Developing a harm-based approach to understand digital vulnerability in the era of AI: a perspective of the European Union

The full picture of digital vulnerability encompasses both ex ante and ex post dimensions. From an ex ante perspective, risks must be properly identified, assessed and regulated. The European Union (EU) has introduced the AI Act, aimed at establishing a comprehensive framework for regulating AI systems according to the level of risk they pose. In contrast, the ex post dimension of digital vulnerability remains both theoretically underexplored and practically fragmented. This article focuses on the ex post dimension of digital vulnerability, identifying four obstacles that hinder individuals from seeking remedies through tort liability: the difficulty in identifying harm, the presence of pure economic loss, the quantification of non-material damage and the issue of federalism. Recognising these four elements provides a basis for reclassifying AI systems based on the nature of harm they may cause. Such an approach not only enhances stakeholders’ understanding of the limitation of tort-based remedies for AI-related harm across different contexts but also offers policymakers a foundation for developing complementary mechanisms beyond tort damage to more effectively address the challenges posed by various AI systems.