A multi-tenant AI platform creates a three-party relationship: the platform (which controls the LLM and infrastructure), the client (which configures the bot's persona and modes), and the end-user (who interacts with it). When the bot says something harmful, legally inaccurate, or discriminatory — who is responsible?
Key Analysis
The platform controls the LLM, the system prompt infrastructure, and the delivery mechanism — making it difficult to disclaim liability for outputs.
Client-configured prompt fragments are client instructions, but the platform's base system prompt frames them — creating shared responsibility.
Consumer protection laws in the EU and US increasingly require AI chatbot disclosure at the start of a conversation.
Risk Signals
No clear contractual allocation of liability between platform and client for harmful AI outputs.
Chatbots that do not identify themselves as AI at the start of consumer conversations.
No audit log of which prompt configuration was active when a harmful output was generated.
Action Items
Define liability allocation clearly in client service agreements: the platform is responsible for LLM behaviour; the client is responsible for mode configurations.
Implement mandatory AI disclosure at session start in all consumer-facing channels.
Log the assembled system prompt (or its hash) with every conversation for liability tracing.