˂  Back

Managing Liability in Agentic AI Deployment

Since artificial intelligence (“AI”) became commonplace, the legal conversation around AI has been about the data that goes into training the AI model and the AI-generated output – whether the AI model provider has the right to the training data, who owns AI-generated output, and whether AI-generated output is capable of intellectual property (“IP”) protection and whether it infringes third-party IP.

That conversation seems to be shifting. As AI adoption increases, people have started thinking about liability issues surrounding the use of AI. Just shortly before the drafting of this article, Google was held liable for inaccurate search summaries made by its AI. This is despite the disclaimer given by Google on the accuracy of its AI.

The issue on liability is further complicated by the deployment of agentic AI, capable of accessing data, making inferences, calling external tools and, most crucially, taking actions with minimal human oversight. Critically, when an autonomous AI agent goes rogue and causes loss, who should ultimately be liable? The question is not entirely academic given the real possibility of real-world harm caused by agentic AI. In May 2026, Singapore’s Infocomm Media Development Authority (“IMDA”) published a 36-page discussion paper on Legal Responsibility for AI Agents, an attempt to map how civil liability should be allocated when an autonomous agent acts on behalf of a user and causes harm to a third party. The fact that a regulator has begun to think about the issue of allocating liability across the agentic AI value chain tells you where the market is heading.

This article looks at the various ways in which liability can be assigned in an agentic AI value chain, and how companies looking to deploy agentic AI can better protect themselves from liability and third-party claims.

Understanding the Agentic AI Value Chain

Before we go into the discussion on who should ultimately bear the liability arising from agentic AI deployment, we need to first have a clear understanding of the agentic AI value chain. When it comes to an agentic AI system, it is rarely supplied lock, stock and barrel by a single party. Behind a deployed agent sits a chain of actors, and the loss often originates several links away from where damages are caused.

In a typical deployment, you may have the following parties:

i) Foundation or frontier model developers – they provide the AI model that enables agents to reason, plan, and select tools to complete a task;

ii) Tooling providers – they provide the tools that agents call to actually perform tasks in real life, most commonly APIs;

iii) Platform providers – they provide the platforms on which AI agents can be built;

iv) System providers – they use the AI-building platforms to build AI agents (also sometimes known as the app developers); and

v) Deployers – they deploy agentic AI for their own enterprise-level purposes and allow internal end users to use the AI in relation to their work.

In an agentic AI ecosystem, the deployers are the ones that will ultimately be using the agentic AI systems in their respective use cases. It is through the deployers’ usage of the agentic AI systems that other third parties may come to be interacting with agentic AI, and possibly, suffer damages due to an unintended action of the agentic AI.

For better illustration, let us take the example of an online retailer that has deployed an agentic AI system to handle order changes, refunds, delivery rescheduling and warranty queries. Customers of the online retailer can raise requests for refund or return of products, and the AI agent will verify the requests against the company’s refund or return policy. If the requests fall squarely within the ambit of the policy, the AI agent will then process the refund accordingly.

In the example given, how then can the agentic AI carry out an unintended action that may cause damage to customers? Let us now consider a scenario where a customer (“Customer X”) wants to return a washing machine that was delivered with a cracked door. When prompted by the AI agent, Customer X keyed in her order number, but with one mistyped digit. Coincidentally, the wrongly keyed in order number matches the order number of another customer (“Customer Y”) who has also ordered a washing machine. The AI system proceeded to cancel the order of Customer Y mistakenly and effect the refund, while at the same time approving the return request of Customer X but without a refund, thereby making a mistake and resulting in damages to both Customer X and Customer Y. In this situation, it is fair to say that both Customer X and Customer Y should have the right to initiate a claim against the retailer.

For discussion’s sake, let us put aside the question of whether the retailer company should be liable to Customer X and Customer Y, and instead consider where the fault lies.

Allocating Liability

In a conventional software deployment, where the software does not perform what the specification says, the liability will typically lie with the software supplier. Acceptance testing, conformity warranties and service levels all rest on that premise. The same logic or reasoning, however, may be difficult to apply to the case of agentic AI, and this is mainly because of two reasons.

First, unlike conventional software, the behaviour of agentic AI is non-deterministic. The same instruction can produce different actions on different runs, and the system may take steps that are not specifically authorised. Second, when it comes to an agentic AI system, it is rarely supplied entirely by a single party. As illustrated in the earlier section, there are many different parties that come together at different levels of the supply chain to make a deployable agentic AI system. When an AI agent behaves unexpectedly, it is often difficult to reconstruct the “why”, and due to the multiple layers of construction (the AI model’s reasoning, the orchestration layer’s design, the deployer’s instructions and configuration, and the third-party data and tools the agent called on), it may be difficult to pinpoint where exactly the fault lies. Precisely because of these reasons, parties looking to deploy agentic AI systems should attempt to allocate risks and liabilities in advance, rather than after the fact by a court.

From the deployers’ perspective, it would be pertinent to obtain a contractual indemnity from the system supplier against any damages that may arise from an AI agent acting outside of the boundaries of its instructions or assigned protocols. While it may be tempting to just get a broad indemnity for all damages that may arise from the use of the AI system, this position is likely to be resisted by an AI system supplier given that the behaviour of an AI agent is often dependent on the prompt or the instructions given to the agent, and where the prompt is set up entirely by the deployer or its end users, the system supplier, rightly so, should not be made liable. Hence, limiting the applicability of indemnity to instances where the AI agent acts out of bounds should be a good middle ground. Additionally, it may be worthwhile for a deployer to also consider obtaining contractual warranties on data provenance, and availability of technical safeguards or guardrails against an agent going rogue. While these may not be within the control of the system supplier, such warranties may still be available if there is corresponding flow down from the AI model developer.

Other than contractual safeguards, deployers should also have agentic AI usage policies and protocols in place to ensure appropriate usage of agentic AI. In the deployment of agentic AI, the deployers should ensure that their system integrator or the AI system supplier configures the AI system to be deployed to include specific safeguards and guardrails that are tailored to the deployer’s use case to minimise the risk of an agentic AI behaving outside of its authorisation. This actually goes beyond allocating liability, but is instead an attempt to minimise and mitigate risks of AI agent “misbehaving”. In addition to governance measures, deployers should also assess their insurance coverage to ensure that harm caused by the use of agentic AI systems is well-covered and insured.

If you have any questions on drafting, reviewing or negotiating contracts for the deployment of artificial intelligence, please feel free to reach out to the partners in our Technology Practice Group, Lo Khai Yi and Ong Johnson, for a consultation. We have extensive experience in assisting organisations with a wide range of technology-related agreements, including white-label arrangements, software licensing agreements, SaaS agreements, platform agreements, outsourcing arrangements, managed services agreements, system integration agreements and other technology commercial contracts.

The Technology Practice Group of Halim Hong & Quek continues to be recognised by leading legal directories and industry benchmarks. Recent accolades include FinTech Law Firm of the Year at the ALB Malaysia Law Awards (2024, 2025 and 2026), Law Firm of the Year for Technology, Media and Telecommunications by the In-House Community, FinTech Law Firm of the Year by the Asia Business Law Journal, a Band 2 ranking for FinTech by Chambers and Partners, and a Tier 3 ranking by Legal 500.


About the authors

Lo Khai Yi
Partner
Co-Head of Technology Practice Group
Technology, Media & Telecommunications (“TMT”), Technology
Acquisition and Outsourcing, Telecommunication Licensing and
Acquisition, Cybersecurity
ky.lo@hhq.com.my.

Ong Johnson
Partner
Head of Technology Practice Group

Fintech, Data Protection,
Technology, Media & Telecommunications (“TMT”),
IP and Competition Law
johnson.ong@hhq.com.my

 


More of our Tech articles that you should read:

Our Services

© 2026 Halim Hong & Quek