Enterprise AI governance and 'liability shift'

Enterprise AI governance and the new “liability shift” Enterprise buyers spent 2024 and 2025 racing to put generative artificial intelligence into search, customer support, coding, document review, and internal knowledge systems. In 2026, the center of gravity is moving from capability to accountability. The new argument from risk leaders is simple: many vendors sell artificial intelligence as a productivity engine, but when the output causes legal, compliance, or operational damage, the contract often says the customer still owns the consequence. That pattern is increasingly being described as a “liability shift.” (openai.com) The phrase does not mean vendors accept no risk at all. Several major providers offer some form of intellectual property indemnity, especially for copyright-related claims tied to model output. Microsoft said in 2023 that it would assume responsibility for certain copyright claims involving commercial Copilot services, and Google Cloud said it would provide two-part generative artificial intelligence indemnification for covered products. OpenAI’s business terms also include service-specific indemnity protections. (blogs.microsoft.com) (cloud.google.com) (openai.com) The catch is in the exclusions. OpenAI’s current service terms say its output indemnity does not apply if a customer knew or should have known output was infringing, disabled or ignored safety features, modified the output, lacked rights to the input, or used output from a third-party offering. Anthropic’s commercial terms similarly narrow indemnity where claims arise from customer modifications, combinations with outside technology, or customer-provided prompts and data. (openai.com) (assets.ctfassets.net) That structure matters because generative artificial intelligence is rarely used in a clean lab setting. A retailer plugs a model into product copy and merchandising systems. A hospital tests it against clinical documentation workflows. A bank layers it onto internal research, customer service, fraud review, or policy search. The moment output is modified, combined with internal data, or passed into another workflow, the legal boundary between vendor risk and customer risk gets blurry fast. (federalreserve.gov) (fda.gov) The second problem is speed. Model behavior changes more often than traditional enterprise software behavior. Vendors update models, safety systems, context windows, routing logic, and feature defaults on a rolling basis, and release notes often describe continuing changes across products and plans. That means a workflow validated in February may not behave the same way in April, even if the user interface looks almost identical. (help.openai.com) This is why governance teams are starting to treat model choice like a moving dependency rather than a one-time procurement decision. The National Institute of Standards and Technology artificial intelligence risk management framework organizes controls around four recurring functions: govern, map, measure, and manage. That is a better fit for systems that drift over time than a one-off approval memo signed before launch. (airc.nist.gov) The third problem is uncontrolled internal use. Gartner said in late 2025 that 69 percent of cybersecurity leaders either had evidence of, or suspected, employee use of public generative artificial intelligence tools at work, and it predicted that by 2030 more than 40 percent of global organizations would suffer security and compliance incidents tied to unauthorized artificial intelligence use. The old “shadow information technology” problem now has a language model attached to it. (infosecurity-magazine.com) (isaca.org) That matters because the liability shift does not require a formal enterprise rollout to create exposure. An employee can paste contract language into a public chatbot. A manager can use a model to draft a performance review. A call-center team can rely on an assistant to summarize customer complaints. If those actions happen outside approved systems, the company may inherit privacy, employment, consumer protection, or recordkeeping risk without ever having signed a dedicated artificial intelligence statement of work. (isaca.org) (openai.com) Recent legal commentary has started to frame this as a squeeze on customers from both sides. On one side, courts are showing more willingness to examine the role of vendors in harmful or discriminatory outcomes. On the other side, contracts still push large parts of day-to-day responsibility back to deployers that may not fully see the model, the training data, or the vendor’s update cycle. Jones Walker called this dynamic a “liability squeeze” in a 2025 analysis. (joneswalker.com) For enterprise buyers, the practical response starts with contracts. Indemnity language now needs to be read with the same care companies once reserved for cloud uptime and data-processing terms. The key questions are concrete: Which claims are covered, copyright only or broader claims too? What customer actions void coverage? Do safety-feature requirements map to actual system settings? Can the vendor materially reduce protections later? OpenAI’s services agreement says the service-specific indemnity is not subject to the liability cap and cannot be materially reduced without the customer’s written agreement as of the effective date. (openai.com) The next layer is usage control. A company needs to know which models are approved, which data classes are allowed, which workflows require retrieval, logging, or human review, and which use cases are simply off-limits. Without that, “use artificial intelligence responsibly” is just a poster on the wall. Governance vendors and large consultancies now describe traceability, guardrails, and audit trails as baseline controls for enterprise deployment rather than nice-to-have extras. (ciodive.com) (iapp.org) Auditability is becoming the hinge. If a model drafts a denial letter, suggests a treatment path, changes a price, or prioritizes a fraud alert, a company needs a record of which model was used, what instructions were given, what source data was retrieved, what safety filters were active, what output was shown to the human reviewer, and who made the final decision. Without that chain, it is hard to defend a decision to a regulator, a court, an auditor, or even an internal risk committee. The European Union Artificial Intelligence Act’s Article 14 says high-risk systems must allow effective human