Let me start with a confession. A few weeks ago, I let an AI agent plan a trip for me — flights, hotel, a dinner reservation, the works. I typed two sentences and went to make coffee. By the time I came back, the thing had booked all of it. I felt like a wizard.

That feeling lasted about an hour — until I noticed it had reserved the hotel for the wrong week.

It was a small mistake, easily fixed (a slightly mortifying phone call, a change fee I argued my way out of). But standing there in my kitchen, I had a question I couldn’t shake: if that booking had been non-refundable — if the agent had spent real money on my behalf, confidently and incorrectly — whose fault would it have been? Mine, for trusting it? The company that built it? The travel site that accepted the booking? The answer, it turns out, is “nobody is quite sure.” And that should worry you more than a wrong hotel date.

First, what makes an “agent” different

We need one definition before we go further (I promise it’s the only homework). The chatbots you’re used to answer. You ask, they reply, and what you do with the reply is on you. An AI agent is different in one consequential way: it doesn’t just answer — it acts. It clicks the buttons, fills the forms, moves the money, sends the email, signs the thing. It is autocorrect with a credit card and a to-do list.

That shift — from advice to action — quietly breaks the assumption underneath most of our laws. Liability, for centuries, has run on a simple idea: a person made a choice, so we can find that person and ask them to make it right. But when a system plans and acts on its own, over hours or days, pursuing a goal you only sketched in two sentences, the line from “harm” back to “a human decision” gets very long and very faint.

Here is the part the vendors would rather you not dwell on: handing a task to an agent does not hand off your responsibility along with it. If anything, it concentrates that responsibility on you — the person who deployed it.

We already have a preview of how this goes

This isn’t hypothetical. We got a dress rehearsal in 2024, courtesy of Air Canada.

A grieving traveler named Jake Moffatt asked the airline’s website chatbot about bereavement fares. The bot told him, confidently, that he could book now and claim the discount retroactively. That was wrong — it contradicted the airline’s actual policy — and when Air Canada refused to honor it, Moffatt took them to British Columbia’s Civil Resolution Tribunal. Air Canada’s defense was, I think, a glimpse of every company’s first instinct in the agent era: it argued the chatbot was, in effect, a separate entity responsible for its own words.

The tribunal didn’t buy it. It held Air Canada liable for the misleading information its chatbot gave, ruling that because the bot was “a part of Air Canada’s website,” the airline “was responsible for all information provided, including that from the chatbot.” The damages were almost comically small — about 800 Canadian dollars. The principle was not: you own what your AI says.

So that’s settled, right? The company that deploys the bot pays. If only.

Why the agent era is harder than a wrong fare

Moffatt was almost quaint: one bot, one bad sentence, one customer, one airline. An agent that books, buys, negotiates, and signs is a different animal — and the contracts being written around these tools are quietly engineered to make sure the mistake lands on you.

The law firm Clifford Chance put it bluntly in a recent analysis: “customers often bear the risk of actions taken by AI agents.” If an agent “incorrectly authorises a supplier payment, mispriced a product, or issues misleading communications,” they note, the vendor’s disclaimers “often absolve them of responsibility” — and the customer “is generally left without a clear legal pathway to recover the costs.” Read that twice. The company that builds and controls the agent writes the terms so that you, who merely used it, absorb the consequences when it misbehaves.

That’s the gap. Not a loophole someone forgot to close — a gap the fine print is actively widening.

Meanwhile, in Europe

Here is where things get interesting, because different parts of the world are choosing very different answers — and watching them is like watching a controlled experiment in who-pays.

The European Union, true to form, reached for product law. Its revised Product Liability Directive now explicitly counts software and AI as “products” — meaning a defective AI can trigger the same strict liability as a defective toaster, with member states required to write it into national law by December 2026. Promising, if you’re the consumer.

But — and this is the catch — the EU also quietly withdrew its proposed AI Liability Directive in October 2025, the very rulebook that was supposed to handle fault (someone behaved carelessly) as opposed to defect (the product was broken). So Europe has built half a bridge: if your agent is “defective,” there may be a path; if it merely did something careless that no one can quite trace, you’re back in the fog.

Singapore took the opposite tack — not a product recall mindset, but a governance one. At the World Economic Forum in January 2026, it launched what it calls the world’s first governance framework written specifically for AI agents. Its through-line is refreshingly blunt: “humans are ultimately accountable.” Not the model. Not the vendor’s lawyers. A human, by name, on the org chart.

Two philosophies, one shared instinct: somebody has to be on the hook, so let’s decide who before the bill arrives. The United States, meanwhile, has mostly decided to find out the hard way.

Now imagine the next few years

Let me get a little speculative — because the technology is sprinting in one obvious direction, and it’s worth picturing where it lands.

Today your agent talks to a website. Soon it will talk to other agents. Your shopping agent negotiates with a store’s sales agent; your calendar agent haggles with your colleague’s; your financial agent quietly rebalances things while you sleep. Now picture a single bad assumption — a misread date, a hallucinated discount, a fat-fingered “yes” — propagating through that web at machine speed, across a dozen automated counterparties, before any human has had their morning coffee.

When the dust settles and someone has lost real money, the forensic question becomes almost philosophical. Which agent “decided”? The one that proposed, or the one that accepted? The developer who trained it, the company that deployed it, or you, who said “handle my finances” and went to sleep? Our entire apparatus of responsibility assumes we can answer that. An economy of agents negotiating with agents may make it genuinely unanswerable — unless we insist, now, on keeping a human name attached to every consequential action.

What the smart people are saying

The encouraging news is that serious people see the gap and are converging on the same fix. The lawyers (Clifford Chance among many) are warning clients that their contracts are dangerously out of date. Regulators like Singapore’s are codifying the principle that autonomy never dissolves human accountability. And courts — see Moffatt — are already refusing to let “the bot did it” work as a defense. The direction of travel is clear: responsibility flows to the humans who deploy and benefit, not to the software that acts.

The danger isn’t that we lack the principle. It’s the lag — the years between agents going mainstream and the rules catching up, during which the fine print fills the vacuum, and the fine print is not written in your favor.

What does this mean for you?

You don’t need a law degree to protect yourself in the meantime. A few concrete habits:

• Read what you’re agreeing to before you delegate. When a tool offers to “act on your behalf,” skim the terms for who’s liable when it errs. If the answer is “you, always,” treat that tool like a teenager with your credit card.

• Scope the authority. Give agents spending caps, approval thresholds, and narrow lanes. “Book under $300, otherwise ask me” is a sentence that can save you a fortune.

• Keep a human checkpoint on anything that signs or pays. Convenience is the whole pitch, I know — but a five-second confirmation on irreversible actions is the cheapest insurance you’ll ever buy.

• Keep the receipts. Logs of what the agent did, and when, are your evidence if you ever have to argue it wasn’t your instruction.

• Ask for accountability before you buy. The market will give us clearer liability terms exactly when enough of us demand them — and not one day sooner.

The lesson, as I see it

We are being handed something genuinely marvelous — software that doesn’t just advise but does — and we are being handed it faster than we are being told who pays when it does the wrong thing. That’s not an argument against agents. I’ll keep using mine (with a much shorter leash, and a closer eye on the hotel dates).

It’s an argument against the quiet transfer of risk that’s happening while we’re dazzled. “The AI did it” cannot be allowed to become the 21st century’s version of “computer says no” — a shrug that ends the conversation right when accountability should begin it. Somebody is always on the hook. My vote? Make sure you know who before you hand over the keys — and make very sure it isn’t you by default.

This piece was written for the HAIA Foundation. If it gave you something to think about, the conversation continues over on our Substack.