AI agents contracts: Legal status & liability | IT-Medienrecht

Discover how AI agents impact contract law. Who is liable when AI acts autonomously? Get insights on legal status, representation & attribution in…

Legal Implications of AI Agents: Who is Liable When AI Acts?

Sometimes, it pays to think one step ahead legally. This isn't because the law has conclusively settled everything. Rather, it's because practical applications have long since moved beyond many dogmatic discussions. The rise of AI agents is a prime example of this.

The year 2026 offers a glimpse into this reality. In SaaS systems, AI agents independently negotiate prices with supplier APIs. E-commerce platforms feature autonomous systems dynamically adjusting discount logic. Procurement processes involve offers automatically obtained, compared, and – at least technically – accepted. Internally, companies increasingly delegate operational decisions to AI-based agents that not only analyze but also act.

This rapid development raises an obvious question: If an AI agent says "yes," who has spoken legally? Is the AI agent a contractual partner, an agent, or merely a tool? Crucially, who is liable if such a system makes a wrong decision?

Legally, this isn't science fiction. It's fundamentally a problem of attribution, deeply rooted in classic civil law.

AI Agents: No Separate Legal Entity, But a Legal Tool

Let's start with a sober fact: an AI is not a legal entity. Neither German civil law nor European law recognizes autonomous systems as having their own legal personality. Therefore, an AI agent cannot be an "electronic contractual partner."

Legal transactions require a declaration of intent, which, according to the prevailing opinion, is an expression of human will. An AI lacks legal capacity, legal competence, and tortious capacity. Consequently, it cannot itself be the bearer of rights and obligations.

The real question is not whether the AI acts, but to whom its actions are attributed. This is where legal precision engineering truly begins.

Right of Representation (Section 164 ff. BGB) and AI Systems

The law of representation provides the first dogmatic starting point. According to Section 164 (1) BGB, a declaration of intent made by someone on behalf of another person, within the scope of their power of representation, is directly effective for and against the represented party.

Traditionally, the representative is a natural person. However, the law does not strictly require the representative to have legal capacity. The decisive factor is that the representative acts on behalf of the represented party, and an attribution is made.

When it comes to automated systems, it is often argued that there is no representative, but merely a "messenger" or a technical tool. This view, however, falls short when the system independently selects parameters, modifies prices, or adjusts contract terms. The stronger the autonomy, the less the image of a mere transmitter fits.

Dogmatically, this problem can be solved as follows: The AI agent is not its own representative. Instead, it forms part of the company's organizational sphere. The declaration of intent is attributed to the company because it has set up the system, parameterized it, and deployed it in legal transactions. This is not an analogy, but a continuation of the case law on automated declarations, such as those made by vending machines or online stores. Anyone who places a system on the market must accept responsibility for its declarations. Autonomy does not change this; it only increases the inherent risk.

Apparent and Acquiescent Power of Attorney for AI Systems

Things become particularly interesting when AI agents act beyond their originally intended limits. What happens if an AI system grants discounts that were never planned? What if it extends contract terms even though internal guidelines prohibit this? Or if it independently offers additional services?

Here, the principles of apparent authority and estoppel come into play. An acquiescent power of attorney exists if the represented party knows that someone is acting as a representative and allows this to happen. A prima facie power of attorney applies if the represented party is not aware of the appearance, but could have recognized and prevented it with due diligence.

When these principles are applied to AI systems, a clear picture emerges: Anyone who equips an autonomous system with far-reaching powers and deploys it in legal transactions on a permanent basis is creating a de facto power of attorney. The contractual partner may regularly rely on the system acting within the scope of the powers granted to it. Internal programming errors or poorly defined parameters do not absolve the company. Legally speaking, the system's autonomy becomes an organizational risk.

Organizational Fault and Liability for Wrong Decisions by AI Agents

This leads directly to the next critical point: organizational fault. Companies are obligated to organize their internal processes in a way that minimizes legal violations. By using AI agents, a company integrates a technical decision-making system into its own organizational structure.

Wrong decisions by AI can stem from various causes:

If damage occurs due to such deficits, the company is liable according to general principles. An excuse like "It was the AI" holds no legal relevance. On the contrary, the more complex the system, the higher the requirements for monitoring and governance. A clear definition of decision limits is particularly important for autonomous price adjustments or automated contract conclusions. Without this, an uncontrollable liability regime is created in practice.

Product Liability and Software Errors

Another aspect concerns liability for faulty AI software. A distinction must be made here between:

If an economic loss occurs due to a software error, the question of recourse chains arises. In the case of in-house development, the company is directly liable. For third-party providers, contractual liability regulations, service level agreements, and warranty rights apply. However, in complex AI ecosystems, these liability chains are often opaque.

The situation is particularly sensitive with AI agents offered as a service. Here, an external provider handles the technical control, while the company using the service acts as the contractual partner to the customer. In legal terms, the external relationship remains decisive. The customer typically has only one opposing party: the company utilizing the AI agent.

AI Act Compliance as a New Organizational Obligation

The European AI Act has further shifted this discussion. This act introduces a risk-based regime, imposing strict requirements on transparency, documentation, and risk management, especially for high-risk systems.

For autonomous AI agents involved in contractual or decision-making processes, a high-risk classification may become relevant, depending on the specific application area. This entails, among other things:

Violations of these obligations may not only lead to fines but can also be considered evidence of organizational negligence in liability proceedings. Therefore, AI Act compliance is not just a regulatory obligation, but also a crucial safeguard under liability law.

The Evolving Legal Landscape for AI Agents

Is this all a dream of the future? Partially, but only partially. Technical development is progressing faster than legal classification. Autonomous negotiation systems, dynamic contract models, and AI-supported purchasing agents are no longer theoretical constructs.

The law doesn't respond with entirely new legal concepts but adapts traditional instruments:

This also means there will be no "AI exception." Companies remain fully responsible.

Contract Design and Risk Limitation for AI Agent Use

Anyone using AI agents should not leave the legal framework to chance. The following points are particularly relevant in the B2B context:

Terms and conditions clauses should also be adapted. The question of whether contracts are concluded automatically can, in individual cases, give rise to an obligation to provide information. At the same time, liability limitations must be carefully formulated to counter risks under general terms and conditions law. The more autonomous the system, the more important the legal architecture in the background becomes.


Conclusion on Legal Responsibility for AI Agents

AI agents do not become contractual partners. They remain tools, albeit highly complex ones. From a legal perspective, technical autonomy is less decisive than organizational integration. Companies that use autonomous systems expand their sphere of action; they create new decision-making bodies within their organization and, importantly, bear the associated risk.

This may seem dogmatically unspectacular, but it is highly relevant in economic terms. With every step towards autonomous business processes, the importance of clear attribution, sound governance, and well-thought-out contract design increases. While the issue may not be fully resolved, it is by no means a pipe dream. It is a classic example of how established civil law meets new technologies, demonstrating why legal structuring is not a hindrance to innovation, but rather a prerequisite for it.