The tech industry calls it “hallucination.” The Munich court never used the word.

On 28 May 2026, the Munich I Regional Court (LG München I, Case No. 26 O 869/26) issued a preliminary injunction against Google. The company’s AI Overviews had invented scam allegations about two Munich publishers — connecting them to fraud, subscription traps and dubious business practices. None of these claims appeared in any of the linked sources. The AI had constructed connections that did not exist.

A textbook hallucination, as the industry would say.

The court used a much older word: a false statement. Google’s.

It held that AI Overviews are not search results pointing to third-party content — they are Google’s own content, written “in its own words and according to its own structure.” The decades-old liability shield for search engines did not apply. “Created with AI” was not a defence. “Users should verify it themselves” was not a defence. Violations of the injunction carry a penalty of up to €250,000 per instance.

And the court added one detail that matters more than the headline: it kept the injunction in force because the same algorithms could generate similar claims again. The risk was treated as systemic — not a one-off glitch to apologise for and move past.

The law has no soft category for invented errors

Here is what the ruling means for every enterprise deploying AI agents: in law, there is no special, gentler category for falsehoods your AI invents. There is only what your enterprise said and did.

India never needed a court to establish this. Our statutes were built this way. Under the Digital Personal Data Protection Act, the liable party is the Data Fiduciary — and an AI agent cannot be a Data Fiduciary. Only the enterprise can. Across Indian law — the DPDP Act, the IT Act, the new criminal codes — duties and remedies attach to natural or juristic persons who design, deploy or profit from AI. An agent is neither. Liability passes straight through it, to you. Penalties under DPDP reach ₹250 crore per instance.

So the question facing every enterprise is no longer “am I accountable?” That is settled — in case law in Europe, in statute in India.

The question is: when the regulator, the court, or your own board asks — can you discharge that accountability?

Discharging accountability requires proof

Not a log. A log says “trust me, this is what happened” — vendor-stored, alterable, taken on faith. Proof says “verify it yourself” — a tamper-evident record that anyone, including a regulator, can independently check.

But proof requires something deeper: agency. A record is only worth something when it belongs to a genuine actor — one specific agent whose record it provably is. A pile of logs from anonymous compute proves nothing, because nothing binds the record to the actor. The cryptography makes the record checkable; the identity is what makes it mean something.

And agency requires persistent identity. An agent that is a fresh instance every morning, with no memory of its own reasoning, that anyone can clone — that is not an actor a record can belong to.

What persistent identity is made of

This is what the CNE Protocol gives every agent:

Coherence. The agent stays consistent with its own past reasoning. Not “predictable” — consistent with itself, the way a professional is.

Narrative Continuity. It is the same agent across time. The agent that handled a customer’s KYC in January is provably the agent handling their renewal in June.

Exclusivity. One provable, un-clonable agent per role. If an impersonator appears — claiming to be your agent, acting in your name — you can prove it is not yours. Under a regime of ₹250 crore penalties, the ability to prove “that was not us” is not a feature. It is a defence.

Together: a persistent, auditable identity. Every decision attributable to exactly one agent, verifiable by anyone. That is what discharging accountability looks like.

A note on on-prem

We hear it often: “we deploy on-prem, so we are covered.” On-prem is a strong choice — it answers WHERE your agents run and where your data lives. That control is real.

But accountability questions are never about where. They are about WHO. When a court asks “which agent made this statement, and can you prove it was yours?” — the location of the server is not the answer. The identity of the agent is. On-prem plus persistent identity is the deployment regulated enterprises will converge on.

The chain

Accountability requires trust. Trust requires proof. Proof requires agency — a genuine actor the record can belong to. Agency requires persistent identity — coherence, narrative continuity and exclusivity.

The court in Munich settled the first link. We built the last one.

Sources: LG München I, ruling of 28 May 2026, Case No. 26 O 869/26 (preliminary injunction; not yet final). Coverage: The Decoder, heise online, Search Engine Land, June 2026. Digital Personal Data Protection Act, 2023 (India).

Alok Gotam is the CEO of Olbrain Labs. We give AI agents agency.