Singapore's Infocomm Media Development Authority has released the first systematic government attempt to map civil liability when autonomous AI agents cause harm to third parties. The 36-page discussion paper, titled "Legal Responsibility for AI Agents" and released in May 2026, consolidates months of work by a working group of over 20 legal experts from government, academia, private practice, and industry.

The timing is critical. Agentic AI systems, software capable of planning, deciding, and taking actions across digital environments with minimal human oversight, are moving rapidly from research labs into live commercial deployments. Yet the legal question of who bears responsibility when such a system behaves unexpectedly remains largely unanswered across most jurisdictions. For organizations deploying agents in customer-facing or enterprise settings, this ambiguity has become an operational and governance challenge that can no longer be ignored.

What Makes an AI Agent Different from Other Software?

The Singapore paper identifies three core features of agentic AI that matter most for legal liability. The first is autonomy, referring to the degree to which a system operates without human intervention between instruction and outcome. Reduced human involvement may diffuse accountability and increase the risk of misaligned or unexpected behavior. The second is planning and decision-making, the capability to break a task into sub-tasks, choose among alternative courses of action, and adapt when initial approaches fail. This raises the risk of an agent pursuing a wrong plan to complete an assigned task. The third is action-taking and tool-use, the ability to effect real changes in digital or physical environments by interacting with other systems, including other agentic systems.

The paper also flags rapidly emerging features that legal frameworks must anticipate. These include computer use agents that navigate screens and browsers as a human would, multi-agent systems where separate agents specialize and collaborate within or across enterprises, and evolving human-agent interfaces that may reduce meaningful user oversight.

Who Is Actually Responsible in the AI Agent Supply Chain?

One of the paper's central findings is what the working group calls "the value chain problem." Between an AI model and the harm it eventually causes, a proliferation of actors now exists. According to the Singapore framework, the categories of actors relevant to legal liability include:

• Model Developers: Provide the large language models that enable agents to reason and plan.
• Tooling Providers: Supply the tools agents can call, such as APIs or Model Context Protocol servers.
• Platform Providers: Offer the environments on which agents are built.
• System Providers: Use those platforms to assemble agents, sometimes described as app developers.
• Deployers: Use agentic AI for enterprise-level purposes.
• End Users: Individuals using agents for professional or personal activities.
• Third Parties: Those affected by agentic AI without being party to any agreement governing its use.

In practice, these categories overlap significantly. A single organization may act simultaneously as model developer and consumer-facing product provider. The working group notes that these categories are intended as helpful archetypes rather than watertight legal definitions.

The proliferation of actors creates two distinct problems. First, a problem of principle: even if the full facts of an incident can be established, it may not be clear who is to blame or in what proportion blame should be shared. Second, a practical evidential problem: in many situations, it may not be practically feasible to determine the full facts at all, given cost, time, or trade secrecy constraints.

How Do Existing Laws Handle AI Agent Liability?

The Singapore paper examines whether existing legal frameworks can address agentic AI incidents. According to the working group, a majority considered that many cases could be addressed through existing common law frameworks, particularly contract law and the tort of negligence, though the law may need adaptation for agentic AI.

Contract law allows parties to pre-allocate risk and define responsibilities before an agent is deployed. But contract is limited by the doctrine of privity: only parties to the agreement can enforce it. Third parties harmed by an agent generally cannot invoke contractual protections agreed between other actors in the chain.

The tort of negligence requires establishing that a defendant owed a duty of care, breached it, and caused recoverable damage. According to the Singapore framework, the elements of negligence are generally consistent across common law jurisdictions: duty of care, breach, causation, remoteness, and proof of loss. For agentic AI, however, each of these elements runs into difficulties.

On duty of care, proximity is a problem. Even if a system provider was best placed to prevent a harmful action, it may not have had a sufficiently close relationship with the injured third party to give rise to a duty of care. Establishing proximity for a product deployed at scale, potentially interacting with parties the developer never anticipated, raises questions the working group did not fully resolve.

On foreseeability, agents are already known to act in emergent ways, pursuing unexpected plans, exploiting loopholes, or escalating actions beyond the scope of their instructions. The paper distinguishes between foreseeability of the risk of harm, foreseeability of the type of harm, and foreseeability of the method or manner of harm. The law generally does not require the precise method of harm to be foreseeable, only the type. But as agents become more general-purpose, their actions may produce truly unforeseeable types of harm, at which point the question becomes a policy decision: should the loss lie where it falls, or should it still be assigned to an actor in the chain?

On causation, proving which actor caused an incident may be impossible. For deterministic components, code can be examined but requires specialist skill and significant cost. For non-deterministic portions derived from machine learning, a review must extend beyond code inspection into the training data and model behavior itself, a process that remains technically and legally uncharted territory.

What Does This Mean for Organizations Building AI Agents?

The Singapore paper does not provide policy recommendations. Instead, it aims to serve as a resource for policymakers seeking an initial understanding of the key legal challenges. However, the implications for organizations are clear: the legal landscape for agentic AI is still being written, and liability allocation remains uncertain across most jurisdictions.

The paper's focus on civil liability and private law, with specific attention to Singapore law, acknowledges that agentic AI raises broader legal issues across criminal, regulatory, and data protection domains. As agentic systems move into production deployments across customer-facing and enterprise settings, organizations will need to monitor how courts and regulators interpret these frameworks in real-world incidents.

The Singapore working group's effort represents one of the first systematic attempts by any government body to map how civil liability should be allocated when autonomous AI systems act on behalf of users and cause harm to third parties. As more organizations deploy agents at scale, this framework may serve as a template for other jurisdictions grappling with the same fundamental question: in a world where software can plan, decide, and act with minimal human oversight, who bears the cost when something goes wrong?