Who Is Liable When ChatGPT Builds Your Website?

Your web designer built your site in three days using Cursor and Claude. Six months later the Autoriteit Persoonsgegevens sends you a letter about cookies firing before consent. The question your designer is asking ChatGPT right now is whether you can blame the AI. The short answer is no, and this article walks through who actually pays.

<figure className="my-8"> <svg role="img" aria-labelledby="ai-liability-map-title" aria-describedby="ai-liability-map-desc" viewBox="0 0 1200 675" xmlns="http://www.w3.org/2000/svg" style={{ maxWidth: '100%', height: 'auto' }}> <title id="ai-liability-map-title">Liability flows toward the site owner, not the AI tool.</title> <desc id="ai-liability-map-desc">Diagram with five parties: site owner (controller) at the centre, agency or freelancer to the upper right, AI tool provider to the lower right, regulator to the left, data subject at the bottom. A solid red arrow runs from regulator to site owner labelled "enforces here". A two-way contract relationship connects site owner and agency. The agency-to-AI-provider relationship is shown with a dashed line labelled "terms of service, outputs at agency's risk". There is no direct line between the AI provider and the site owner. A barrier symbol marks "no privity".</desc> <rect x="0" y="0" width="1200" height="675" fill="#FFFFFF"/> <rect x="450" y="280" width="300" height="115" rx="10" fill="#1B7D56"/> <text x="600" y="325" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="22" fontWeight="600" fill="#FFFFFF">Site Owner</text> <text x="600" y="358" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="14" fill="#FFFFFF">Controller under Art. 4(7) GDPR</text> <rect x="900" y="120" width="240" height="90" rx="10" fill="#D97706"/> <text x="1020" y="158" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="20" fontWeight="600" fill="#FFFFFF">Agency or</text> <text x="1020" y="184" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="20" fontWeight="600" fill="#FFFFFF">Freelancer</text> <rect x="900" y="460" width="240" height="90" rx="10" fill="#525252"/> <text x="1020" y="500" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="20" fontWeight="600" fill="#FFFFFF">AI Tool</text> <text x="1020" y="525" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="20" fontWeight="600" fill="#FFFFFF">Provider</text> <rect x="60" y="290" width="220" height="95" rx="10" fill="#B91C1C"/> <text x="170" y="330" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="20" fontWeight="600" fill="#FFFFFF">Regulator</text> <text x="170" y="356" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="13" fill="#FFFFFF">AP, ACM, CNIL, ICO</text> <rect x="490" y="555" width="220" height="65" rx="10" fill="#FFFFFF" stroke="#1A1A1A" strokeWidth="2"/> <text x="600" y="595" textAnchor="middle" fontFamily="Instrument Serif, serif" fontSize="18" fontWeight="600" fill="#1A1A1A">Data Subject</text> <path d="M 280 338 L 445 338" stroke="#B91C1C" strokeWidth="4" fill="none"/> <polygon points="445,338 432,331 432,345" fill="#B91C1C"/> <text x="362" y="325" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="14" fontWeight="500" fill="#B91C1C">enforces here</text> <path d="M 750 320 L 900 200" stroke="#525252" strokeWidth="2" fill="none"/> <polygon points="900,200 887,200 894,212" fill="#525252"/> <polygon points="750,320 757,308 763,322" fill="#525252"/> <text x="850" y="240" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="13" fontWeight="500" fill="#525252">contract</text> <path d="M 1020 460 L 1020 215" stroke="#525252" strokeWidth="2" strokeDasharray="6,4" fill="none"/> <polygon points="1020,210 1014,222 1026,222" fill="#525252"/> <text x="1035" y="345" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#525252">ToS: outputs at</text> <text x="1035" y="362" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#525252">agency's risk</text> <line x1="830" y1="500" x2="760" y2="380" stroke="#B91C1C" strokeWidth="2" strokeDasharray="3,4"/> <line x1="760" y1="500" x2="830" y2="380" stroke="#B91C1C" strokeWidth="2" strokeDasharray="3,4"/> <text x="795" y="465" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#B91C1C">no privity</text> <path d="M 600 555 L 600 400" stroke="#525252" strokeWidth="2" fill="none"/> <polygon points="600,395 593,407 607,407" fill="#525252"/> <text x="612" y="490" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#525252">Art. 82 claim</text> </svg> <figcaption>When something goes wrong, the regulator and the data subject look at the site owner. The agency-AI provider chain happens in the background, governed by contracts the site owner is not party to.</figcaption> </figure>

The short answer: you do

Under Article 4(7) of the GDPR, the controller is the natural or legal person that determines the purposes and means of processing personal data. The site owner decides what cookies fire, which analytics load, what the contact form does and where the data goes. The AI tool that wrote the code is not a controller and is not a processor for your visitors' data. It processed your developer's prompt, which was a separate transaction with a separate counterparty.

The Autoriteit Persoonsgegevens cares about who runs the website. That is whoever the KVK record names, whoever the privacy notice identifies, whoever cashes the payments. That is you. The AP does not need to know which tool wrote the cookie banner, and they will not ask.

Why the AI tool is not on the hook, yet

Three things keep the AI vendor out of the chain.

First, the major AI coding tools' terms of service push responsibility for outputs onto the user of the tool. That is the consistent pattern across OpenAI, Anthropic, GitHub Copilot, Cursor and Lovable as of May 2026. The reader of these terms agrees to verify outputs, indemnifies the provider against third-party claims arising from outputs and uses the outputs "as is". When your designer accepts the code Cursor suggested, the legal weight of that decision lands on your designer, not on Cursor.

Second, the AI provider is not a controller or a processor for your site's visitors. The EDPB's December 2024 opinion on AI models is precise on this: roles and responsibilities must be defined before processing takes place. A deployer of an AI model carries its own accountability obligations even where the model was developed by someone else. That deployer is your site, on your domain, with your data subjects.

Third, the proposed AI Liability Directive that was meant to fill this gap was withdrawn. The Commission listed it for withdrawal in its 2025 work programme on 11 February 2025, and the withdrawal was formally published in OJ C/2025/5423 on 6 October 2025. The clean liability-allocation framework for AI-caused harm that was supposed to arrive in 2026 is not arriving.

What about the agency or freelancer that used the AI?

The agency-client liability chain pre-dates AI by a couple of decades. The same logic that applies to a designer who used unlicensed images applies to a designer who used AI to generate code. How web designer liability works when images are unlicensed is the parent question. Under Dutch contract law the agency owes you a delivery that meets professional standards. A delivery riddled with GDPR defects is a breach.

The AI layer adds one structural fact. The agency's contract with the AI provider almost certainly indemnifies the provider, not the agency or the agency's client. You never had a contract with the AI vendor. The agency did. The agency promised the AI vendor that they, the agency, would carry the risk of using the outputs. That promise does not flow through to you, and it does not give you a route to OpenAI's legal team.

In practice this means the contract you have with the agency is the only document that matters when you want to push the cost back. If your agency contract is silent on compliance warranties, AI use disclosure and indemnification, you are negotiating from a weak position. If it has these clauses you are in roughly the same place you would be with any other professional-services breach claim.

What changes on 9 December 2026, and what does not

<figure className="my-8"> <svg role="img" aria-labelledby="pld-timeline-title" aria-describedby="pld-timeline-desc" viewBox="0 0 1100 360" xmlns="http://www.w3.org/2000/svg" style={{ maxWidth: '100%', height: 'auto' }}> <title id="pld-timeline-title">Liability timeline showing what changes and what does not on 9 December 2026.</title> <desc id="pld-timeline-desc">Horizontal timeline from 2024 to 2027 with four anchor dates marked. Below the timeline, three parallel bars show continuous site-owner liability under GDPR, EAA and cookie law throughout the period, a new strict-liability claim path against AI providers starting 9 December 2026 under the Product Liability Directive plus a withdrawn proposal for an AI Liability Directive that ran from 2022 to October 2025.</desc> <rect x="0" y="0" width="1100" height="360" fill="#FFFFFF"/> <line x1="80" y1="80" x2="1040" y2="80" stroke="#1A1A1A" strokeWidth="2"/> <text x="80" y="50" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#525252">2024</text> <text x="320" y="50" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#525252">2025</text> <text x="560" y="50" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#525252">2026</text> <text x="880" y="50" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#525252">2027</text> <circle cx="180" cy="80" r="6" fill="#525252"/> <text x="180" y="106" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#525252">8 Dec 2024</text> <text x="180" y="120" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#525252">PLD enters force</text> <circle cx="430" cy="80" r="6" fill="#B91C1C"/> <text x="430" y="106" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#B91C1C">6 Oct 2025</text> <text x="430" y="120" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#B91C1C" textDecoration="line-through">AI Liability Dir. withdrawn</text> <circle cx="640" cy="80" r="6" fill="#D97706"/> <text x="640" y="106" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#D97706">2 Aug 2026</text> <text x="640" y="120" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#D97706">AI Act Art. 50 applies</text> <circle cx="780" cy="80" r="9" fill="#1B7D56"/> <text x="780" y="106" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="12" fontWeight="600" fill="#1B7D56">9 Dec 2026</text> <text x="780" y="121" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="10" fontWeight="500" fill="#1B7D56">PLD applies to new products</text> <rect x="80" y="170" width="960" height="30" fill="#1B7D56"/> <text x="90" y="190" fontFamily="DM Sans, sans-serif" fontSize="13" fontWeight="500" fill="#FFFFFF">Lane 1: Site owner liable under GDPR, EAA and cookie law (always)</text> <rect x="780" y="220" width="260" height="30" fill="#1B7D56" fillOpacity="0.7"/> <text x="790" y="240" fontFamily="DM Sans, sans-serif" fontSize="13" fontWeight="500" fill="#FFFFFF">Lane 2: PLD claim path vs AI provider (new products only)</text> <rect x="80" y="270" width="350" height="30" fill="#B91C1C" fillOpacity="0.3"/> <text x="90" y="290" fontFamily="DM Sans, sans-serif" fontSize="13" fontWeight="500" fill="#1A1A1A">Lane 3: Proposed AI Liability Directive (withdrawn Oct 2025)</text> <text x="560" y="335" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#525252">Your liability does not start in 2026. A new path of liability for AI providers does, but only for products placed on the market after 9 December 2026.</text> </svg> <figcaption>Your liability does not start in December 2026. A new liability for AI providers starts then, but only for damage to natural persons and only for products placed on the market after that date.</figcaption> </figure>

Directive (EU) 2024/2853, the new Product Liability Directive, treats software and AI systems as products for the first time. Member States must transpose it by 9 December 2026 under Article 24. From that date it applies to products placed on the market or put into service after the cutover. Pre-existing products stay under the old 1985 directive.

This matters for the AI-built website question in a narrow way. From late 2026 a person who suffers material harm because of a defective AI tool could potentially pursue the AI tool provider directly under a no-fault regime. Open source software developed outside a commercial activity is excluded under Article 2(2), but the commercial coding assistants are squarely in scope. The claim is for damage to natural persons, so it is not a generic "my site got fined" route, and it does not retroactively cover sites built before the cutover.

What does not change on 9 December 2026: who the controller is, who the regulator enforces against and who pays a GDPR fine. That is you, before and after. The PLD adds a new line of claim against the AI provider for a narrow set of harms. It does not subtract the existing line of liability against you.

The Product Liability Directive is enough of its own topic to deserve its own article. <!-- TODO: replace with /nl/en/guides/product-liability-directive-2026 when cluster #5 publishes -->

A practical scenario, or three

Your AI-built cookie banner has no working reject-all button. The AP enforces against you. The agency may be liable to you in contract for delivering a non-conforming product, but only if your contract said the deliverable would meet cookie law. Read whether your cookie banner does what it claims before you sign off on a build.

<figure className="my-8"> <svg role="img" aria-labelledby="cookie-anatomy-title" aria-describedby="cookie-anatomy-desc" viewBox="0 0 800 480" xmlns="http://www.w3.org/2000/svg" style={{ maxWidth: '100%', height: 'auto' }}> <title id="cookie-anatomy-title">Four common cookie banner defects produced by AI website builders.</title> <desc id="cookie-anatomy-desc">A mockup of a cookie consent banner with four annotated defects: a greyed-out reject button, pre-ticked checkboxes for analytics and marketing, network requests to Google Analytics and Facebook tracking firing before user interaction plus a missing footer link to revoke consent. Each defect is labelled with the GDPR or ePrivacy article it likely violates.</desc> <rect x="0" y="0" width="800" height="480" fill="#FFFFFF"/> <rect x="40" y="100" width="540" height="280" rx="8" fill="#FFFFFF" stroke="#1A1A1A" strokeWidth="2"/> <text x="60" y="135" fontFamily="Instrument Serif, serif" fontSize="18" fontWeight="600" fill="#1A1A1A">We value your privacy</text> <text x="60" y="160" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#525252">This site uses cookies to improve your experience.</text> <rect x="60" y="190" width="14" height="14" fill="#1B7D56"/> <text x="84" y="202" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#1A1A1A">Analytics (Google Analytics)</text> <rect x="60" y="215" width="14" height="14" fill="#1B7D56"/> <text x="84" y="227" fontFamily="DM Sans, sans-serif" fontSize="12" fill="#1A1A1A">Marketing (Facebook Pixel)</text> <rect x="60" y="270" width="100" height="32" rx="4" fill="#1B7D56"/> <text x="110" y="291" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="13" fontWeight="500" fill="#FFFFFF">Accept All</text> <rect x="170" y="270" width="100" height="32" rx="4" fill="#E5E5E5"/> <text x="220" y="291" textAnchor="middle" fontFamily="DM Sans, sans-serif" fontSize="13" fill="#A3A3A3">Reject All</text> <text x="60" y="340" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#525252">(no persistent settings link)</text> <line x1="160" y1="225" x2="620" y2="225" stroke="#B91C1C" strokeWidth="1" strokeDasharray="3,3"/> <text x="630" y="218" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#B91C1C">Pre-ticking</text> <text x="630" y="232" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#B91C1C">is not consent</text> <text x="630" y="246" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#B91C1C">(C-673/17 Planet49)</text> <line x1="270" y1="285" x2="620" y2="285" stroke="#D97706" strokeWidth="1" strokeDasharray="3,3"/> <text x="630" y="282" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#D97706">Reject must be</text> <text x="630" y="296" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#D97706">as visible as accept</text> <text x="630" y="310" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#D97706">(Art. 4(11) GDPR)</text> <line x1="160" y1="340" x2="620" y2="340" stroke="#D97706" strokeWidth="1" strokeDasharray="3,3"/> <text x="630" y="340" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#D97706">Withdraw must be</text> <text x="630" y="354" fontFamily="DM Sans, sans-serif" fontSize="11" fill="#D97706">as easy as give</text> <text x="630" y="368" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#D97706">(Art. 7(3) GDPR)</text> <rect x="40" y="410" width="540" height="40" rx="4" fill="#FEE2E2"/> <text x="60" y="430" fontFamily="DM Sans, sans-serif" fontSize="11" fontWeight="500" fill="#B91C1C">Background: google-analytics.com firing, facebook.com/tr firing</text> <text x="60" y="444" fontFamily="DM Sans, sans-serif" fontSize="10" fill="#B91C1C">before any banner interaction (ePrivacy Art. 5(3))</text> </svg> <figcaption>Four failures regulators look for. None of them are excused by "the AI tool generated it."</figcaption> </figure>

Your AI-built contact form ships data to a US analytics service without an SCC arrangement. That is a Chapter V GDPR breach, enforced against you as controller. The AP has been clear about US transfers since the Schrems II era. The agency may have used a default Cursor or Claude pattern that hard-coded the third party. The agency owes you a fix and, if your contract is good, the fine.

Your AI-generated alt text is wrong on most images or missing entirely. The European Accessibility Act treats the business operating the site as the economic operator, so the EAA penalties under Dutch enforcement point at you. From 28 June 2025 most B2C webshops above the SME thresholds need WCAG 2.1 AA alt text on functional images. AI-generated alt text that hallucinates is worse than no alt text in this context, because the screen reader reads it confidently to a blind visitor.

How to push the risk back to your agency

The contract is your only lever. Before signing:

• An indemnification clause that names you specifically and covers third-party claims arising from non-compliance of the delivered site.
• A compliance warranty: the agency warrants that, at delivery, the site meets GDPR, ePrivacy, EAA and applicable consumer protection rules.
• A disclose-AI-use clause: the agency must list which AI tools generated which deliverables. This is not because of liability shielding, it is because of your own AI Act Article 50 transparency obligations starting 2 August 2026 if any AI-generated copy or images are on the site. <!-- TODO: replace with /nl/en/guides/eu-ai-act-for-website-owners when cluster #4 publishes -->
• A right-to-scan clause: you may run a compliance scan before sign-off, and any criticals must be fixed.
• A post-delivery support window: the agency fixes compliance defects found in the first 90 days at their cost.

The point of these clauses is not to win in court. The point is that an agency that resists them is telling you they are not confident about what they are delivering. Replace any AI-use disclaimer with a compliance warranty. The disclaimer protects them. The warranty protects you.

What to check on your own site today

Five things you can verify without a developer. Two minutes per check.

1. Does my cookie banner have a reject-all button that is as visible as accept-all and does not pre-tick anything?
2. Do analytics and marketing scripts load only after consent is given?
3. Is the privacy policy named with my actual company and KVK number, not a placeholder like [Your Company] left over from an AI template?
4. Are alt texts present on key product images, and do they describe the image, not just say "image of"?
5. Can a keyboard-only visitor reach the main pages and the checkout without using a mouse?

If any of these are uncertain, our free compliance scan checks GDPR, cookies, accessibility and image rights. It will not tell you whether your AI tools are legal. It will tell you whether the site they helped build is.

Common Questions

If I used Lovable, Bolt or v0 to build my own site, am I liable for compliance issues?

Yes. Under Article 4(7) GDPR you are the controller for the personal data your site processes, regardless of whether you wrote the code or an AI wrote it. The Autoriteit Persoonsgegevens enforces against the controller, not the tool. The AI generated the code. You decided to publish it.

Can I sue OpenAI or Anthropic if their tool produced non-compliant code?

Almost never. You have no contract with them as an end user of a tool your agency picked. Their terms of service push responsibility for outputs onto the user of the tool. The Product Liability Directive that applies from 9 December 2026 may open a narrow strict-liability claim path, but only for damage to natural persons and only for products placed on the market after that date.

Does the EU AI Act mean my AI-built website needs disclosure?

It depends what the AI generated. From 2 August 2026, Article 50 of the AI Act requires disclosure of AI-generated images, audio, video and text that could mislead a reader, plus deepfake labelling. Code itself is not in scope. If your site has AI-generated copy or images, plan a labelling approach.

What changes on 9 December 2026 with the new Product Liability Directive?

Directive (EU) 2024/2853 treats software, including AI systems, as products. From that date, a person harmed by a defective AI tool can pursue the AI provider directly under a no-fault regime, but only for products placed on the market after 9 December 2026. Your existing GDPR liability as the site operator does not change.

My agency disclaims AI use in their contract. Does that protect me?

It does not protect you from the regulator. The AP looks at the controller, which is you. A disclaimer between you and your agency only affects who reimburses whom internally. Replace any AI-use disclaimer with a compliance warranty: the agency warrants the delivered site meets GDPR, cookie law and EAA at handover.

Related reading

If you want to go further on the questions this article touched on:

• The agency-client liability chain pre-dates AI. How web designer liability works when images are unlicensed covers the same contractual framework before the AI layer.
• The 9 December 2026 shift. The new Product Liability Directive affects software and AI claims in ways that will get their own dedicated article. <!-- TODO: replace with /nl/en/guides/product-liability-directive-2026 when published -->
• AI Act transparency obligations from 2 August 2026. What the EU AI Act actually requires of website owners is the next article in this cluster. <!-- TODO: replace with /nl/en/guides/eu-ai-act-for-website-owners when published -->
• The cookie banner is where most AI-built sites fail first. Whether your site needs a cookie banner at all is the cheapest one to get right.
• The fine ranges that make this question worth asking. GDPR fines in the Netherlands explains what an AP enforcement action actually costs.

This article is technical analysis, not legal advice. The author is not your lawyer and is not your KVK-registered controller. For a binding view, talk to one of those.