Regulating Foundation Models: Why Product Liability Doctrines Are Inadequate for Large Language Model Harms
Introduction
The term foundation model entered the technical lexicon through a 2021 Stanford paper describing large-scale AI models trained on broad data that are adaptable to a wide range of downstream tasks. These systems, of which GPT-4, Gemini, Claude, and Llama represent the most prominent examples, sit at the base of an increasingly vast AI application stack. They are not products in the conventional sense. They are infrastructure: generative, adaptive, capable of behaviour their creators did not specifically program, and deployed by downstream users in contexts their developers never anticipated.
When these systems cause harm, the questions of responsibility and legal recourse are genuinely novel. A user who elicits dangerous instructions from a large language model, a healthcare company whose clinical AI built on a foundation model provides a toxic treatment recommendation, or an individual defamed by a generative system’s hallucinated biographical content all face the same fundamental problem: existing product liability doctrine was designed for products with fixed functionality, known failure modes, and clear chains of manufacture, distribution, and use.
Foundation models possess none of these characteristics. Their outputs are emergent, context-dependent, and often unpredictable even to their developers. Their deployment is mediated through an ecosystem of fine-tuners, deployers, and integrators. Their failure modes are diverse, contested, and sometimes imperceptible to the affected party.
Legal Framework
India’s product liability framework under Chapter VI of the Consumer Protection Act, 2019, follows a three-track structure: liability for manufacturing defects, liability for design defects, and liability for failure to warn. A product liability claim requires the plaintiff to establish that the product contained a defect, that the defect caused the harm, and that the defendant is within the chain of production and distribution for the defective product.
The threshold analytical problem is whether a large language model is a product at all. The Consumer Protection Act, 2019, includes software within the definition of goods in Section 2(21), resolving part of the ambiguity in India’s favour for AI systems sold or licensed commercially. Even accepting the product classification, however, the defect analysis founders on the nature of foundation model outputs. A manufacturing defect exists when a specific unit of the product departs from its intended design. Foundation model outputs vary with every query; there is no intended output against which actual output can be measured as defective.
A design defect exists when the product’s design is unreasonably dangerous; applying this standard to a model whose outputs emerge from statistical patterns across training data requires courts to characterise the model’s architecture and training as the design, a conceptual reach that has not been attempted in Indian litigation.
Judicial and Regulatory Developments
The European Union’s approach under the revised Product Liability Directive, effective 2024, explicitly brings AI systems within the product category and addresses the causation difficulty by creating a disclosure obligation on AI providers: where a plaintiff cannot access technical information necessary to establish causation, the court may order disclosure, and failure to disclose creates a rebuttable presumption of causation.
The Ministry of Electronics and Information Technology’s draft Digital India Act, released for consultation in 2024, proposes that developers of AI systems bear liability only for harms directly caused by the system’s training and architecture, while deployers bear liability for harms arising from deployment choices, fine-tuning, and context of use. This developer-deployer bifurcation has been welcomed by industry but criticised by civil society groups as insufficiently protective of affected individuals.
Contemporary Issues and Analysis
The inadequacy of product liability for foundation model harms is most starkly illustrated by the attribution problem. Consider a foundation model developer who trains their model on a corpus that includes some unfiltered content providing dangerous information. The model is released as open-source or through an API. A downstream developer fine-tunes the model for a customer service application. The fine-tuner removes some but not all safety guardrails. A deployer integrates the fine-tuned model into their customer-facing chatbot. A user interacts with the chatbot and receives advice that causes them financial loss. Who is responsible?
Product liability theory has no clean answer. The foundation model developer may argue that their base model contained appropriate safety features that were modified downstream. The fine-tuner may argue that they acted within the developer’s terms of service. The deployer may argue that the product they purchased conformed to all representations. Each argument has plausibility, and the plaintiff is left without a clear defendant.
The warning defect theory offers the most promising avenue for plaintiffs. For foundation models, the relevant warning obligations relate to known failure modes, including hallucination rates, bias patterns, susceptibility to adversarial prompting, and domain-specific limitations. Developers who do not disclose these characteristics with sufficient specificity may face failure-to-warn claims.
There is also the question of what constitutes a defect in a system whose defining characteristic is unpredictability. A large language model that hallucinates facts is doing something its architecture enables and its training encourages in some configurations. If hallucination is a feature of the system’s design rather than a departure from it, it cannot be characterised as a manufacturing defect.
Comparative and International Perspective
Japan’s AI Governance Guidelines, issued in 2025, adopt a governance-based rather than liability-based approach: large-scale foundation model developers are required to implement impact assessments, maintain model documentation, participate in national incident reporting, and cooperate with government audits. Non-compliance attracts administrative sanctions rather than civil liability. This approach incentivises safety without forcing courts to resolve the defect classification question, but it leaves harmed individuals without a private right of action.
Practical and Policy Implications
For foundation model developers with India operations or Indian market exposure, the current liability uncertainty is commercially significant. Without clear doctrine, indemnity provisions in downstream contracts cannot be confidently written, insurance products cannot be accurately priced, and the risk of catastrophic liability arising from a harmful output in an unanticipated context cannot be quantified.
Suggestions and Reforms
India requires a Foundation Model Governance Act that addresses liability through a combined regulatory and civil law framework. The Act should establish a tiered liability structure: foundation model developers bear primary liability for systemic harms traceable to training architecture, safety infrastructure, or documented failure modes; fine-tuners and downstream developers bear liability for harms arising from modification and deployment configuration; and deployers bear liability for harms arising from their commercial presentation and failure to implement available safeguards.
The Act should create a Foundation Model Registry with mandatory technical documentation filing for models above a specified computational scale, including disclosure of training data sources, safety evaluation results, known failure modes, and recommended use restrictions. Courts should be given statutory power to order algorithmic disclosure in litigation involving foundation model harms.
Conclusion
Product liability doctrine is a powerful tool, forged over a century of industrial history, for holding manufacturers accountable for the consequences of their choices about design and warning. Foundation models challenge its premises at the level of category: they are not manufactured articles with fixed functionality; they are generative systems whose outputs are co-produced by every entity in an extended supply chain and by every user who prompts them. Stretching existing doctrine to cover these harms will produce unpredictable and often unjust results. A purpose-built framework, sensitive to the distributed nature of responsibility in the AI supply chain, is the only adequate response.