Why the Middle Layer Carries the Most Risk
Think of the AI supply chain in three layers. At the bottom: frontier labs and cloud providers building the underlying models. At the top: customers, employees, patients, and applicants receiving AI-mediated decisions. In the middle: enterprises integrating and deploying those tools.
That middle layer is where operational decisions happen. It’s also increasingly where liability lands.
Regulators aren’t waiting for comprehensive AI legislation to settle. They’re applying existing law—wiretapping statutes, anti-discrimination rules, consumer protection frameworks—to AI deployments right now. When iTutorGroup used a third-party AI screening tool that allegedly discriminated against older applicants, the EEOC sued the employer, not the AI vendor. Cigna and UnitedHealth face class-action suits over third-party AI tools used in medical claims decisions. Law firms have faced penalties for AI-generated hallucinations in court filings.
The pattern is consistent: the organization closest to the affected person tends to absorb the accountability.
Four specific exposure areas define where enterprise risk is concentrating. Most organizations aren’t managing any of them deliberately. Related governance themes also appear in AI Ethics Audits for Internal Auditors and AI Accountability in Healthcare Governance.
Trap 1: Upstream Opacity — You Can’t Govern What You Can’t See
Traditional software is deterministic. Same input, same output. You can test it, document it, and audit it.
AI systems are probabilistic. They drift. A model that performed acceptably at deployment may behave differently six months later—without any notification from the vendor.
During procurement, vendors typically offer product overviews, general descriptions of data inputs, and accuracy figures from internal testing. Some publish model cards, but these are designed for research communities, not enterprise compliance programs. When regulators or plaintiffs come asking, those documentation gaps become your problem.
What to do:
- Build transparency requirements directly into every AI vendor contract
- Require documentation of training data categories, known limitations, testing results, and failure modes
- Demand logs and records in formats compatible with your own monitoring and audit processes
- Treat a vendor’s inability to provide this information as a procurement risk, not a contracting inconvenience
If you can’t explain how a system works to a regulator, you’re already exposed.
Trap 2: The Customization Boomerang — Fine-Tuning Can Flip Your Legal Status
Customizing a third-party AI model with your proprietary data seems like a straightforward technical decision. It’s actually a legal one.
Under Article 25 of the EU AI Act, an enterprise that substantially modifies or repurposes a third-party AI system may be reclassified from “deployer” to “provider.” That shift carries significant obligations: conformity assessments, technical documentation, post-market monitoring. Many companies fine-tuning or white-labeling AI systems haven’t addressed this with their legal teams yet.
In the U.S., product liability principles can shift responsibility toward an enterprise that substantially modifies a system when that modification contributes to a defect. Courts are actively testing whether AI applications qualify as products subject to defective design and failure-to-warn claims.
The Workday case illustrates the complexity. A federal court allowed a discrimination claim to proceed on the theory that Workday acted as an agent of the employers using its hiring tools—despite contractual language assigning hiring decisions to those employers. Meanwhile, claims involving AI-generated hiring scores raise the possibility that employers may have unknowingly inherited Fair Credit Reporting Act obligations they never anticipated.
Standard vendor contracts don’t protect you here. OpenAI’s and Anthropic’s commercial terms generally leave enterprises responsible for legal claims tied to their own applications, data, and deployment choices.
What to do:
- Establish a formal internal protocol for when teams may fine-tune, white-label, or repurpose third-party AI tools
- For each project, require a documented legal classification—deployer or provider—before work begins
- Map exactly where vendor compliance responsibilities end and yours begin
- Align indemnities and warranties with where the risk actually originates: model design versus deployment context
- Default assumption: customization shifts liability toward you unless legal counsel confirms otherwise in writing
Trap 3: The Illusion of the “Off” Switch — Vendor Lock-In Is Worse Than You Think
Ask most executives if they could switch AI vendors if necessary. The answer is usually “yes, eventually.” For a growing number of organizations, the honest answer is “not without rebuilding significant parts of the business.”
Enterprise AI deployments are deeply integrated. A customer-service system may tie a specific large language model to a CRM platform, a proprietary knowledge base, custom prompt architectures, specialized safety filters, and logging infrastructure. The underlying model isn’t a modular component—it’s load-bearing. Pull it out and everything built on top of it risks collapsing.
AI lock-in is more acute than traditional software lock-in because the model’s behavior is woven into the application logic itself. Every prompt, workflow, safety filter, and evaluation metric has been calibrated to one provider’s outputs.
There’s no regulatory floor here yet. Unlike cloud data—where the EU Data Act establishes explicit switching rights—there are no equivalent requirements covering AI models, fine-tuned weights, prompt libraries, or evaluation frameworks. Anthropic’s Model Context Protocol (MCP) standardizes the connection layer, but it doesn’t address orchestration, prompts, evaluations, or governance systems. Those still require substantial rebuilding when you change providers.
What to do:
- Architect for modularity, especially on sensitive use cases
- Keep data infrastructure—retrieval systems, knowledge bases, evaluation frameworks—vendor-neutral where possible
- Ensure logs, prompts, and outputs can be exported in portable formats
- Negotiate data export rights, advance notice of material model changes, and clean termination provisions into every vendor contract
- Run a periodic portability exercise on your highest-risk deployments: could you migrate this system to a different provider within a defined window?
The answer to that last question will tell you more about your actual exposure than any vendor contract will.
Trap 4: Regulatory Fragmentation — Building Parallel Programs Is Unsustainable
The same AI system can simultaneously be high-risk under the EU AI Act, independently auditable under New York City’s Local Law 144, and largely unaddressed in other jurisdictions. Most compliance teams are already stretched thin.
The reactive approach—building a new compliance track every time a new AI regulation appears—produces a proliferation of parallel programs for the same underlying system. It gets more expensive and more fragile with each new law.
The smarter approach: recognize that most AI regulations rely on the same basic controls. Identify high-risk systems. Test them. Document how they operate. Monitor performance. Assign clear accountability. Build that foundation once, then layer jurisdiction-specific requirements on top.
The NIST AI Risk Management Framework and ISO/IEC 42001 provide useful structures for this. Regulators are already crediting companies that can demonstrate a coherent risk and compliance program before problems arise. Rite Aid deployed AI tools without meaningful testing, risk assessment, or oversight—and paid for it.
What to do:
- Adopt NIST AI RMF or ISO/IEC 42001 as your baseline governance framework
- Map each applicable regulation to that baseline instead of building upward from each regulation individually
- When new regulations appear, ask “what does this add to our existing program?”—not “do we need a new program?”
- Assign explicit ownership for AI risk across procurement, legal, compliance, and each relevant business line—in writing
- Make sure you can demonstrate, not just claim, that humans can override or shut down critical AI systems
Ambiguity about who is responsible is its own form of liability.
The Defensible Posture Is Available Now
The legal obligations governing enterprise AI are still being written. The steps required to build a defensible posture are not.
Enterprises that treat AI deployment the way they treat any complex supply-chain risk—with deliberate mapping, documented controls, and clarity about who owns what at each layer—will reduce legal exposure and deploy AI more broadly and with greater confidence.
The companies that move first on this won’t just avoid lawsuits. They’ll be the ones that can actually show regulators, insurers, and boards that they understand what they’re operating.
That’s the real competitive advantage in enterprise AI right now: not the most powerful model, but the most defensible deployment.
Comments (0) No comments yet
Want to join this discussion? Login or Register.
No comments yet. Be the first to share your thoughts!