A pragmatic approach to regulating AI agents

TL;DR

This paper discusses legal challenges of autonomous AI agents, proposing regulatory classifications and contractual frameworks to ensure accountability within existing legal systems.

Contribution

It introduces a pragmatic legal approach for regulating autonomous AI agents, emphasizing oversight, accountability, and a risk-based task authorization system.

Findings

Agents should be regulated as 'AI systems' under the AI Act.

A 'traffic light' system for task authorization can manage operational risks.

Robust accountability mechanisms are essential for autonomous AI oversight.

Abstract

The current advancement in and deployment of agentic AI systems has created a set of key challenges for the legal frameworks that govern their use. We cover two central components: first, the regulatory classification of agents under the EU AI Act, and second, the legal status and validity of autonomous actions within the established framework of EU contract law. We argue that the unique capacity of agents to autonomously reason, plan, and execute tasks across disparate external systems necessitates a fundamental shift in oversight toward the orchestration layer, where multi-agent interactions introduce novel risks of misalignment. While agents generally utilise general-purpose AI models, we posit that their structural complexity and cross-system permeability require them to be regulated as "AI systems" with distinct obligations under the AI Act. Consequently, our proposals highlight the need for robust accountability mechanisms to manage this heightened autonomy. On the contractual side, we advocate for a "traffic light" system of staggered task authorization based on operational risk and the creation of a statutory list of non-delegable legal acts. By implementing these measures, we provide a pragmatic pathway to ensure that the increasing autonomy of AI agents remains firmly anchored in human accountability and existing legal standards