Who Is Liable When ChatGPT Builds Your Website?

Your web designer built your site in three days using Cursor and Claude. Six months later the Autoriteit Persoonsgegevens sends you a letter about cookies firing before consent. The question your designer is asking ChatGPT right now is whether you can blame the AI. The short answer is no, and this article walks through who actually pays.

Why Dutch operators carry the weight on AI-built websites

Dutch GDPR enforcement runs through the Autoriteit Persoonsgegevens, based at Hoge Nieuwstraat 8 in The Hague, with Aleid Wolfsen as chair. The AP has staked out a structured supervisory posture that emphasises proactive audits in identified focus sectors and cooperation with the European Data Protection Board on cross-border matters. Its 2025 supervisory priorities document, the Toezichtsprioriteiten van de AP, specifically called out generative AI deployments and the controllership analysis for AI-built websites. That priorities document matters because it signals where the AP allocates investigators in advance, and AI-built marketing websites for small businesses are one of the named segments. A complaint by a single Dutch consumer about a non-compliant AI-built site can and does trigger an AP inquiry, and the AP does not need a multi-party complaint to start one.

The relevant Dutch statute book sits in four layers. The Uitvoeringswet AVG (UAVG) implements the GDPR's flexibility provisions, including the age of digital consent (16, per Article 5 UAVG) and the AP's powers and procedure. The Telecommunicatiewet, in Article 11.7a, transposes the ePrivacy Directive and supplies the cookie-and-tracking rules the AP enforces in parallel with GDPR; together with the AP's 2023 Normuitleg the rules are stricter than the average EU member state on prior consent for analytics. The Wet toegankelijkheid producten en diensten (Stb. 2022, 411) transposes the European Accessibility Act and applies to in-scope digital services from 28 June 2025, enforced by the Inspectie Leefomgeving en Transport (ILT) for certain services and the Autoriteit Consument & Markt for e-commerce. Sitting alongside these is the Wet handhaving consumentenbescherming enforced by the ACM, which can capture misleading practices that arise from how an AI-built site is sold to consumers. The 2024 Product Liability Directive 2024/2853 layers a strict-liability claim path on top for damage to natural persons from defective AI products, applicable from 9 December 2026.

Two Dutch enforcement bodies bear watching specifically for AI websites. The AP runs the dominant supervisory function for everything touching personal data and is the designated competent authority for the personal-data components of the EU AI Act, confirmed in a 2024 letter from the Minister of Economic Affairs and Climate Policy to the Tweede Kamer. The Autoriteit Consument & Markt is the second front-runner, particularly for the transparency duties around AI-generated content under Article 50(4) and for consumer-protection enforcement under the Wet handhaving consumentenbescherming. The Rijksinspectie Digitale Infrastructuur (RDI), formerly Agentschap Telecom, sits to one side as a likely market-surveillance authority for some AI Act tiers. The Ministerie van Economische Zaken en Klimaat is running the designation pipeline and the implementing wetsvoorstel as of May 2026.

Dutch freelance-developer practice and agency contracts create some specific exposure shapes. Most Dutch micro-agencies operate as a besloten vennootschap (B.V.) or as a eenmanszaak, the latter giving full personal liability of the owner but the former limiting liability to share capital that is now often EUR 1 under the post-2012 Flex-BV regime. That makes contractual recourse against a B.V. agency a thin remedy when something goes wrong. The default contract type under Dutch law is an overeenkomst van opdracht under Article 7:400 et seq. Burgerlijk Wetboek, which imports an implied duty to perform the work as a goed opdrachtnemer (a good contractor). Article 6:74 BW supplies the contract-breach claim and Article 6:162 BW supplies the unlawful-act claim. The remedy is litigation in the kantonrechter for under EUR 25,000 or the Rechtbank above that, but the limited-liability structure of a Flex-BV agency means a judgment may not be collectable in practice. The AP fine, by contrast, lands on the controller directly and is enforceable without recourse to the agency. That asymmetry is why the operator carries the weight in real-world terms, not the developer who shipped the code.

Cross-border posture matters in two specific Dutch situations. Selling into Belgium engages the Gegevensbeschermingsautoriteit (GBA / APD) for that activity rather than the AP, although the lead-supervisory-authority rule under Article 56 GDPR may consolidate the matter under the AP if the controller is established in the Netherlands. Selling into Germany engages the BfDI for federal questions and one of the sixteen Landesdatenschutzbeauftragte for state-level enforcement, and the German DPAs apply stricter analytics-consent priors than the AP does. The Information Commissioner's Office in the UK applies its own UK GDPR and PECR regime, and a Dutch operator selling cross-border has to map to multiple regulators. Selling from a UK base into the Netherlands brings the UK operator into GDPR scope under Article 3(2) for offering goods or services to data subjects in the Union, with the AP as the supervisory authority. That dual exposure is a routine fact pattern for Dutch small businesses with cross-border customer bases.

The short answer: you do

Under Article 4(7) of the GDPR, the controller is the natural or legal person that determines the purposes and means of processing personal data. The site owner decides what cookies fire, which analytics load, what the contact form does and where the data goes. The AI tool that wrote the code is not a controller and is not a processor for your visitors' data. It processed your developer's prompt, which was a separate transaction with a separate counterparty.

The Autoriteit Persoonsgegevens cares about who runs the website. That is whoever the KVK record names, whoever the privacy notice identifies, whoever cashes the payments. That is you. The AP does not need to know which tool wrote the cookie banner, and they will not ask.

Why the AI tool is not on the hook, yet

Three things keep the AI vendor out of the chain.

First, the major AI coding tools' terms of service push responsibility for outputs onto the user of the tool. That is the consistent pattern across OpenAI, Anthropic, GitHub Copilot, Cursor and Lovable as of May 2026. The reader of these terms agrees to verify outputs, indemnifies the provider against third-party claims arising from outputs and uses the outputs "as is". When your designer accepts the code Cursor suggested, the legal weight of that decision lands on your designer, not on Cursor.

Second, the AI provider is not a controller or a processor for your site's visitors. The EDPB's December 2024 opinion on AI models is precise on this: roles and responsibilities must be defined before processing takes place. A deployer of an AI model carries its own accountability obligations even where the model was developed by someone else. That deployer is your site, on your domain, with your data subjects.

Third, the proposed AI Liability Directive that was meant to fill this gap was withdrawn. The Commission listed it for withdrawal in its 2025 work programme on 11 February 2025, and the withdrawal was formally published in OJ C/2025/5423 on 6 October 2025. The clean liability-allocation framework for AI-caused harm that was supposed to arrive in 2026 is not arriving.

What about the agency or freelancer that used the AI?

The agency-client liability chain pre-dates AI by a couple of decades. The same logic that applies to a designer who used unlicensed images applies to a designer who used AI to generate code. How web designer liability works when images are unlicensed is the parent question. Under Dutch contract law the agency owes you a delivery that meets professional standards. A delivery riddled with GDPR defects is a breach.

The AI layer adds one structural fact. The agency's contract with the AI provider almost certainly indemnifies the provider, not the agency or the agency's client. You never had a contract with the AI vendor. The agency did. The agency promised the AI vendor that they, the agency, would carry the risk of using the outputs. That promise does not flow through to you, and it does not give you a route to OpenAI's legal team.

In practice this means the contract you have with the agency is the only document that matters when you want to push the cost back. If your agency contract is silent on compliance warranties, AI use disclosure and indemnification, you are negotiating from a weak position. If it has these clauses you are in roughly the same place you would be with any other professional-services breach claim.

What changes on 9 December 2026, and what does not

Directive (EU) 2024/2853, the new Product Liability Directive, treats software and AI systems as products for the first time. Member States must transpose it by 9 December 2026 under Article 24. From that date it applies to products placed on the market or put into service after the cutover. Pre-existing products stay under the old 1985 directive.

This matters for the AI-built website question in a narrow way. From late 2026 a person who suffers material harm because of a defective AI tool could potentially pursue the AI tool provider directly under a no-fault regime. Open source software developed outside a commercial activity is excluded under Article 2(2), but the commercial coding assistants are squarely in scope. The claim is for damage to natural persons, so it is not a generic "my site got fined" route, and it does not retroactively cover sites built before the cutover.

What does not change on 9 December 2026: who the controller is, who the regulator enforces against and who pays a GDPR fine. That is you, before and after. The PLD adds a new line of claim against the AI provider for a narrow set of harms. It does not subtract the existing line of liability against you.

The Product Liability Directive is enough of its own topic to deserve its own article. <!-- TODO: replace with /nl/en/guides/product-liability-directive-2026 when cluster #5 publishes -->

A practical scenario, or three

Your AI-built cookie banner has no working reject-all button. The AP enforces against you. The agency may be liable to you in contract for delivering a non-conforming product, but only if your contract said the deliverable would meet cookie law. Read whether your cookie banner does what it claims before you sign off on a build.

Your AI-built contact form ships data to a US analytics service without an SCC arrangement. That is a Chapter V GDPR breach, enforced against you as controller. The AP has been clear about US transfers since the Schrems II era. The agency may have used a default Cursor or Claude pattern that hard-coded the third party. The agency owes you a fix and, if your contract is good, the fine.

Your AI-generated alt text is wrong on most images or missing entirely. The European Accessibility Act treats the business operating the site as the economic operator, so the EAA penalties under Dutch enforcement point at you. From 28 June 2025 most B2C webshops above the SME thresholds need WCAG 2.1 AA alt text on functional images. AI-generated alt text that hallucinates is worse than no alt text in this context, because the screen reader reads it confidently to a blind visitor.

How to push the risk back to your agency

The contract is your only lever. Before signing:

• An indemnification clause that names you specifically and covers third-party claims arising from non-compliance of the delivered site.
• A compliance warranty: the agency warrants that, at delivery, the site meets GDPR, ePrivacy, EAA and applicable consumer protection rules.
• A disclose-AI-use clause: the agency must list which AI tools generated which deliverables. This is not because of liability shielding, it is because of your own AI Act Article 50 transparency obligations starting 2 August 2026 if any AI-generated copy or images are on the site. <!-- TODO: replace with /nl/en/guides/eu-ai-act-for-website-owners when cluster #4 publishes -->
• A right-to-scan clause: you may run a compliance scan before sign-off, and any criticals must be fixed.
• A post-delivery support window: the agency fixes compliance defects found in the first 90 days at their cost.

The point of these clauses is not to win in court. The point is that an agency that resists them is telling you they are not confident about what they are delivering. Replace any AI-use disclaimer with a compliance warranty. The disclaimer protects them. The warranty protects you.

What to check on your own site today

Five things you can verify without a developer. Two minutes per check.

1. Does my cookie banner have a reject-all button that is as visible as accept-all and does not pre-tick anything?
2. Do analytics and marketing scripts load only after consent is given?
3. Is the privacy policy named with my actual company and KVK number, not a placeholder like [Your Company] left over from an AI template?
4. Are alt texts present on key product images, and do they describe the image, not just say "image of"?
5. Can a keyboard-only visitor reach the main pages and the checkout without using a mouse?

If any of these are uncertain, our free compliance scan checks GDPR, cookies, accessibility and image rights. It will not tell you whether your AI tools are legal. It will tell you whether the site they helped build is.

Common Questions

If I used Lovable, Bolt or v0 to build my own site, am I liable for compliance issues?

Yes. Under Article 4(7) GDPR you are the controller for the personal data your site processes, regardless of whether you wrote the code or an AI wrote it. The Autoriteit Persoonsgegevens enforces against the controller, not the tool. The AI generated the code. You decided to publish it.

Can I sue OpenAI or Anthropic if their tool produced non-compliant code?

Almost never. You have no contract with them as an end user of a tool your agency picked. Their terms of service push responsibility for outputs onto the user of the tool. The Product Liability Directive that applies from 9 December 2026 may open a narrow strict-liability claim path, but only for damage to natural persons and only for products placed on the market after that date.

Does the EU AI Act mean my AI-built website needs disclosure?

It depends what the AI generated. From 2 August 2026, Article 50 of the AI Act requires disclosure of AI-generated images, audio, video and text that could mislead a reader, plus deepfake labelling. Code itself is not in scope. If your site has AI-generated copy or images, plan a labelling approach.

What changes on 9 December 2026 with the new Product Liability Directive?

Directive (EU) 2024/2853 treats software, including AI systems, as products. From that date, a person harmed by a defective AI tool can pursue the AI provider directly under a no-fault regime, but only for products placed on the market after 9 December 2026. Your existing GDPR liability as the site operator does not change.

My agency disclaims AI use in their contract. Does that protect me?

It does not protect you from the regulator. The AP looks at the controller, which is you. A disclaimer between you and your agency only affects who reimburses whom internally. Replace any AI-use disclaimer with a compliance warranty: the agency warrants the delivered site meets GDPR, cookie law and EAA at handover.

Related reading

If you want to go further on the questions this article touched on:

• The agency-client liability chain pre-dates AI. How web designer liability works when images are unlicensed covers the same contractual framework before the AI layer.
• The 9 December 2026 shift. The new Product Liability Directive affects software and AI claims in ways that will get their own dedicated article. <!-- TODO: replace with /nl/en/guides/product-liability-directive-2026 when published -->
• AI Act transparency obligations from 2 August 2026. What the EU AI Act actually requires of website owners is the next article in this cluster. <!-- TODO: replace with /nl/en/guides/eu-ai-act-for-website-owners when published -->
• The cookie banner is where most AI-built sites fail first. Whether your site needs a cookie banner at all is the cheapest one to get right.
• The fine ranges that make this question worth asking. GDPR fines in the Netherlands explains what an AP enforcement action actually costs.

This article is technical analysis, not legal advice. The author is not your lawyer and is not your KVK-registered controller. For a binding view, talk to one of those.