Two Munich-based publishers recently searched for their own names on Google. What came back was damaging and entirely fabricated. Google's AI Overviews described their businesses as operations linked to scams, subscription traps, and dubious practices. The claims appeared in none of the cited sources. The AI did not misread the internet. It had mixed up information about genuinely disreputable companies and projected those associations onto the wrong businesses entirely.

The publishers sent Google a cease-and-desist letter. Google did not respond adequately. On 28th May, 2026, the Regional Court of Munich issued a temporary injunction prohibiting Google from repeating those false claims through AI Overviews. The court's reasoning was precise and consequential. AI Overviews are not search results. They are Google's own content.

Safe harbour was built for the internet that no longer exists

Every major platform operating today was constructed on a legal foundation first laid down in the 1990s. The premise was clear. A platform that carries speech is not the same as a platform that makes it. A telephone company bears no liability for what its callers say. A search engine bears no liability for the websites it indexes. Section 230 of the US Communications Decency Act, the EU's e-Commerce Directive, and Section 79 of India's Information Technology Act each codified this as safe harbour protection. Intermediaries that did not create content, and that acted on notification of unlawful material, were shielded from the consequences of what others put on their platforms.

That architecture assumed a particular kind of platform. One that finds things, organises them, and even points users to them. These were platforms that carried content, not ones that created it.

Generative AI does not point, but speaks for itself. It takes information from across the internet, processes it, and produces its own answer in its own words. The Munich court found that this distinction is real, and the outcome hinged on this point. Google alone has influence over the AI's output and the algorithms that produce it. That made Google the author of the text its AI generated.

Why Google's defence failed

Google's argument was the one every AI company defaults to. Users can verify the claims from the cited sources, and they are generally aware that AI is known to make mistakes.

The court rejected both assertions. On the first, it drew a parallel to press law, where outlets are liable for standalone teasers even if readers never click through to the full article. An AI Overview is what most users take with them. The sources cited beneath it are, in practice, decorative.

On the second, the court located the fatal problem not in AI's general tendency to err but in what this AI had specifically done in this instance. The false claims did not arise from misreading the internet sources, which were bereft of damning findings against the publishers. The AI had created associations that existed nowhere in the underlying source material.

That 'AI can make mistakes' is an accurate description of today's technical reality. But this does not make it a viable legal defence. It's an acknowledgment that the company knows its system produces false statements and has chosen to deploy it anyway. A newspaper that publishes a false and damaging statement about a business does not escape liability by noting that journalists sometimes get things wrong. The Munich court applied the same logic to AI generated output.

There is, however, a further point that deserves more attention. The court found that only Google has the technical capacity to correct the underlying algorithm and the output generated by it. Google's control and dominance over its AI factored directly into the rejection of its intermediary shield argument. After all, if you built it and you alone can fix it, the responsibility is yours.

That 'AI can make mistakes' is an accurate description of today's technical reality. But this does not make it a viable legal defence. — Shashank Sharma

India addressed synthetic content but is silent on text output

The Munich ruling is being discussed almost entirely as a European development with implications for the US market. The Indian dimension has attracted little attention. This is a significant oversight as the picture is more complicated than most commentaries on the subject suggest.

The 2026 IT Amendment Rules were notified on 10th February, 2026 and came into force ten days later. They were necessitated by the rapid rise of AI-driven deepfakes and synthetic audio-visual content, and sought to resolve the problem by strengthening intermediary obligations. 

The trigger for the amendment was the spread of Synthetically Generated Information, defined as audio, visual, or audio-visual content that is artificially or algorithmically created, modified, or altered in a manner that appears real or authentic, and depicts individuals or events in a way likely to be perceived as indistinguishable from a natural person or real-world event.

This definition is key to understanding the scope of what the rules actually regulate. They cover deepfakes, AI-cloned audio, and synthetic video. They do not, on a plain reading, cover AI-generated text output. A chatbot response, an AI Overview, or a generative text summary is not SGI under the current statutory definition. India's legislature chose to start with audio-visual synthetic media and has not yet extended the framework to text output.

This is a meaningful gap. The harm in Munich was caused by text. If a company deployed an AI Overviews-equivalent feature in India tomorrow and it generated the same false statements about the same businesses, the 2026 Amendment Rules would not directly address the situation. The liability question for AI text output in India is as yet unsettled.

Where India has moved, however, it has moved further than what Munich aimed for. 

For SGI-enabling platforms, the obligation is not remedial but proactive. Every intermediary that offers a computer resource enabling users to create or distribute synthetic content must implement reasonable and appropriate technical measures to prevent SGI that violates applicable law. Synthetic content that does not fall into prohibited categories must be clearly labelled and embedded with permanent metadata including unique identifiers in a form that end users cannot easily remove or suppress.

Significant Social Media Intermediaries, those with more than five million registered users in India, carry a further layer of obligation. SSMIs must require users to declare whether uploaded content is synthetically generated, deploy technical measures to verify the accuracy of those declarations. The platforms must further clearly and prominently label confirmed synthetic content before publishing it. That last word is the operative one. The obligation attaches before publication, and not after.

If an SSMI knowingly permits, promotes, or fails to act upon unlawful SGI in breach of the rules, it is treated as non-compliant with the IT Rules 2021 and faces the loss of safe harbour protection under Section 79, exposing it to civil and potential criminal liability. The Munich ruling imposed liability on a deployer for speech it produced. The Indian rules impose liability on a platform for speech it failed to prevent. The standard is higher, and it was already in force before the German court issued its injunction.

If a company deployed an AI Overviews-equivalent feature in India tomorrow and it generated the same false statements about the same businesses, the 2026 Amendment Rules would not directly address the situation.— Shashank Sharma

The global picture is converging

The Munich decision is a preliminary injunction from a regional court. It is not a final judgment. Google has already announced its intention to appeal, contending that the case concerns specific and narrow errors rather than the foundational way AI Overviews displays web content. The outcome of that appeal will be relevant. The reasoning of the court below matters regardless of the outcome.

The Munich ruling follows a Frankfurt court decision in September 2025 which established that a search engine could in principle be held liable for false information in AI summaries, though the plaintiff failed to win the injunction in that instance. In the United States, two separate proceedings concluded in March 2026 with verdicts against Meta. A Los Angeles jury found Meta and YouTube liable in the first social media addiction trial to reach verdict, with the plaintiffs' lawyers arguing product design defect rather than content liability, deliberately routing around Section 230. A New Mexico jury separately found Meta liable for deceiving consumers about platform safety for children. Neither verdict rested on a finding that Section 230 does not apply to algorithmic curation. Both established that skilled pleading can neutralise Section 230 by targeting what the platform built rather than what it hosted. The practical effect is the same.

The Munich court's logic also aligns with the EU AI Act's emphasis on assigning responsibility to the deployer of AI systems rather than treating AI outputs as passively surfaced content.

Each of these developments, taken individually, represents an incremental shift in position. Taken together, they describe something much bigger. The passive intermediary is becoming harder to sustain as a legal category precisely because the passive intermediary is becoming harder to find. When a system authors every word of its output applying its own logic, while disregarding source materials, calling the company that built it a neutral conduit is a legal fiction. And the courts are beginning to pointedly say so.

The question every deployed AI feature now faces

For any company in India that has shipped an AI feature, whether a chatbot, a generative summary, a recommendation engine, or a search overlay, the question is not whether this liability theory will reach this market. The 2026 IT Amendment Rules have already answered part of that question. The harder question is whether the current terms of service, content review processes, and contractual arrangements with AI vendors were designed for a world in which the AI's output is treated as the company's own speech.

Most of them were in fact designed for a world the Munich court has now ruled no longer exists. The gap in India's IT law on AI text output will not stay open indefinitely. Companies that have not reviewed their AI deployments against this framework are carrying liability they have not yet thought to price.