2025 may be remembered as the year autonomous AI agents moved from experimental tools to enterprise infrastructure. Unlike traditional chatbots or narrow AI applications, these AI-powered autonomous agents can perform complex, multi-step tasks—across software stacks, workflows, and organizational systems—without human intervention. From scheduling meetings and executing trades to managing supply chains or debugging code, their decision-making autonomy introduces transformative potential across industries.

However, this leap in capability also introduces profound legal and regulatory challenges.

As AI agents grow more sophisticated and ubiquitous, key questions arise around liability, compliance, and accountability: Who is responsible when an autonomous agent causes harm or makes a mistake? How do we differentiate between passive tools and agents acting independently? Are current AI governance frameworks and tech liability laws equipped to handle these edge cases?

To address this emerging governance gap, a groundbreaking policy brief - An Autonomy-Based Classification: AI Agents, Liability and Lessons from the Automated Vehicles Act , offers an innovative legal framework. Authored by Lisa Soder, Julia Smakman, Connor Dunlop, and Oliver Sussman, and published by Interface (formerly Stiftung Neue Verantwortung) in April 2025, the report advocates for an autonomy-based legal classification system to guide AI liability.

By drawing critical parallels to the UK’s Automated Vehicles Act, the authors propose a model that could become foundational to regulating AI agents, assigning clear responsibilities based on system behavior, autonomy levels, and deployment contexts. This marks a significant step toward ensuring that AI innovation and legal accountability evolve in tandem.

In this blog, we unpack the core tenets of the report, explore the proposed classification system, and assess its implications for enterprise AI adoption, regulatory risk management, and future policy design.

What Are AI Agents and Why Do They Matter?

AI agents are systems capable of acting independently on behalf of a user, often across diverse environments. They plan, adapt, and execute tasks without constant supervision. Think OpenAI’s Operator or Cognition’s Devin—systems that bridge software engineering with natural language inputs, acting across browsers, apps, or databases.

Unlike earlier AI models (like virtual assistants), today’s AI agents interact with their environments in more open-ended, non-deterministic ways. Their “agenticness”—or the degree to which they act independently—varies, and with that, so does the complexity in managing them.

To learn more about AI agents, their business applications, and how they’re shaping the future of automation, check out AryaXAI’s article: The Rise of Agentic AI: Transforming Business and Automation.

The Legal Backbone: Tort Law and Its Limits

Tort law is built on the idea that individuals or organizations should be held accountable if they fail to act with “reasonable care” and cause harm. But AI agents—capable of making autonomous decisions—challenge this principle. When an AI agent acts independently, who bears the duty of care? Is it the user, the developer, or the platform provider?

This becomes even murkier when the harm is:

• Immaterial – like a privacy breach or reputational damage, which may not involve direct financial loss but still have serious consequences.
• Systemic – such as the spread of misinformation or bias, which can emerge gradually and affect large groups.
• Diffuse – where responsibility is spread across multiple actors in complex value chains, especially in multi-agent environments.

Traditional legal frameworks struggle with these scenarios. While similar issues have existed in tech law, AI agents amplify them due to their autonomy, unpredictability, and the opacity of their decision-making processes. As a result, assigning liability becomes a legal and ethical puzzle—one that existing tort law isn’t fully equipped to solve.

Global Approaches to AI Agent Liability: Learning from the UK and Beyond

Lessons from the UK’s Autonomous Vehicle Framework

The UK's Automated Vehicles Act 2024, building upon the Automated and Electric Vehicles Act 2018, provides a pioneering blueprint for how liability can evolve with increasing autonomy in technological systems. While developed for self-driving cars, its principles offer valuable insights for managing liability in AI agent ecosystems.

A Shift in Liability Based on Control

At the heart of the UK framework lies a fundamental principle: liability should follow control. As self-driving technology reduces a human driver's influence over a vehicle, the law shifts legal responsibility away from the user and toward developers and manufacturers—the parties most capable of anticipating and mitigating risks.

Two key operational modes clarify this shift:

• User-in-Charge (UiC): The human occupant may still be present but is not actively controlling the vehicle. In this mode, if a driving-related error occurs, liability falls on the authorized self-driving entity, not the human. This recognizes the technical reality that once automation is engaged, users are no longer making operational decisions.
• No-User-in-Charge (NUiC): In fully autonomous scenarios—where the vehicle operates without any human supervision—full accountability rests with the manufacturer or software provider.

This model ensures that liability aligns with the actual ability to prevent harm, reducing unfair burdens on users who have little or no control.

A Practical Framework for AI Agents

While AVs operate in physical space and AI agents often act in digital environments, the underlying logic holds true: as user control decreases, so should user liability. The UK's approach suggests a framework for AI agents where responsibility escalates up the value chain—toward those who create, train, or deploy the agent’s core functionalities.

Key parallels and takeaways include:

1. Autonomy as a Legal Lens
   The UK AV model introduces autonomy not just as a technical measure, but as a legal determinant of liability. AI agents could be similarly classified, using autonomy levels to define when liability shifts from users to developers.
2. Gradual Transfer of Responsibility
   The framework allows for transitional phases of control. In AI systems, this could take the form of override buttons, approval prompts, or usage boundaries that help clarify when a user remains in charge.
3. Upstream Accountability and Insurance
   The UK mandates insurance for automated vehicles to ensure swift redress for victims. Insurers can then pursue upstream actors for reimbursement. A similar model for AI agents would make developers and integrators financially responsible when users lack meaningful oversight.
4. Transparency and Logging Requirements
   The UK AV Acts require manufacturers to share operational data with insurers and regulators. For AI agents, this translates into a need for mandatory logging, agent IDs, and handoff records—tools that illuminate who was in control and when, aiding courts and claimants alike.

The USA: Fragmented but Evolving Standards

In contrast to the UK's centralized approach, the United States follows a more fragmented legal framework. Tort law and product liability doctrines serve as the main mechanisms for assigning responsibility. Courts consider whether developers or deployers acted with "reasonable care," but in practice, the burden of proof often falls on the plaintiff.

The U.S. legal system lacks a unified classification of AI autonomy, which has led to inconsistent rulings and policy fragmentation. However, recent discussions around AI safety and regulatory frameworks—especially at institutions like NIST and the White House Office of Science and Technology Policy—suggest growing interest in harmonizing standards. Transparency remains a challenge, particularly in black-box systems where explaining how an AI agent reached its decision is technically complex and legally opaque.

France and the EU: Risk-Based Transparency Models

France, along with the broader European Union, is actively developing regulatory mechanisms through the EU AI Act. Rather than focusing purely on autonomy, the EU uses a risk-based approach. Systems deemed high-risk (e.g., those in healthcare, law enforcement, and education) are subject to stringent requirements, including transparency obligations.

Developers must log decision-making processes, disclose the purpose and limitations of AI systems, and maintain documentation accessible to regulators. France, in particular, supports these initiatives through its national data protection authority (CNIL), which emphasizes algorithmic accountability. The EU’s approach underscores the belief that transparency is not only about technical explainability but also about systemic oversight and public trust.

India: Legal Foundations and Emerging Gaps

India’s transparency initiatives have historically focused on government accountability and citizen empowerment, as seen with the Right to Information Act (2005) and the Open Government Data platform. However, in the realm of AI, regulatory frameworks are still emerging.

The government’s approach to AI transparency includes draft policies from NITI Aayog and limited efforts to define ethical AI principles. While there is recognition of the importance of fairness and accountability, India lacks a robust legal regime to address liability in autonomous AI systems. Furthermore, institutional capacity remains a concern. Several state Information Commissions are reportedly underfunded or understaffed, limiting effective enforcement of existing transparency laws.

‍

India’s experience also highlights a unique challenge: digital and data literacy. Even when AI systems provide transparency logs or decision-making reports, the public may lack the capacity to interpret them. As such, any AI transparency framework in India must be coupled with citizen-focused education and capacity-building initiatives.

The Importance of an Autonomy-Based Taxonomy

The idea of classifying AI agents based on their level of autonomy is more than just an academic exercise—it has far-reaching implications for real-world governance, innovation, and public trust. As AI systems become increasingly embedded in critical decision-making environments, it’s essential to have a structured framework that helps determine who should be held accountable and how.

1. Clarity for Courts and Legal Systems

An autonomy-based taxonomy helps courts determine whether an actor—be it a user, developer, or platform provider—exercised “reasonable care” based on the agent’s level of independence. By mapping liability to autonomy levels, courts gain a clearer lens through which to interpret whether harm was preventable and by whom. For example, a Level 2 agent (user-controlled) carries different expectations than a Level 5 agent (fully autonomous), where users have minimal influence.

2. Transparency as a Legal and Technical Imperative

At every level of autonomy, transparency plays a central role in establishing trust, enabling oversight, and supporting liability decisions. An effective taxonomy reinforces the need for transparency across three critical dimensions:

• Operational transparency – logging agent decisions, triggers, and pathways to action.
• Attribution transparency – clearly indicating who (or what) made a decision and when control shifted between human and agent.
• Systemic transparency – making documentation, capabilities, and safety limits available not just to developers, but also to regulators, courts, and end users.

This helps address “black box” concerns and gives regulators and auditors access to explainable, actionable data. Without transparency, autonomy is ungovernable.

3. Developer Incentives and Safer AI Design

When liability is clearly tied to autonomy levels, developers are incentivized to build safer, more controllable systems. This could mean integrating:

‍

• Real-time monitoring dashboards
• User override mechanisms
• Audit trails of decision logic
• Approval workflows for high-risk actions

By embedding these safeguards early in development, the industry can preemptively reduce the likelihood of harm—and legal exposure.

4. Aligning Insurance and Policy Frameworks

The taxonomy also provides a foundation for more tailored insurance models and regulatory approvals. Just as autonomous vehicles in the UK must meet predefined autonomy standards for insurance eligibility, high-autonomy AI agents could require certification or risk-based audits before deployment. This aligns risk exposure with regulatory scrutiny, improving overall market stability.

5. Protecting Consumers and Building Public Trust

At higher levels of autonomy, users may not even be aware when an AI agent is making decisions on their behalf. An autonomy taxonomy ensures:

• Clear labeling of agent autonomy in interfaces
• Usage boundaries defined and communicated upfront
• Accessible documentation that educates users on their responsibilities and limitations

For example, consumers interacting with a Level 4 AI finance assistant should know whether it's making suggestions—or executing trades autonomously.

Challenges and Limitations

While an autonomy-based classification for AI agents offers a promising framework for guiding legal responsibility and governance, it’s important to recognize its limitations and contextual challenges. Drawing analogies from the UK's approach to autonomous vehicles (AVs) provides a useful starting point—but it’s not a perfect match.

1. Different Domains of Operation: Physical vs. Digital Autonomy

Autonomous vehicles operate in physical environments, where their actions—like braking, steering, or lane changes—can be directly observed, tested, and regulated. AI agents, by contrast, often act in digital ecosystems—scheduling appointments, making online purchases, or analyzing data in ways that may be less visible, more abstract, and harder to trace.

This distinction matters: the physical world allows for clearer attribution of outcomes, while digital actions may unfold across multiple systems or interfaces, obscuring who—or what—was in control at any given time.

2. A Nascent Legal Precedent

The UK’s AV framework, including the Automated and Electric Vehicles Act (2018) and the Automated Vehicles Act (2024), sets a forward-looking regulatory model. However, these laws are relatively new, and there is limited empirical data on their real-world effectiveness. It's still unclear whether shifting liability from users to developers leads to safer systems or merely redistributes legal risk.

Applying this model to AI agents, then, is speculative. We must be cautious in assuming that what works for AVs will seamlessly apply to AI systems that function with different mechanics, scopes, and societal roles.

3. Absence of Formal Authorization Regimes

One of the most robust aspects of AV regulation is the requirement for official authorization before vehicles can be deployed. This ensures safety benchmarks are met through testing and documentation. Currently, AI agents lack a similar authorization regime. There is no mandatory certification that ensures agents meet minimum safety, transparency, or ethical standards before entering public use.

This regulatory gap creates a significant trust deficit, especially as agents grow more autonomous and are deployed in critical domains like finance, healthcare, or legal services.

4. The Moral Hazard Problem

A major ethical concern raised by the paper is the risk of moral hazard. If users know they won't be held liable for an AI agent’s autonomous actions—especially at higher autonomy levels—they may become complacent or reckless in how they deploy these systems. Imagine a company unleashing a highly autonomous sales agent with minimal oversight, assuming any resulting legal fallout will land on the developer instead.

Such a scenario would be counterproductive. Accountability must be distributed wisely: users should retain some responsibility for the decisions they initiate or approve, while developers should bear responsibility for system design, capabilities, and known limitations.

5. Balancing Innovation with Responsibility

There’s also a broader concern that too much legal burden on developers might discourage innovation, particularly among smaller firms or open-source communities. On the other hand, too little regulation may invite harmful deployments and erode public trust.

The ideal approach? A balanced framework that:

• Encourages safe, transparent design from developers
• Incentivizes informed, responsible usage from end-users
• Establishes clear expectations for both parties based on the agent’s autonomy level
• Promotes collaborative governance models across industry, academia, and regulators

Moving Forward: Research and Action

As AI agents become more capable and integrated into daily life, it's essential that governance evolves alongside innovation. This will require close collaboration between policymakers, technologists, and legal experts.

Key priorities include:

• Defining autonomy in practice: Turning abstract autonomy levels into measurable standards that apply to real-world agents and use cases.
• Clarifying user control: Establishing what it truly means for a user to be “in charge” of an agent, and under what conditions that control is lost.
• Building certification pathways: Creating approval processes or registries for high-autonomy agents, akin to vehicle testing standards.
• Ensuring transparency by design: Mandating logs, decision traces, and visible handoff points to make agent behavior accountable and auditable.

The message is clear: If we want AI agents to be both powerful and trustworthy, we must embed safety, oversight, and legal clarity into their very foundations—starting now.

Final Thoughts

As AI agents continue to reshape the digital landscape—automating workflows, making decisions, and even acting on our behalf—the urgency to define clear legal and ethical boundaries has never been greater. The autonomy these systems exhibit is not just a technical feature; it carries profound implications for liability, accountability, and public trust.

This blog has explored the case for an autonomy-based classification of AI agents—drawing on the UK’s AV laws, comparing global approaches, and underscoring the pivotal role of transparency at every level. It’s clear that we can no longer rely on traditional legal frameworks alone. We must build new tools that account for the evolving dynamics of human-agent interaction.

What’s needed now is collective action. Technologists, regulators, businesses, and researchers must work hand in hand to operationalize governance that matches the pace of AI innovation. The stakes are high, but so is the opportunity: to shape a future where AI agents empower society responsibly—under frameworks that are fair, transparent, and future-ready.

‍