The UK government has not said existing law is broken for clinical AI. It has said something more careful, and more useful for risk planning: existing legal and regulatory frameworks provide a basis for allocating responsibility, but clinicians remain responsible for patient-care decisions when they use AI tools.
That answer came in response to a written parliamentary question about whether existing liability and regulatory frameworks adequately allocate responsibility for harm arising from AI tools in NHS clinical decision-making.
The Department of Health and Social Care pointed to clinical negligence law, professional standards, product-liability regimes, and oversight by regulators including the MHRA, the Care Quality Commission, the Information Commissioner's Office, and NICE. It also said that responsibility for patient-care decisions remains with clinicians, who must exercise professional judgment when using AI tools.
That is not the final answer to the AI liability problem. The Department also acknowledged that AI introduces novel questions about how responsibility should be distributed among manufacturers, software licensors, and users. It said NHS Resolution has been commissioned to assess how existing liability frameworks apply to AI use cases and provide greater clarity.
For now, the practical message is direct: clinical AI may involve many actors, but a clinician using the tool is not relieved of judgment.
The Government's Current Position
The parliamentary answer does three things at once.
First, it resists the idea that there is currently a liability vacuum. The Department says existing frameworks provide a strong basis for allocating responsibility for potential harms.
Second, it keeps clinicians in the center of the decision-making chain. AI may assist with diagnosis, triage, prioritization, imaging, documentation, or treatment recommendations. But when it is used in clinical decision-making, the clinician remains responsible for exercising professional judgment.
Third, it leaves room for future clarification. The answer recognizes that clinical AI may involve multiple parties, including manufacturers, software licensors, providers, and users. In the event of an incident, responsibility may be apportioned according to the circumstances.
That is a familiar posture in emerging technology. The government is not freezing adoption while a perfect liability model is designed. It is relying on existing frameworks while commissioning work to clarify how they apply.
The MHRA Commission Is Looking At The Same Problem
The MHRA's National Commission into the Regulation of AI in Healthcare is examining whether the UK's framework for regulating AI in healthcare is sufficient and how it may need to improve.
The Commission's call for evidence asked about safe access to AI medical devices, post-market safety checks, and how responsibility and liability should be managed between the different parties involved in deploying AI medical devices.
The call-for-evidence page was updated on June 11, 2026, to say findings and a wider research-and-engagement report had been published. The Commission's recommendations are expected in 2026.
That matters because clinical AI liability is not only a courtroom issue. It is a product-governance issue, a medical-device regulation issue, a clinical oversight issue, and a procurement issue.
Medical Protection Warns Of A Liability Gap
Medical Protection has taken a sharper view. It warned that a widening gap between AI use and liability law could leave the NHS and clinicians exposed to claims.
Its concern is that AI systems are not clearly defined as products under the existing product-liability framework. If a patient is harmed after a clinician relies on an AI system that suggested a diagnosis or treatment plan, Medical Protection says the default path may be a clinical negligence claim against the end user rather than a product-liability claim against the developer, manufacturer, or supplier.
Medical Protection has called for legislation clearly classifying AI systems as products, arguing that responsibility for defective systems should be distributed more fairly.
That is not a binding legal rule. It is a stakeholder position. But it identifies the risk healthcare organizations already need to manage: if responsibility is unclear, claims may follow the party closest to the patient.
What Health AI Companies Should Hear
For AI developers and suppliers, the lesson is not that liability can be pushed downstream forever.
Procurement teams, regulators, insurers, and courts will ask how the product was validated, what the tool was intended to do, what warnings were given, how performance was monitored, how updates were controlled, and how foreseeable misuse was addressed.
Contracts may allocate risk between supplier and customer, but they will not necessarily answer patient-facing questions after an incident. Product documentation, post-market monitoring, audit trails, incident-response procedures, and human-factors design will matter.
If a supplier wants clinicians to trust a tool, the supplier should be able to explain what the tool is for, what it is not for, when a human must override it, and how errors will be detected.
What Clinical Governance Teams Should Do Now
Healthcare organizations should assume that AI use will be judged through existing duties unless and until a more specific framework changes the answer.
That means clinical governance should address:
- intended use and limits of each AI tool;
- whether the tool is regulated as a medical device;
- clinician training and supervision;
- how recommendations are documented in the patient record;
- when clinicians must independently verify or override AI output;
- incident reporting and escalation;
- supplier obligations for monitoring, updates, security, and performance drift;
- patient communication where AI materially affects care; and
- insurance and indemnity allocation for AI-related incidents.
The key is to avoid treating AI as either an autonomous decision-maker or a harmless administrative aid. Clinical AI may sit somewhere between those poles, and governance should match the actual use case.
Bottom Line
The UK's clinical AI liability position is still developing, but the current operating rule is clear enough: clinicians remain responsible for patient-care decisions when using AI tools.
That does not mean developers, licensors, providers, and healthcare organizations will avoid responsibility. It means the liability analysis will likely be shared, fact-specific, and built from existing frameworks unless reform changes the allocation.
For now, health AI governance should be designed for that world: human clinical judgment at the point of care, supplier accountability upstream, and enough documentation to explain both if something goes wrong.

