As artificial intelligence moves from generating text to taking direct action, the legal frameworks governing its use are struggling to keep pace.
The shift from AI as a tool producing outputs to AI as an agent executing tasks represents a fundamental structural change, not a minor technical update.
Traditional AI systems produced documents or summaries that a human would review before any action was taken, keeping accountability clearly with the person at the keyboard.
Agentic AI systems are different — they interpret goals, select their own paths, chain actions across multiple platforms, and can trigger real-world consequences without a human in the loop.
Those consequences can include modifying records, sending communications to third parties, or initiating workflows that create binding legal obligations.
Standard contract language has not caught up with this reality, with most agreements still containing clauses that read: “Customer is solely responsible for all outputs.”
That clause assumes the customer can both control and observe what the system is doing at every stage, an assumption that breaks down rapidly in genuinely agentic environments.
Legal commentator and Berkeley Law professor Olga V. Mack has argued that clarity emerges when contracts are anchored to one core principle: “If a party does not control how a system behaves, it should not carry full responsibility for that behavior.”
This “Control and Visibility” model is designed to offer a practical framework rather than another layer of theory, encouraging legal teams to map a system’s behaviour before negotiating who owns its risks.
Mack notes that when an agent produces an unexpected result, the cause often sits across multiple domains, where a prompt interacts with a model and a configuration interacts with a guardrail simultaneously.
Contracts that assign responsibility without mapping those control layers are not genuinely allocating risk but are, in effect, simply guessing at who should bear the consequences.
For in-house legal teams, the practical implication is significant: before reviewing any AI contract clause, they should work with product and engineering teams to map exactly who influences system behaviour.
Visibility is the second half of the equation, and it is where many current agreements fail in ways that only become apparent after something has already gone wrong.
Promises of “logs upon request” or “commercially reasonable monitoring” can sound adequate during negotiation but prove hollow when a firm needs to reconstruct the sequence of events following an unexpected regulatory contact.
The question of who is responsible when an AI agent sends an unsanctioned email to a regulator is no longer hypothetical, and the contracts being signed today will determine who answers for it.

