Who is liable if the AI agent makes an error?

Who is liable if the AI agent makes an error? Contract law, liability exclusion, and escalation model explained for SMEs.

Hand-drawn sketch: one hand passes another hand a signed contract with a stamp

The AI agent answers twenty customer inquiries at night, books appointments, and creates offers. On Monday morning, it becomes apparent: one inquiry was assigned incorrectly, an offer was sent with the wrong price. For many SMEs, the actual question at this moment is not technical, but legal in nature: Who bears the damage—the provider of the automation or the company itself?

Who is fundamentally liable if an AI agent makes an error?

The use of AI does not initially change the fundamental principles of contract law: whoever violates a contractual or statutory obligation is liable, regardless of whether a human or an AI system caused the concrete error. This is also confirmed by the classification of the specialist portal Legal Tribune Online on liability in AI use. For an SME, this means in practice: whoever operates and controls the AI agent bears responsibility to their own customers first and foremost, regardless of whether the cause lies in their own process or in the software used. Only in the second step does the question arise whether and to what extent the company can pass on the damage to the automation or software provider internally, and the contract with this provider regulates exactly that.

Service contract or contract for work: Why the classification determines liability

Whether an automation project is classified as a contract for work or as a service contract significantly determines how strict the liability is. With a contract for work, the provider owes a specific, defect-free result: if the AI agent consistently delivers incorrect results due to a configuration or training error, this is a defect for which remediation, reduction, or damages can be demanded regardless of fault. With a service contract, the provider, on the other hand, only owes diligent effort, not a specific result; liability here typically requires demonstrable fault. In many automation projects, this is not clearly separated contractually, although this classification is decisive in case of dispute.

What liability exclusion clauses actually accomplish in practice

A liability exclusion for AI errors is only reliable if it reflects technical reality and remains comprehensible to both parties, as the law firm Herfurtner notes in their assessment of AI liability exclusion. Moreover, a complete liability exclusion in terms and conditions is regularly ineffective once gross negligence, intent, or violation of material contractual obligations comes into play. In practice, a liability limitation instead of a total exclusion has proven successful: a maximum liability amount per damage incident, exclusion of indirect consequential damages such as lost profit, and a gradation according to degree of fault. An SME that signs an automation contract should see exactly these three points specifically named, rather than relying on a blanket clause.

Why an escalation model mitigates the liability question in practice

An AI agent that automatically escalates to a human when uncertain instead of deciding independently significantly reduces liability risk because the final decision demonstrably remains with a person. We build AI agents for clients at NordFlux following exactly this principle: edge cases, such as unusually high invoice amounts or contradictory customer data, are not automatically waved through but escalated to a human for approval. This is not a legal formality but lived due diligence: a complete record of who made or approved which decision when is often the crucial evidence in case of dispute that the company took its control obligations seriously. Anyone planning automation should establish these escalation thresholds from the beginning in their own AI consulting, not only after the first error occurs.

What becomes important with the new product liability from end of 2026

With the reformed EU Product Liability Directive, software and AI systems are for the first time explicitly considered products in the sense of liability law, as the law firm Bird & Bird outlines in their assessment of the new directive. Member States must transpose the directive into national law by December 9, 2026; for products placed on the market after that, a reversal of burden of proof also applies for complex AI systems: no longer must the injured party prove the defectiveness, but the provider must prove freedom from defects. In parallel, from August 2, 2026, the full obligations of the EU AI Act apply for high-risk systems, with fines of up to 35 million euros or 7 percent of global annual turnover. For most automation in SMEs, as we have shown in our article on the EU AI Act for SMEs, this is not the decisive hurdle, but an additional reason to review contracts with automation partners now rather than in 2027.

This assessment does not replace legal advice in individual cases. For specific contract drafting, particularly liability clauses and escalation thresholds, a review by a specialist lawyer for IT law is recommended.

By Simon Glowik, published on July 9, 2026.

Frequently Asked Questions

Is my company liable for AI agent errors even if the error lies with the software provider?

Toward its own customer, initially the company that deploys and controls the AI agent is liable. Whether and to what extent damages can subsequently be claimed from the automation or software provider is determined by the contract concluded with that provider, particularly the liability clauses agreed upon there.

What distinguishes a contract for work and a service contract in an automation project?

With a contract for work, the provider owes a concrete, defect-free result and is liable for defects regardless of fault. With a service contract, the provider owes only diligent effort; liability here typically requires demonstrable fault.

Can I completely exclude liability for AI errors in my terms and conditions?

No, a complete liability exclusion in terms and conditions is regularly ineffective once gross negligence, intent, or material contractual obligations are affected. A liability limitation with a maximum amount instead of a total exclusion is more common and reliable.

Is an escalation model with human-in-the-loop legally required?

For most automation in SMEs, it is not an explicit legal requirement, but an effective demonstration of due diligence. A documented escalation model shows in case of dispute that critical decisions were made by a human.

Does the EU AI Act change the contractual liability for AI agents?

The EU AI Act primarily regulates supervisory obligations depending on risk class, not the civil liability itself. Most automation in SMEs falls into a low-risk class, as our article on the EU AI Act for SMEs classifies it.

About NordFlux

NordFlux UG (haftungsbeschränkt)

NordFlux builds digital employees for organisations: automations and AI agents that take over repetitive work. You stay in control.

More about us
Read more

Related posts

Free initial analysis

Concrete questions about automation or AI?

In a free initial analysis we discuss your case directly. No strings attached.