Contracting for agentic AI and AI procurement

The shift to agentic AI has direct contractual consequences. Standard terms written for generative AI systems may not adequately address deployments where the system acts with a degree of autonomy. 

This article highlights the areas where standard terms are most likely to need tailoring for agentic deployments and evolving approaches to AI and procurement.

Scope and permissions

As agentic systems act within permissions rather than simply producing outputs, the scope of those permissions becomes a core contractual issue.

Not all permissions will carry the same risk. A system permitted to read data presents a materially different profile from one permitted to send communications, execute transactions or trigger downstream processes.

Contracts should reflect that hierarchy by defining not just what the system can access, but what it can do - and by calibrating authorisation requirements to the consequence of the action.

Performance and warranties 

Once the permission boundary is defined, the next question is what counts as operating properly within it. Given agentic systems may produce different outputs given the same input, traditional software-style warranties that the system will perform in accordance with its specification are harder to apply.

A more useful approach may be to define expected behaviour: what kinds of actions fall within the system's intended scope, and what falls outside it. That gives both parties a clearer basis for assessing performance and - as set out below - links more directly to liability.

Human oversight and intervention

Given an agentic system may take consequential steps at speed, contracts need to address how human oversight operates in practice as part of broader legal governance risk management and compliance measures. That includes what triggers human review, where approval gates sit, and what happens if those controls fail.

A related issue is intervention. Customers may need a clear right to suspend or disable agentic functionality quickly - together with clarity on how fast that right must take effect and what support the supplier must provide during an incident.

Liability allocation

In an agentic context, the system may take action before any human decision has been made - including actions that affect third parties or appear to commit the organisation externally.

Contracts therefore need to address responsibility where the system acts within its technical permissions but outside the customer's intended scope, where failures arise across a wider vendor chain, and what remedies are available where harm has already occurred before the customer becomes aware of the problem.

This links back to defining expected behaviour (see above under “Performance and warranties”) - if the system has acted outside what was agreed, the contractual basis for attributing responsibility becomes clearer.

Audit and evidence 

Where an agentic system has taken a series of autonomous steps, the customer may need to establish what happened, when and why - for regulatory enquiries, third-party claims, internal investigations and incident response.

Contracts should therefore address what the supplier is required to log, at what level of granularity, whether those logs are accessible in a usable format, and how fragmentation is handled where relevant records sit across multiple providers or systems.

Exit and continuity

Where agentic functionality becomes embedded in core business processes, exit provisions may take on greater significance than in conventional software procurement.

Contracts should address whether workflow configurations, decision logs and operational history are available to the customer on termination in a portable and usable format, and what the supplier may retain after termination and for what purpose.

How this relates to governance

Agentic AI changes not just what the system does, but what the contract needs to say. Contractual protections alone are only one part of an overall risk mitigation strategy - as with AI more broadly.

Internal governance frameworks that address how agentic systems are deployed, monitored and - where necessary - stopped will still be key across both AI procurement and operational deployment.

Explore our AI capabilities by visiting our AI hub.