What 'Agentic' Means When Lawyers Get Involved

The technology industry has a long and expensive history of discovering that the words it uses to describe its products have legal consequences the products’ creators did not anticipate. “Platform” was not a legal term of art when Facebook and Twitter claimed to be platforms rather than publishers — until Section 230 made it one, and until years of litigation began establishing what platform immunity actually covers and what it does not. “Wallet” was not a regulated financial term when fintech companies called their products wallets — until bank regulators decided that holding consumer funds was a banking activity regardless of what you called the container.

“Agentic” is the word that is currently acquiring legal significance, in real time, in ways that will determine the regulatory and liability landscape for autonomous AI systems for the next decade. The definitional fight is happening simultaneously in multiple venues: US federal agency guidance documents, EU AI Act implementation proceedings, commercial contract litigation, and the emerging body of case law around AI-related harms. Understanding what is being fought over, and why the definition matters so much, requires setting aside the technology company’s casual use of the word and understanding what regulators and lawyers need the word to do.

Regulators need definitions that trigger regulatory obligations. The EU AI Act’s classification of AI systems as “high-risk” or not determines which systems require conformity assessments, technical documentation, human oversight mechanisms, and regulatory registration before deployment. The Act’s text focuses on “autonomy” as a distinguishing feature of systems requiring heightened scrutiny — systems that operate “without direct human oversight” or that “make autonomous decisions” are treated differently from systems that assist human decision-making.

This creates an immediate and commercially significant definitional question: at what point does an AI system cross the line from “AI-assisted decision-making” (lower regulatory burden) to “autonomous AI decision-making” (higher regulatory burden, including in some cases prohibition for certain use cases)?

The answer matters enormously for product design. A company that classifies its agent as “AI-assisted” rather than “autonomous” avoids a substantial compliance cost — but if a regulator or court later determines the classification was incorrect, the company faces not just retroactive compliance costs but potential liability for operating an improperly classified system. Several companies that built their products on the “AI-assisted” classification in 2024 and 2025 are currently in dialogue with regulators about whether that classification holds as their systems have been updated to take more consequential autonomous actions.

The US regulatory landscape is more fragmented and currently less prescriptive than the EU’s, but it is not dormant. Several sector-specific regulators are developing their own operational definitions of agentic AI that trigger specific oversight requirements. The Consumer Financial Protection Bureau has issued guidance — not yet rulemaking, but guidance that courts will reference — on AI systems that make credit decisions, framing “autonomous” credit decisions as those where no human reviews the decision before it affects the consumer. The FTC has opened investigations into agentic AI systems that take consequential consumer-facing actions, using its unfair or deceptive practices authority as the jurisdictional hook.

What is emerging from US regulatory activity is a functional test for “agentic” that focuses on consequence and reversibility rather than architectural characteristics. A system is effectively treated as “agentic” for regulatory purposes when it takes actions that: (1) have real-world consequences for people outside the deploying organization, (2) are not reviewed by a human before execution, and (3) are not easily reversible after execution. This functional test cuts across the architectural distinctions between “pipelines” and “true agents” that the technology industry considers important — a sophisticated pipeline that executes irreversible consumer-facing decisions without human review looks agentic to a CFPB examiner regardless of what its architecture diagram looks like.

Contract law is a third venue where “agentic” is acquiring legal meaning, and it is more immediately consequential for most enterprises than regulatory classification. When an enterprise deploys an agent that acts under its authorization and that agent causes harm, the question of who bears contractual liability — the enterprise, the AI vendor, the orchestration platform provider — is determined partly by contract terms and partly by how courts characterize what the agent was doing.

The contracts between enterprises and AI vendors are evolving rapidly, with AI vendors pushing hard to limit their liability to direct damages for system non-performance rather than consequential damages for incorrect outputs or unauthorized actions. The standard AI service agreement from every major provider in 2027 contains explicit language disclaiming liability for agent outputs and insisting on user responsibility for agent action scope. These disclaimers are being tested in litigation — their enforceability against claims that the vendor had notice of a specific risk and failed to disclose it is not yet established.

The enterprise contracts with their customers are less carefully drafted on AI agent questions, because most enterprises did not anticipate, when they last renegotiated their master service agreements, that they would be deploying autonomous agents on behalf of those customers. The legal team at a financial services firm that deployed an agent to manage customer portfolio rebalancing recently discovered, on reviewing their client agreements, that the agreements were written for human-managed services and did not address the scenario of an agent acting on client accounts. The gap creates liability exposure that the financial firm is now trying to address through agreement amendments — a slow and politically sensitive process with clients who are asking pointed questions about why amendments are needed.

The employment law dimension is less discussed but consequential. When an autonomous agent takes an action that violates an employment law requirement — fails to consider diversity in hiring recommendations, makes a compensation decision that has disparate impact, terminates a workflow based on a factor that would be a discriminatory basis for an employment decision — who is responsible? The employment law framework clearly identifies the employer as responsible for employment decisions made by their agents (in the traditional sense: their employees and contractors). Whether an AI agent is sufficiently analogous to an “agent” in the employment law sense that employment discrimination liability attaches is an open question.

The Equal Employment Opportunity Commission issued a technical assistance document in 2024 that suggested employer liability attaches to AI systems used in employment decisions, regardless of whether a human was in the loop for each individual decision. That document is not binding precedent. It is the position that the EEOC will likely take in enforcement actions, which effectively shapes behavior regardless of its ultimate legal force.

There is an important second-order effect to the definitional battles that the technology industry typically underweights: the definitions that emerge from litigation and regulation shape what gets built. If the functional test for “agentic” (and its associated compliance burden) is “irreversible consumer-facing action without human review,” systems will be designed to include human review checkpoints for irreversible consumer-facing actions — whether or not those checkpoints are operationally valuable — simply to remain in the lower-burden classification. If liability for agent errors flows to deployers rather than model vendors, enterprises will make more conservative deployment choices, restricting agent scope to reduce the surface area of potential liability. The legal framework does not just regulate the technology; it shapes what technology gets deployed.

This influence is not always bad. The pressure to include human oversight mechanisms for consequential agent actions is aligned with good operational practice; legal requirements that mandate it may force discipline that commercial pressure would not produce independently. But the regulatory framework can also create distortions: requirements designed for one risk profile applied to systems with a different risk profile, compliance burdens that favor large incumbents over small innovators, liability rules that make beneficial uses uneconomic.

The current moment — where the definitions are being written — is the moment when the technology industry’s engagement with the regulatory and legal process matters most. The definitions that emerge in the next two to three years will govern the technology for the next decade, and they will be written with or without meaningful technical input about what the systems actually do, how they actually fail, and what oversight mechanisms actually work. The organizations with the most at stake have a strong interest in contributing to that process rather than arriving later to discover that the definitions were written by people who misunderstood the technology.

“Agentic” will acquire a legal definition. The industry can influence what that definition says or it can discover what it says after the fact. The second path is historically the more expensive one.

The contract drafting implications of this definitional flux deserve practical attention. Most enterprise AI vendor agreements in 2027 are written on templates that were drafted in 2024 or 2025, before the full scope of agentic deployments was clear. Those templates address questions like data processing, output ownership, and service levels, but they often fail to address the questions that matter most for agentic deployments: who is responsible when the agent takes an unauthorized action, how are disputes about agent authorization scope resolved, what obligations does the vendor have to disclose known failure modes of the agent’s autonomous decision-making, and who bears liability for harms caused by the agent’s incorrect inferences.

Legal teams reviewing AI vendor agreements in 2027 are improvising, trying to introduce language about agentic behavior into contracts that were not designed to contain it. The results are often inconsistent — some provisions carefully address autonomous action liability while adjacent provisions implicitly assume the model only produces text outputs for human review. The inconsistency creates ambiguity that benefits whoever has more litigation resources when a dispute arises.

The standards bodies have begun work on contract language frameworks for AI agent agreements — the equivalent of the standard cloud computing agreement templates that emerged after sufficient case law and negotiating experience had accumulated to establish common positions. Those frameworks are two to four years from maturity, by any reasonable estimate. In the interim, organizations with sophisticated legal teams are drafting novel provisions; organizations without them are accepting vendor-standard terms that were written to favor the vendor’s liability position.

This is an area where the large enterprises with experienced AI legal counsel are building a meaningful capability advantage over smaller organizations that are using general commercial counsel for their AI agreements. The provisions that get negotiated into agreements now will shape liability exposure for years — long after the specific technology versions being contracted for have been deprecated. The legal infrastructure around agentic AI is being built in real time, and the organizations treating it as strategic rather than administrative are positioning themselves substantially better for the disputes that are coming.