1. What “Combined Liability” Means in AI & IoT Context

When AI and IoT work together (for example: smart cars, smart hospitals, industrial automation, smart homes), liability may involve multiple actors:

• Device manufacturer (hardware defect)
• Software developer (algorithm error / bias)
• Data handler or cloud provider (data breach)
• Platform/intermediary (connectivity ecosystem)
• User/operator (misuse or negligence)

Key legal issue:

👉 Determining who is responsible when an autonomous system causes harm

2. Legal Framework in India

(A) Tort Law (Negligence & Strict Liability)

Used when harm is caused by failure of reasonable care or hazardous systems.

(B) Consumer Protection Act, 2019

Applies to:

• Defective AI/IoT products
• Deficiency in services (e.g., smart health devices, AI diagnostics)

(C) Information Technology Act, 2000

• Section 43A: compensation for failure to protect data
• Section 79: intermediary liability (safe harbour)

(D) Constitutional Law

• Right to privacy and data protection under Article 21

(E) Emerging Data Protection Law

• Digital Personal Data Protection Act, 2023 (governs data fiduciary responsibility)

3. Liability Models Relevant to AI & IoT

1. Negligence-Based Liability

Failure to exercise reasonable care in design, deployment, or maintenance.

2. Strict / Absolute Liability

Used for inherently dangerous activities.

3. Product Liability

Defective AI-enabled devices (robots, IoT sensors, autonomous machines)

4. Intermediary Liability

Platforms hosting AI systems or IoT networks.

5. Data Liability

Unauthorized use, leakage, or misuse of personal data.

4. Important Indian Case Laws (Relevant to AI & IoT Liability)

Below are key judgments shaping liability principles applicable to AI & IoT systems:

1. M.C. Mehta v. Union of India (Oleum Gas Leak Case, 1987)

Principle:

Absolute liability for hazardous industries

Relevance to AI & IoT:

• If autonomous systems (like AI-controlled factories or IoT chemical plants) cause harm, operators can be held absolutely liable without exceptions.
• Sets high accountability standard for high-risk AI systems.

2. Donoghue v. Stevenson (UK, Persuasive in India)

Principle:

Duty of care (“neighbour principle”)

Relevance:

• AI developers owe duty of care to foreseeable users.
• IoT manufacturers must ensure safe design and warnings.
• Forms foundation of negligence in Indian courts.

3. Jacob Mathew v. State of Punjab (2005)

Principle:

Standard of negligence in professional services

Relevance:

• Applies to AI used in medical diagnostics (AI radiology, robotic surgery).
• If AI-assisted medical decisions cause harm, courts assess reasonable skill and care standard.

4. Indian Medical Association v. V.P. Shantha (1995)

Principle:

Medical services fall under Consumer Protection Act

Relevance:

• AI-driven healthcare tools (diagnostic AI, IoT wearables) are considered “services”.
• Patients can sue for deficiency in AI-based medical services.

5. Shreya Singhal v. Union of India (2015)

Principle:

Intermediary liability and safe harbour under IT Act Section 79

Relevance to IoT/AI platforms:

• IoT platforms (cloud-connected devices, AI apps) are intermediaries.
• They are protected only if they:
  • Act as neutral platforms
  • Remove unlawful content after notice
• Important for AI chatbots and smart device ecosystems.

6. Avnish Bajaj v. State (Bazee.com Case, 2008)

Principle:

Platform liability for user-generated illegal content

Relevance:

• Even if AI/IoT platform is automated, liability can arise if illegal activity is facilitated.
• Shows that technology intermediaries can face criminal exposure if due diligence fails.

7. Justice K.S. Puttaswamy v. Union of India (2017)

Principle:

Right to privacy is a fundamental right

Relevance:

• AI and IoT heavily rely on data collection.
• Any unauthorized surveillance (smart cameras, AI tracking systems, wearable IoT devices) can violate Article 21.
• Forms basis of data governance and consent requirements.

5. How Liability Works in AI + IoT Systems (Practical Scenarios)

Example 1: Autonomous Vehicle Accident

• AI software error → developer liability
• Sensor failure → manufacturer liability
• Maintenance failure → operator liability
• Result: shared liability under negligence + product liability

Example 2: Smart Home Fire (IoT device malfunction)

• Defective IoT device → strict product liability
• Cloud AI malfunction → service provider liability

Example 3: AI Medical Diagnosis Error

• Hospital uses AI tool → hospital liable under consumer law
• AI developer → negligence/product liability possible
• Doctor reliance → professional negligence standard applies

Example 4: Data Breach in IoT Devices

• IoT company fails security → liability under IT Act Section 43A
• Privacy violation → constitutional liability (Puttaswamy)

6. Key Legal Challenges in India

1. Lack of AI-specific legislation

No dedicated AI liability law exists.

2. Attribution problem

Hard to identify whether fault lies in:

• algorithm
• data
• hardware
• user behavior

3. Black-box AI issue

AI decisions are often non-explainable, complicating negligence proof.

4. Cross-border data flow

IoT systems often operate globally, raising jurisdiction issues.

7. Conclusion

In India, AI and IoT liability is currently governed by traditional legal principles adapted to modern technology. Courts rely heavily on:

• negligence law (duty of care)
• strict liability for hazardous systems
• consumer protection principles
• IT Act intermediary rules
• constitutional privacy rights

The direction of Indian law suggests a gradual shift toward:
👉 “Hybrid accountability model” where developers, manufacturers, and operators share responsibility based on control and foreseeability.