Artificial intelligence systems increasingly generate, reproduce, and distribute content at scale. For businesses operating in or merely exposed to the European Union, this development brings with it a legal risk that is both pressing and widely underestimated: if an AI-related copyright dispute arises, which court will have jurisdiction? The answer carries direct implications for litigation costs, enforcement strategy, and the degree of legal certainty available to operators of AI-driven products and services.
Under the current EU framework, the answer is far from straightforward. The Brussels Recast Regulation – the cornerstone of EU civil jurisdiction rules – was not designed with AI in mind. Meanwhile, the CJEU’s case law oscillates between two hardly reconcilable approaches (i.e., the mere accessibility test and the targeting test – as it will be further detailed below), for businesses, this translates into a tangible and growing exposure, considering that the risk of being sued in unexpected, commercially inconvenient, and potentially hostile jurisdictions is reasonably high. On the other hand, for in-house counsel, it undermines the ability to anticipate litigation risk and costs.
Within this context, until legislative intervention catches up with technological reality, businesses operating in the AI space would be well advised to (i) identifying the Member States where AI-generated outputs are or may become accessible; (ii) map their jurisdictional exposure early and allocate to budget proper reserves accordingly, ; and (iii) document their market-targeting decisions (e.g., geo-blocking, language selection, terms of service).
The European Framework
Within the European Union, jurisdiction in civil matters is primarily governed by Regulation (EU) 1215/2012 (the Brussels Recast Regulation). As said, this Regulation was not designed with AI in mind. The EU appears to have adopted – perhaps involuntarily – the principle of technological neutrality also in private international law. As a result, “[t]he task of adapting the traditional EU private international law instruments to the specific problems of online communications fell upon the Court of Justice of the EU”[1]. In practice, this means that the rules governing where a business can be sued were designed for a pre-AI world and are now being stretched to cover scenarios their drafters never envisaged.
As a threshold matter, copyright infringement claims do not arise from a contract between the parties; they arise from harm suffered. As such, they fall under the rule for non-contractual damage. The relevant provision is therefore Article 7(2) of the Brussels Recast Regulation, which determines where someone can be sued for causing harm outside of a contract. The only exception concerns disputes over the registration or validity of patents, trademarks, or designs, governed by Article 24(4); which is, however, not relevant here.
The landmark case in this area is the Shevill[2] ruling. Although it concerned a “traditional” defamation claim, its principles were subsequently extended to copyright law as well. In essence, Shevill established the so called mosaic rule which provides that a claimant may bring a claim before the courts of every state where harm occurred, but each court “has jurisdiction to rule solely in respect of the harm caused in the State of the court seized”.[3] The CJEU later confirmed this approach for online copyright infringement in Peter Pinckney[4] and Pez Hejduk[5] cases. In those proceedings, the Court held that mere accessibility of the infringing content online was sufficient to establish jurisdiction, without any requirement that the defendant had directed its conduct to the forum state.
The Challenges of AI for Businesses: Jurisdictional Exposure in Practice
Until this point, the framework may appear manageable. However, novel and commercially significant questions arise when the traditional doctrine established in the Shevill ruling is applied to intellectual property infringements occurring online, and, in particular, to those generated or facilitated by AI systems.
The most obvious concern is that IP infringements occurring online may cause damage in virtually every state where the infringing content is accessible. This would lead to ubiquitous jurisdiction and enable unbridled forum shopping, undermining the core principles of foreseeability and legal certainty that the Brussels Recast Regulation aims to safeguard. Consider a practical example where, for example, a SaaS provider offering an AI-powered content-generating tool accessible across the EU could, in theory, face parallel copyright claims in every Member State. Each claim would be limited to local damage, but collectively they would impose a disproportionate litigation burden.[6]
The CJEU has addressed this problem in ways that are neither clear nor consistent – mirroring a dilemma also faced by U.S. courts, particularly in cases related to cybersquatting. In L’Oreal v eBay[7] and Football Data co[8], the CJEU applied a “targeting test”, restricting jurisdiction to states at which the infringing conduct was demonstrably aimed. This doctrine bears resemblance to the “Zippo test[9]” and the “effects test” developed by U.S. courts. Yet in Peter Pinckney and Pez Hejduk, the CJEU took a different path regarding Article 7 of the Brussels Recast Regulation, allowing the claimant to sue in every State where the content was available. From a European perspective, this latter approach is more faithful to the wording of the provision and consistent with Shevill, although it leads to significant practical difficulties.
These two lines of authority remain difficult to reconcile, and the CJEU has yet to offer a definitive answer. In the AI context, each approach presents distinct advantages and drawbacks. The targeting test offers greater legal certainty and reflects the commercial reality of many AI deployments. Where AI systems are specifically designed for and directed at particular markets, the targeting criteria will often be satisfied in commercially significant disputes, thereby limiting the proliferation of available fora. However, this test sits less comfortably with general-purpose AI systems not expressly directed at any identifiable jurisdiction. Its application may also leave claimants without an effective remedy where no clear targeting can be demonstrated. The mere accessibility approach, by contrast, is more consistent with the letter and spirit of Shevill and better accommodates the inherently borderless nature of AI-generated content. Yet, applied without limitation, it risks creating an almost unlimited number of competent fora and generating significant uncertainty for defendants. A nuanced approach may therefore be required – one that accounts for both the technical characteristics of the AI system and the specific nature of the alleged infringement, rather than mechanically applying either doctrine.
The practical stakes of this doctrinal split are significant. Under the mere accessibility test, a company deploying a general-purpose AI system across Europe may face copyright claims in every EU jurisdiction where the system’s output can be accessed. Under the targeting test, the exposure may be narrower; however, the threshold for establishing “targeting” is itself uncertain. Marketing materials, language settings, currency options, or the mere presence of local users may all be invoked to establish a sufficient connection to ground the jurisdiction. Neither approach, as currently articulated, offers the foreseeability that businesses need to price legal risk, structure compliance programs, or make informed deployment decisions.
Conclusion: Practical Steps Forward
Clarity is therefore much needed. Until legislative intervention catches up with technological reality, businesses and practitioners operating in the AI space would be well advised to map their jurisdictional exposure, by identifying every Member State where AI-generated outputs are or may become accessible and allocate to budget proper reserves accordingly. In addition, it is crucial to keep documented records of market-targeting decisions (geo-restrictions, language settings, terms of service) that may support a narrower jurisdictional footprint if the targeting test prevails.
[1] J. Hörnle, Internet Jurisdiction Law and Practice, page 265.
[2] Case C-68/93, Fiona Shevill, Ixora Trading Inc., Chequepoint SARL and Chequepoint International Ltd v Presse Alliance SA. The French newspaper France-Soir published a defamatory article about Fiona Shevill and the Chequepoint International Limited and other companies. Some copies of the newspaper were sold in England, and the CJEU found that this sole reason was sufficient to establish the jurisdiction of the English courts over the claim.
[3] Ibid, para. 33
[4] Case C-170/12, Peter Pinckney v KDG Mediatech AG. Peter Pinckney, a French composer, found his songs were reproduced in CDs produced by an Austrian company and then sold via internet by English companies. The CJEU applied the mosaic principle enshrined in Shevill.
[5] Case C-441/13, Pez Hejduk v EnergieAgentur.NRW GmbH. Pez Hejduk, a professional photographer viewed her professional photos on the website of the German company EnergieAgentur.NRW GmbH. The CJEU found that the mere accessibility to the website from Austria was sufficient to establish the jurisdiction of the Austrian courts over the matter.
[6] Recital 16 Bruxelles Recast Regulation.
[7] Case C- 324/ 09, L’Oréal SA and Others v eBay International AG and Others. L’Oreal sued eBay for allowing, through its platform, the sale of L’Oreal products in breach of the rights of L’Oreal. The CJEU applied a targeting test originally elaborated for the consumers’ claims.
[8] Case C-173/11, Football Data co Ltd and Others v Sportradar GmbH and Sportradar AG. Footbal Data Co.
[9] Zippo Manufacturing Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119. Zippo Manifacturing Co. sued Zippo Dot Com Inc., since the latter registered several domain names infringing the copyright of the former. The United States District Court for the Western District of Pennsylvania affirmed its jurisdiction, finding that Zippo Dot Com Inc. concluded almost 3.000 contracts with Pennsylvania residents and seven contracts with local ISPs.
