On 9 June 2026, the Regional Court of Munich granted a preliminary injunction (case no. 26 O 869/26) against Google over its AI Overviews. Two Munich publishers had found that the AI summaries wrongly tied their names to scams, subscription traps, and “dubious business practices”, language that appeared nowhere in the sources the overview claimed to be drawing from. The court found the AI overview contains statements that do not appear in the search results at all; in other words, it didn’t misreport its sources, it invented the accusation and then cited the sources anyway.
The legal reasoning is the part that travels. The Munich court found that AI Overviews produce independent, new, and substantive statements that count as Google’s own content, rather than the neutral list of links a traditional search engine returns. Google’s defence; that users are told to verify AI answers themselves; didn’t hold; the court said that telling people they should double-check AI search results is not enough to deny liability for what those results say. Google has confirmed it will appeal, and the ruling isn’t final. But the distinction it draws; a search engine that lists links is a conduit, pointing at other people’s speech; a search engine that writes you a paragraph in its own voice, with its own conclusions, is a publisher of its own speech; doesn’t depend on the appeal succeeding or failing. It depends on what the software actually does, and AI Overviews do the same thing in Munich as they do everywhere else.
It’s tempting to file this under “interesting but parochial”; one injunction, one jurisdiction, two plaintiffs most people have never heard of. Three things suggest that’s the wrong read.
First, it isn’t even the first German ruling pointing this way: a Frankfurt court had already established in September 2025 that a search engine provider could theoretically be held liable for false information in its AI summaries, although in that case the plaintiff failed to win the injunction it was after. Munich is the second court, not the first, to reach for this framing, which suggests it’s becoming the default legal lens rather than one judge’s idiosyncratic view.
Second, the timing lines up with regulation that has nothing to do with defamation law specifically. The EU AI Act’s transparency obligations for systems that interact with users take effect on 2 August 2026, and Google is rolling out an AI Overviews opt-out in the UK under a Competition and Markets Authority order. None of these instruments were written because of the Munich case, but they all converge on the same underlying complaint: a system is telling users things, in its own synthesised voice, without making it straightforward to see where those things came from or to switch the synthesis off.
Third, and most concretely: this isn’t a Google-specific defect. An analysis by AI startup Oumi for the New York Times found that Google’s AI Overviews with the current Gemini 3 model answered correctly 91 percent of the time; solid for everyday use, but at Google’s scale still millions of wrong answers every hour; and that 56 percent of the correct answers couldn’t be backed up by the sources Google linked. That second number is the one that matters here. It means even when the AI Overview happens to be right, you generally cannot trace the claim back to a source that supports it. If enough wrong content of this kind defames companies or individuals, it could become a serious legal problem not just for Google but for other providers of similar services like ChatGPT, Claude, or Perplexity. The architecture is the liability. Munich just happened to be where someone sued first.
For anyone running infrastructure or publishing analysis professionally; which, dear reader, is most of who reads this; “the AI told me” is rapidly becoming a sentence with no legal or evidentiary value, in any jurisdiction, regardless of which model said it. If you can’t show your working back to a primary source, neither, it turns out, can the model.
None of this is news to search providers; some have simply made a different commercial choice. DuckDuckGo has spent years trading on the conduit model: links, not summaries. Bing has just added an “-ai” suffix so users can opt out of its overview layer on a per-query basis; which is itself an admission that the overview is now the default and the plain links are the exception you have to ask for. The direction of travel across the industry is consistent: the AI-generated summary sits on top of the results, between the user and the source, and gets harder to switch off with every release, not easier.
I found this irritating enough on Friday afternoon that, by Sunday evening, it no longer applied to me. Lantern; lantern.co.im; is a self-hosted, ad-free metasearch engine: type a query, get links, nothing else. No overview, no synthesis, no “according to AI”. Just the underlying engines (Google, Bing, DuckDuckGo, Wikipedia), aggregated and re-presented without tracking. The tagline writes itself: a light in the darkness of AI overview.
The honest answer to “how long did this take” is: most of the time was spent on a Saturday CSS theme, not on the search engine itself. SearXNG; the open-source metasearch project this runs on; is a mature, well-documented Docker container. The actual engine deployment was perhaps twenty minutes: a docker-compose file, a settings.yml, a Caddy reverse proxy block pointing a new subdomain at the container.
What made that twenty minutes possible was not the twenty minutes. It was the eighteen months of infrastructure work that preceded it. The Netcup server in Nuremberg already runs Caddy bare metal, with CrowdSec, Tailscale, and a working certificate pipeline. The domain registration process; WHOIS privacy, nameserver delegation to the existing Hetzner/OVH DNS, A and AAAA records; is now a fifteen-minute routine I could do half asleep, because I’ve done it for haunted.lighthouse.co.im and its subdomains a dozen times over. The GoatCounter analytics instance already existed; adding a new site to it is a form, not a deployment. The PayPal subscription plans already existed, because The Sovereign Auditor has been selling subscriptions since March.
This is the part that’s actually interesting, and it’s a point I keep returning to in different forms across this publication: sovereign infrastructure has a compounding return. The first self-hosted service is expensive; in time, in learning, in things that go wrong at inconvenient hours. The second is cheaper. By the time you’re deploying your fifth or sixth service on infrastructure you own and understand, the marginal cost of “let’s also stand up a search engine” is an afternoon and £4.98 for a domain name. Lantern cost less than a round of drinks because the bill for the platform underneath it was paid years ago, in instalments, mostly in frustration.
Most of Lantern’s CSS, the page copy, the Caddy configuration edits, and a fair amount of the debugging dialogue were done with AI assistance; Claude, in this case, working through BBEdit over a Tailscale SFTP connection to a live server. It’s worth being precise about what that looked like, because “AI helped build a search engine” can mean very different things depending on who’s holding the keyboard.
It went wrong twice, in instructive ways. First, an early version of the SearXNG configuration included Brave as a search backend; Brave’s API began returning rate-limit errors, and because SearXNG aggregates engines in parallel, one misbehaving engine took the whole search request down with a 500 error. Every query failed. Second, a template edit intended to add a small branded navigation bar to every SearXNG page included a literal placeholder where a working Jinja expression should have been; the kind of thing that looks plausible in a diff and breaks the entire templating engine the moment it’s loaded.
Neither of these was catastrophic, because neither of them went live unreviewed. The first was caught by testing actual searches and watching them fail; the fix was to remove the broken engine from the config and restart the container. The second produced an immediate, loud Python traceback the moment the container restarted, and was fixed by replacing the broken line with the correct one and restarting again. In both cases the AI proposed the change, I (or the running container) tested it, something broke, and the AI helped diagnose and correct it; on the second pass.
That loop; propose, deploy, observe, fix; is the whole of “copilot not root” in miniature. An agentic system with write access to the production Caddy and SearXNG configuration, instructed to “add Lantern branding to all pages” and left to get on with it, would either have shipped the broken template (and left the entire site down until someone noticed) or would have needed its own error-recovery loop sophisticated enough that you’d struggle to audit what it actually changed and why. What happened instead was slower, more visible, and produced a config history I can read back and understand line by line. The AI was extremely useful. It was not, at any point, the thing deciding what went into production.
Lantern is free for anyone, with rate limits for casual use. Lantern Pro removes those limits, costs the same £10/month or £100/year as a Sovereign Auditor subscription, and; because it’s the same PayPal plan; a Lantern Pro subscriber gets the full Sovereign Auditor archive bundled in, and a Sovereign Auditor subscriber gets unlimited Lantern search. One subscription, two products, neither one tracking you to pay for the other.
No query logging. No AI Overview. Hosted on infrastructure inside the EEA, operated from the Isle of Man, behind the same Cyber Essentials-certified setup as everything else this publication runs on.
If the Munich ruling is the first domino in AI search providers being treated as publishers rather than conduits, the practical question for the rest of us isn’t really legal; it’s architectural. Do you want your search results filtered through a model whose outputs are now, in at least one jurisdiction, legally someone’s opinion? Or would you rather have the links?
We went with the links. It took an afternoon, because the hard part was finished a long time ago.
The Sovereign Auditor covers supply chain security, digital sovereignty, and infrastructure policy—with particular focus on Isle of Man jurisdiction and Crown Dependency issues.
Also included: Lantern Pro -- unlimited sovereign search, no rate limits, no AI overview.
Payments via PayPal. Credentials delivered by email. No Substack. No Stripe. No middlemen.
