The regulation of artificial intelligence is moving away from theoretical debate and entering the field of concrete liability, especially when algorithm-driven systems can cause harm to life, health, or property, says Stefan Martinić, a lawyer focused on the legal aspects of new technologies. In his view, Croatia has opened a highly important but sensitive question: who is responsible when artificial intelligence makes a mistake, endangers a person, or contributes to a decision that may lead to harmful consequences.
Martinić warns that Croatia has gone very far in this area. “Believe it or not, Croatia is a pioneer when it comes to this issue,” he says, referring to assessments that the Croatian criminal-law framework contains one of the most open provisions regarding liability for damage caused by artificial intelligence. The problem, however, lies in the breadth of the provision. It does not necessarily require actual damage, but covers situations in which someone, during development, testing, management, use, or any other form of using artificial intelligence, exposes another person to danger.
In practice, this means that criminal liability could arise even before an actual accident occurs. “No one even has to be hit by a self-driving car,” Martinić points out. It may be enough that there is a serious possibility of such harm occurring. As a result, a very broad circle of people could potentially come under the scrutiny of the police, the state attorney’s office and other authorities, from developers and IT experts to those who tested, supervised or used the system.
Such an approach raises questions of legal certainty and a possible chilling effect on investors, entrepreneurs and professionals working on artificial intelligence. “The question is whether such a provision is too broad,” Martinić says. An even greater challenge is proving causality. In criminal law, it is essential to determine exactly who did what and how that act led to the consequence. With artificial intelligence, especially when hundreds of people may be involved in its development, this is far more difficult than in conventional technological or traffic-related cases.
Martinić believes the current amendment to the Criminal Code is not a sufficiently precise solution. “There is a possibility that everyone in that supply chain, from developers to manufacturers and users, could potentially be subject to inquiries, investigations or indictments,” he warns. Even if no one is ultimately convicted, the process itself can create major stress, legal uncertainty and significant costs for all parties involved.
A more reasonable approach, he argues, would be to link criminal liability to a concrete breach of rules. That would mean liability would not be based merely on the broad fact that someone was involved in the development or use of artificial intelligence, but on whether that person violated the rules of the Artificial Intelligence Regulation or relevant sectoral regulation. “That way we would have greater legal certainty and could identify the liable party more clearly,” Martinić says. In the case of an autonomous vehicle, road safety rules would also be relevant; in the case of a medical system, the rules of that sector would have to be considered.
The biggest problem with the current approach is that the law may cover too wide a circle of people without providing sufficiently clear criteria for establishing guilt. The rules of the game, Martinić argues, must be known in advance. “You have to make an effort to follow the rules of the game,” he says, because that is precisely why rules exist for the design, development, testing and use of artificial intelligence systems.
In the broader European context, he sees a serious contradiction. While the European Union, through the Digital Omnibus, is moving toward easing some rules, postponing the strictest obligations and encouraging innovation, Croatia is sending a different signal through criminal law. “The legal situation in Croatia regarding artificial intelligence is schizophrenic,” Martinić concludes. On one side, there is a message about encouraging development, while on the other there is a very broad criminalisation of everyone who comes close to artificial intelligence. It is precisely this gap between innovation and criminal risk that represents one of the key legal questions for the future development of artificial intelligence in Croatia.
The regulation of artificial intelligence is moving away from theoretical debate and entering the field of concrete liability, especially when algorithm-driven systems can cause harm to life, health, or property, says Stefan Martinić, a lawyer focused on the legal aspects of new technologies.
By 2028, 25% of all enterprise GenAI applications will experience at least five minor security incidents per year, up from 9% in 2025, according to Gartner.
Cybersecurity is no longer a topic companies need to be convinced about, but a field in which the market increasingly feels the shortage of experienced experts, the rise of attacks, and the need for a more comprehensive approach to protection, says Hrvoje Englman, Head of Information Security at Span.
