Who is liable when AI practices medicine?

Four legal doctrines currently govern medical liability in the United States. None of them were designed for autonomous AI, and none of them map cleanly onto it.

Respondeat superior holds employers vicariously liable for the acts of their employees performed within the scope of employment. A hospital is liable when its employed physician commits malpractice. But an AI is not an employee. It has no license, no employment contract, no professional duty independent of its operator. The doctrine assumes a human agent with moral and legal capacity. An autonomous AI has neither.

Corporate practice of medicine prohibits corporations from directly practicing medicine or employing physicians in ways that subordinate clinical judgment to business interests. The doctrine varies by state - California enforces it strictly, Texas loosely, and several states have carved out exceptions for hospital systems. When an AI system makes a clinical decision, the corporate practice question inverts: is the AI practicing medicine on behalf of the corporation that deployed it? If so, the corporation may be practicing medicine without a license.

Product liabilityholds manufacturers responsible for defective products. Under strict liability, a manufacturer is liable if the product is defective regardless of fault. Under negligence, the manufacturer is liable if it failed to exercise reasonable care. Medical AI complicates both theories. A model that performs correctly 99.7% of the time is not “defective” in any traditional sense, but it will harm patients in the 0.3%. Is a known error rate a defect, or is it a disclosed limitation?

Medical malpracticerequires four elements: duty of care, breach, causation, and damages. The duty of care belongs to the licensed practitioner. When an AI makes the decision and the clinician ratifies it - or, under Utah's model, does not even see it before it reaches the patient - who breached the duty? The clinician who trusted the system? The hospital that deployed it? The developer who trained it? The answer under current law is the clinician. That answer will not survive contact with autonomous AI at scale.

Utah's HB 249 creates a supervisory framework where the physician retains accountability but does not make each prescribing decision. This is a new liability configuration in American medicine. The closest analogy is the attending-resident relationship: the attending is responsible for the resident's decisions even when the attending is not present. But the analogy breaks down quickly. A resident is a human with independent clinical judgment, a medical license (albeit restricted), and the ability to recognize situations that fall outside their competence. An AI prescriber has none of these.

Under HB 249, the supervising physician must review a statistical sample of AI prescriptions monthly. This creates a paradox: the physician is responsible for decisions they did not make and may never see. If the AI prescribes a statin to a patient with an undisclosed rhabdomyolysis history and the prescription falls outside the monthly sample, the physician is liable for an error they had no opportunity to catch. The system worked as designed. The physician fulfilled their statutory obligations. The patient was harmed.

The Utah model implicitly assumes that the AI's aggregate error rate will be lower than the error rate of the human providers it replaces. This is probably true. It is also legally irrelevant. Malpractice is adjudicated per patient, not in aggregate. A system that prevents 500 errors while causing 3 novel ones has a better safety profile than the status quo - but those 3 patients have claims, and someone has to answer for them.

The liability default under Utah's framework is still the clinician. But the factual basis for that liability - that the clinician exercised judgment and got it wrong - no longer holds. The clinician did not exercise judgment. The clinician supervised a system that exercised something functionally indistinguishable from judgment. The law has not caught up to that distinction.

The EU AI Act classifies clinical AI as high-risk under Article 6 and Annex III. High-risk systems must undergo conformity assessment before deployment, maintain post-market surveillance, provide algorithmic transparency, and ensure meaningful human oversight. The Act does not ban autonomous clinical AI. It demands a compliance infrastructure around it.

The liability implications diverge sharply from the US model. Under the companion AI Liability Directive (proposed), a claimant harmed by a high-risk AI system can invoke a presumption of causation if the deployer failed to comply with the AI Act's requirements. The burden of proof shifts. Instead of the patient proving that the AI caused the harm, the deployer must prove that its non-compliance did not cause the harm. This is a fundamental restructuring of medical liability for AI systems.

The EU approach regulates the system, not the practice. The US regulates the practice, not the system. This creates an asymmetry for companies operating in both jurisdictions. In the EU, the deployment infrastructure - audit logs, conformity documentation, human oversight mechanisms - is a legal requirement. In the US, the same infrastructure is currently a voluntary best practice with no statutory mandate. A company that builds to the EU standard and deploys in the US has a defensible position in both jurisdictions. A company that builds to the US minimum and tries to enter the EU will fail conformity assessment.

The practical consequence: the EU AI Act is setting the global floor for clinical AI deployment infrastructure. Companies that treat it as a European problem will discover it is an architecture problem when they try to scale.

Tesla's Autopilot program is the most commercially deployed autonomous-adjacent AI system in the world, and its liability history is instructive. Tesla's legal position: the driver must remain attentive at all times; Autopilot is a driver-assistance feature, not autonomous driving; the driver is liable for any accident that occurs while Autopilot is engaged. NHTSA has investigated over 40 fatal or serious crashes involving Autopilot since 2016.

The “driver must remain attentive” paradox maps directly to clinical AI. If the system is good enough that the human trusts it, the human stops paying attention. If the human stops paying attention, the human cannot intervene when the system fails. If the human cannot intervene, holding the human liable for the system's failure is a legal fiction. Tesla has maintained this fiction because the alternative - accepting manufacturer liability for autonomous driving decisions - would repricing the entire product line.

Clinical AI faces the same paradox with higher stakes. A radiologist reviewing AI-flagged scans will, over time, develop automation bias - the documented tendency to accept automated outputs without independent verification. When the AI misses a tumor that the radiologist would have caught without AI assistance, the radiologist is theoretically liable for failing to exercise independent judgment. But the radiologist was deployed alongside the AI precisely because the system was supposed to be better. The institution cannot simultaneously claim the AI is superior (justifying deployment) and that the human should have overridden it (justifying liability assignment to the clinician).

Tesla's experience suggests that liability frameworks lag deployment by 5-8 years. Autopilot shipped in 2015; the first regulatory framework specifically addressing autonomous vehicle liability (the EU's updated Motor Vehicle Directive) arrived in 2022. Clinical AI is on a similar timeline. Utah authorized autonomous prescribing in 2026. The liability framework specific to autonomous clinical AI will not arrive before 2030. The question is what happens in the interim.

The deployment-layer company - the entity that operates the harness between the model lab and the hospital - occupies a novel position in the liability chain. It did not train the model. It did not employ the clinician. It did not treat the patient. It built and operated the infrastructure through which the model's output became a clinical action. This is simultaneously the safest and most exposed position in the chain.

Safest because the deployment layer does not make clinical decisions - it enforces guardrails on decisions made by others. Most exposed because when something goes wrong, every other party will point at the infrastructure: the model lab will say the output was correct but the harness misrouted it; the hospital will say the harness should have caught the edge case; the clinician will say the harness failed to flag the anomaly.

The indemnity architecture for a deployment-layer company requires three components. First, contractual liability allocation - explicit agreements with both the model lab (upstream) and the hospital (downstream) that define who owns which failure mode. The model lab is liable for model outputs within the agreed operating envelope. The hospital is liable for clinical context the harness was not designed to evaluate. The harness provider is liable for infrastructure failures: downtime, misrouted data, guardrail misconfiguration, audit trail gaps.

Second, clinical audit trails that constitute admissible evidence. Every decision that flows through the harness must be logged with sufficient granularity to reconstruct the causal chain: what data entered, what the model produced, what guardrails were applied, what reached the patient. This is not a nice-to-have. It is the evidentiary foundation for every party's defense in litigation.

Third, insurance products that do not yet exist. Medical malpractice insurance covers clinicians. Product liability insurance covers manufacturers. Neither covers a deployment-layer intermediary operating autonomous clinical AI infrastructure. The insurance industry will create this product - the premium revenue is too large to ignore - but it will require actuarial data that only exists once autonomous clinical AI operates at scale. The first movers in deployment infrastructure will generate this data, and will have pricing power over the insurance products built on top of it.

The case has not been filed yet. It will be. When it is, every autonomous clinical AI company, every hospital deploying these systems, and every insurer underwriting them will read the opinion. The precedent it sets will shape the industry for a decade.

The case will likely arise from a prescribing error under a Utah-style framework: an AI system prescribed a medication, the supervising physician did not review that specific prescription, and the patient was harmed. The plaintiff will name four defendants: the supervising physician, the hospital, the model lab, and the deployment-layer provider. The central legal question will be whether the AI was a tool (shielding the developer under the learned intermediary doctrine) or a practitioner (exposing the developer to direct liability for the clinical decision).

If the court classifies the AI as a tool, the liability stays with the clinician and hospital under traditional malpractice doctrine. The FDA's SaMD framework supports this classification, and model labs will argue for it aggressively. If the court classifies the AI as a practitioner-equivalent, the model lab and deployment provider face direct exposure under a theory that does not yet have a name but will function like product liability crossed with professional negligence.

The deployment infrastructure will be the decisive evidence either way. If the harness logged the decision chain, applied appropriate guardrails, and flagged the case for human review (even if the review did not occur), the deployment provider has a defensible position. If the harness was a pass-through - model output in, prescription out, minimal logging - the deployment provider shares the model lab's exposure.

This is why the harness is not an optimization. It is the legal infrastructure that determines whether autonomous clinical AI is deployable at all. The regulatory framework will arrive. The deployment gap will close. The question is whether the infrastructure is ready when the first case is filed, or whether the industry learns the hard way that the AMA's AI principles were not suggestions.

Read next: How medical AI regulation will move · The mountain top · FAQ