Agentic AI Is acting, but the law still assumes humans

One of us practices law; the other is an AI researcher. We approach this from different disciplines, but we reach the same conclusion: AI has moved from being a tool to becoming an actor, and the legal framework has not kept pace.

A new generation of AI systems now gathers information, compares options, applies internal rules, drafts communications, instructs other systems, and executes transactions across a chain of tasks with little or no human involvement. In many cases the decisive step is carried out without any human verification, amounting in practice to a delegation of operational authority. Most legal frameworks are not built for this. Rules on authority, negligence, consent, record-keeping, and liability assume human conduct, and an organisation can explain why something happened because a person decided to approve it or act on it.

Agentic AI breaks that assumption. Any single step in a workflow may look minor, but the chain can affect employment, credit, access to services, regulatory compliance, or a person's legal position. Once the human is removed from the critical step, the law’s core questions become harder to answer and easier to evade. It becomes unclear who exercised judgment, who had authority, and who is accountable when the output is wrong, biased, or harmful.

These agentic AI workflows are assembled from models, prompts, workflows, company data, internal guidelines, external tools, and APIs. Harm rarely traces back to a single defective action or upstream capability. It emerges from the interaction of the parts: poor data, overbroad authority, weak escalation rules, ambiguous instructions to the model, insufficient oversight mechanisms. Current compliance frameworks lack the mechanisms to account for this form of distributed risk.

The challenge is amplified in multi-agent systems. One agent may plan a task, another evaluates options, and yet another transacts, and so on. In that setting, authority is fragmented, and error compounds across handoffs and shared context. An up-stream fault may be treated by downstream agents as fact and turned into an irreversible action before any human reviews the full chain. 

The law should focus less on whether a human nominally sits somewhere in the loop and more on who delegated authority to the system. Once an organisation lets an AI agent act without prior human review and oversight, legal duties should follow from that choice. The system's authority should be scoped in advance. Where multiple parties are involved, responsibility should be allocated explicitly, not left for courts to piece together after something goes wrong.

Human-in-the-loop review should be required at clear thresholds, and where decisions affect jobs, housing, healthcare, finance, public benefits, or other essential interests, the standard should be higher. But the concept of human-in-the-loop review requires a more rigorous definition than it has generally been given. Theoretical capacity to intervene is insufficient. Oversight is meaningful only when the responsible party possesses the information, authority, and time necessary to stop or correct an action before harm occurs. A nominal right of intervention, absent the practical means to exercise it, offers no