of where the defendant is located.

A further complication arises with product liability claims under the revised Product Liability Directive (Directive 2024/2853), which applies from 9 December 2026. The Directive treats software, including AI, as a product. Product liability claims are governed by a different Rome II rule. Article 5 of Rome II applies, in order of priority, the law of the country where the harmed party has their habitual residence (if the product was marketed there), or the country where the product was acquired, or the country where the damage occurred. For AI software, the country of habitual residence of the harmed user is likely to be the primary connection in most cases.

Brussels I Recast: jurisdiction in EU courts

Determining which law governs a claim is a separate question from determining which court has jurisdiction to hear it. In the EU, jurisdiction over civil and commercial matters involving defendants domiciled in member states is allocated by Regulation (EU) No 1215/2012, the Brussels I Recast.

The general rule is that defendants are sued in the courts of their domicile under Article 4. For AI deployers and providers domiciled in a member state, this means the courts of the country where they are legally established. A company incorporated in the Netherlands with operations across Europe is generally sued in Dutch courts.

The tort exception in Article 7(2) gives the claimant an alternative. Matters relating to tort, delict, or quasi-delict may be brought before the courts of the place where the harmful event occurred or may occur. The Court of Justice of the European Union has interpreted this phrase to give the claimant a choice between two locations: the place of the event giving rise to the damage (the causal event, typically where the AI was deployed or operated) and the place where the direct harm materialised (typically where the victim is located).

For AI agent liability, the Article 7(2) exception creates potential concurrent jurisdiction across multiple member states. A German company operating an AI agent that harms a Belgian customer could be sued either in Germany (where the causal event occurred) or in Belgium (where the damage materialised). The claimant picks the forum. This is practically significant because procedural rules, litigation costs, and court efficiency vary across member states, and a claimant will choose the forum that is most advantageous.

Where the defendant is domiciled outside the EU, Brussels I Recast does not determine jurisdiction. The court's competence to hear the claim against a non-EU defendant is governed by national rules of private international law, which vary across member states. In practice, many EU courts will assert jurisdiction where the harm occurred on their territory regardless of the defendant's domicile, drawing on domestic rules that mirror Rome II's place-of-damage logic.

EU AI Act extraterritoriality

The EU AI Act's territorial scope is defined in Article 2 of Regulation (EU) 2024/1689. The Act applies to three categories of actor. First, providers that place high-risk AI systems on the market or put them into service in the Union, regardless of whether those providers are established in the Union. Second, deployers of high-risk AI systems that are established in the Union. Third, and most significant for global operators, providers and deployers that are established or located in a third country where the output of the AI system is used in the Union.

The third category represents a broad extraterritorial reach. An AI provider established in Singapore whose model's outputs are consumed by users in France is within the Act's scope. The operative test is where the output is used, not where the provider or deployer is established. This is structurally similar to the GDPR's Article 3(2) targeting criterion, which has already established that EU data protection law applies to non-EU entities that systematically target EU residents.

Non-EU providers subject to the Act must appoint an authorised representative established in the Union under Article 22 of Regulation (EU) 2024/1689. The authorised representative assumes legal responsibility for the provider's compliance with the Act within the Union and is the point of contact for national market surveillance authorities. Non-EU operators who have not yet assessed their Article 2(1)(c) exposure and appointed an authorised representative where required are operating under a compliance gap that the Digital Omnibus delay does not remove.

Outside the EU: the national framework patchwork

Outside the EU, there is no binding international framework that coordinates AI liability across borders. Each jurisdiction applies its domestic conflict-of-laws rules to determine applicable law and each applies its own procedural rules to determine jurisdiction. The result is a patchwork that creates significant uncertainty for operators deploying AI globally.

In the United States, the primary conflict-of-laws methodologies for tort claims are the Second Restatement of Conflict of Laws, which uses a most-significant-relationship test, and interest analysis, which asks which state has the greater interest in having its law applied. Neither methodology produces predictable results in AI agent liability cases because the traditional connecting factors (place of conduct, place of injury, domicile of parties) all point to different jurisdictions for a single cross-border AI interaction. The Colorado AI Act, codified at Colorado Revised Statutes section 6-1-1701, applies to persons doing business in Colorado regardless of where they are incorporated, creating a sub-national extraterritoriality question within the United States.

In the United Kingdom, following the departure from the EU, the conflict-of-laws framework for tort claims is the Private International Law (Miscellaneous Provisions) Act 1995, which applies the law of the place of the tort with limited exceptions. The UK's AI regulatory approach, as described in the 2023 AI Regulation White Paper and subsequent guidance from the Information Commissioner's Office, the Financial Conduct Authority, and the AI Safety Institute, is principles-based and sector-specific rather than a single unified statute. For cross-border claims involving UK parties, the determination of applicable law under the 1995 Act will typically identify the law of the jurisdiction where the harm materialised.

In Singapore, the Model AI Governance Framework published by IMDA in its 2024 edition addresses accountability in AI deployment but is voluntary guidance rather than binding law. The Monetary Authority of Singapore's FEAT principles and the Veritas Initiative address AI fairness and accountability in financial services. For conflict-of-laws purposes, Singapore courts apply the lex loci delicti commissi rule, identifying the law of the place where the tort was committed. For AI agent harm cases, this raises the same doctrinal questions about where a digital tort is committed that have not yet been resolved by Singapore case law.

In Japan, the AI Promotion Act of 2024 and accompanying METI and MIC guidelines establish a framework for AI governance but do not contain specific conflict-of-laws provisions for cross-border AI liability. Japan's private international law framework, the Act on General Rules for Application of Laws (Horei), applies the law of the place of the harmful act to non-contractual obligations.

The Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, adopted in 2024, is the first binding international treaty on AI. It sets standards for the design, development, and use of AI systems by public authorities and private actors, with an emphasis on human rights compliance. The Convention addresses accountability but does not resolve the conflict-of-laws question of which jurisdiction's law governs a specific cross-border AI liability claim.

The OECD AI Principles and international coordination

The OECD AI Principles, first adopted in May 2019 and revised in 2024, represent the most widely endorsed international framework for AI governance. All 38 OECD member countries have endorsed them, as have the G20 economies. Principle 1.5 addresses accountability, requiring AI actors to be accountable for the proper functioning of AI systems and for adherence to the other Principles, based on their roles and the context. The 2024 revision strengthened the language on cross-border accountability, noting that accountability obligations apply throughout the AI lifecycle and across the AI value chain regardless of where individual actors are located.

The Principles are not legally binding. They do not resolve the conflict-of-laws question and do not create enforceable obligations. Their significance for cross-border AI liability is primarily that they form the basis for how most major jurisdictions frame their domestic AI governance regimes. The structural similarities between the EU AI Act's risk management requirements, NIST AI RMF's governance functions, ISO/IEC 42001's management system approach, and the UK's sectoral principles all reflect the OECD Principles' underlying architecture. This convergence creates a degree of substantive alignment even where the applicable law question is unresolved.

Practical implications for global operators

For an operator deploying an AI agent that serves users in multiple countries, the cross-border liability analysis requires several specific steps that go beyond domestic compliance preparation.

The first step is mapping the deployment's jurisdictional footprint: where is the AI provider established, where are the servers located, where are the deployer's operations, and where do the users who interact with the agent reside. This map identifies the jurisdictions whose law may govern a claim arising from the agent's operation and whose regulatory framework may apply to the deployment.

The second step is assessing EU AI Act extraterritorial exposure. If any users of the AI agent are in the EU, Article 2(1)(c) of Regulation (EU) 2024/1689 potentially applies. The operator must assess whether the system falls within the high-risk categories of Annex III, whether an authorised representative has been appointed where required, and whether the deployer obligations of Article 26 are being met.

The third step is reviewing the contractual framework. In many cross-border AI deployments, contractual choice-of-law and jurisdiction clauses can resolve some of the uncertainty about which law governs disputes between the contracting parties. They do not resolve third-party claims from harmed users who are not parties to the contract. But they establish a clearer framework for the primary commercial relationship and can simplify the liability analysis in that dimension.

The fourth step is assessing insurance coverage for cross-border exposure. Most business insurance policies contain territorial limitations that restrict coverage to incidents occurring in specified jurisdictions. An AI agent that operates globally may face uncovered exposure in jurisdictions not listed in the policy's territorial scope. Reviewing territorial clauses with a broker who understands AI-specific coverage is a necessary part of cross-border deployment planning. The coverage analysis for European deployments specifically is addressed in detail at agentinsured.eu. For the EU regulatory obligations that shape coverage eligibility, see the full framework at agentliability.eu.

Frequently asked questions

Which country's law governs when an AI agent causes harm across borders?

In the EU, Rome II Regulation (Regulation (EC) No 864/2007) applies the law of the country where the damage occurs to non-contractual liability claims. For an AI agent that harms a user in Germany but operates from servers in Ireland, German law would typically govern under Rome II Article 4. Outside the EU, the conflict-of-laws analysis depends on each jurisdiction's domestic private international law rules.

Does the EU AI Act apply to companies outside the European Union?

Yes. Article 2(1)(c) of Regulation (EU) 2024/1689 extends the Act's scope to providers and deployers established outside the Union where the AI system's output is used in the Union. A US-based company deploying a high-risk AI agent used by European customers falls within the Act's scope. It must either comply directly or appoint an authorised representative under Article 22.

How does Brussels I determine which court has jurisdiction over AI liability claims?

Regulation (EU) No 1215/2012 Article 7(2) gives the claimant a choice between the court of the place where the harmful event occurred (the causal event, typically where the AI was deployed) and the court of the place where the direct harm materialised (typically where the victim is located). The claimant picks among the available jurisdictions.

What do the OECD AI Principles say about accountability in cross-border AI deployment?

The OECD AI Principles, revised in 2024, include Principle 1.5 on accountability, requiring AI actors to be accountable for the proper functioning of AI systems based on their roles and the context. The 2024 revision strengthened the language on cross-border accountability throughout the AI value chain regardless of where actors are located. The Principles are non-binding guidance but are reflected in the regulatory approaches of all 38 OECD member countries.

References

  1. Regulation (EC) No 864/2007 of the European Parliament and of the Council of 11 July 2007 on the law applicable to non-contractual obligations (Rome II). Article 4 (general rule: law of country where damage occurs), Article 5 (product liability). OJ L 199, 31.7.2007.
  2. Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (Brussels I Recast). Article 4 (general rule: defendant's domicile), Article 7(2) (tort jurisdiction: place of harmful event). OJ L 351, 20.12.2012.
  3. Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Article 2 (territorial scope), Article 2(1)(c) (extraterritorial application), Article 22 (authorised representatives for non-EU providers), Article 26 (deployer obligations), Annex III (high-risk AI categories). OJ L, 12.7.2024.
  4. Directive 2024/2853 of the European Parliament and of the Council on liability for defective products. Extends product liability to software including AI. Applicable from 9 December 2026.
  5. Colorado Revised Statutes section 6-1-1701 et seq. (Colorado AI Act, SB 24-205). Applicable from 1 February 2026 to persons doing business in Colorado.
  6. OECD AI Principles, adopted May 2019, revised 2024. Principle 1.5 (accountability). Available at oecd.ai. Non-binding guidance endorsed by all 38 OECD member countries and G20 economies.
  7. Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, adopted September 2024. First binding international treaty on AI. Addresses accountability but does not resolve conflict-of-laws questions for specific liability claims.
  8. UK Private International Law (Miscellaneous Provisions) Act 1995. Governs applicable law for tort claims in UK courts following departure from EU Rome II regime.
  9. IMDA, Model AI Governance Framework (Singapore), 2024 edition. Voluntary governance guidance. Available at imda.gov.sg.
  10. Japan AI Promotion Act 2024 and accompanying METI/MIC guidelines. Japan Act on General Rules for Application of Laws (Horei) applies lex loci delicti commissi to non-contractual obligations.