This week, Dr. Alex Wissner-Gross flagged a development in The Innermost Loop that should land on every business owner’s desk: at Google I/O, Google’s new AP2 protocol and “Universal Cart” began letting Gemini Spark agents transact across multiple merchants on a user’s behalf — from cloud servers that keep running even when your devices are switched off. In plain terms, software now shops, subscribes, and commits money without a human clicking “buy.” That single shift turns AI agent contract liability from a hypothetical into a question your company needs an answer to.
The promise is real efficiency. The exposure is just as real. If an autonomous agent places an order at 3 a.m., who is bound by the deal — and who eats the loss when the agent gets it wrong?
What You’ll Learn
What Agentic Commerce Means for Your Business
For two decades, “e-commerce” meant a person filled a cart and clicked to confirm. Agentic commerce removes the person from the loop. You set a goal — “keep the supply closet stocked,” “renew our software at the best price,” “book travel under $400” — and an AI agent negotiates, selects, and pays.
Google is not alone here. The same week, agent-driven workflows showed up across the major platforms, and the broader trend is agents that act continuously in the background. As The Innermost Loop noted the following day, the application layer is fanning out fast, and the agents increasingly operate without a human watching each decision.
For owners and operators, the upside is obvious: fewer manual purchase orders, faster procurement, around-the-clock execution. The catch is that every one of those autonomous actions may form — or break — a binding contract in your company’s name. That is the heart of the matter for any business deploying these tools.
The Legal Impact: How AI Agent Contract Liability Works
Here is the part that surprises people: U.S. contract law already anticipated software forming agreements. Under the federal E-SIGN Act (15 U.S.C. § 7001) and the state-adopted Uniform Electronic Transactions Act (UETA), an “electronic agent” can form an enforceable contract without a human reviewing each transaction. So the starting answer is uncomfortable: a deal your AI agent strikes can be just as binding as one you signed yourself.
But the existing framework was written for deterministic software — a script that does exactly what it was told. Today’s AI agents make probabilistic, autonomous choices their owners did not specifically approve. That gap is where AI agent contract liability gets genuinely unsettled, and courts have not yet squarely resolved it.
Authority: Did You Actually Authorize That Deal?
Agency law turns on authority. A business is generally bound by acts within an agent’s actual authority and often by acts within its apparent authority. When you deploy an AI agent and give a vendor reason to believe it speaks for you, you may be on the hook even for a purchase you never intended. Conversely, a counterparty who knows the agent exceeded its limits may not be able to enforce the deal. These are fact-specific questions — and most companies have not defined those limits anywhere in writing.
Liability: Who Pays When the Agent Gets It Wrong
If an agent overspends, double-orders, leaks confidential data into a prompt, or accepts onerous terms, the loss has to land somewhere — on your business, the software vendor, or the counterparty. Today that allocation is usually governed by whatever boilerplate sits in the AI tool’s terms of service, which almost always favors the vendor. Where a dispute heads toward court, it stops being a contract-drafting problem and becomes litigation; for that, Howard East refers to the trial team at Howard Law Group.
5 Critical Risks to Address Now
- Unbounded authority: An agent with no written spending cap or scope can bind you to deals you never reviewed.
- Vendor terms that shift risk to you: Most AI platform agreements disclaim liability for the agent’s actions and push it onto the customer.
- Outbound contracts that ignore agents: Your own customer and supplier contracts likely say nothing about whether an AI agent can accept, modify, or trigger obligations.
- No human approval threshold: Without a dollar or risk threshold that forces sign-off, a single bad inference can become a six-figure commitment.
- Data and confidentiality exposure: Agents that touch pricing, customer data, or trade secrets can create breach and privacy liability no purchase order ever could.
None of these are reasons to avoid the technology. They are reasons to put guardrails around it before, not after, something goes wrong. Operationally, mapping where agents touch procurement and approvals is the kind of process work our consulting partners at Collateral Base help operators document.
What Howard East Clients Should Do Now
You do not need to wait for the courts to catch up. Three practical steps materially reduce your AI agent contract liability today.
First, write down the agent’s authority. Define spending caps, approved vendors, and a human-approval threshold in an internal AI use policy — then make sure your corporate governance documents reference it. Authority you never defined is authority a court may infer.
Second, update the contracts on both sides. Review the AI vendor’s terms for liability and indemnification, and add agent-aware language to your customer and supplier agreements covering acceptance, limitation of liability, and notice. Your workforce policies should also address which employees may deploy agents and under what limits.
Third, document approvals. Keep records of what the agent was authorized to do and what a human signed off on. If a deal is ever challenged, that paper trail is your best defense.
Frequently Asked Questions
Is a contract formed by an AI agent legally binding?
Often, yes. The E-SIGN Act and UETA recognize that an electronic agent can form an enforceable contract without a human reviewing each transaction. Whether a specific deal binds you turns on the agent’s authority and your facts, which is why AI agent contract liability should be defined in writing.
Who is liable when an AI agent makes a costly mistake?
It depends on the contracts in play. Liability usually follows the AI vendor’s terms of service and any indemnification language, which typically favor the vendor. Allocating that risk deliberately — before deployment — is the goal.
How do I limit my company’s AI agent contract liability?
Define the agent’s authority and spending limits in writing, set a human-approval threshold, review your AI vendor terms, and add agent-aware clauses to your customer and supplier contracts. A short legal review now is far cheaper than a disputed deal later.
Next Steps
Agentic commerce is moving from demo to default, and the law is being stretched in real time. The businesses that define their AI agent contract liability now — in their policies and their contracts — will be the ones that capture the efficiency without inheriting the exposure.
Deploying AI agents in your business? Have Howard East review your authority limits and contracts before something goes wrong. Schedule a consultation.
This article is for informational purposes only and does not constitute legal advice. Reading it does not create an attorney-client relationship. Laws vary by jurisdiction and change frequently; consult a qualified attorney about your specific situation. Attorney Advertising.
