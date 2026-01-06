AI is rapidly becoming clinical infrastructure. But accountability frameworks have not scaled at the same pace. When AI contributes to harm, many organizations still end up improvising answers to the same question: Who is responsible?

A World Health Organization Europe survey released in November 2025 found that legal uncertainty is the leading barrier to AI adoption across the region and that fewer than one in 10 countries have liability standards clarifying responsibility when an AI system makes an error—only four countries were reported to have such standards.

The U.S. faces a similar exposure. Despite leading in AI innovation, the U.S. lacks a coordinated national approach for assigning responsibility when AI contributes to patient harm. Liability today can fall inconsistently across developers, clinicians and health systems—creating avoidable risk for patients and friction for adoption.

The real risk isn’t that AI will make mistakes. Every clinical tool, including humans, makes mistakes. The real risk is that we don’t yet have clear systems to govern and assign responsibility for mistakes in a world of “co-produced” decisions (vendor model + local deployment choices + clinical judgment).

Here is a practical five-pillar approach—the Pillay Framework—to make AI accountability clear enough for boards and lawyers, usable enough for clinicians, and scalable enough for fast-moving technology.

Pillar 1: Shared, multi-actor liability

AI-enabled care involves three responsible entities: developers, deployers (health systems) and clinicians.

Developers should be accountable for design choices, dataset integrity, performance claims, known limitations and update disclosure.

Health systems should be accountable for procurement discipline, local validation, governance, cybersecurity, workflow integration and training.

Clinicians should be accountable for appropriate use, verification proportional to risk, and documentation when they rely on or override AI recommendations.

Liability should mirror reality: Harm is rarely one actor’s fault in an AI-assisted workflow.

Pillar 2: Lifecycle accountability (pre-market + post-market)

AI is not static. Models drift as populations shift, scanners change, workflows evolve and vendors push updates. Governance must cover the full lifecycle:

Before deployment: Risk classification, dataset documentation, bias testing and clinically meaningful evaluation.

After deployment: Drift monitoring, incident reporting pathways, scheduled revalidation and mandatory revalidation after material updates or workflow changes.

Regulators are starting to formalize this logic. FDA guidance finalized in August 2025 provides recommendations for Predetermined Change Control Plans for AI-enabled device software—supporting iterative improvement when modifications, testing and monitoring are explicitly planned and reviewed.

Pillar 3: Mandatory human oversight (no fully autonomous care)

Clinical AI should support—not replace—clinical judgment. A defensible standard should require that a human clinician remains the final decision-maker for diagnosis and treatment and that review is proportional to clinical risk and model uncertainty. Overrides should be logged with brief rationale. If the tool signals high uncertainty, or the case falls outside intended use, the tool should not be used to drive decisions.

Oversight prevents silent failures and creates a decision trail that protects patients and clinicians.

Pillar 4: Transparent algorithmic behavior

Liability requires visibility. If you cannot reconstruct which model version ran, what it output, and what uncertainty indicators it surfaced, neither internal review nor courts can determine causality. Minimum transparency expectations should include:

Version histories and change logs

Time-stamped audit trails

Confidence/uncertainty indicators

Intended-use boundaries

A defined escalation path when outputs conflict with the clinical picture

Transparency turns AI from a black box into a governable clinical instrument.

Pillar 5: Integrate AI into existing legal structures

We do not need AI-specific courts. We need consistent application of familiar doctrines:

Medical malpractice for clinician decisions and standard of care

Product liability for defective design, inadequate warnings or undisclosed updates

Corporate negligence for unsafe deployment, weak training or failure to monitor

Regulatory frameworks for device oversight and reporting duties

This approach is globally portable, even as jurisdictions implement broader AI rules. In late 2025, the European Commission proposed delaying enforcement of some “high-risk” AI rules to December 2027, underscoring how fast the regulatory ground is still shifting.

What healthcare leaders should do now

A liability model matters only if it changes behavior. Five immediate, board-ready steps:

Put accountability into contracts: Require subgroup performance disclosure, change notifications, audit logging and incident reporting obligations.

Stand up lifecycle governance: Validate locally, monitor continuously and revalidate after any material change (software, workflow, hardware, population).

Define oversight by risk tier: Specify what requires double-checking, second reads or hard stops when uncertainty is high.

Train and credential users: If AI influences diagnosis, triage or referral, AI literacy is a patient safety requirement.

Prepare an incident playbook: Define who is notified, when a tool is paused, how potentially affected patients are reviewed and how vendors are engaged.

The bottom line

AI will increasingly shape diagnosis, risk scoring, triage, referral and treatment. Without a coherent liability model, trust erodes, adoption slows and patient safety is compromised. AI cannot be responsible for its decisions. We can—and must—be responsible for the ecosystems that produce them.