For the first wave of generative AI, the legal questions were often framed around inputs and outputs. What data is being entered into the tool? Is confidential information being disclosed? Who owns the output? Can it be trusted?
Those questions still matter. But agentic AI shifts the focus.
An AI agent does not simply generate content in response to a prompt. It may be given a goal, access systems, make decisions, trigger workflows, communicate with customers, recommend products, process refunds, update records or initiate transactions. The shift is from using AI as a tool to delegating tasks to a system that can act with a degree of autonomy.
That creates a different legal risk profile. The key question is no longer only: “what did the AI say?” It is: “what was the AI authorised to do, who was responsible for supervising it, and what evidence exists that the business remained in control?” This is not just a legal question, it goes to customer trust, regulatory exposure and operational risk.
How existing laws already apply to agentic AI
A common misconception is that businesses can treat agentic AI as a future regulatory issue. That is a risk.
The UK does not currently have a single, horizontal AI statute regulating AI as a technology. Instead, AI is regulated largely by reference to the context in which it is used: consumer law, data protection law, financial services regulation, employment law, product safety, competition law, intellectual property and sector-specific rules.
That means existing laws already apply.
The Competition and Markets Authority has made this clear in its March 2026 guidance on AI agents and consumer law. Businesses remain responsible for what an AI agent does in the same way they are responsible for what an employee does, including where the AI agent has been designed or supplied by a third party. The CMA also highlights that enforcement action can include fines of up to 10% of worldwide turnover for breaches of consumer protection law.
The regulatory direction of travel is also clear. The UK government’s AI Opportunities Action Plan places significant emphasis on AI adoption, assurance, sandboxes and regulator-led governance. The ICO is developing further guidance and an AI and automated decision-making code of practice, including in light of the Data (Use and Access) Act 2025. Businesses operating in or into the EU also need to track the EU AI Act, which applies progressively, with key rules for general-purpose AI already applying from August 2025 and the majority of rules expected to apply from August 2026.
The practical point is simple: agentic AI should not be treated as a technology experiment sitting outside the legal framework. It should be treated as an operating model.
Where legal risk actually sits in the agentic AI systems
Many businesses will first encounter agentic AI through familiar channels: customer support, sales operations, complaints handling, marketing, software development, procurement, HR, finance or internal knowledge management.
The temptation is to assess the legal risk by looking only at the tool. Is the supplier reputable? Where is the data hosted? What does the contract say about confidentiality and liability?
But that is only part of the picture.
The risk often sits in the workflow. A relatively low-risk AI tool can become high-risk if it is connected to the wrong systems, given too much authority, trained on incomplete information or allowed to interact with customers without meaningful oversight. Equally, a sophisticated AI system may be manageable if its role is clearly bounded, monitored and evidenced.
For example:
This is why businesses should avoid asking only “can we use this AI tool?” The better question is: “what decisions, actions and communications are we allowing this system to perform?”
Where AI agents interact with consumers, consumer law needs to be designed into the system from the start.
The CMA’s guidance identifies four practical themes: tell customers when AI is being used where that matters; train AI agents to comply with consumer law; monitor how they perform; and refine them quickly if there is a problem.
Those points sound simple. In practice, they require legal, product and operational teams to work together.
A customer-facing AI agent should not be trained only to be helpful, persuasive or efficient. It should be trained to respect statutory rights, avoid misleading statements, apply contractual terms correctly, obtain necessary consents and escalate issues where a human decision is needed.
This matters because consumer harm may arise not from obviously unlawful instructions, but from subtle system behaviour. An AI agent might discourage cancellations, overstate product capabilities, omit material information, apply refund policies too narrowly, steer users towards higher-margin options or fail to identify vulnerable customers.
Those risks are not solved by adding “please comply with applicable law” to a prompt. They require design decisions, not just instructions. Businesses need defined escalation paths, testing, monitoring, complaint review and version control. If a regulator asks what happened, it will not be enough to say that the model was supplied by a reputable vendor.
Agentic AI can also increase data protection risk because it often needs access to wider datasets and systems to be useful. It may retrieve customer records, infer preferences, make recommendations, categorise individuals, summarise communications or trigger follow-up actions.
The ICO’s AI and data protection toolkit is designed to help organisations assess risks to individuals’ rights and freedoms from AI systems. The ICO’s March 2026 strategy update also confirms its focus on automated decision-making, foundation model developers and responsible AI deployment.
For businesses, the practical questions include:
The Data (Use and Access) Act 2025 also changes aspects of the UK data protection regime, including automated decision-making. Ashfords’ recent guidance notes that organisations will have wider scope to make solely automated decisions which have legal or similarly significant effects, provided special category data is not involved, a lawful basis is identified and mandatory safeguards are implemented. Those safeguards include informing impacted individuals, allowing representations or challenge, and offering meaningful human intervention.
That should not be read as a green light for automation. It is a governance requirement. If a business wants to rely on automated decision-making, it needs to be able to explain the lawful basis, the safeguards and the operational reality of human intervention.
What AI contracts need to cover for agentic AI
Many technology contracts are still drafted for conventional SaaS: access rights, service levels, support, security, data protection, IP, liability and termination.
Those provisions remain important, but they are unlikely to be sufficient for agentic AI.
The contract should reflect how the AI agent will actually be used. In particular, businesses should consider whether the contract or order form needs to cover:
This is not about overcomplicating contracts. It is about ensuring that the legal terms match the operational risk. A business deploying an internal AI summarisation tool does not need the same contract architecture as a business deploying an AI agent that handles complaints, pricing, refunds or regulated customer communications.
Agentic AI creates awkward liability questions.
If an AI agent gives a customer the wrong answer, is that a service failure, a software defect, a compliance breach or a customer operations issue?
If an AI agent applies a policy incorrectly at scale, is each incorrect decision a separate claim?
If the agent was configured by the customer but supplied by a vendor, who is responsible?
If the model provider updates the underlying model and performance changes, is that a change in the service?
If the AI agent’s output causes the customer to breach consumer law, data protection law or sector regulation, does the supplier’s liability cap provide meaningful protection?
Standard liability wording may not answer those questions clearly. Businesses procuring AI agent technology should pay close attention to the relationship between warranties, indemnities, exclusions of loss, regulatory losses, data protection liability and any AI-specific disclaimers.
Suppliers will understandably resist taking responsibility for all downstream use of an AI system, particularly where the customer controls the use case, data, prompts and human oversight. Customers, however, should be cautious about accepting terms that leave them fully exposed for risks caused by the supplier’s model, documentation, integrations or system design.
The fairest position will often depend on control. Who configured the agent? Who selected the data sources? Who approved the use case? Who could monitor outputs? Who could suspend the system? Who caused the relevant failure?
A good AI contract should allocate risk by reference to those points of control, rather than relying on generic statements that AI outputs may be inaccurate. In practice, liability discussions should track control not just contract wording.
AI governance needs to be operational, not just documented
Most businesses using AI will need some form of AI governance policy. But for agentic AI, governance cannot just be a document saved on an intranet.
There should be a live approval process for use cases. Higher-risk deployments should be reviewed by legal, data protection, security, product and operational stakeholders before launch. The review should consider the system’s purpose, autonomy, data access, user impact, contractual basis, supplier terms, monitoring plan and exit strategy.
Businesses should also keep evidence. That means records of risk assessments, testing, known limitations, approval decisions, training materials, monitoring results, complaints, incidents, remedial action and changes to prompts or workflows.
This evidence matters. If something goes wrong, the business will need to show not only that it had a governance framework, but that the framework was actually used.
For businesses deploying, procuring or building agentic AI, the priority is not to wait for regulation, but to build practical controls around the systems already being tested or used.
Agentic AI offers real opportunities. It may reduce friction, improve service delivery and allow businesses to scale processes that previously depended on manual intervention. But the more autonomy a system has, the more important it becomes to define its authority.
The businesses that use agentic AI well will not be those that avoid risk altogether. They will be those that understand where the risk sits, design controls around it, and keep evidence that those controls are working.
If you are deploying or considering agentic AI, our technology, commercial and data protection teams can help you assess risk, design governance frameworks and structure contracts that reflect how these systems operate in practice.
