Why agentic AI has become a 2026 liability question, not a technology one
Through 2026, Indian enterprises have moved past experimenting with AI assistants and begun deploying agentic AI: systems that do not merely suggest but act. An agentic system completes multi-step tasks autonomously, often at machine speed, with real-world consequences that occur before any human reviews them. In Indian operations these agents are now executing financial transactions, placing and approving purchase orders, managing parts of supply chains, handling customer service and complaints, screening applicants, and reconciling accounts. The productivity case is real, which is why adoption is fast. The liability case is also real, and it is lagging badly behind the deployment.
The core shift is from decision support to autonomous action. A recommendation engine that suggests a price still leaves a human to accept or reject it, and liability traces cleanly to that human. An agent that autonomously reprices a product, authorises a vendor payment, cancels an order, or sends a binding communication has acted, and the consequence may already have landed before anyone notices. This breaks the assumption that sits underneath most of how liability and insurance are structured, namely that a human made the decision and a human, or that human's employer, is responsible for it.
This is not an abstract concern for Indian corporates. The deployment is happening under legacy technology contracts written for passive, predictable software firmly under human control. As vendors ship agentic capabilities faster than contracts evolve, a liability gap is opening between what the agent can now do and what anyone has clearly agreed to be responsible for. Law firms tracking this in early 2026 have been blunt: standard indemnities in technology agreements are narrow, often exclude third-party claims, and typically do not extend to an AI agent's acts or omissions, which can leave the deploying business without a clear legal route to recover losses caused by the agent it is using.
The Indian legal backdrop sharpens the problem. Indian liability doctrine, like much of the common-law world, developed on the basis that responsibility traces back to a human mind, with a principal liable for the acts of its agent or a master for its servant. AI systems that are self-learning, partly autonomous, and often opaque strain doctrines that require identifying a human decision-maker, particularly when the system behaves as a black box. Some organisations are already testing whether they can deflect liability by attributing a harmful outcome to the AI tool rather than to themselves, which is exactly the kind of contested ground that produces uninsured losses.
For risk managers and brokers, the practical framing is this: agentic AI is an operational decision being made by technology and procurement teams, but it creates a liability exposure that those teams are not equipped to assess and that existing insurance was not designed to cover. The gap between adoption speed and liability clarity is the single most important enterprise-risk theme of 2026 for organisations deploying these systems, and closing it requires deliberate work across both contracts and the insurance programme.
Who is liable when an enterprise AI agent causes loss?
Before mapping insurance, it helps to be clear about where liability is most likely to land, because that determines which policies should respond. The honest answer in 2026 is that allocation is being decided largely by contracts rather than settled by courts or regulators, which means the deploying enterprise's exposure depends heavily on terms it may not have negotiated with this risk in mind.
The default position is unfavourable to the deployer. Under many technology agreements, the business procuring and operating the AI ultimately bears the risk of the agent's actions. Unless the contract has been heavily negotiated, suppliers typically provide their software on an as-is basis, disclaim responsibility for accuracy and reliability, and cap their own liability at low levels, often a multiple of fees. So if an agent incorrectly authorises a payment, misprices a product, issues a misleading or defamatory communication, or makes a discriminatory hiring screen, the vendor's disclaimers frequently absolve the vendor, and the loss sits with the enterprise that deployed the agent. The enterprise then faces the loss directly and, where a third party is harmed, the claim from that third party as well.
Several distinct heads of liability can arise from a single agentic failure, and Indian corporates should think in terms of all of them. There is first-party financial loss, where the agent's error costs the company money directly, such as an erroneous payment or a costly mispricing. There is contractual liability to counterparties, where the agent commits the company to terms it did not intend or breaches obligations the company owes. There is third-party liability in tort, where the agent's action harms an outside party, for example through a defamatory or misleading communication, a discriminatory decision, or a defective output that causes loss. There is regulatory liability, where the agent's action breaches a sectoral regulation, data-protection law, or consumer-protection norm. And there is professional or service liability, where the company uses the agent to deliver a service to clients and the agent's failure causes client loss.
The causation and attribution problem cuts across all of these in India. Because doctrines require tracing the act to a human or a legal person, defendants and claimants alike will argue over whether the company exercised adequate human oversight, whether the failure was a foreseeable consequence of deploying an autonomous system, and whether the vendor, the deployer, or the affected party should bear the risk of an opaque system behaving unexpectedly. Until this is tested, outcomes are uncertain, and uncertainty is precisely the condition under which a loss can fall between policies or contracts and end up uninsured.
The constructive takeaway is that the deploying enterprise should assume, as a planning baseline, that it bears the risk unless it has affirmatively shifted it through negotiated contract terms and confirmed insurance cover. That assumption drives the right behaviour: negotiate the vendor contract for the autonomy actually granted, and align the insurance programme to the heads of liability above rather than relying on any single policy to absorb everything.
Mapping the gaps across PI, tech liability, cyber, product liability, and D&O
No single line of insurance was designed for autonomous AI agents, so the realistic task is to map each plausible loss against the policy most likely to respond, and then to find and close the gaps. The following walk-through is the analysis a broker should perform for any Indian enterprise deploying agentic AI in operations.
Professional indemnity and technology errors-and-omissions cover is the natural first port of call where the enterprise uses agents to deliver services to clients, which is common in India's large IT and business-process services sector. Tech E&O can respond when a customer alleges financial harm because the technology failed, produced incorrect output, or did not perform as contracted. The gap is twofold. First, where the enterprise is the deployer rather than the provider, PI may not respond to its own first-party losses at all. Second, insurers are increasingly clarifying, narrowing, or excluding AI-related exposures, so a policy may contain or acquire an AI exclusion or a carve-out for autonomous-system outputs. The wording must be read carefully to confirm whether agent-driven errors are covered or quietly excluded.
Cyber cover responds where the loss arises from a security failure, breach, or unauthorised access, including where an agent is manipulated or compromised. But many agentic losses are not security events at all; they are the agent doing exactly what it was instructed to do, badly. A cyber policy is unlikely to respond to a pure operational error or a flawed autonomous decision that involves no breach. This is the same boundary problem that arises with social-engineering fraud, and it leaves a large category of agentic loss outside cyber cover.
Product liability becomes relevant where the agent's output is embedded in a product or service that causes physical harm or consequential loss to a third party, which matters for Indian manufacturers, healthcare providers, and others whose agents touch the physical world or safety-relevant decisions. The gap is definitional: product liability wordings were written for tangible defects, and whether an autonomous software decision constitutes a covered defect, and whose product it is when a third-party agent is embedded, is unsettled.
Directors-and-officers cover is the governance backstop and an increasingly live exposure. D&O responds to claims against directors and officers for wrongful acts, and AI governance failures, such as inadequate oversight of AI deployment, failure to address known bias, or deploying autonomous systems without adequate controls, could give rise to shareholder or regulatory claims, particularly for listed Indian companies. Insurers are rationalising D&O and E&O terms to define and account for AI, which means both new cover and new exclusions are appearing. Boards should confirm that AI-governance failures are within the D&O grant and not carved out.
General liability and crime or fidelity cover fill further corners: general liability for some third-party harms, crime cover for losses where an agent is exploited to misdirect funds. Each has its own boundary, and none was designed for this.
The synthesis is uncomfortable but actionable. A single agentic failure can implicate five or six lines, and the most likely outcome with an unexamined programme is that the loss falls into a gap between them, with each insurer pointing at another policy. The broker's value is to map the client's specific agentic use cases against this matrix, identify which losses currently have a clear home, flag those that do not, and then close the gaps through endorsement, manuscript wording, or contract design before a claim tests the structure.
Contracts and insurance must work together, not in isolation
The defining feature of agentic AI risk in 2026 is that liability is being allocated through contracts rather than resolved by law, which means the insurance programme and the vendor contracts have to be designed together. Treating them separately is how enterprises end up with a contract that pushes risk onto them and an insurance programme that does not pick it up.
Start with the vendor contract, because it sets the baseline allocation. The default as-is, low-cap, broadly-disclaimed technology agreement is inadequate for an agent granted real autonomy. Where a system acts without human approval, the vendor's liability framework should reflect that autonomy. Practical terms to negotiate include realistic liability caps proportionate to the authority granted rather than a token multiple of fees, carve-outs from the consequential-damages waiver for losses caused by autonomous action, indemnification that genuinely extends to third-party claims arising from the agent, clear allocation of responsibility for the agent's errors and omissions, and contractual insurance requirements obliging the vendor to carry and evidence appropriate cover. For Indian IT and BPO enterprises that are themselves vendors to global clients, the same analysis runs in the other direction: their clients are demanding exactly these protections, and the enterprise must understand what it is signing up to provide and whether its own insurance supports it.
With the contract baseline understood, align the insurance programme to whatever risk remains with the enterprise. This means confirming, line by line, how each policy treats agent-driven losses: whether PI and tech E&O respond to the enterprise's use cases or carry AI carve-outs, whether D&O clearly covers AI-governance claims, whether any line excludes autonomous-system outputs, and where the gaps are. Where standard wordings leave gaps, the broker should pursue affirmative clarification, endorsements, or manuscript language, and where insurers are developing AI-specific products, evaluate whether they genuinely close the gap or simply rename it.
Governance ties the two together and is increasingly what makes both contract and insurance defensible. Maintain an inventory of deployed agents and the authority each holds, because non-human and agentic identities are proliferating fast and most organisations have no strategy for managing them. Define human-in-the-loop or human-on-the-loop controls for high-stakes actions, set monetary and action thresholds above which an agent cannot act autonomously, log agent decisions for auditability, and assign clear ownership. This governance does double duty: it reduces the probability of loss, and it provides the evidence of reasonable oversight that strengthens both the enterprise's legal position and its insurance claims. An enterprise that can show disciplined agent governance is far better placed, in a dispute over an opaque system, than one that deployed autonomy and looked away.
Sector-specific exposures for Indian enterprises
Agentic AI risk is not uniform; it concentrates around the specific tasks an enterprise delegates to agents and the consequences of those tasks going wrong. Mapping exposure by sector helps Indian risk managers prioritise both contract negotiation and insurance attention.
IT and business-process services is the most exposed sector, because Indian providers both deploy agents internally and, crucially, embed them in services delivered to global clients. When an agent in a client-facing workflow makes an error that causes the client financial loss, the provider faces a professional and contractual liability claim, and global clients are demanding clear contractual protection and insurance evidence. Indian exporters feel this acutely as bid timelines stretch while lawyers parse exclusion references and indemnity terms. For these firms, tech E&O and PI cover, the AI treatment within those policies, and back-to-back alignment between client contracts and vendor contracts are the central concerns.
BFSI and financial operations carry high-velocity, high-value exposure. Agents reconciling accounts, executing transactions, processing claims, or screening applications can cause large first-party losses and regulatory breaches at machine speed. Regulatory liability is significant here given sectoral oversight, and crime and fidelity exposures arise where an agent is manipulated to misdirect funds. Human-on-the-loop thresholds above defined transaction values are a critical control.
Manufacturing and supply chain face operational and product-liability exposure where agents manage procurement, scheduling, quality decisions, or supplier selection. An agent that places erroneous orders, mismanages inventory, or makes a flawed quality call can cause both first-party loss and downstream harm. Where the agent's decision feeds into a product, the question of whether resulting third-party harm engages product-liability cover becomes live.
Healthcare and pharmaceuticals carry the highest-severity exposure, because agents touching clinical workflows, diagnostics support, or patient communication can contribute to harm. The liability and insurance analysis here must be especially conservative, with strong human oversight on safety-relevant decisions and careful attention to whether professional, product, and general-liability cover responds to AI-contributed harm.
Retail and customer-facing operations face exposure from agents handling pricing, promotions, customer communications, and complaints. A mispricing agent, a defamatory or misleading automated communication, or a discriminatory service decision can cause both direct loss and third-party claims, with reputational consequences that conventional cover may not address.
Across all sectors, the common discipline is the same: identify which high-consequence actions have been delegated to agents, assess where the resulting losses would land across the liability heads, negotiate the vendor contract for the autonomy actually granted, and align the insurance programme to whatever risk remains. The sector lens simply tells the risk manager where to look first. An Indian enterprise that performs this mapping deliberately, rather than discovering the gaps through a claim, converts agentic AI from an unmanaged exposure into a governed and largely insurable one.
A practical structuring playbook for FY2026-27
Bringing the analysis together, the task for an Indian enterprise deploying agentic AI in FY2026-27 is to govern the deployment, allocate the risk through contracts, and close the insurance gaps deliberately. The following playbook sequences that work for risk managers and the brokers advising them.
First, build the inventory and governance foundation. List every deployed or planned agent, the operational authority each holds, the monetary and action thresholds at which it operates, and the consequence of a failure. Define human-in-the-loop or human-on-the-loop controls for high-stakes actions, set caps above which autonomy is not permitted, and ensure agent decisions are logged for auditability. This inventory is the prerequisite for everything else, because an enterprise cannot insure or contract around risks it has not catalogued.
Second, triage by consequence. Concentrate attention on the agents whose failure would cause the largest first-party loss, the most serious third-party harm, or the gravest regulatory breach. These are the use cases where contract negotiation and insurance alignment matter most, and where human oversight controls should be strongest.
Third, renegotiate the vendor contracts for the high-consequence agents. Move away from as-is, low-cap, broadly-disclaimed terms toward realistic liability caps proportionate to the autonomy granted, consequential-damages carve-outs for autonomous-action losses, genuine third-party indemnification, clear allocation of responsibility for agent errors, and evidenced insurance requirements on the vendor. For enterprises that are themselves providers, ensure client contracts and back-to-back vendor contracts and insurance are aligned.
Fourth, map and close the insurance gaps. With the broker, walk each high-consequence use case through PI and tech E&O, cyber, product liability, D&O, and crime, confirm which policy responds and on what terms, identify the gaps, and pursue clarification, endorsement, manuscript wording, or AI-specific products to close them. Confirm in particular that D&O covers AI-governance claims and that no line silently excludes autonomous-system outputs.
Fifth, institutionalise the review. Agentic capability, contract norms, insurer wordings, and Indian legal and regulatory treatment are all evolving quickly. A standing review that revisits the agent inventory, the contract terms, and the policy wordings at least annually, and whenever a materially more autonomous agent is deployed, keeps the enterprise ahead of both the technology and the market.
Deciding whether professional indemnity, tech E&O, cyber, product liability, or D&O responds to a given agentic failure, and whether any of them carries an AI carve-out, requires comparing the actual wordings line by line across multiple insurers, which is slow and error-prone done manually. Sarvada gives commercial insurance brokers structured, searchable access to insurer policy wordings so they can map agentic-AI losses against PI, tech liability, cyber, product-liability, and D&O grants and exclusions side by side, and build coherent programmes for enterprise clients deploying autonomous agents. Brokers advising Indian corporates on agentic AI risk can Request Access to evaluate the platform for their liability practice.