Legal Risks for AI Startup OPC Companies: A one-person company registered for a few hundred yuan actually bears unlimited liability behind the scenes

null

Original Author: Lawyer Zhao Xuan

Recently participated in several offline legal and AI industry sharing events. During exchanges with many AI entrepreneurs, I discovered a common and fatal misconception—many entrepreneurs skilled in using complex AI tools have a significant misunderstanding of OPC (One-Person Limited Liability Company) compliance risks.

Currently, various regions have introduced many favorable policies to attract OPCs, but these policies come with both benefits and risks. Many entrepreneurs see the benefits and spend a few hundred yuan to find agents to register an OPC, believing that a registered capital of hundreds of thousands is the upper limit of their future risks, but the reality is not so.

A few days ago, I was interviewed by a reporter from “21st Century Business Herald,” where we discussed the rise and fall of the U.S. AI medical company Medvi. This reinforced my belief—that the vast majority of startup teams are in a state of “legal naked running” without awareness.

$1.8 Billion Revenue Behind the “Super Individual” Frenzy

(1) To understand risks, we first look at how much benefit AI leverage can generate.

Matthew Gallagher, 41, used only $20k in startup capital and one full-time employee to establish Medvi, which sells compound weight-loss drugs.

His architecture was deliberately streamlined to the extreme. Backend infrastructure, such as licensed doctors, pharmacies, and logistics, was all outsourced to third-party platforms.

The frontend—branding, marketing, and customer relations—was completely managed by AI. He used large models to write code, generate ads, and provide voice communication.

In the first full calendar year of operation, Medvi achieved $401 million in revenue, with a net profit margin of 16.2%, and was racing toward an annual sales target of $1.8 billion. This is truly a “one-person army.”

(2) How the efficiency myth evolved into a compliance disaster

But leverage is a double-edged sword. AI amplifies productivity by thousands of times, but also magnifies trial-and-error costs and legal risks to an unbearable level. Medvi’s collapse was even faster than its rise.

First, the illusion of AI led to breach of guarantees. Customer service robots not only misreported drug prices but even fabricated a nonexistent hair loss product line, making false promises externally. When system failures occurred, over a thousand angry calls directly reached the founder’s mobile phone.

Next came deadly regulatory red lines. To conduct high-frequency marketing, the company allegedly violated regulations by using AI to generate over 800 fake doctor accounts for advertising. They even forged numerous “real user” before-and-after photos and testimonial videos.

Ultimately, the company faced official warnings for selling FDA-unapproved drugs, and data breaches involving millions of patient records caused by clinical partners, putting the founders at risk of massive compensation claims and even criminal liability.

(3) The magnified double-edged sword effect

Medvi’s story is a Damocles sword hanging over every domestic AI startup.

In traditional business models, the breach risk of a one-person company is mostly limited to a few bad debts.

But today, when agents can autonomously execute tasks 24/7, risks exponentially multiply.

Any hallucination promises from the black box of AI, or unauthorized bulk data scraping, can instantly trigger massive breach disputes and intellectual property claims. If you still view these risks through the traditional OPC lens, thinking that at worst it’s just company bankruptcy, you are gravely mistaken.

Seven Key Points: AI Entrepreneur Compliance Checklist

Many entrepreneurs believe that Medvi’s systemic fraud is far from them. But under the current domestic business and legal framework, even if you have no malicious intent, as long as your business leverages AI, the following seven compliance risks are enough to cause your company to face major dangers instantly, even putting founders at risk of enormous joint liabilities.

Point 1: Unlimited liability, ineffective separation, and reversed burden of proof

This is the most common pitfall for OPC entrepreneurs and one of the greatest risks.

For convenience, many friends, seeing policy incentives, directly spend a few hundred yuan to register a one-person limited liability company. In daily operations, they often use personal accounts to receive payments and bind personal credit cards to overseas models for monthly deductions. Legally, this constitutes direct “property commingling.”

The revised “Company Law” in 2023 explicitly stipulates that one-person companies are subject to reversed burden of proof. If a huge claim arises, as long as you cannot prove strict property independence, you will bear unlimited joint liability for the debt.

Point 2: Black box out of control and responsible party for breach

In current civil and commercial legal systems, AI agents do not have any legal subject qualification. This means all errors caused by AI—whether misreporting prices or false promises—are ultimately paid for by the actual company using AI.

Due to the black box nature of AI technology and high-frequency operation, the scale of systemic breach compensation is often uncontrollable, potentially breaching the company’s financial capacity in a short time.

Point 3: Asset floating and platform tenant crisis

Domestic courts place great emphasis on the “intellectual input” of creators in AI outputs for copyright protection. If you simply input a few prompts or lack a complete IP evidence workflow, your business outputs cannot be properly protected.

Moreover, building core business on third-party AI platforms essentially makes your company a “tenant” that can be shut down at any time. This directly leads to high risk assessments of core assets during financing due diligence.

Point 4: Shell API and data export red lines

To quickly develop MVPs, many startups directly call overseas large model APIs for secondary development or shelling. Operating domestically without algorithm filing and online review exposes them to high risks of delisting and administrative penalties.

Furthermore, transmitting unmasked user interaction data overseas without proper data desensitization breaches data export regulations.

Point 5: Asset pollution and business secret leakage

To make AI assistants more “knowledgeable,” entrepreneurs often feed raw customer data, business contracts, and even core business code directly into public cloud models.

This not only infringes on customer privacy but also risks the company’s core secrets being absorbed by the model and reproduced in other users’ outputs. Without proper data cleaning workflows, this practice erodes the company’s moat.

Point 6: Agent overreach and substantive destruction

When AI moves from simple content generation to autonomous execution, risks escalate significantly. Once an agent is given control over system operations, API calls, or even access to financial accounts, the danger is immense.

Prompt injection attacks, logical errors leading to incorrect business procurement or asset transfers, can cause irreversible losses.

In such cases, robust risk control—both technical and legal—is paramount.

Point 7: The illusion of employment behind super individuals

The so-called one-person company often relies heavily on part-time outsourcing and crowdsourcing to fill gaps AI cannot cover.

These non-standard employment relationships usually lack strict IP transfer and confidentiality clauses. The jointly developed digital assets can easily lead to ownership disputes in the future, becoming hidden mines hindering financing and M&A.

Rebuilding the Moat: From Technical Superiority to Compliance Defense

Over the past year, with the explosion of open-source models, pure technical advantages are rapidly being leveled. The AI workflows entrepreneurs pride themselves on can be replicated in a week, or replaced by a general model update.

The next phase of AI entrepreneurship is not about who runs faster, but who can develop while solving real business needs within compliance. When hallucinations inevitably occur or the company faces massive claims, a rigorous compliance framework is the last line of defense to prevent business halts and protect personal assets.

Say goodbye to “legal naked running”: compliance is not a cost, but a core asset.

Legal compliance should no longer be viewed as an afterthought for making big money.

If personal and company accounts are long-term commingled, all personal assets are backing a 24/7 running machine. I fully understand everyone’s eagerness to seize market opportunities. But on this fast track, taking time to clarify shareholding structures, establish evidence flows, and cut off financial commingling is a crucial business decision.

Serial Preview: Practical Guide for AI Entrepreneurs

Pointing out problems is only the first step; solving them is the core deliverable. Next, I will launch a complete series of articles based on these seven compliance points.

From a practical perspective, each article will dissect one decision-making pain point—how to break OPC architecture at low cost, how to set effective responsibility caps and arbitration clauses, and how to establish compliant data flow models. Each piece will focus on a single issue, providing actionable, implementable solutions. Stay tuned.