Lausanne University Hospital (CHUV) began clinical testing of Meditron in its emergency room in May 2026 — the open-source Swiss medical large language model built by EPFL with Yale School of Medicine and the International Committee of the Red Cross. The deployment follows evaluation by more than 300 health professionals through 2025 and ranks among the first frontline uses of a generative clinical-decision tool inside a European public hospital. It also drops a live question onto Swiss civil courts: when an AI-assisted diagnosis goes wrong, who pays?
For now, nobody can say with confidence — and that is precisely the point.
A deployment ahead of the law
Switzerland has no AI-specific liability statute. On 12 February 2025 the Federal Council settled its course: ratify the Council of Europe Framework Convention on Artificial Intelligence, regulate sectorally rather than with a single horizontal EU-style act, and task the Federal Department of Justice and Police with preparing a consultation draft (Vernehmlassung) by the end of 2026. Switzerland signed the Convention in Strasbourg on 27 March 2025. But a draft due only at end-2026 means binding domestic rules are realistically a 2027–2028 affair. Meditron is in the ER now.
In the gap, liability falls back on general civil law that long predates machine learning. Three regimes do the work. General tort under Article 41 of the Code of Obligations — the CO dates to 1911 — requires a claimant to prove an unlawful act, fault, damage, and causation. Contractual and auxiliary-person liability under Articles 97 and 101 CO governs the hospital–patient relationship and the conduct of those a hospital engages. And the Product Liability Act can reach a defective product's manufacturer. None was written with a probabilistic model that returns different suggestions to identical prompts in mind.
Why the gap actually cuts the right way
The case for waiting is real and deserves a fair hearing. A medical AI that shapes triage and diagnosis is exactly the high-stakes setting where an injured patient should not have to reverse-engineer an opaque model to recover — and the EU's now-shelved AI Liability Directive was built precisely to ease that burden, via evidence-disclosure orders and a rebuttable presumption of causation. A patient harmed by an algorithm few can audit faces a genuine evidentiary mountain under Article 41's fault standard. That is a problem, not a phantom.
But the conclusion that Switzerland therefore needs a bespoke AI-liability statute before such tools can be trusted in a hospital does not follow. Swiss medical-malpractice law already runs on a settled principle: the treating physician remains responsible for the clinical decision. A decision-support tool — whether a drug-interaction database, a risk score, or an LLM — is an input the doctor weighs, not a colleague who shares the blame. A physician who follows an AI suggestion against their own judgment, or who fails to apply the standard of care, is liable much as they would be for misreading a lab result. The hospital answers under Article 101 for its auxiliaries and under its treatment contract. Where a model is genuinely defective — not merely wrong in a hard case — the Product Liability Act already points at the developer. The doctrinal furniture exists.
This matters beyond Switzerland, because the instinct to legislate first and deploy later is strong, and Switzerland is quietly testing the opposite sequence. The European Commission spent years on its AI Liability Directive only to drop it from the 2025 work programme for lack of foreseeable agreement, and formally withdraw it that October — a reminder that comprehensive AI-liability codes are hard to get right and easy to get wrong. Premature AI-specific strict liability risks a perverse result: hospitals and developers, facing an untested and potentially sweeping new cause of action, simply keep the better tool out of the building. The patient who would have benefited from a more accurate triage suggestion bears that cost invisibly.
What proportionate regulation looks like here
None of this argues for doing nothing. It argues for the smaller, sharper thing. Three measures would address the real burden-of-proof concern without a sweeping new regime:
- A targeted disclosure and documentation duty. The fairest fix for opacity is not strict liability but evidence access — requiring clinical AI systems to log their inputs, outputs, and version so a court and a claimant can reconstruct what the tool actually said. This squarely tackles the asymmetry the AI Liability Directive worried about.
- Clear allocation by role, confirmed in guidance. Federal health and data-protection authorities can affirm that the physician-in-the-loop standard governs decision-support tools, so hospitals deploy without fear of an unknowable liability split.
- Let the Product Liability Act carry developer risk. A model that is defective by design or inadequately validated is a product defect. Stretching that existing regime beats inventing a parallel one.
Meditron's open-source nature helps rather than hurts this analysis. Its weights, training data, and code are public, making it far more auditable than the proprietary black boxes liability reformers rightly fear — and EPFL's own model card cautions against clinical deployment without further testing, including randomised trials, which is exactly the candour a court can work with. Transparency is itself a partial answer to the evidentiary problem.
The real test
The CHUV trial is valuable precisely because it will generate the facts that abstract liability debates lack. Swiss courts are good at applying old principles to new instruments; Article 41 has absorbed a century of technological change. The question is not whether Switzerland's 1911 tort law can speak to a 2026 language model — it can — but whether legislators resist the urge to overcorrect before a single Swiss court has had to try. A consultation due end-2026 gives them time to watch the ER trial first. They should use it.