When Your AI Agent Gets It Wrong, Who Carries the Can?

Key Takeaways

• Agentic AI acts with limited human oversight, and Australian and overseas courts have consistently treated an automated system's conduct as the conduct of the business that deployed it.
• In Trivago the Federal Court held the company liable under the Australian Consumer Law for conduct that included its hotel ranking algorithm, with penalties of $44.7 million. In Air Canada a tribunal rejected the argument that a chatbot was a separate entity responsible for its own actions.
• A vendor's terms of service do not solve this. They bind you and the vendor, not your customer or a regulator, and they usually shift the risk of the agent's outputs onto you.
• New obligations are landing: automated decision-making transparency under the Privacy Act from December 2026 and a digital work systems duty in New South Wales.
• For a board, agentic AI is an oversight question and oversight is a directors' duty. The task is to reduce the chance of harm and to manage the contract stack, up to the vendor and down to customers.

1. 1.In Brief
2. 2.Why Attribution Is the Whole Question
3. 3.The Cases Already Point One Way
4. 4.The Vendor's Terms Will Not Save You
5. 5.The Compliance Overlay Is Already Arriving
6. 6.What This Means for Directors
7. 7.What to Do Now

Agentic AI, software that does not just answer questions but acts on them, booking, buying, emailing and deciding, is moving from pilot to production across Australian business. A recent white paper from the Governance Institute of Australia and others has put it on the board agenda. The harder question for directors is narrower. When an agent makes a mistake, who is liable? The decided cases give a consistent answer. It is not a comfortable one. Most likely, it is the business that deployed the agent.

In Brief

• Agentic AI acts with limited human oversight. Australian and overseas courts have consistently treated an automated system's conduct as the conduct of the business that deployed it.
• In Trivago, the Federal Court held the company liable under the Australian Consumer Law for misleading conduct that included its hotel ranking algorithm. Penalties of $44.7 million followed. In Air Canada, a tribunal rejected the airline's argument that its chatbot was a separate entity responsible for its own actions.
• A vendor's terms of service do not solve this. They bind you and the vendor, not your customer or a regulator. They usually shift the risk of the agent's outputs onto you.
• New Australian obligations are landing: automated decision-making transparency under the Privacy Act from December 2026 and a digital work systems duty in New South Wales.
• For a board, agentic AI is an oversight question. The task is to reduce the chance of harm and to manage the contract stack, up to the vendor and down to customers.

Why Attribution Is the Whole Question

An agentic AI system does more than generate text. It takes actions in the world on the business's behalf. It can read and write to systems, send emails, place orders, set prices and make or recommend decisions, often with a human only loosely in the loop. That autonomy is the selling point. It is also the legal problem, because the more an agent does on its own, the more tempting it becomes to treat its mistakes as someone else's, the software's, the vendor's, the model's. Australian law does not look kindly on that move. The likely position, supported by the cases, is that an organisation's AI agents are treated as part of its systems, not as independent actors whose conduct it can disown the way it might disown a rogue employee acting outside authority.

The Cases Already Point One Way

This is not merely theory. In Australian Competition and Consumer Commission v Trivago NV [2020] FCA 16, the Federal Court held Trivago liable under the Australian Consumer Law for misleading consumers through a hotel ranking algorithm that favoured the booking site paying the highest fee over the cheapest room. Trivago could not hide behind the complexity or the autonomy of the algorithm. The conduct of the system was the conduct of the company. In 2022 the Court ordered Trivago to pay $44.7 million in penalties for its misleading representations: Australian Competition and Consumer Commission v Trivago NV (No 2) [2022] FCA 417.

The point is starker overseas. In Moffatt v Air Canada, 2024 BCCRT 149, the airline's chatbot gave a customer wrong advice about bereavement fares. Air Canada argued that the chatbot was a separate legal entity responsible for its own actions. The tribunal rejected that, holding that the chatbot was part of Air Canada's website and the airline was responsible for everything on it. The award was small, the authority only persuasive, a Canadian tribunal rather than a court. But the principle travels. A business cannot disown its bot.

Attribution is one half. The other is that an agent can commit you. An externally facing agent that negotiates, orders or contracts can bind the business to deals it never specifically authorised. When those deals go wrong, the law has shown it will reach through the machine to the humans behind it. In Quoine Pte Ltd v B2C2 Ltd [2020] SGCA(I) 2, the Singapore Court of Appeal dealt with trades executed by autonomous algorithms at a price 250 times off market. Asked whether the doctrine of unilateral mistake could unwind them, the court held that where a contract is formed by a deterministic algorithm, the relevant state of mind is that of the programmer at the time of programming. The machine acted. The responsibility was traced to the person who built it.

Two qualifications keep this honest. Each of those systems was a rule-based algorithm or a scripted chatbot, not a fully autonomous, non-deterministic AI agent. So the frontier is genuinely untested. Quoine's neat answer, look to the programmer, becomes hard when no human set the parameters that produced the output. But the direction of travel is unmistakable. Every time a court has been asked who answers for an automated system, the answer has been the business that put it to work.

The Vendor's Terms Will Not Save You

It is tempting to assume the vendor's terms of service handle this. They do not, at least not in the way directors hope. A contract with an AI provider binds the business and the provider. It does not bind the customer your agent misled or the regulator investigating it. They never agreed to those terms, so the terms cannot move your external liability onto the vendor. Worse, standard agentic AI terms are drafted for the vendor. They disclaim warranties, supply outputs as they are with no promise of accuracy, place responsibility for using the outputs on the customer, cap the vendor's liability and often require the customer to indemnify the vendor. The deployer is squeezed from both sides, liable to the world and with limited recourse up the chain. Where there is leverage, in a negotiated enterprise agreement, some of this can be clawed back through indemnities, warranties and higher caps. On click-through terms there is none.

The Compliance Overlay Is Already Arriving

All of this sits on top of obligations that are arriving regardless. From 10 December 2026, transparency requirements for automated decision-making take effect under the Privacy Act 1988 (Cth), inserted by the Privacy and Other Legislation Amendment Act 2024 (Cth). Where a system uses personal information to make a decision that could significantly affect a person, including where it substantially assists a human decision, the business must say so in its privacy policy. New South Wales has gone further. Its digital work systems amendments to the Work Health and Safety Act 2011 (NSW), passed in February 2026, are the first of their kind in Australia, extending the employer's safety duty to digital work systems, defined to include algorithms, artificial intelligence, automation and online platforms used to allocate or monitor work. The substantive duty commences on proclamation, so it is on the statute book but not yet in force. The Australian Consumer Law continues to apply, as Trivago shows, to anything an agent says to a customer.

What This Means for Directors

For a board, agentic AI is not an IT procurement detail. It is an oversight question. Oversight is a directors' duty. A director who lets an agent loose across the business without understanding what it can do, what it can commit the company to and how its actions are governed is exposed in the same way as a director who fails to oversee any other source of material risk. The white paper that prompted this is right that boards should be asking questions. The harder part, which the paper leaves lighter, is that the answers are specific to your business, your agents and your contracts. Getting them wrong is not a theoretical risk but a measured one, as Trivago's $44.7 million shows.

What to Do Now

Three steps cost little and help whatever you decide. Map where agents already operate in your business, because adoption usually runs ahead of governance and the board is often the last to know. Read the liability and indemnity clauses in your AI vendor agreements before you rely on them, not after something goes wrong. Treat any agent that can communicate externally or commit the business as a higher tier of risk than one that only drafts internally.

Beyond that, the work is specific. Which agents can bind you, what your vendor terms actually allocate and where your real exposure sits are questions that turn on your own systems and contracts. The wrong assumption is expensive. This is general information, not advice on your situation. Almost every business is now running AI agents in some form. Each has reason to understand where the liability lands before a regulator or a counterparty decides for it.

If your organisation is deploying agentic AI and you want a clear read on where the liability sits and how your contracts allocate it, please get in touch or call (07) 4270 8880.

This article is for general information purposes only and does not constitute legal advice and should not be relied on as such. While we take reasonable care to ensure the accuracy of the information provided, we make no representations or warranties as to its completeness, currency or reliability. We accept no liability for any loss or damage arising directly or indirectly from the use of, or reliance on, this website's content. You should always seek professional advice tailored to your specific circumstances before acting on any information in this article. Liability limited by a scheme approved under Professional Standards Legislation.