Introduction
The remarkable growth of generative AI has raised concerns that models may unwittingly collaborate in acts of widespread harm, including the production of chemical or biological weapons (Hendrycks et al. 2024; Center for AI Safety). Recent research and experiments have foregrounded an emerging safety method: “deep ignorance”, or training large language models (LLMs) while systematically excluding dangerous content from their pre‑training datasets (Biderman et al., 2025; O’Brien & Casper, 2025).
Not merely a technical fix, deep ignorance reframes both ethical design and the scope of developer liability, presenting new challenges and opportunities for regulation.
Italy has just enacted a comprehensive national AI law (Law No. 132/2025, 25 September), establishing strict rules for privacy, human oversight, and specifically restricting AI access for children under the age of 14 without parental permission, along with severe criminal penalties for AI misuse, such as deepfake creation and fraud.
In response to increasing global scrutiny, OpenAI has announced that teenagers under the age of 18 will be directed to a version of ChatGPT with enhanced safety measures. These measures include limited access to sexual content and new parental control tools that allow parents to monitor chat histories and set account restrictions (OpenAI, 2025). Meanwhile, in California, the Digital Age Assurance Act (AB 1043) has advanced through the legislative process. This act will require device manufacturers and app stores to implement age‑verification measures and obtain parental consent before minors can download apps. Enforcement mechanisms and substantial fines for violations are set to take effect in 2027 (Dataguidance, 2025).
The Deep Ignorance Approach
Traditionally, AI safety has relied on post-training filters and output moderation. However, researchers from EleutherAI and the UK AI Security Institute recently demonstrated that proactively filtering out hazardous knowledge—such as instructions on synthesising chemical weapons—during pre‑training resulted in models substantially more resistant to adversarial misuse, while still being effective in ordinary domains (Biderman et al., 2025; Goldman, 2025, Fortune). This proactive omission, termed “deep ignorance”, suggests that AI can be deliberately structured not to know dangerous processes, thereby reducing their vulnerability to attack, even for open-source, publicly available models (Hendrycks et al., 2024).
Deep Ignorance in EU Law and the Digital Agenda
The EU adopted its landmark AI Act in 2024. This legislation established a risk-based regime for AI safety and transparency, with enhanced obligations for “high‑risk” systems. Article 9(5)(a) states that high-risk AI systems must ensure “elimination or reduction of risks … in as far as technically feasible through adequate design and development …”. The European Commission presented the European Parliament with a proposal for a directive on Adapting non-contractual civil liability rules to artificial intelligence (AI Liability Directive), which would further reduce claimants’ burden of proof by imposing a rebuttable presumption of fault in cases where providers cannot demonstrate adequate risk mitigation measures, including proper data curation (Clifford Chance, 2025). However, this proposal was withdrawn on 6 October 2025. A few weeks later, the European Commission announced the 2025 State of the Digital Decade Package, a profound regulatory review for competitiveness and simplification. This package comprises the Digital Omnibus Package proposals of 19 November 2025 (available here and here). The EU’s new digital rulebook proposes reviewing the landmark pieces of legislation: the General Data Protection Regulation, the Digital Markets Act, the Data Act, and the AI Act. Among the revisions are a phased implementation and even a temporary suspension of a large number of provisions of the AI Act, and the withdrawal of the AI Liability Directive proposal.
In a policy environment that seeks both to uphold safety and to avoid over-regulation, reductions in a system’s capacity to generate dangerous outputs at the pre-training design stage can be seen not only as a sound compliance practice, but also as an argument for lighter-touch, proportionate liability rules.
The same agenda also contemplates a re‑examination of key concepts in EU data regulation, including the concept of “personal data”, and the distinction between anonymous and pseudonymous data in AI training. While these discussions are outside the scope of this post, they may influence how training‑data obligations and privacy‑preserving techniques are framed in law in the medium term (European Data Protection Board, Opinion 28/2024).
Recent legal commentary argues the deep‑ignorance method exemplifies due care for AI developers, aligning with the principles of transparency, risk minimisation, and precaution (Rosati 2025; Cheong 2024, PLOS Computational Biology).
It is reasonable to assert that, if a model trained with “deep ignorance” subsequently assists in an unlawful act, courts may treat the provider more favourably than those who neglect such preventive training approaches.
The Californian Approach: Consumer Protection and AI Safety
The California Department of Justice Attorney General’s Office (AGO) issued a “Legal Advisory” that provides “guidance to consumers and entities that develop, sell, and use artificial intelligence (AI) about their rights and obligations under California law, including under the state’s consumer protection, civil rights, competition, and data privacy laws (California Department of Justice 2025, “Legal Advisory – Application of Existing CA Laws to Artificial Intelligence”). The advisory states that companies must audit, test, and ensure that their AI systems cannot be exploited to create illegal products or bypass critical safeguards.
In the context of “deep ignorance”, legal advisers increasingly recommend that AI providers document dataset filtering as a robust compliance step. The California Attorney General has warned that harm caused by failure to prevent foreseeable abuses—such as providing instructions for chemical weapons—could expose providers to liability for aiding and abetting under Unfair Competition Law, Cal. Bus. & Prof. Code § 17200, even absent intent (People v. Toomey, 1984). The advisory reads as follows: “Businesses may also be liable for supplying AI products when they know, or should have known, that AI will be used to violate the law. (See, e.g., People v. Toomey (1984) 157 Cal.App.3d 1, 15 [liability under section 17200 can be imposed for aiding and abetting].)”
Section 230 and Federal Immunity: Unsettled Terrain
Under Section 230 of the Communications Decency Act (47 U.S.C. § 230), immunity for online intermediaries has traditionally shielded providers from liability for third‑party content. However, with the advent of generative AI, courts are re‑examining the boundaries: when a system “materially contributes” to illicit or dangerous content—as in the case of novel, AI‑generated chemical weapons instructions—immunity may not apply (Ryan, 2024).
Legal scholars contend that a company proactively deploying “deep ignorance” can better demonstrate it is not intentionally providing tools for illegal acts (see the debate at the Center for Democracy and Technology; Henderson 2024).
Some scholars and technologists argue for strict liability for AI developers if harm results from the use of models not employing such preventative design—a stance echoed in recent policy recommendations for the US Congress (Law‑AI.org 2024, “AI Insight Forum: Privacy and Liability”).
European “Section 230–style” Rules: Conditional, Not Absolute, Immunities
The European Union has never adopted a broad, across-the-board immunity comparable to Section 230 for online intermediaries. The traditional regime under the E‑Commerce Directive, which has now been recast and expanded by the Digital Services Act (DSA) which is under review, is based on conditional safe harbours. Service providers may only benefit from exemptions from liability for third‑party content only where they act as passive intermediaries, lack actual knowledge of illegality, and act expeditiously upon obtaining such knowledge (DSA overview).
The DSA strengthens and details these conditions, particularly for very large online platforms and search engines. These platforms are now subject to proactive risk assessment and mitigation duties, transparency obligations, algorithmic accountability requirements, and mandatory data access for regulators and vetted researchers. In practice, this means that, for generative‑AI systems, a European provider will find it challenging to claim anything resembling Section 230‑style immunity if the system materially contributes to the production of dangerous or unlawful content, and if the provider has failed to adopt reasonable, state‑of‑the‑art safeguards. Should a technical consensus prevail, this would include adopting training‑time techniques such as deep ignorance.
Accordingly, while the focus of US debates is on whether and when Section 230 still shields generative outputs, EU discussions focus on the standard of diligence expected of AI providers under the AI Act, when in force, and the DSA. Within this framework, the demonstrable deployment of deep ignorance may operate less as an absolute shield from liability and more as a key evidentiary element of due care, relevant to fault assessment, proportionality of sanctions, and the availability of defences.
In conclusion… what next?
I believe there is a place for a balanced liability rule linked to Deep Ignorance, between efficiency and desirability, in both policy and court decision-making.
Trust is key to new technologies climbing the adoption curve and to companies reaping the ensuing benefits. Safety by design through deep ignorance is a promising efficiency-enhancing rule from the supplier-side perspective.
From a citizen- or consumer-welfare perspective, an AI liability rule operates as a transfer of benefits to injured users. Hence, it is fairness-enhancing.
All in all, a balanced AI liability rule, with a focus on the developer’s commitment to releasing trustworthy AI products by adhering to a duty of care during the pre-training stage of product development, may stimulate quality improvements in Gen AI markets and yield societal benefits.
