I. The eighty-billion-dollar toy #
There’s a document you should read. It’s not long, it’s not hidden, it doesn’t require any special legal expertise to understand. It lives at microsoft.com/en-us/microsoft-copilot/for-individuals/termsofuse, it was updated on October 24, 2025, and it contains a sentence that deserves to be taken seriously. The sentence is in the section titled, in uppercase and bold, "IMPORTANT DISCLOSURES & WARNINGS", and it says: Copilot is to be considered solely for entertainment purposes. It may make mistakes and may not work as expected. Do not rely on Copilot for important advice. Use Copilot at your own risk.
If that sounds like the kind of clause you’d find in a meme generator app, I get it. But we’re talking about the product Microsoft has integrated into Windows 11, into Excel, into PowerPoint, into Teams, into Outlook, into the beating heart of the suite that over 430 million people use every day. We’re talking about the product for which Microsoft committed about eighty billion dollars in AI capital expenditure in fiscal year 2025 alone, across data centers, infrastructure, and compute capacity, on top of the roughly thirteen billion invested cumulatively in OpenAI, whose technology powers the underlying models. We’re talking about the product sold to large enterprises at thirty dollars per user per month, and to small and medium businesses at twenty-one (cut to eighteen with first-half 2026 promotions). The Terms of Use for this product say it’s a toy.
Microsoft’s reaction, when the clause started circulating on social media in the first days of April 2026, was predictably mechanical. A spokesperson told PCMag that it’s “legacy language” that “no longer reflects the product’s current use” and that it “will be revised with the next update.” No date. No binding commitment. No explanation for why language that doesn’t reflect the reality of the product stayed in legal documents for months after the last update, in plain sight of the same legal team that wrote it. The spokesperson spoke as if someone had forgotten to take down a sign from a closed construction site. But closed construction sites don’t bill thirty dollars per seat per month.
It’s tempting to dismiss this as a legal department gaffe. It isn’t. Terms of Use aren’t written by accident. They’re written by teams of lawyers who weigh every word knowing those words will be used in court. The word “entertainment” isn’t a lazy synonym for “experimental” or “beta.” Entertainment has a precise legal meaning in Anglo-Saxon law: it’s the category that protects those who produce content that is explicitly non-factual, like games, fiction, simulations. Saying a product is “for entertainment purposes only” means saying that no reasonable user should expect its answers to be accurate, reliable, or fit for any practical purpose.
You could argue the numbers tell a different story. That Copilot adoption has been slower than expected. That Microsoft itself knows the product has problems. And you’d be right. By the second quarter of fiscal year 2026, only fifteen million seats out of four hundred and fifty million paid commercial seats were subscribed to Microsoft 365 Copilot: 3.3 percent. The US market share of paying subscribers contracted by 39 percent in six months, going from 18.8 percent in July 2025 to 11.5 percent in January 2026. Net Promoter Score on answer accuracy worsened from minus 3.5 to minus 24.1 between July and September 2025, according to Recon Analytics. 44.2 percent of users who abandon Copilot cite distrust in the answers as the main reason. When workers can freely choose between Copilot, ChatGPT, and Gemini, only 8 percent choose Microsoft’s product.
These numbers don’t soften the problem. They make it worse. They show Microsoft knows perfectly well the product isn’t reliable, says so in legal documents, and keeps selling it as an enterprise productivity tool. Satya Nadella called Copilot “a true daily habit” in front of investors. Marketing presents it as the assistant that transforms the way you work. The Terms of Use say it’s a toy. That’s not a contradiction. It’s a strategy.
II. The disclaimer chorus #
It would be intellectually dishonest to present Microsoft’s clause as an anomaly. It isn’t. It’s the loudest case of a pattern that runs through the entire AI industry, and it’s worth mapping precisely.
OpenAI, in its Terms of Use, warns users not to rely on outputs as the sole source of truth or factual information, and caps its aggregate liability at one hundred dollars or the amount paid in the previous twelve months. Google, in Gemini’s terms, says not to rely on the services for medical, mental health, legal, financial, or other professional advice. xAI, Elon Musk’s company, warns that its AI is “probabilistic by nature” and can produce incorrect outputs. None of these companies, it should be said, has gone as far as the formula “for entertainment purposes only.” That one remains a Microsoft exclusive.
The difference between Microsoft and the others, though, isn’t substantive. It’s tonal. All major AI providers are doing the same thing: building a legal wall between the product they sell and the consequences of using it. They do it knowing their models can and do produce false, misleading, potentially harmful outputs. In August 2024, Copilot falsely identified German journalist Martin Bernklau as a convicted pedophile and a fraudster, also providing his home address. Microsoft blocked queries about Bernklau only after a data protection complaint. These aren’t edge cases. They’re the ordinary operation of a probabilistic system marketed as if it were deterministic.
And in court, disclaimers work. On May 19, 2025, the Superior Court of Gwinnett County, Georgia, issued a summary judgment in favor of OpenAI in Walters v. OpenAI (23-A-04860-2). Radio host Mark Walters sued OpenAI after ChatGPT, at a journalist’s request, generated a false summary of a lawsuit in which Walters was described as accused of embezzlement against the Second Amendment Foundation. The court dismissed the claim on three independent grounds: the statements could not reasonably be understood as actual facts (also because ChatGPT had warned the journalist about its limitations and the ToS contained explicit disclaimers about the possibility of errors); Walters had shown neither negligence nor malice by OpenAI; and Walters himself admitted he suffered no damages. An outcome supported by multiple legs, then, not just disclaimers. But disclaimers mattered, and they matter. The court explicitly recognized that repeated warnings about the possibility of “hallucination” helped make any expectation of factual accuracy by the user unreasonable.
This is where many commentators stop, outraged. But this is where the conversation needs to get more precise, because not all disclaimers are the same, not all serve the same purpose, and not all are, in themselves, a bad thing.
The European AI Act, Regulation 2024/1689, explicitly requires providers of AI systems to communicate the limitations of their products. Article 13 provides that high-risk AI systems be designed with sufficient transparency to enable deployers to interpret outputs and use them appropriately, and that they be accompanied by instructions for use with concise, complete, correct, and clear information on characteristics, capabilities, and performance limitations. Article 14 imposes effective human oversight, and requires that the people tasked with oversight be put in a position to remain aware of the possible tendency to automatically or excessively rely on outputs—what the Regulation calls “automation bias.” Article 50 requires that users be informed when they are interacting with an AI system, and that generated content be labeled as such.
Saying “this AI system can be wrong, always verify, don’t blindly trust it” isn’t just legitimate, then. It’s a regulatory obligation. Europe has established that transparency about AI system limitations is a pillar of safety and trust. The user must know what they’re interacting with, what the risks are, and must be able to decide to ignore or override any system output. This is the framework any serious company should follow.
But one thing is saying “this system has these limitations; here’s how to supervise it to use it safely.” Another is saying “this is a toy for entertainment; use it at your own risk; we guarantee nothing.” The first formulation is transparency. Compliance with the AI Act. An act of responsibility that puts the deployer in a position to do their job. The second formulation is a liability dump dressed up as transparency. It doesn’t put the user in a position to use the system appropriately: it puts them in a position where they can’t seek recourse when things go wrong.
The AI Act asks the provider to declare limitations to enable safe use. Microsoft’s ToS declare limitations to prevent any recourse. One serves the user. The other serves the legal department. And when a US court looks favorably on a provider’s disclaimers in dismissing a defamation claim, it isn’t necessarily rewarding transparency. It’s acknowledging the legalese.
III. The Directive that changes everything (and the blind spot) #
By December 9, 2026, EU Member States must transpose Directive 2024/2853, the new Product Liability Directive, into national law. It’s the first update in forty years to Europe’s defective product liability regime. For companies that produce, integrate, or distribute software and AI systems, the consequences are profound.
The Directive first redefines what a “product” is. The old 1985 directive was designed for a world of physical objects: cars, appliances, toys. The new one explicitly includes software, regardless of the mode of supply or use, whether embedded, standalone, cloud, or SaaS. It includes firmware, operating systems, applications. The Recitals clarify that AI systems also fall within the definition. Software is no longer a service that slips out of product liability. It’s a product. As such it is subject to strict liability: you don’t need to prove the producer’s fault. You just need to show the product was defective and that the defect caused damage.
Then there’s the question of exemption clauses. Article 10 provides that Member States ensure that an economic operator’s liability under the Directive is not, vis-à-vis the injured person, limited or excluded by a contractual provision or by national law. The wording leaves no ambiguity. Disclaimers in Terms of Use, limitation-of-liability clauses, “as is” formulations, and “for entertainment purposes only”: the moment a European consumer suffers harm from a defective product, they’re worth nothing.
This needs to be understood in its transatlantic scope. The clause “Copilot is for entertainment purposes only” will keep working in the United States, where Walters v. OpenAI confirmed that courts take disclaimers seriously. In Europe, after the Directive is transposed, that same clause becomes unenforceable. If Copilot generates a defective output that causes harm to a natural person (death, personal injury, medically recognized psychological harm, destruction or corruption of non-professional data, damage to private property), the provider is liable. Regardless of what the ToS say.
The Directive also rewrites the rules on the burden of proof, and this is where things get complicated. It introduces presumptions in favor of the injured person. If the defendant does not disclose relevant information, defectiveness is presumed. If the product does not comply with mandatory requirements of national or EU law, defectiveness is presumed. If there is an obvious malfunction during reasonably foreseeable use, same. If the injured person faces “excessive difficulties” in proving the defect due to the technical or scientific complexity of the product, courts may presume both defectiveness and causation. For AI systems, where opacity of internal functioning is structural rather than accidental, this presumption will be the norm. The injured person won’t have to explain how the model that generated the false output works. They’ll have to show the output was defective and that the damage followed.
The PLD interlocks with the entire European regulatory framework. Non-compliance with the Cyber Resilience Act requirements (security-by-design obligations, vulnerability handling, security updates) can constitute a presumption of defectiveness. The same goes for failure to meet NIS2 obligations. And the same goes, implicitly, for AI Act requirements: an AI system that doesn’t meet transparency, human oversight, accuracy, and robustness obligations is a system that doesn’t meet mandatory requirements of EU law, and therefore a system for which the PLD may presume defectiveness.
The short circuit is visible to the naked eye. The AI Act asks providers to declare their systems’ limitations to enable safe use. The PLD says that if the product causes harm, the provider is liable regardless of disclaimers. The provider is required to inform that the system can be wrong, and at the same time cannot use that information to escape liability when the system is in fact wrong. It’s a coherent regime, designed to protect the consumer. But it creates an extremely strong tension between the duty of transparency and the impossibility of using transparency as a shield.
For Microsoft, this tension is manageable. For those in the middle of the chain, it’s potentially lethal.
IV. Whoever modifies it, pays: the integrator as a structural scapegoat #
The PLD doesn’t just say the software producer is liable. It expands the chain of potentially liable economic operators with a cascading logic designed to ensure that the European consumer always has a reachable counterpart in the EU. If the manufacturer is outside the EU, the importer is liable. If there is no identifiable importer, the authorized representative is liable. Then the fulfilment service provider. Then the distributor, if it fails to identify the relevant operator in the chain within one month of the injured person’s request. Liability is joint and several: multiple operators liable for the same damage are liable together, each for the whole.
So far the system seems reasonable. But there’s a figure in the chain that the PLD treats with particular harshness and that is crucial to understanding the practical implications of the “entertainment only” clause: anyone who substantially modifies a product after it has been placed on the market is considered a manufacturer of the modified product and is liable to the extent that the defect results from the modification. The Recitals clarify that a substantial modification may also result from a software update, an upgrade, or the continuous learning of an AI system. The product as modified is considered placed on the market at the moment the modification is actually performed.
Think about what happens in the real world. A system integrator, a software house, an IT consultant takes Copilot and integrates it into a corporate workflow. They configure prompts, connect the client’s data sources, customize responses, automate flows. Are they substantially modifying the product? Under the PLD, very likely yes. The moment you take a general-purpose AI model and specialize it for a specific context, you’re creating a product different from the original. If that modified product generates a defective output that causes harm, the integrator is liable as a manufacturer.
Article 12 of the PLD provides a specific protection for micro and small enterprises that produce defective software integrated into someone else’s product. These enterprises can contractually agree with the manufacturer of the final product on an arrangement that protects them from recourse actions. But this protection has two limits that drastically reduce its usefulness. First: it does not in any case protect the micro or small enterprise from a direct action by the consumer. The consumer can always sue the integrator directly, and the integrator is liable. Second: protection against recourse actions requires a contractual agreement with the product’s manufacturer. Microsoft has no obligation and no incentive to grant this kind of agreement to system integrators who use Copilot. Its ToS already say the product is “for entertainment purposes only” and that the user is “solely responsible” for any action taken based on outputs. In a potential recourse action, Microsoft will be able to say: we warned you. You chose to integrate it into a professional product. It’s not our fault if you sold it to a client as a reliable tool when we ourselves told you it was a toy.
The PLD prevents pushing liability downward in the chain—toward the consumer—via contractual clauses. But it doesn’t prevent big players from refusing to grant contractual protections upward, in the relationship between integrator and manufacturer. The result is that the integrator is exposed to the consumer without being able to protect itself contractually, and has no guarantee of being able to effectively seek recourse against Microsoft. Microsoft has the legal teams, the authorized representatives in every Member State, the financial mass to absorb litigation. The ten-person integrator in Pescara, in Brno, in Lisbon doesn’t.
The obvious objection is that the integrator can and must implement the human oversight required by the AI Act. Set up verification processes, user training, output supervision. And it’s true: the responsible integrator will do it, and will have to do it for its own obligations as a deployer under the AI Act. But the PLD doesn’t ask whether you did your best. The PLD asks whether the product was defective and whether the defect caused damage. A false output generated by an AI system integrated into a professional workflow that causes harm to a natural person is a defective product, regardless of how many layers of human oversight the integrator implemented. You can do everything right and still be liable.
Think about what happens when an AI system integrated into management software generates an incorrect financial report that leads to a bad investment decision. Or when an AI assistant integrated into a CRM generates a defamatory communication about a customer. Or when an analysis system integrated into a healthcare platform provides an incorrect indication that influences a diagnostic pathway. In all these cases, under the PLD, the injured person can act against the integrator. The integrator is there, in the EU, reachable, has a tax ID and a bank account. Microsoft is in Redmond. And in its ToS it says Copilot is for entertainment.
V. The bill—and who pays it #
There’s a moment in the history of tech regulation when it becomes clear the rules were written for a world that no longer exists. The old 1985 Product Liability Directive was designed for a world where products were physical objects made by identifiable companies, sold through linear distribution chains, and used by consumers who could reasonably assess their safety. The new PLD is a necessary and in many ways admirable update: it extends protection to software, lowers barriers for consumers, introduces presumptions that rebalance information asymmetry. But the world it regulates isn’t made of linear chains. It’s made of stacked layers, of APIs calling APIs, of probabilistic models whose internal functioning isn’t understandable even to those who built them.
The logical architecture of the European regulatory framework is the most advanced in the world. The AI Act sets obligations for transparency, human oversight, risk management. The Cyber Resilience Act imposes security-by-design and continuous security updates. NIS2 extends cybersecurity to critical sectors. The PLD closes the circle by establishing that whoever violates these obligations and causes harm pays. The objection isn’t to the framework’s logic. The objection is to the practical distribution of consequences.
In reality, consequences follow a law of economic gravity that no directive can reverse: they fall downward. Toward those with fewer legal resources, less financial mass, less ability to absorb litigation. Microsoft, Google, OpenAI each have hundreds of lawyers, authorized representatives in every jurisdiction, legal budgets that exceed the revenue of entire SME supply chains. They have written ToS that, even if ineffective under the PLD vis-à-vis the consumer, remain fully operational as an argument in recourse actions between economic operators. They’ve classified their products as “entertainment,” “probabilistic,” “not a source of truth” with surgical precision, knowing what function each word would serve in a future proceeding.
The PLD presents the bill, but who pays it? The ten-person system integrator who took Copilot, integrated it into the client’s management system, did training, implemented human oversight, and discovers that when the defective output causes harm, they are the reachable, identifiable, sue-able party. The provider is on the other side of the ocean, or in any case protected by B2B contractual clauses, arbitrations in Dublin, and limitations of liability between economic operators that the PLD doesn’t touch because they concern relationships between professionals and not the consumer’s direct protection.
It would be wrong to say the PLD is a mistake. The PLD is incomplete. Its incompleteness produces a regressive effect that rewards those with the resources to navigate the system and penalizes those who don’t. Article 12 recognizes the problem for micro and small enterprises, but solves it in a circular way: we protect you from recourse if you have a contractual agreement with the manufacturer. But the manufacturer has no obligation to grant you that agreement. And if its ToS say “entertainment only,” its incentive to grant it is actually negative: that agreement would implicitly admit the product has a professional use, contradicting its legal shield.
There’s a further paradox. The companies that take compliance most seriously, that implement human oversight, that inform their customers, that document processes, are also the ones that leave the richest documentary trail for a liability action. Whoever integrates Copilot sloppily, without processes, without documentation, without oversight, is paradoxically harder to hit because they leave less evidence of a structured relationship with the product. The PLD, in its attempt to protect the consumer, risks creating an incentive toward superficiality: those who do things well are more exposed than those who do them badly.
The time dimension also matters. The PLD applies to products placed on the market or put into service after transposition. But AI systems aren’t static products. They’re updated continuously. Models change. Outputs change. An AI system that works one way today might work in a completely different way six months from now after an update to the underlying model. Every substantial update, according to the PLD Recitals, puts the product back on the market. The integrator who built a workflow based on Copilot in 2025 could find themselves, after a model update in 2027, with a substantially different product producing different outputs, without having any control over the change and with full liability for its effects.
I don’t have a neat solution for all of this. But anyone working in this sector should start reading their AI providers’ ToS not to get outraged, but to understand exactly what the provider refuses to guarantee—because that list is the map of the residual risk that remains on the integrator’s shoulders. They should negotiate specific contractual agreements on product liability before the PLD is transposed, because after that bargaining power will be even lower. They should document every human oversight process, every risk assessment, every customer disclosure, not because this eliminates liability under the PLD but because in a recourse action against the provider documentation is the only weapon available. And they should seriously ask whether integrating third-party AI systems into professional products is sustainable from an insurance standpoint, because today most professional liability policies don’t cover damages from AI outputs, and tomorrow that coverage will be necessary.
When Microsoft writes “for entertainment purposes only,” it isn’t stammering. It’s speaking clearly and deliberately. It’s saying that liability for any professional use of its product isn’t theirs. It’s saying that whoever takes that product and sells it as a reliable tool does so entirely at their own risk. Europe has built a regulatory framework that in theory holds everyone accountable. In practice, it holds accountable those who can least afford it. The provider that wrote “for entertainment purposes only” knowing perfectly well no one would read it, that collected thirty dollars per seat per month knowing perfectly well its product wasn’t reliable—that provider still has its lawyers, its clauses, its international arbitrations. The next time someone asks it to account for what it sold, it will point again to the Terms of Use. It’s all written there. You just have to read.