AI Models Break EU Law in up to 93% of Tests

Staff Editor 2026-06-01
AI Models Break EU Law in up to 93% of Tests

AI Models Break EU Law in up to 93% of Tests

https://www.cxtoday.com/security-privacy-compliance/ai-models-break-eu-law-93-percent-tests/

Publish Date: 2026-06-01 09:32:00

Source Domain: www.cxtoday.com

European AI research non-profit Aithos has found that the leading AI models routinely fail key legal compliance tests under EU law, raising concerns for enterprises deploying AI-powered customer service and support agents.

The findings come from LARA (Legal Assessment for Real-world Agents), a publicly available testing framework that Amsterdam-based Aithos has developed to evaluate how AI systems behave when faced with real-world tasks that could trigger obligations under the General Data Protection Regulation (GDPR) and the EU AI Act.

According to the research, all 12 frontier AI models tested failed compliance assessments across a range of scenarios involving data protection, manipulation, emotion inference, psychological profiling and human oversight requirements. Even the highest-performing model violated applicable regulations in nearly half of the test runs, while the lowest-performing model failed in 93 percent of scenarios.

For customer experience teams investing in AI agents to automate customer interactions, the findings highlight a widening gap between AI capabilities and regulatory readiness. Nadia Kadhim, Executive Director of Aithos, said:

“These are not abstract legal violations and the results should concern anyone interacting with an AI system, not just the businesses deploying them. These laws are in place because AI can cause real harm to real people. Our autonomy, privacy and other fundamental human rights are at play.”

Compliance Responsibility Sits With Deployers

The research highlights the risk to enterprises building customer-facing AI experiences, as legal responsibility does not primarily rest with model developers.

Aithos pointed out that under both the GDPR and the EU AI Act, “[b]usinesses—not the AI model’s creator—building AI agents and putting them on the market bear primary legal responsibility for compliance with the EU AI Act and GDPR. Organisations that then deploy that agent carry…

Source

More Stories

AI Governance Expectations on the Rise for Insurers Amid New Regulatory Activity

AI Governance Expectations on the Rise for Insurers Amid New Regulatory Activity

Staff Editor 2026-06-05
HHS Restructuring and New Enforcement Signal Increased Focus on Privacy, Security, and Health Plans

HHS Restructuring and New Enforcement Signal Increased Focus on Privacy, Security, and Health Plans

Staff Editor 2026-06-05
Trump mandates military AI use while emphasizing oversight and privacy

Trump mandates military AI use while emphasizing oversight and privacy

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy