Singapore's information authority has published a landmark discussion paper examining how legal responsibility should be allocated when AI agents act autonomously, use external tools, and cause harm. The Infocomm Media Development Authority (IMDA) developed the paper with input from Singapore's legal community across government, academia, and industry, addressing a critical gap as organizations increasingly deploy AI agents that make decisions, plan tasks, and take actions with minimal human oversight.

Why Does AI Agent Liability Matter Now?

The timing of Singapore's analysis is significant. While AI agents offer substantial opportunities for automation and productivity gains, they also raise difficult accountability questions when systems behave unexpectedly or cause harm. Unlike traditional generative AI systems, which produce outputs for humans to review and act on, AI agents decompose tasks, choose between alternatives, and adapt when initial approaches fail. This autonomy creates a liability puzzle that existing legal frameworks weren't designed to solve.

The IMDA working group examined whether existing legal doctrines, particularly contract law and the tort of negligence, can address disputes involving AI agents. While the majority view was that many cases could be addressed under existing frameworks, the paper acknowledges significant practical challenges, including the technical complexities of agentic AI systems, the difficulty of allocating responsibility across multiple actors, and the prospect of unforeseeable harms despite reasonable safeguards.

What Makes AI Agents Legally Unique?

The paper identifies three features of agentic AI systems that are particularly relevant to liability. First, autonomy: these systems operate with reduced human intervention between instruction and outcome, making it harder to attribute actions and consequences to a specific person or organization. Second, decision-making: AI agents decompose complex tasks and choose between alternatives, increasing the scope for unexpected or misaligned behavior. Third, action-taking and tool use: AI agents interact with external systems by executing database queries, browsing the web, making API calls, and increasingly operating computers in ways similar to humans.

The range of tools available to an AI agent determines its "action space," and with it, the potential impact when something goes wrong. As agentic AI systems become more independent and wide-ranging, the paper notes that liability rules should reflect where the technology is going, not just where it is now.

Who Bears Responsibility in the AI Agent Value Chain?

A core challenge identified in the paper is the proliferation of actors involved in deploying a single agentic AI system. The IMDA working group identified six distinct roles in the value chain, each with different levels of control and visibility:

• Model developers: Provide the large language models (LLMs) that enable reasoning, planning, and tool selection, but have limited visibility into how their models will be deployed in real-world contexts.
• Tooling providers: Provide the tools that agents call, including APIs, browser automation, and Model Context Protocol (MCP) servers that expand what agents can do.
• Platform providers: Provide the platforms on which agents are built, offering infrastructure and development frameworks.
• System providers: Build agents using available models, tools, and platforms, customizing them for specific purposes.
• Deployers: Use agentic AI for enterprise-level purposes, integrating agents into business operations.
• End users: Individuals using agents for professional or personal purposes, often with limited technical knowledge.

This creates two interrelated problems. First, there's a question of principle: even with all the facts, it may still be unclear who is responsible, or by how much. Second, there's a practical difficulty: in many cases, it may be impossible to establish the full picture, given time cost limitations and commercial secrecy.

How Should Responsibility Be Allocated Across the Value Chain?

The paper examines several legal principles and their limitations in the agentic AI context. Contracts are an effective means of pre-allocating risk between actors in the value chain, but their usefulness is limited by the doctrine of privity: third parties harmed by an agent generally cannot enforce contractual protections agreed between others. More fundamentally, parties with weaker bargaining power, particularly consumers, risk having most of the liability disclaimed and pushed onto them through onerous terms of use. Without intervention, every actor in the chain will rely on disclaimers, with the burden ultimately falling on end users.

Negligence claims face several difficulties in the agentic AI context. Establishing a duty of care may be problematic where the relationship between the actor and the claimant is too remote. For example, a system provider may not owe a duty to every third party whose data is affected by an AI agent's actions. Determining the "reasonable" level of safeguards is difficult when AI agents are designed to operate autonomously and their behavior evolves beyond the developer's specifications. Causation is complicated by the number of actors involved and the opacity of non-deterministic systems.

While product liability could help apportion responsibility in favor of end users, Singapore's product liability laws are currently limited to narrowly defined consumer goods and do not cover losses arising from AI. The paper notes that the European Union's expanded Product Liability Directive, which will cover AI systems placed on the market after December 9, 2026, provides an interesting comparison.

What Practical Steps Should Organizations Take?

The IMDA paper avoids setting out specific policy fixes, but its analysis points to clear practical implications for organizations deploying AI agents. The paper suggests a spectrum of responsibility: developers expected to mitigate general or baseline risks, and deployers responsible for use-case-specific safeguards, with standardized disclosures as a complementary mechanism to make this workable.

• Safety testing and guardrails: Focus on meaningful safety testing, put effective guardrails in place, and be open about the system's limits. Broad disclaimers that try to push all risks onto users are likely to face scrutiny and may not hold up if challenged.
• Clear disclosures: Provide clear disclosures about known risks, gaps in instruction-following, and foreseeable failures. These disclosures will matter more in showing that reasonable care was taken.
• Use-case assessment: Carefully evaluate the use case. Putting an AI agent into a high-risk setting such as financial services, healthcare, or consumer-facing roles without safeguards beyond the developer's baseline will be difficult to justify.
• Oversight matching risk: Ensure that oversight and human-in-the-loop controls match the level of risk and autonomy granted to the AI agent.

What Gaps Remain in Current Legal Frameworks?

The IMDA paper identifies three areas for further study. First, how should responsibilities be allocated along the value chain when model developers have the greatest control over base behavior but limited visibility into deployment context, while deployers and end users know the use case but cannot alter the model's core tendencies? Second, how can actors with limited bargaining power be better protected? The paper calls for further study on measures such as simplified and expedited dispute resolution mechanisms, legal or evidential presumptions that shift the burden of proof to make it easier for claimants to obtain evidence, and sector-specific liability frameworks.

Third, who bears responsibility for truly unforeseeable AI agent actions? Where all actors have taken reasonable safeguards, but the AI agent nevertheless behaves unpredictably and causes harm, the loss currently falls where it lands. The paper suggests that factors such as transparency, the distribution of benefits across the value chain, and the reasonableness of reliance placed on the AI agent should inform any future allocation.

As AI agents become more capable and widespread, Singapore's framework offers a roadmap for how legal systems might evolve to address the accountability challenges posed by autonomous systems. The paper's emphasis on practical safeguards, clear disclosures, and proportional responsibility suggests that organizations deploying AI agents should begin now to document their risk management practices and establish clear lines of accountability within their own value chains.