Who Takes Responsibility When Embedded AI Misfires?

As embedded artificial intelligence transitions from theoretical frameworks to practical applications, the associated liability risks for organizations are increasing. Whether in border security robotics or healthcare automation, industry leaders must familiarize themselves with the interplay of AI governance, product liability, and data protection laws, emphasized Chiara Rustici, Chief Privacy Officer and independent analyst.

According to Rustici, the establishment of liability does not necessitate new legislation specifically tailored for emerging technologies. Instead, the focus should be on precisely applying existing legal frameworks. Current regulations surrounding AI governance, data security, and product safety already have intersecting areas. The real challenge arises in effectively linking these regulations to specific use cases, potential misuse, and the evolving risk profiles affected by new deployments.

“Many assume that this is a technological advancement that calls for a unique legal framework, but this is a misdirected effort,” Rustici stated. “We have substantial existing frameworks that continue to be relevant as new engineering challenges arise.”

During a video interview with the Information Security Media Group, Rustici also covered pivotal topics such as the overlap between AI governance, data protection laws, and product liability for embedded AI. She elaborated on the differing liability models triggered by civilian versus military applications, and outlined steps that Chief Information Security Officers should take to evaluate risk as use cases evolve.

Rustici’s credentials include her role as an independent academic and expert in data regulation. Her background features recognition as a former research grant recipient from Italy’s National Research Council, teaching jurisprudence at the University of Genoa, and research positions at institutions in Milan and Edinburgh. Furthermore, she has served as Chair of the BCS Law Specialists Group and currently holds a position with the BCS governance team, contributing to the Privacy and Policy Committee. In 2019, Rustici was included in the inaugural DPO200 list by the GDPR Institute, acknowledging significant contributions to the fields of privacy and security.