The Liability Architecture Nobody Built for Agentic Systems

The Liability Architecture Nobody Built for Agentic Systems

In 1979, IBM argued in court that a computer could never be held accountable for its actions. The judge disagreed, but the principle stuck: those who deploy automated systems bear responsibility for their outcomes. California just turned that logic into statute — and the timing could not be worse for the companies that spent the last three years deploying AI agents at scale.

AB 316, which added Cal. Civ. Code § 1714.46 to California law, eliminates the autonomous AI defense. Deployers can no longer argue that their AI acted independently and therefore the buck stops nowhere. The practical effect is straightforward: if your AI agent causes harm, you are on the hook. Not the vendor. You.

The irony is that most vendor contracts already assume the opposite.

A study documented by Jones Walker LLP found that 88% of AI vendor agreements cap the vendor's liability at the customer's monthly subscription fee. If you paid $500 a month for an AI agent that made a consequential decision on your behalf — say, approving a loan, screening a job candidate, or executing a trade — and that decision was discriminatory or negligent, your recovery is capped at $500. The vendor bears no meaningful downside. The deploying company absorbs the lawsuit.

This is not a bug. It is the contract architecture the AI industry built.

The squeeze works from both ends. While contracts push liability downward to customers, courts are simultaneously expanding vendor accountability upward. The Mobley v. Workday ruling from July 2024 allowed a discrimination lawsuit to proceed against Workday as an "agent" of the companies using its automated hiring screening tools — the first time a federal court applied agency theory to hold an AI vendor directly liable for discriminatory outcomes. The vendor wins on contract. The customer loses in court. Both directions of pressure land on the same person: the one who deployed the system.

Agentic systems — AI that takes autonomous actions rather than merely answering queries — make this worse. A chatbot that gives bad advice has a narrow blast radius. An AI agent that buys stock, modifies sensitive data, sends contracts, or controls physical systems does not. A Clifford Chance analysis published in February 2026 put it plainly: businesses relying on unmodified agreements are exposed to significant contractual, legal, and operational consequences they may not understand they have accepted.

Europe is about to make this more expensive. The EU AI Act's high-risk provisions take effect in August 2026. Despite a proposed delay to late 2027, no legislation has been enacted to change the deadline, and enterprises should plan around August 2026. High-risk AI systems — those used in employment decisions, credit screening, critical infrastructure, and law enforcement — will face mandatory conformity assessments, fundamental rights impact assessments, and documentation requirements that most companies are not close to satisfying. The Cloud Security Alliance published research in March 2026 confirming a significant enterprise readiness gap.

What the law requires and what contracts provide are diverging. The law requires documented risk management, human oversight, and transparency for high-risk AI. Vendor contracts require the customer to hold the vendor harmless for almost everything. The gap between those two things is where the liability lives.

Some companies are trying to fill it with insurance. ElevenLabs secured what appears to be the first AI agent insurance policy in February 2026 — proving that AI systems can be underwritten like employees. Y Combinator's Spring 2026 batch includes Klaimee, a startup explicitly building liability insurance for AI agents. The founding team includes a former General Manager from SafetyWing who grew an insurance product from $5M to $60M in revenue. Their pitch is direct: AB 316 already holds deployers liable, the EU AI Act enforces in August, cyber and E&O policies are explicitly excluding AI claims, and enterprise procurement is already asking who pays when an agent breaks something.

Who does pay, right now, is an open question that nobody is answering well.

The companies that deployed agentic AI fastest — automating workflows, cutting headcount, moving decisions to software — are the same ones with the most exposure. They signed the vendor contracts with the 88% liability cap because there was no alternative. They deployed the agents because the ROI was clear. The liability architecture was nobody's job, and nobody built it.

AB 316 and the EU AI Act do not create new liability so much as expose the liability that was always there. The question is who bears it. Right now, the answer is: whoever signed the deployment agreement, which is almost never the vendor.

That is a structural problem, not a compliance problem. Compliance teams can audit vendor contracts and update terms. But the underlying issue is that AI agents do things that no legal framework was designed to handle — and the companies deploying them did not wait for the framework to catch up.

The insurance market is moving to fill the gap. But insurance underwriters do not write policies for risks they cannot price, and nobody has enough claims data on AI agents to price this correctly yet. The coverage that exists is expensive, narrow, and contingent on risk evaluation processes that most deploying companies have not built.

The hole in the liability architecture is real. The cement to fill it is still being mixed.