AI-Built Website Liability Under EU Law

Your agency built your site in three days using Cursor and Claude. Six months later a national data protection authority sends a letter about cookies firing before consent. The agency is asking their AI tool whether the AI is liable for the output. The short answer is no, and this article walks through who is.

<figure className="my-8"> <svg role="img" aria-labelledby="ai-liability-map-title" aria-describedby="ai-liability-map-desc" viewBox="0 0 1200 675" xmlns="http://www.w3.org/2000/svg" style={{ maxWidth: '100%', height: 'auto' }}> <title id="ai-liability-map-title">Liability flows toward the site operator, not the AI tool.</title> <desc id="ai-liability-map-desc">Diagram with five parties: site operator (controller) at the centre, agency or freelancer to the upper right, AI tool provider to the lower right, national supervisory authority to the left, data subject at the bottom. A solid red arrow runs from the regulator to the site operator labelled "enforces here". A two-way contract relationship connects site operator and agency. The agency-to-AI-provider relationship is shown with a dashed line labelled "terms of service, outputs at agency's risk". There is no direct line between the AI provider and the site operator. A barrier symbol marks "no privity".</desc> <rect x="0" y="0" width="1200" height="675" fill="#FFFFFF"/> <rect x="450" y="280" width="300" height="115" rx="10" fill="#1B7D56"/> <text x="600" y="320" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="22" fontWeight="600" fill="#FFFFFF">Site Operator</text> <text x="600" y="358" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="14" fill="#FFFFFF">Controller under Art. 4(7) GDPR</text> <rect x="900" y="120" width="240" height="90" rx="10" fill="#D97706"/> <text x="1020" y="158" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="20" fontWeight="600" fill="#FFFFFF">Agency or</text> <text x="1020" y="184" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="20" fontWeight="600" fill="#FFFFFF">Freelancer</text> <rect x="900" y="460" width="240" height="90" rx="10" fill="#525252"/> <text x="1020" y="500" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="20" fontWeight="600" fill="#FFFFFF">AI Tool</text> <text x="1020" y="525" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="20" fontWeight="600" fill="#FFFFFF">Provider</text> <rect x="40" y="290" width="240" height="95" rx="10" fill="#B91C1C"/> <text x="160" y="325" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="18" fontWeight="600" fill="#FFFFFF">Supervisory</text> <text x="160" y="350" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="18" fontWeight="600" fill="#FFFFFF">Authority</text> <text x="160" y="372" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#FFFFFF">national DPA + EDPB</text> <rect x="490" y="555" width="220" height="65" rx="10" fill="#FFFFFF" stroke="#1A1A1A" strokeWidth="2"/> <text x="600" y="595" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="18" fontWeight="600" fill="#1A1A1A">Data Subject</text> <path d="M 280 338 L 445 338" stroke="#B91C1C" strokeWidth="4" fill="none"/> <polygon points="445,338 432,331 432,345" fill="#B91C1C"/> <text x="362" y="325" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="14" fontWeight="500" fill="#B91C1C">enforces here</text> <path d="M 750 320 L 900 200" stroke="#525252" strokeWidth="2" fill="none"/> <polygon points="900,200 887,200 894,212" fill="#525252"/> <polygon points="750,320 757,308 763,322" fill="#525252"/> <text x="850" y="240" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="13" fontWeight="500" fill="#525252">contract</text> <path d="M 1020 460 L 1020 215" stroke="#525252" strokeWidth="2" strokeDasharray="6,4" fill="none"/> <polygon points="1020,210 1014,222 1026,222" fill="#525252"/> <text x="1035" y="345" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#525252">ToS: outputs at</text> <text x="1035" y="362" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#525252">agency's risk</text> <line x1="830" y1="500" x2="760" y2="380" stroke="#B91C1C" strokeWidth="2" strokeDasharray="3,4"/> <line x1="760" y1="500" x2="830" y2="380" stroke="#B91C1C" strokeWidth="2" strokeDasharray="3,4"/> <text x="795" y="465" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#B91C1C">no privity</text> <path d="M 600 555 L 600 400" stroke="#525252" strokeWidth="2" fill="none"/> <polygon points="600,395 593,407 607,407" fill="#525252"/> <text x="612" y="490" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#525252">Art. 82 claim</text> </svg> <figcaption>When something breaks, the national supervisory authority and the data subject look at the operator. The agency-AI provider chain happens in the background, governed by contracts the operator is not party to.</figcaption> </figure>

The short answer: you do

Article 4(7) of the GDPR defines the controller as the natural or legal person that, alone or jointly, determines the purposes and means of the processing of personal data. The site operator decides what cookies fire, which analytics load, what the contact form does and where the data goes. The AI tool that wrote the code is neither a controller nor a processor for the site's visitors. It processed the developer's prompt, which is a separate transaction with a separate counterparty.

A national supervisory authority cares about who runs the website. That is whoever the company register names, whoever the privacy notice identifies, whoever cashes the payments. The supervisory authority does not need to know which tool wrote the cookie banner and will not ask.

Why the AI tool is not on the hook, yet

Three structural facts keep the AI vendor out of the chain.

First, the major AI coding tools' terms of service push responsibility for outputs onto the user. The pattern is consistent across OpenAI, Anthropic, GitHub Copilot, Cursor and Lovable as of May 2026. Outputs are provided as is. The user verifies them. The user indemnifies the provider against third-party claims arising from outputs. When the agency accepts the code Cursor suggested, the legal weight of that decision lands on the agency, not on Cursor.

Second, the AI provider is not a controller or a processor for the site's visitors. The EDPB's December 2024 opinion on AI models puts this allocation up front: roles and responsibilities must be defined before processing takes place, and a deployer of an AI model carries its own accountability obligations even where the model was developed by someone else. That deployer is the site operator, on the operator's domain, processing the operator's data subjects.

Third, the proposed AI Liability Directive that was meant to harmonise this is gone. The Commission listed it for withdrawal in its 2025 work programme on 11 February 2025, and the withdrawal was published in OJ C/2025/5423 on 6 October 2025. The clean rules expected in 2026 are not arriving.

What about the agency that used the AI?

The agency-client liability chain pre-dates AI by decades. The same logic that applies to a designer who used unlicensed images applies to a designer who used an AI assistant to generate code. How web designer liability works under EU law covers the underlying framework. The operator is on the public-facing hook to the regulator and the data subject. The operator-agency relationship is internal and contractual.

The AI layer adds one structural fact. The agency's contract with the AI provider almost always indemnifies the provider, not the agency or its client. The operator never had a contract with the AI vendor. The agency did. The agency promised the vendor that they, the agency, would carry the risk of using the outputs. That promise does not flow through to the operator, and it does not open a route to the AI provider's legal team.

In practice that means the contract between the operator and the agency is the only document that matters when the operator wants to push the cost back. If the agency contract is silent on compliance warranties, AI-use disclosure and indemnification, the operator is negotiating from a weak position.

What changes on 9 December 2026, and what does not

<figure className="my-8"> <svg role="img" aria-labelledby="pld-timeline-title" aria-describedby="pld-timeline-desc" viewBox="0 0 1100 360" xmlns="http://www.w3.org/2000/svg" style={{ maxWidth: '100%', height: 'auto' }}> <title id="pld-timeline-title">Liability timeline showing what changes and what does not on 9 December 2026.</title> <desc id="pld-timeline-desc">Horizontal timeline from 2024 to 2027 with four anchor dates marked. Below the timeline, three parallel bars show continuous site-operator liability under GDPR, EAA and cookie law throughout the period, a new strict-liability claim path against AI providers starting 9 December 2026 under the Product Liability Directive plus a withdrawn proposal for an AI Liability Directive that ran from 2022 to October 2025.</desc> <rect x="0" y="0" width="1100" height="360" fill="#FFFFFF"/> <line x1="80" y1="80" x2="1040" y2="80" stroke="#1A1A1A" strokeWidth="2"/> <text x="80" y="50" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#525252">2024</text> <text x="320" y="50" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#525252">2025</text> <text x="560" y="50" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#525252">2026</text> <text x="880" y="50" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#525252">2027</text> <circle cx="180" cy="80" r="6" fill="#525252"/> <text x="180" y="106" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#525252">8 Dec 2024</text> <text x="180" y="120" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#525252">PLD enters force</text> <circle cx="430" cy="80" r="6" fill="#B91C1C"/> <text x="430" y="106" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#B91C1C">6 Oct 2025</text> <text x="430" y="120" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#B91C1C">AI Liability Dir. withdrawn</text> <circle cx="640" cy="80" r="6" fill="#D97706"/> <text x="640" y="106" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#D97706">2 Aug 2026</text> <text x="640" y="120" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#D97706">AI Act Art. 50 applies</text> <circle cx="780" cy="80" r="9" fill="#1B7D56"/> <text x="780" y="106" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="12" fontWeight="600" fill="#1B7D56">9 Dec 2026</text> <text x="780" y="121" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="10" fontWeight="500" fill="#1B7D56">PLD applies to new products</text> <rect x="80" y="170" width="960" height="30" fill="#1B7D56"/> <text x="90" y="190" fontFamily="DM Sans, sans-serif" fontSize="13" fontWeight="500" fill="#FFFFFF">Lane 1: Operator liable under GDPR, EAA and cookie law (always)</text> <rect x="780" y="220" width="260" height="30" fill="#1B7D56" fillOpacity="0.7"/> <text x="790" y="240" fontFamily="DM Sans, sans-serif" fontSize="13" fontWeight="500" fill="#FFFFFF">Lane 2: PLD claim path vs AI provider (new products only)</text> <rect x="80" y="270" width="350" height="30" fill="#B91C1C" fillOpacity="0.3"/> <text x="90" y="290" fontFamily="DM Sans, sans-serif" fontSize="13" fontWeight="500" fill="#1A1A1A">Lane 3: Proposed AI Liability Directive (withdrawn Oct 2025)</text> <text x="560" y="335" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#525252">Operator liability does not start in 2026. A new claim path against AI providers starts then, but only for products placed on the market after 9 December 2026.</text> </svg> <figcaption>Operator liability does not start in December 2026. A new claim path against AI providers starts then, but only for damage to natural persons and only for products placed on the market after that date.</figcaption> </figure>

Directive (EU) 2024/2853, the new Product Liability Directive, treats software and AI systems as products for the first time under Article 4. Member States must transpose it by 9 December 2026 under Article 24. From that date the Directive applies to products placed on the market or put into service after the cutover. Pre-existing products stay under Directive 85/374/EEC.

This matters for the AI-built website question in a narrow way. From late 2026 a person who suffers material harm because of a defective AI tool may pursue the AI tool provider directly under a no-fault regime. Open source software developed outside a commercial activity is excluded under Article 2(2), but the commercial coding assistants are squarely in scope. The claim is for damage to natural persons. It is not a generic route for the operator to recover a GDPR fine, and it does not retroactively cover sites built before the cutover.

What does not change on 9 December 2026: who the controller is, who the supervisory authority enforces against and who pays the GDPR fine. The PLD adds a new line of claim against the AI provider for a narrow set of harms. It does not subtract the existing line of liability against the operator.

Transposition will be heterogeneous. France and Italy are widely expected to be late. The operator's location and the user's harm location both matter for the choice of forum. The directive is enough of its own topic to deserve a dedicated guide. <!-- TODO: replace with /eu/en/guides/product-liability-directive-2026 when cluster #5 publishes -->

Three practical scenarios

The AI-built cookie banner has no working reject-all button. A national supervisory authority enforces against the operator under Article 5(3) ePrivacy and Article 4(11) GDPR. The agency may be liable to the operator in contract, but only if the contract said the deliverable would meet cookie law. Whether the site needs a cookie banner is the cheapest question to answer correctly before launch.

<figure className="my-8"> <svg role="img" aria-labelledby="cookie-anatomy-title" aria-describedby="cookie-anatomy-desc" viewBox="0 0 800 480" xmlns="http://www.w3.org/2000/svg" style={{ maxWidth: '100%', height: 'auto' }}> <title id="cookie-anatomy-title">Four common cookie banner defects produced by AI website builders.</title> <desc id="cookie-anatomy-desc">A mockup of a cookie consent banner with four annotated defects: a greyed-out reject button, pre-ticked checkboxes for analytics and marketing, network requests to Google Analytics and Facebook tracking firing before user interaction plus a missing footer link to revoke consent. Each defect is labelled with the GDPR or ePrivacy article it likely violates.</desc> <rect x="0" y="0" width="800" height="480" fill="#FFFFFF"/> <rect x="40" y="100" width="540" height="280" rx="8" fill="#FFFFFF" stroke="#1A1A1A" strokeWidth="2"/> <text x="60" y="135" fontFamily="Instrument Serif, serif" fontSize="18" fontWeight="600" fill="#1A1A1A">We value your privacy</text> <text x="60" y="160" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#525252">This site uses cookies to improve your experience.</text> <rect x="60" y="190" width="14" height="14" fill="#1B7D56"/> <text x="84" y="202" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#1A1A1A">Analytics (Google Analytics)</text> <rect x="60" y="215" width="14" height="14" fill="#1B7D56"/> <text x="84" y="227" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#1A1A1A">Marketing (Facebook Pixel)</text> <rect x="60" y="270" width="100" height="32" rx="4" fill="#1B7D56"/> <text x="110" y="291" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="13" fontWeight="500" fill="#FFFFFF">Accept All</text> <rect x="170" y="270" width="100" height="32" rx="4" fill="#E5E5E5"/> <text x="220" y="291" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="13" fill="#A3A3A3">Reject All</text> <text x="60" y="340" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#525252">(no persistent settings link)</text> <line x1="160" y1="225" x2="620" y2="225" stroke="#B91C1C" strokeWidth="1" strokeDasharray="3,3"/> <text x="630" y="218" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#B91C1C">Pre-ticking</text> <text x="630" y="232" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#B91C1C">is not consent</text> <text x="630" y="246" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#B91C1C">(C-673/17 Planet49)</text> <line x1="270" y1="285" x2="620" y2="285" stroke="#D97706" strokeWidth="1" strokeDasharray="3,3"/> <text x="630" y="282" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#D97706">Reject must be</text> <text x="630" y="296" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#D97706">as visible as accept</text> <text x="630" y="310" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#D97706">(Art. 4(11) GDPR)</text> <line x1="160" y1="340" x2="620" y2="340" stroke="#D97706" strokeWidth="1" strokeDasharray="3,3"/> <text x="630" y="340" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#D97706">Withdraw must be</text> <text x="630" y="354" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#D97706">as easy as give</text> <text x="630" y="368" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#D97706">(Art. 7(3) GDPR)</text> <rect x="40" y="410" width="540" height="40" rx="4" fill="#FEE2E2"/> <text x="60" y="430" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#B91C1C">Background: google-analytics.com firing, facebook.com/tr firing</text> <text x="60" y="444" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#B91C1C">before any banner interaction (ePrivacy Art. 5(3))</text> </svg> <figcaption>Four failures supervisory authorities look for. None of them are excused by "the AI tool generated it."</figcaption> </figure>

The AI-built contact form ships data to a US analytics service without an SCC arrangement. That is a Chapter V GDPR breach, enforced against the operator. The EDPB has been clear about US transfers since the Schrems II era. The agency may have used a default Cursor or Claude pattern that hard-coded the third party. The agency owes a fix and, if the contract is good, the fine.

The AI-generated alt text is wrong or missing on most images. The European Accessibility Act treats the business operating the site as the economic operator. From 28 June 2025 most B2C webshops above the SME thresholds need WCAG 2.1 AA alt text on functional images. EAA penalties across EU member states sit at the operator's door, not the AI's. AI-generated alt text that hallucinates is worse than no alt text in that context, because a screen reader reads it to a blind visitor with confidence.

How to push the risk back to the agency

The contract is the only lever. Before signing, look for or insert:

• An indemnification clause that names the operator and covers third-party claims arising from non-compliance of the delivered site.
• A compliance warranty: the agency warrants the site meets GDPR, ePrivacy, EAA and applicable consumer law at delivery.
• A disclose-AI-use clause: the agency must list which AI tools generated which deliverables. Not as a liability shield. As input to the operator's own AI Act Article 50 transparency obligations from 2 August 2026 if any AI-generated copy or images sit on the site. <!-- TODO: replace with /eu/en/guides/eu-ai-act-for-website-owners when cluster #4 publishes -->
• A right-to-scan clause: the operator may run a compliance scan before sign-off and any criticals must be fixed.
• A post-delivery support window: the agency fixes compliance defects found within the first 90 days at their cost.

The point of these clauses is not to win in court. An agency that resists them is signalling they are not confident in what they are delivering.

What to check on the live site today

Five things the operator can verify without a developer. Two minutes per check.

1. The cookie banner has a reject-all button that is as visible as accept-all and does not pre-tick anything.
2. Analytics and marketing scripts load only after consent is given.
3. The privacy notice is in the operator's actual company name, not a placeholder left over from an AI template like [Your Company].
4. Alt texts are present on key product images and describe the image rather than just saying "image of".
5. A keyboard-only visitor can reach the main pages and the checkout without using a mouse.

If any of these are uncertain, our free compliance scan checks GDPR, cookies, accessibility and image rights. It will not tell the operator whether their AI tools are legal. It will tell them whether the site those tools helped build is.

Common Questions

If my agency used Lovable, Bolt or v0 to build my site, am I liable for compliance issues?

Yes. Article 4(7) GDPR defines the controller as whoever determines the purposes and means of processing. That is the operator, regardless of whether the code was written by a human or an AI. National regulators in every EU member state enforce against the controller, not the tool.

Can I bring a claim against OpenAI or Anthropic if their tool produced non-compliant code?

Almost never. The operator has no contract with them as an end user of a tool the agency picked. Their terms of service push responsibility for outputs onto the user. From 9 December 2026 the new Product Liability Directive opens a narrow no-fault path for damage to natural persons, but only for products placed on the market after that date.

Does the EU AI Act mean my AI-built site needs disclosure?

It depends what the AI generated. From 2 August 2026 Article 50 of the AI Act requires labelling of AI-generated images, audio, video and text where a reasonable person could be misled, plus deepfake labelling. Code itself is not in scope. AI-generated copy or images on the site need a labelling approach.

What changes on 9 December 2026 with Directive 2024/2853?

The new Product Liability Directive treats software and AI systems as products and creates a no-fault claim path against the producer for damage to natural persons. It applies to products placed on the market after 9 December 2026. Existing controller obligations under GDPR do not change.

Did the AI Liability Directive not solve all this?

It would have, if it had passed. The Commission listed the proposed AI Liability Directive for withdrawal in its 2025 work programme on 11 February 2025. Formal withdrawal was published in OJ C/2025/5423 on 6 October 2025. The clean liability-allocation framework expected in 2026 is not coming.

Related reading

If you want to go further on the questions this article touched on:

• The agency-client liability chain pre-dates AI. How web designer liability works under EU law covers the framework before the AI layer.
• The 9 December 2026 shift. The new Product Liability Directive deserves its own treatment. <!-- TODO: replace with /eu/en/guides/product-liability-directive-2026 when published -->
• AI Act transparency obligations from 2 August 2026. What the AI Act actually requires of website owners is the next article in this cluster. <!-- TODO: replace with /eu/en/guides/eu-ai-act-for-website-owners when published -->
• The cookie banner is where most AI-built sites fail first. Whether your site needs a cookie banner at all is the cheapest question to answer correctly.
• The fine ranges that make this question worth asking. GDPR fines for small business across the EU explains the real exposure.

This article is technical analysis, not legal advice. The author is not your lawyer and is not your registered controller. For a binding view, talk to one of those.