The defence that the agent acted on its own is closing

For a while, the comfortable assumption was that an autonomous system was nobody's clear responsibility. That gap is being shut. California's AB 316, in force since 1 January 2026, bars a defendant who developed, modified or used an AI system from arguing that the system autonomously caused the harm. The law does not invent new strict liability - a claimant still has to prove the AI caused a foreseeable harm - but it removes the escape hatch of blaming the machine as a separate actor.

The United Kingdom reached the same destination by a plainer route. On 9 March 2026 the Competition and Markets Authority published guidance stating that the same rules apply whether you use AI or human agents, and that you are responsible for what an AI agent does in the same way you are responsible for what an employee does. Crucially, the guidance adds that this holds true even if someone else designed or provides the agent on your behalf. Two different legal systems, one consistent message for the business that deploys.

A third-party attack does not move the loss off your books

The harder case is when the agent is not merely wrong but manipulated. Legal analysts describe prompt-injection steering, where compromised listings, ads, reviews or on-page content nudge an agent toward the wrong seller, inflated quantities or a higher price. It is tempting to treat that as a third party's fault. On the regulators' framing it does not work that way: if the agent you deployed does something that breaches consumer law, the responsibility is yours to manage, the same way you would answer for an employee who was deceived on the job.

That is why oversight is now a live obligation rather than a nice-to-have. The CMA guidance expects a human genuinely in the loop, actively checking that the agent is behaving as intended and complying with the law, plus regular monitoring of how it performs. An agent that books payments or speaks to customers without a person who can catch and reverse its mistakes is not just an operational risk - it is an exposure you have accepted on the customer-facing side.

Your vendor has probably disclaimed the cost already

Here is where many owners are caught off guard. The firm that built or supplies your agent has usually written its contract to shed the risk. Clifford Chance noted in February 2026 that suppliers typically provide software on an as is basis, disclaiming accuracy, reliability and fitness for purpose, and that many AI terms state outputs should not be relied upon. If the agent misprices a product, authorises a supplier payment in error or sends a misleading message, the supplier's disclaimers often absolve them - while regulators keep the responsibility firmly with you.

The exclusions tend to cover exactly the harms a faulty agent produces: lost profits, regulatory fines, business disruption and reputational damage. So before an incident, three things are worth checking in plain terms. Who actually carries the loss across the contract chain when the agent errs. Whether your oversight is real enough to satisfy a regulator. And whether you can produce evidence of what happened - order provenance, confirmation steps, delivery proof - if a customer later disputes what the agent did in their name.