Back to Insights
AI Governance

The AI Liability Gap Is Real. Structure Over Generation Already Closes Part of It

17 June 2026 · 14 min read

The Medical Protection Society published a report this week with a finding that should concern anyone using AI in UK healthcare. Under the current legal framework, a clinician who follows a flawed AI recommendation can be held fully liable if a patient is harmed. A clinician who rejects an AI recommendation that later turns out to have been correct can also face a negligence claim. The clinician is exposed in both directions, and the AI system that produced the recommendation in the first place faces no comparable liability at all.

Why the Liability Gap Exists

The reason is structural. The Consumer Protection Act 1987 was written for physical products — defective kettles, faulty machinery — and was never designed with AI in mind. As a result, AI systems will likely fall outside its scope, meaning those who develop, manufacture and supply AI systems are likely to be shielded from the liability rules that would usually apply if a defective product caused harm. The clinician, not the AI developer, becomes the default target for any claim that follows.

Professor Gozie Offiah, foundation chair at the Medical Protection Society, put it plainly: AI in healthcare has moved from aspiration to reality, but there is a growing disconnect between the use of AI and the liability framework — a disconnect that risks the NHS and clinicians becoming the obvious target for a clinical negligence claim.

This is not a future problem. It is a present one, made more urgent by the scale at which AI is already being deployed. The Medical Protection Society's report lands in the same fortnight that NHS England confirmed Microsoft 365 Copilot access for over 500,000 staff. The liability question is not waiting for a slower, more cautious rollout. It is already running ahead of the legal framework meant to govern it.

What the Medical Protection Society Proposes

The recommendation is specific: legislate to classify AI systems clearly as products, subject to strict liability, drawing on the EU's revised product liability directive, which already addresses AI directly. The report identifies four expected benefits:

  • Clearer liability would give clinicians the confidence to adopt AI tools more readily
  • It would incentivise developers to prioritise safety in design and deployment
  • It would distribute responsibility for harm properly across the supply chain rather than defaulting to clinicians
  • It would protect the NHS and healthcare professionals against the cost of claims when harm arises from a defective AI product

There is also a quietly significant detail buried in the report. Under the Windsor Framework, Northern Ireland will be subject to the new EU directive — potentially creating a divergence in AI liability rules within the UK itself. A Trust in Belfast may soon operate under meaningfully different liability rules for AI-assisted care than a Trust in Manchester. That is the kind of regulatory fragmentation that tends to surface only after it has already caused a dispute.

The Problem While the Law Catches Up

Legislation takes years. The liability gap exists now, and clinicians are using AI tools now. The Medical Protection Society is right that the law needs to change. But the architecture of the AI systems themselves does not need to wait for legislation to start distributing liability more sensibly.

The reason the liability gap is so stark in the cases the report describes — a clinician following a bad AI recommendation, or rejecting a good one — is that the AI is positioned as a source of judgement the clinician must accept or override. The AI produces a recommendation. The human's only available act is agreement or disagreement with something already generated. When harm follows, the question becomes whether the human made the right call about a black box, which is an almost impossible standard to defend against and an equally difficult one to prosecute fairly.

An architecture built on a different principle changes this picture, not by solving the legal question but by changing what actually happened at the point of care. If AI is constrained to structure the practitioner's own observations rather than generate independent clinical judgement, the human professional's contribution is never reduced to accepting or rejecting a recommendation. The professional's own observation, decision, and reasoning remain the substance of the record. The AI's role is documented separately and visibly — what the practitioner observed, what the AI helped structure, where the practitioner's judgement was exercised — rather than blended into a single output the clinician must simply sign off on.

This is the practical difference between an AI system that generates a clinical judgement for a human to ratify, and one that documents a human's judgement more clearly than the human could have documented it alone. The first creates exactly the liability trap the Medical Protection Society describes: agree and own the AI's error, disagree and own the consequences of rejecting it. The second does not, because there is no AI-generated clinical judgement in the record to agree or disagree with. There is only the practitioner's own observation, structured and time-stamped.

This is the architecture behind Reportica Pulse's Integrity Trace — explore how provenance is built into clinical placement documentation to create defensible, auditable records where the practitioner's observation and professional judgement remain the substance of the record.

Explore the governance framework →

Provenance Is Doing Legal Work, Not Just Governance Work

The governance conversation around AI in healthcare — transparency, accountability, contestability, proportionality — has tended to be framed as good practice rather than legal necessity. The Medical Protection Society's report reframes it. A provenance record that clearly shows what the human observed, what the AI structured, and where the human's professional judgement was exercised is not just good governance. It is evidence. It is the record a clinician would need to produce if a negligence claim arose, showing precisely what they did and did not rely on the AI for.

Platforms that cannot produce this distinction — where AI-generated and human-authored content are blended without a clear record of which is which — leave the clinician with nothing to point to except their own recollection of what they trusted and why. Platforms that maintain this distinction as a structural feature, not an afterthought, give the clinician something concrete: a record showing that their professional judgement was the substance of the decision, and that AI's role was limited to structuring what they had already observed and decided.

What This Means for Design

This does not resolve the legislative gap the Medical Protection Society has identified. Only Parliament can do that, and the case for doing so is now well made. But it suggests that the platforms built on AI assisting rather than substituting for professional judgement are not just the more cautious choice. They are the more legally defensible one, for exactly the reason the report describes: liability follows the question of who made the judgement, and an architecture that keeps that question answerable is doing real work, with or without new legislation.

The law needs to catch up. In the meantime, the design choices made now — by developers, by institutions procuring AI tools, by the clinicians deciding which systems to trust — are already determining how exposed practitioners will be when it does.

This article aligns with PAIDS™ (Professional AI Documentation Standards) — well-sourced, thoroughly researched, and defensible with verifiable data. Explore the governance framework