2.2 Discrimination, consumer protection & liability

Key Takeaways

  • Disparate treatment is intentional discrimination, while disparate impact is a facially neutral practice with a disproportionate adverse effect on a protected group—AI commonly creates disparate impact through proxy variables even when protected attributes are excluded.
  • US anti-discrimination statutes reach AI by domain: Title VII, the ADEA, and the ADA in employment (EEOC), ECOA in credit (CFPB), and the Fair Housing Act in housing (DOJ/HUD).
  • The CFPB requires creditors to give specific, accurate adverse-action reasons even when a black-box model made the lending decision, so opacity is not a lawful excuse.
  • FTC Act Section 5 bars unfair or deceptive practices, letting the FTC pursue AI washing and impose algorithmic disgorgement—deletion of models and data built from unlawfully obtained information.
  • The EU's revised Product Liability Directive (2024) treats software and AI as products and eases the burden of proof, while the proposed AI Liability Directive was withdrawn in early 2025.
Last updated: July 2026

When AI causes harm: discrimination, consumer, and liability law

AI systems that screen job applicants, price loans, or moderate content can injure people, and existing anti-discrimination, consumer-protection, and liability law supplies the cause of action long before any AI-specific statute. The AIGP exam expects you to map an AI harm to the right legal theory and, in the US, to the right enforcer.

Anti-discrimination and civil-rights law

Two doctrines dominate. Disparate treatment is intentional discrimination—treating someone worse because of a protected characteristic such as race, sex, age, or disability. Disparate impact is subtler and more common with AI: a facially neutral practice—say, a résumé-screening model—that produces a disproportionately adverse effect on a protected group, regardless of intent. A model trained on historical data can encode past discrimination and produce disparate impact even when protected attributes are excluded, because proxies (ZIP code, name, résumé gaps, school) correlate with those attributes.

These doctrines live in domain-specific statutes:

  • Employment — Title VII of the Civil Rights Act, the ADEA (age), and the ADA (disability). The EEOC has warned that AI hiring tools can violate the ADA (for example, by screening out candidates with disabilities) and Title VII, and it brought an early enforcement action resolving age-discrimination claims against an online tutoring provider.
  • Credit — the Equal Credit Opportunity Act (ECOA) bars discrimination in lending. The CFPB has stated that creditors must provide specific, accurate adverse-action reasons even when a complex or "black-box" model made the decision; "the algorithm did it" is not a lawful explanation.
  • Housing — the Fair Housing Act reaches discriminatory advertising delivery, tenant-screening tools, and automated property valuation.

On the US enforcement map, remember the key agencies: the EEOC (employment), the CFPB (consumer finance and credit), the FTC (consumer protection generally), and the DOJ and HUD (civil rights and housing). In 2023 the EEOC, FTC, CFPB, and DOJ issued a joint statement affirming that existing laws apply to automated systems and AI—an exam-worthy signal that regulators view AI as already covered. Enforcement priorities shift with administrations (some federal AI guidance was rescinded in 2025), but the underlying statutes remain fully in force.

A practical detail worth knowing is how disparate impact is measured. The EEOC's Uniform Guidelines suggest a "four-fifths rule": if a protected group's selection rate is less than 80% of the highest group's rate, that adverse-impact ratio is a red flag warranting scrutiny. This is exactly the kind of statistical test that a bias audit runs, and it explains why some jurisdictions now mandate such audits outright. Governance programs use these ratios proactively—testing candidate pools before deployment—rather than waiting for a complaint.

Consumer-protection and unfair/deceptive-practices theories

The FTC Act, Section 5, prohibits "unfair or deceptive acts or practices." Applied to AI, deception covers false or unsubstantiated claims about what a product does—so-called "AI washing"—while unfairness covers practices that cause substantial, unavoidable consumer injury not outweighed by countervailing benefits. The FTC also wields a distinctive remedy: algorithmic disgorgement (model deletion), requiring a company to delete models and data derived from unlawfully obtained information, as it did in matters involving Everalbum and a national pharmacy's facial-recognition system. State UDAP (unfair and deceptive acts and practices) statutes give state attorneys general parallel authority. The concrete governance lesson: overstating an AI system's accuracy, or hiding that AI is being used at all, can itself be unlawful.

Product liability and tort

When AI causes physical or economic harm, tort law applies. Negligence requires a duty of care, breach, causation, and damages—so a developer or deployer that fails to test, monitor, or warn about foreseeable AI failures may be liable. Product liability attaches to defective products under three classic theories—manufacturing defect, design defect, and failure to warn—though a live question is whether software qualifies as a "product" for strict liability. A defectively designed model, or one shipped without adequate warnings about its known limitations, maps onto these categories.

The EU is modernizing this area, and the exam may test the direction of travel:

InstrumentStatus (2026)Effect on AI
Revised Product Liability DirectiveAdopted 2024Explicitly treats software and AI as "products"; eases claimants' burden of proof with disclosure duties and presumptions
AI Liability DirectiveWithdrawn in early 2025Would have harmonized fault-based AI claims across the EU; the proposal was abandoned

The revised Product Liability Directive makes clear that software and AI can be defective "products," and it introduces disclosure duties and rebuttable presumptions that make it easier for an injured person to prove defect and causation against an opaque system. By contrast, the proposed AI Liability Directive, which would have harmonized fault-based (negligence-style) claims, was withdrawn—a vivid example of how AI law is still forming and can even retreat.

The through-line for governance is that discrimination, consumer-protection, and liability exposure exist today, independent of the EU AI Act. A well-run program tests for disparate impact, substantiates its marketing claims, documents its safety testing and user warnings, and keeps records capable of rebutting a negligence or defect claim—turning diffuse legal risk into concrete, auditable controls.

Test Your Knowledge

A hiring model that excludes race as an input still selects far fewer candidates from one racial group, apparently because ZIP code correlates with race. Which legal theory does this most clearly implicate?

A
B
C
D
Test Your Knowledge

Under the FTC Act, which remedy has the FTC used specifically against companies that built AI models from unlawfully obtained data?

A
B
C
D
Test Your Knowledge

Which statement accurately describes the EU's product-liability landscape for AI as of 2026?

A
B
C
D