Munich: Google held liable for false “AI Overviews”

On May 28, 2026, the 26th Civil Chamber of the Munich I Regional Court (26 O 869/26) ordered Google LLC to stop disseminating, via its “AI Overviews” at the top of search results, false statements linking two Munich publishers to “subscription traps” and dubious practices. The court deemed these overviews attributable to Google — i.e., its own statements — and set a penalty of up to €250,000 per breach (§ 890 ZPO). Google said it would appeal.

Legal basis applied

• Tort liability and corporate personality rights under §§ 1004 and 823(1) BGB, combined with the German Basic Law (Art. 2(1); Art. 19(3)). AI‑generated statements are treated as Google’s “own words,” not third‑party content.
• International jurisdiction based on Art. 7(2) of Regulation (EU) No 1215/2012 (Brussels I bis); applicable law determined under the EGBGB and Regulation (EC) No 864/2007 (Rome II).
• GDPR does not apply to legal persons; the AI Act is not yet applicable ratione temporis and defers to national remedies for now.

Specialist media emphasize that, unlike classic search links, “AI Overviews” create new statements, justifying direct attribution to Google.

Implications for companies in Luxembourg

• If you run an internal search, chatbot, or answer engine in the EU, AI outputs may be treated as your own statements. Generic “AI may be wrong” disclaimers are insufficient to avoid liability.
• Until the AI Act is fully in force, disputes will rely on national tort/press laws. See the regulatory context in the European AI Act framework.
• Responsiveness matters: failure to promptly correct after a cease‑and‑desist can trigger injunctions with penalties and cost shifting.
• Exposed sectors include media, e‑commerce, financial services, health, mobility, and public bodies whose AI systems publish answers in Luxembourg and the Greater Region.

Practical steps to take this week

• Map AI “emission points” (website, app, chat, internal search) and maintain a log of high‑risk “generated statements” (health/finance, reputation, negative claims) with business and legal owners.
• Implement AI‑specific notice‑and‑action: a contact point, 24–48 h SLAs for takedown/correction, logging, and an integrated reporting banner.
• Strengthen governance: safety filters and rules, RAG with mandatory citations, detection and blocking of “unsourced novelties,” mandatory human review for sensitive categories, evidence retention of prompts/outputs, and a fallback plan.
• If you need support, explore our offer to build compliant, well‑governed AI and our page on AI compliance in Luxembourg.

Key takeaway

The ruling draws a clear line: when your AI publicly synthesizes or extrapolates, those statements can be attributed to you. Put in place control, rapid takedown, and robust governance to mitigate litigation risk. To discuss with our experts, contact our team.

Article generated by Luxgap regulatory watch. For tailored guidance on this topic, contact us.