When an AI agent causes harm in 2026, who pays? The short answer: the people who built, modified, or deployed it — not ‘the AI.’ Here is the AI agent liability map across California’s AB 316 and the EU’s new strict-liability regime.
Who is liable when an AI agent causes harm?
When an AI agent causes harm in 2026, liability flows first to the people and companies that built, modified, or deployed it — not to ‘the AI’ as some autonomous entity. Two legal changes drove this: California’s AB 316 removed the ability to blame an AI’s autonomy as a defense, and the EU’s revised Product Liability Directive now treats AI software as a product that can trigger strict liability when it’s defective.
The practical center of gravity for AI agent liability is the deployer — the organization that put the agent in front of users — though responsibility can reach up and down the chain to the model developer, the fine-tuner, and the integrator. The rest of this guide maps exactly how, and what to do about it.
There is no ‘the AI did it’ defense anymore. AI agent liability traces to humans and companies: the deployer first, and potentially the developer, fine-tuner, and integrator. California (AB 316) and the EU (revised Product Liability Directive) both close the autonomy loophole, by different routes.
What changed: California AB 316 killed the ‘autonomous AI’ defense
California‘s AB 316, signed October 13, 2025 and effective January 1, 2026, bars a defendant from arguing that an AI system acted autonomously to escape liability. You can no longer tell a court ‘the model did it on its own, so it’s not on us.’
Crucially, AB 316 does not create strict liability — a plaintiff still has to prove the AI caused the harm and that the harm was foreseeable. What it removes is the autonomy shield. And it reaches broadly: it applies to anyone who ‘developed, modified, or used’ an AI system, which sweeps in the foundation-model developer, the company that fine-tunes it, the integrator that builds it into a product, and the enterprise that deploys it. Defendants keep their other defenses — causation, foreseeability, the fault of other parties — but not the one that mattered most for agents.
“AB 316 doesn’t say the AI is guilty. It says you can’t hide behind the AI’s autonomy when it isn’t.”
The core of California’s 2026 AI agent liability rule
The EU’s strict-liability turn: the revised Product Liability Directive
The EU’s revised Product Liability Directive (PLD) makes AI agent liability potentially strict: if a defective AI product causes harm, the injured person can recover without proving fault. Member States must implement it by December 9, 2026, and it covers software and AI systems (within the meaning of the EU AI Act) placed on the market after that date.
The sharpest edge for operators is reclassification. A company that merely deploys a high-risk AI system can be treated as its provider — and then as a manufacturer under the PLD — by doing any of three things: putting its own name or trademark on the system, making a substantial modification to it, or changing its intended purpose in a way that makes it high-risk. Do any of those and you inherit manufacturer-grade liability for the result.
Under the EU PLD, a deployer becomes a ‘manufacturer’ (and inherits strict liability) by: (1) branding a high-risk AI system as its own, (2) substantially modifying it, or (3) repurposing it into a high-risk use. Know these before you white-label an agent.
Who in the chain is actually on the hook?
AI agent liability is not a single defendant — it is a chain, and the deployer is usually the first link a plaintiff reaches. Here is how responsibility typically distributes.
| Role | Typical exposure |
|---|---|
| Deployer (puts the agent in production) | First in line — owns foreseeability, oversight, and how the agent was used |
| Integrator (builds the agent into a product) | Liable for how components were combined and configured |
| Fine-tuner / customizer | Exposure for modifications that introduce or worsen a defect |
| Foundation-model developer | Reachable for defects in the underlying model; EU PLD can pull them in |
| The ‘AI’ itself | Not a legal person — cannot hold liability (that’s the whole point) |
How to limit your AI agent liability
You reduce AI agent liability the same way you reduce any product liability: foreseeability, oversight, documentation, and contracts. Concretely, in 2026:
This is an explainer, not legal advice. AI agent liability turns on specific facts and jurisdictions — consult qualified counsel for your situation.
Document testing and foreseeability
Because AB 316 keeps foreseeability in play, your evals, red-teaming, and risk assessments are evidence. Record what failure modes you anticipated and how you tested for them.
Keep meaningful human oversight
The less truly ‘autonomous’ the high-stakes actions are, the better your position — both legally and operationally. Gate consequential actions behind review.
Log the delegation chain and decisions
Capture what the agent did, on whose authority, and why. An audit trail (including the user→agent delegation) is your strongest factual defense when causation is litigated.
Mind the EU reclassification triggers
Don’t unknowingly become a ‘manufacturer’: be deliberate about branding, substantial modifications, and repurposing high-risk systems.
Use contracts, indemnities, and insurance
Allocate risk explicitly with vendors and customers, and look at the emerging AI liability insurance market to transfer residual exposure.
Builder’s take
Running Cyntr, I read the 2026 AI agent liability shift as the end of a comfortable fiction. For two years ‘the model did it on its own’ was an implied shield. AB 316 and the EU’s product-liability rewrite take that shield away and point the finger back up the chain — at whoever shipped the thing. As an operator, I’d rather know that now than in a deposition.
- Assume the deployer is on the hook first — if you put the agent in front of users, the law starts with you.
- ‘It acted autonomously’ is no longer a defense in California; build as if a court will ask what you foresaw and tested.
- Your logs are your defense: capture what the agent did, why, and on whose authority (the delegation chain) before you need it.
- Watch the EU reclassification triggers — slapping your brand on a high-risk system or changing its purpose can turn you into the ‘manufacturer.’
Frequently asked questions
The humans and companies behind it — typically the deployer first, and potentially the integrator, fine-tuner, and model developer. As of 2026 you cannot blame the AI’s autonomy: California’s AB 316 removed that defense, and the EU’s revised Product Liability Directive treats AI as a product subject to strict liability.
Not in California. AB 316 (effective January 1, 2026) bars defendants from using an AI system’s autonomous operation as a liability defense. You can still contest causation and foreseeability — just not autonomy.
No. A plaintiff must still prove the AI caused the harm and that it was foreseeable. AB 316 only removes the autonomy defense; the EU’s Product Liability Directive is the regime that introduces strict liability for defective AI products.
When it puts its own name or trademark on a high-risk AI system, substantially modifies it, or changes its intended purpose into a high-risk use. Any of these can reclassify a deployer as a provider/manufacturer and attach strict liability.
Document testing and foreseeability, keep human oversight on consequential actions, log the agent’s decisions and delegation chain, avoid unintentionally triggering EU reclassification, and use contracts, indemnities, and insurance to allocate residual risk.
Member States must implement it by December 9, 2026, and it covers software and AI systems placed on the market or put into service after that date.
Primary sources
- California eliminates the ‘autonomous AI’ defense: what AB 316 means — Baker Botts
- California just deleted the ‘AI did it’ defense (AB 316) — Maybe Don’t, AI
- EU Product Liability Directive: software, AI and complex supply chains — Gibson Dunn
- How the new Product Liability Directive turns AI Act compliance into liability — Freshfields
- AI product liability: the next wave of litigation — K&L Gates
Last updated: May 30, 2026. Related: Governance.
