Executive summary
No surveyed law source treats an AI system itself as a legal person or standalone defendant. Liability attaches to legally recognized actors: EU “providers” and “deployers,” GDPR controllers/processors, product-liability economic operators, U.S. creditors/employers/persons subject to federal statutes, and contracting persons to whom electronic-agent acts may be attributed.
The EU AI Act is primarily a regulatory compliance regime, not a general civil-damages statute. It lays down harmonized AI rules and phases application, with most obligations applying from 2026-08-02 and the Article 6(1) high-risk classification obligations applying from 2027-08-02. A pending “digital omnibus” amendment reached political agreement on 2026-05-07 to postpone the high-risk timelines, but it was not yet enacted as of the as-of date. It matters for liability because breach of its provider/deployer duties may supply evidence of negligence, defect, unfairness, or regulatory noncompliance in parallel claims.
EU GDPR Article 22 remains the strongest direct automated-decision rule in the surveyed sources: data subjects have a right not to be subject to certain decisions based solely on automated processing with legal or similarly significant effects.
The revised EU Product Liability Directive materially changes AI risk allocation: its text covers defective products, and EUR-Lex text references software including AI systems. It applies to products placed on the market or put into service after 2026-12-09, so current claims still require national transitional analysis.
U.S. federal law is sectoral. The FTC Act prohibits unfair or deceptive acts or practices, and FTC AI matters such as Rite Aid and DoNotPay show enforcement theories based on unreasonable AI safeguards and deceptive AI capability claims. These are enforcement/regulatory liabilities, not a general private AI tort.
In U.S. credit decisions, ECOA/Regulation B adverse-action duties remain technology-neutral. CFPB’s official materials state that complex or “black-box” algorithms do not excuse failure to provide specific and accurate adverse-action reasons. In employment, Title VII disparate-impact rules, ADA screening rules, and the Uniform Guidelines on Employee Selection Procedures apply to algorithmic selection tools; Mobley v. Workday is persuasive district-court authority, not final merits law, but shows AI screening claims can proceed under disparate-impact theories.
Colorado’s 2026 ADMT law is the most direct U.S. state statutory model. It became law in 2026, defines covered ADMT for consequential decisions, creates notice and meaningful-human-review rights, directs Attorney General enforcement as a deceptive trade practice, does not create a new private right of action, and allocates fault between developers and deployers in existing discrimination actions.
England & Wales now has a recast UK automated-decision framework after the Data (Use and Access) Act 2025. UK GDPR Article 22A defines a solely automated decision as one with no meaningful human involvement; Article 22C safeguards include information, representations, human intervention, and contestation. Separately, the Court of Appeal’s Bridges order shows public live facial recognition can be unlawful where the legal framework, DPIA, or equality-duty analysis is deficient.
Who is legally responsible for an autonomous AI agent’s conduct?
Conclusion. On the authorities reviewed, the AI system is not the liability-bearing person. Liability attaches to legal persons that develop, provide, deploy, control, sell, integrate, rely on, or legally adopt the system’s outputs.
Rule. The AI Act defines an “AI system” as a machine-based system designed to operate with varying levels of autonomy that may generate outputs including predictions, recommendations, or decisions influencing environments. It defines a “provider” as a person or public authority that develops or has developed an AI system or general-purpose AI model and places it on the market or puts it into service under its own name or trademark. It defines a “deployer” as a person or public authority using an AI system under its authority, except for personal non-professional activity.
California’s UETA provisions illustrate the same attribution principle in contract/electronic transaction law. An “electronic agent” is a computer program or automated means used independently to initiate action or respond without individual review, but an electronic record or signature is attributable to a person if it was that person’s act, with effect determined from context and surrounding circumstances.
Colorado’s ADMT law likewise allocates obligations to “developers” and “deployers” of automated decision-making technology, including documentation, notices, record retention, and meaningful human review after adverse outcomes, while expressly stating that it does not create a new private right of action and instead allocates fault between developers and deployers in existing discrimination actions.
Application. For agentic AI, the likely defendants or enforcement targets are not the AI agent but the provider/developer, deployer/operator, controller, employer, creditor, public authority, product seller, or contracting party. A developer may face claims or regulatory exposure for unsafe design, inadequate documentation, deficient testing, misleading capability claims, failure to warn, inadequate post-market monitoring, or defective updates. A deployer may face exposure for using the system outside instructions, failing to monitor outputs, rubber-stamping automated results, providing no meaningful review, using irrelevant or biased input data, or adopting the output as its own decision.
The harder problem is not legal personhood; it is causation and role allocation. For example, if an AI agent rejects a loan applicant, the creditor remains subject to ECOA/Regulation B adverse-action duties. If a hiring platform ranks applicants, the employer and possibly the vendor may face discrimination theories depending on control, delegation, and participation in selection. If an AI agent forms an electronic contract, electronic-agent statutes tend to attribute the transaction to the person using the agent, subject to proof of context and authorization.
Human oversight and “autonomous” decision-making
Conclusion. A nominal human-in-the-loop safeguard is legally weak unless the human has information, competence, authority, time, and practical ability to understand, contest, override, or stop the AI output.
Rule. AI Act Article 14 requires high-risk AI systems to be designed and developed with appropriate human-machine interface tools so they can be effectively overseen by natural persons. Human oversight must aim to prevent or minimize risks to health, safety, or fundamental rights when a high-risk AI system is used according to intended purpose or reasonably foreseeable misuse. Oversight measures must be commensurate with risks, level of autonomy, and context of use.
Article 14 also requires that assigned human overseers be able to understand the system’s capabilities and limitations, monitor operation, remain aware of possible automation bias, correctly interpret outputs, decide not to use or to disregard, override, or reverse outputs, and intervene or interrupt operation.
AI Act Article 26 requires deployers of high-risk AI systems to take appropriate technical and organizational measures to use systems according to instructions, assign human oversight to natural persons with necessary competence, training, authority, and support, monitor system operation, preserve logs where under their control, and suspend/inform relevant parties where risks are identified.
UK GDPR Article 22A similarly defines a decision as solely automated if there is no meaningful human involvement. Article 22C safeguards include the ability to obtain human intervention, make representations, and contest the decision.
Application. In a consequential workflow, an organization should not rely on a formal reviewer who merely clicks “approve” after seeing an AI score. Effective review should include the underlying reasons or decisive factors, relevant input data, confidence/uncertainty indicators, known limitations, escalation criteria, override authority, recordkeeping, and reviewer training. The more autonomous the system, the stronger the need for logs, fallback procedures, post-deployment monitoring, and the ability to suspend use.
For agentic AI specifically, the oversight problem is more acute because the system may plan, call tools, make intermediate decisions, update state, and execute actions across multiple steps. Legal defensibility will usually depend on whether the deployer can reconstruct the decision path, identify the decisive output, show that humans had practical control, and prove that the organization - not an unaccountable system - made the legally significant decision.
Explainability, adverse-action reasons, and contestability
Conclusion. Explainability is not just a technical preference. In credit, employment, public-sector, and data-protection contexts, failure to provide usable reasons can itself create liability or regulatory risk.
Rule. Regulation B requires adverse-action notices to contain specific reasons. Official CFPB commentary states that reasons must be specific and indicate principal reasons, and that disclosed reasons must relate to and accurately describe the factors actually considered or scored.
CFPB Circular 2022-03 states that ECOA and Regulation B apply regardless of the technology used. It further states that creditors are not excused from adverse-action obligations merely because they use complex algorithms, including algorithms whose operation may be difficult to understand.
In the EU, SCHUFA holds that automated generation of a creditworthiness probability value can itself fall within automated decision-making rules where that value plays a determining role in a third party’s credit decision. Dun & Bradstreet holds that meaningful information about the logic involved must describe the procedure and principles actually applied in a way the data subject can understand which personal data were used and how; trade-secret concerns must be balanced rather than used as a blanket refusal.
Application. An agentic system that denies, ranks, scores, or materially influences credit, hiring, benefits, pricing, access, or eligibility decisions should be designed to generate decision records that can be translated into legally sufficient reasons. A generic notice such as “AI model score too low,” “insufficient model confidence,” or “does not meet internal criteria” is unlikely to satisfy credit adverse-action standards if it does not identify the actual principal factors. For EU/UK data-protection contexts, the deployer must be able to explain the relevant logic and the data used without necessarily disclosing every model parameter.
U.S. consumer, employment, and civil-rights exposure
Conclusion. In the U.S., agentic AI liability will usually arise through existing statutes rather than a general federal “AI liability” statute.
Rule - consumer protection. The FTC Act declares unfair or deceptive acts or practices in or affecting commerce unlawful and empowers the Commission to prevent such practices. FTC AI matters show two recurring theories: unreasonable deployment safeguards, as in the Rite Aid facial-recognition matter, and deceptive marketing claims about AI capability, as in DoNotPay.
Rule - employment. Title VII disparate-impact liability applies where an employment practice causes disparate impact on protected grounds and the respondent fails to show the practice is job-related and consistent with business necessity, or where an alternative practice exists and is refused.
The ADA prohibits discrimination in job-application procedures, hiring, advancement, and other employment matters, including standards, criteria, or methods of administration that have discriminatory effect, and qualification standards or tests that screen out or tend to screen out individuals with disabilities unless job-related and consistent with business necessity.
The Uniform Guidelines on Employee Selection Procedures apply to tests and other selection procedures used as a basis for employment decisions and treat adverse-impact selection procedures as discriminatory unless justified and validated or otherwise saved by the Guidelines.
Application. A company deploying agentic AI in consumer or employment settings should expect regulators and plaintiffs to ask: What claims were made about the system? Were those claims substantiated? Was the system tested on relevant populations? Were safeguards reasonable? Did the company monitor outcomes? Could affected persons contest results? Were selection criteria validated? Was adverse impact measured? Were disability accommodations available? Did a vendor’s system effectively participate in decision-making even if the employer made the formal final decision?
Product liability and defective autonomous systems
Conclusion. Product-liability exposure is strongest where AI is embedded in, supplied with, or functionally controls a product that causes physical, property, or other covered damage. Pure software-as-a-service decision systems require more jurisdiction-specific analysis.
Rule. Directive (EU) 2024/2853 lays down common rules for the liability of economic operators for damage caused by defective products.
In the UK, the Consumer Protection Act 1987 imposes liability where damage is caused wholly or partly by a defect in a product, and the defect inquiry turns on whether product safety is such as persons generally are entitled to expect.
Application. For agentic AI, plausible defect theories include unsafe autonomous action, inadequate guardrails, failure to provide effective stop/override controls, insufficient warnings, unsafe post-market updates, inadequate logging, foreseeable misuse not addressed in design, poor human-machine interface, and mismatch between marketed autonomy and actual reliability. In an embedded context - vehicle systems, robotics, medical devices, industrial control systems, consumer hardware - the AI’s decision process may be part of the product’s safety profile. In a pure ranking, screening, or recommendation SaaS context, plaintiffs may rely more heavily on negligence, consumer protection, discrimination, contract, data-protection, or sector-specific statutes.
Public-sector autonomous decision-making
Conclusion. Public-sector AI carries additional legality, rights, equality, and procedural duties beyond private-law liability.
Rule. In Bridges, the Court of Appeal addressed live automated facial recognition by South Wales Police and challenges under Article 8 ECHR, data-protection legislation, and the Public Sector Equality Duty. The Court’s order declared that the use of live AFR was not in accordance with law for Article 8(2), that the DPIA failed to comply with Data Protection Act 2018 section 64(3)(b) and (c), and that the force failed to comply with the Public Sector Equality Duty under Equality Act 2010 section 149.
Application. A public authority using agentic AI for policing, surveillance, benefits, licensing, immigration, tax, fraud detection, education, child welfare, or public-resource allocation must establish a lawful basis, define discretion limits, conduct rights and equality assessments, preserve auditability, and ensure meaningful review. A technically accurate model can still be unlawful if the statutory basis is insufficient, the discretion is too broad, the DPIA is defective, or equality impacts are not properly assessed.
