Agentic AI Is Here: Legal Risks Leaders Can't Ignore

The Agentic AI Shift: Managing Legal Risks

Big tech's year-end move says a lot: Meta reportedly acquired Manus, a Singapore-based AI agent developer, for more than $2 billion. Earlier, Salesforce picked up Convergence AI, and 2025 saw agentic launches from AWS, Databricks, IBM, Google, Microsoft, Palantir, and Salesforce. This isn't a far-off AGI story. Agentic AI is being deployed now inside day-to-day operations.

What "agentic AI" really means

AI agents are autonomous, decision-making systems (often LLM-driven) that carry out specific tasks. Think of them as specialized employees with a clear remit. Agentic AI systems sit above those agents, coordinating multiple agents to achieve broader goals. Using the orchestra analogy: agents are the musicians; the agentic system is the conductor.

As organizations shift from instruction-based computing to intent-based computing, users will set outcomes and agents will figure out how to get there with minimal hand-holding. Recent forecasts suggest that by 2030, agents will be the primary users of many enterprise systems, and CEOs will manage hybrid teams of humans and intelligent agents.

A concrete example: IT support run by agents

Traditional IT support waits for tickets. Agentic systems monitor continuously, detect anomalies, diagnose issues, and take corrective action before users feel pain. If a server drifts from expected performance, agents can flag, triage, and remediate without a human sprinting to fix it. Your engineers then focus on higher-value work instead of chasing alerts.

Key legal risks you should scope early

• Compliance with laws. Regulators are watching agentic deployments closely. The UK ICO has emphasized that organizations remain responsible for data protection compliance when they develop, deploy, or integrate agentic AI, with exposure that can include product liability, IP infringement, defamation, and discrimination claims.
• Contractual liability. Agents may execute transactions or enter agreements on your behalf. That creates risk of unauthorized or incorrect actions, and potential breaches of usage restrictions as agents process far more activity than human users.
• Tort exposure. Negligence (e.g., a chatbot providing misleading advice), nuisance (e.g., autonomous operations causing property damage), and breach of statutory duty are all in play.
• Data security. Risks include data leakage, data poisoning, model inversion, system manipulation, and adversarial attacks such as prompt injection. Consequences range from unauthorized fund transfers to IP theft and operational disruption.
• Intellectual property disputes. AI-generated outputs may infringe copyrights or trademarks, as highlighted by the Getty Images v Stability AI litigation. Ownership of AI-created works remains unsettled in many jurisdictions.
• Director duties (UK). Under the Companies Act 2006, directors must exercise reasonable care, skill, and diligence. Oversight is harder with semi-autonomous, opaque systems, but the duty still applies.

Your contracting playbook for agentic AI

• Scope and authority. Define permitted tasks, decision rights, monetary limits, and prohibited actions. Require human approval for high-impact steps and include a reliable kill switch.
• Performance and monitoring. Specify SLAs, accuracy/error thresholds, logging, and audit trails. Require model/version transparency and change notices.
• Compliance. Warrant compliance with AI and data protection laws and sector rules. Include audit rights and flow-downs to subprocessors and subcontractors.
• Data terms. Align with your DPA. Set data minimization, retention, encryption, segregation, and data residency. Restrict training on your data unless explicitly agreed.
• Security. Mandate secure development practices, red-teaming, adversarial testing, and patch timelines. Set incident notification windows and vulnerability disclosure expectations.
• IP. Clarify ownership of outputs and licensing scope. Obtain indemnities for infringement and restrict supplier reuse of your content or metadata.
• Liability. Set caps with sensible carve-outs (e.g., IP infringement, data breach, wilful misconduct). Address unauthorized agent actions and mis-execution indemnities.
• Controls. Require change management, rollback, pause/disable controls, and human-in-the-loop checkpoints for material actions.

Governance you can implement now

• Inventory all agentic systems; map connected tools, data flows, and decision rights.
• Classify use cases by impact and set approval gates by tier.
• Build guardrails: role-based access, allow/deny lists, spend limits, domain whitelisting, and tool-use permissions.
• Assign human owners, escalation paths, and review cadences for each system.
• Preserve logs for prompts, tool calls, outputs, and changes; set retention aligned to your legal holds.
• Test before and after deployment, including prompt injection and manipulation scenarios.
• Maintain incident playbooks with a kill switch, rollback, notification matrix, and customer communications.
• Review insurance to address gaps and consider AI-specific endorsements or policies.

Practical next steps for legal teams

• Run a two-hour discovery with IT/product: where are agents live, what tools can they touch (email, payments, code repos), and what limits exist.
• Publish a short policy on agent authority, approvals, logging, and change control.
• Update your MSAs/DPAs with the clauses above and add an "AI Use Disclosure" schedule.
• Fold the latest ICO guidance into DPIAs and record of processing activities.
• Pilot a low-risk use case with human approval gates, then scale with evidence from logs and incident drills.

Useful references

• UK ICO: Agentic AI and data protection
• World Economic Forum: Hybrid workforces of humans and AI agents

If you're equipping cross-functional teams with AI literacy and safe deployment practices, you can find curated training paths here: Complete AI Training - Courses by Job.