Singapore tackles the liability gap in autonomous AI agents
Agentic AI has moved from pilot projects to live deployment across procurement, customer service, and internal operations. Yet a basic legal question remains unresolved: when an AI agent acts independently and causes harm, who is liable?
Singapore's Infocomm Media Development Authority (IMDA) has published a discussion paper that attempts to answer this. Rather than proposing new laws, it tests whether existing private law doctrines can handle the complexity of an AI value chain with nine distinct actors-from model developers to end users.
The conclusion is sobering. Existing law may apply in theory, but claimants will face severe practical obstacles in proving what went wrong, who caused it, and whether the harm was foreseeable.
How the value chain fragments responsibility
An AI agent typically combines components from multiple vendors: a language model from one supplier, automation tooling from another, a platform from a third, and user instructions. When that agent causes harm, determining which actor is responsible becomes technically difficult or prohibitively expensive.
The IMDA paper maps nine actors across the chain:
- Model developers
- Tooling providers
- Platform providers
- Orchestration layer providers and operators
- System providers
- Deployers
- End users
- Impacted third parties
Each layer adds distance between the injured party and the decision-maker responsible for the agent's behaviour.
Four pressure points where existing law breaks down
Attribution. Contract law allocates risk among vendors, but offers little recourse to harmed third parties. Negligence law applies in theory, but identifying the responsible party across multiple contributors is often impractical. Product liability regimes focus on physical goods, not software.
Unforeseeability. A human-operated vehicle breaks the law because a driver commands it. An AI agent can take unexpected actions no one instructed. Under negligence law, liability depends on whether harm was reasonably foreseeable. When an agent acts in a genuinely surprising way-the paper's example is an agent breaking into a server to complete a booking task-the foreseeability standard makes it difficult to assign responsibility.
Cascading responsibility. Terms of service often disclaim liability for unexpected behaviour. Large enterprises negotiate these terms; consumers click through them unread. Better-resourced actors push liability downstream to smaller parties and consumers who lack the leverage to resist. Existing law offers limited protection against this dynamic.
Explainability. Even if a claimant identifies a defendant, proving the case requires evidence of what the agent did and why. AI agents can produce natural language explanations of their reasoning, but these may be plausible reconstructions rather than accurate records of the actual decision process. The legal problem is significant: the best available explanation of why an AI acted may not be legally reliable in court.
International regulators moving in parallel
Singapore is not alone. The UK's Competition and Markets Authority published guidance on agentic AI and consumer protection in March 2026. The US Federal Trade Commission applies existing consumer protection statutes to AI systems. The European Union's revised Product Liability Directive, effective December 2026, treats AI-enabled products as products subject to strict liability.
The EU approach locks in liability on vendors with the goal of protecting users. Singapore's paper takes a different view: it argues the legal foundations are more fragile than they appear and counsels caution before adopting a fixed regulatory framework.
What companies should do now
Tooling, platform, and system providers should review whether they consider themselves part of the liability chain. Singapore's analysis suggests they are.
Companies operating across multiple layers of the AI value chain should map liability layer by layer. Broad disclaimer strategies are likely to attract regulatory scrutiny; treating disclosure of known limitations as a legal input, not just a reputational one, will matter.
Consumer-facing deployments will likely draw the earliest regulatory attention. Firms in B2C markets should prioritise governance, documentation, and redress mechanisms.
The IMDA discussion paper provides a structured framework for thinking about where your organisation sits in the chain, what you control, and where your exposure lies. When formal regulatory measures arrive, the companies best positioned will be those that mapped their exposure early, built transparency into their systems, and treated liability responsibly.
For legal professionals navigating this terrain, resources on AI for Legal and AI Learning Path for Paralegals can help build the technical literacy needed to assess AI liability and governance frameworks.
Your membership also unlocks:
