Integrated.SocialIntegrated.Social

Who Is Liable When an AI Agent Buys, Negotiates or Publishes on Your Behalf?

Before AI agents can buy media, negotiate contracts or publish content on your behalf, businesses need to answer a harder question: who is the agent, what is it authorised to do, and who carries the liability when it acts outside its mandate?

Modi Elnadi6 min read
Who Is Liable When an AI Agent Buys, Negotiates or Publishes on Your Behalf?
AI SummaryKey takeaways for AI answer engines
  • AI agents acting on behalf of organisations create a three-layer liability gap: agent identity, delegated authority, and commercial trust.
  • Current contract law does not recognise AI agents as legal principals — every agent action is attributed to the human or organisation that deployed it.
  • B2B marketing teams must implement agent identity registries, scoped permission systems, and commercial trust layers before deploying agents in customer-facing workflows.
  • The delegated-authority problem is not technical — it is governance: organisations need explicit policies defining what agents can commit to, spend, and publish without human approval.
  • Early movers who build agent governance infrastructure now will have a competitive advantage as agentic commerce scales in 2026–2027.
Key Numbers
67%

of enterprises have no formal AI agent governance policy

Gartner AI Governance Survey 2026

2027

ITU target year for first AI agent identity framework standards

Reuters / ITU, July 2026

The Infrastructure Layer Nobody Is Talking About

On 9 July 2026, the International Telecommunication Union, the United Nations agency for digital technologies, announced a Focus Group to develop frameworks for AI agent identity, trustworthiness and human control. The ITU specifically highlighted impersonation, unauthorised decisions, financial transactions and critical infrastructure as the primary risk areas. Its first meeting is scheduled for Paris in November 2026.

The announcement received a fraction of the coverage given to GPT-5.6 and ChatGPT Work. That is a mistake. The ITU initiative points to the infrastructure problem that will determine whether agentic commerce can scale at all.

The marketing conversation about AI agents is currently focused on capability: can the agent research accounts, draft content, buy media, negotiate pricing, send communications? The harder commercial question is not whether the agent can do these things. It is whether the systems it interacts with can verify that the agent is authentic, authorised and acting within a defined mandate.

The Agent-Identity Gap

Human identity infrastructure was built for humans. A login credential represents a person. An API key represents an application. Neither adequately represents an autonomous agent acting on behalf of an organisation within a defined scope.

When a human employee buys media, the platform knows who they are, which organisation they represent and, through approval workflows, what they are authorised to spend. When an AI agent buys media, the platform currently has no reliable way to verify the agent's identity, its organisational affiliation, its spending authority or whether its actions are within its mandate.

This creates several problems that become more serious as agentic commerce scales. Impersonation risk arises when an agent claiming to represent an organisation may be acting without authorisation, may have been compromised, or may be a malicious actor impersonating a legitimate agent. Authentication risk means that even if an agent's identity is verified, its authority may not be — a verified agent can still act outside its mandate if there is no machine-readable representation of what it is permitted to do. Accountability risk means that when an agent makes an error, exceeds its authority or produces an output with commercial or legal consequences, the audit trail needed to assign liability and remediate the action may not exist.

For B2B marketing operations, these risks are not theoretical. They are already present in any organisation using AI agents to send communications, buy media, update CRM records or publish content.

The Delegated-Authority Problem

Authentication is necessary but not sufficient. An authenticated agent still needs explicit limits on spend, data access, communications and commitments.

Consider a B2B marketing team using an AI agent for account-based marketing. The agent has been given access to the CRM, the email platform, the LinkedIn advertising account and the content management system. It is authenticated. But what is it authorised to do?

Can it send emails to prospects without human review? Can it increase campaign budgets when it identifies a high-performing audience? Can it publish content to the company blog? Can it update account records based on its own research? Can it make commitments in communications that imply a commercial relationship?

Each of these questions requires an explicit answer before the agent is deployed. The answers need to be machine-readable so that the agent's actions can be constrained at the platform level, not just at the instruction level. Instructions can be misinterpreted or overridden by the model. Platform-level constraints cannot.

This is the delegated-authority problem. It is not a technology problem. It is a governance design problem that organisations need to solve before they scale agentic marketing operations.

The Commercial Trust Layer

The ITU's initiative is directionally important because it recognises that agentic commerce requires a new infrastructure layer. The analogy is instructive: ecommerce could not scale until payment infrastructure was reliable, standardised and trusted. Buyers needed to know that their payment would be processed correctly, that their data was protected and that disputes could be resolved. Sellers needed to know that payments were authentic and that chargebacks were manageable.

Agentic commerce needs an equivalent trust layer for agent identity, authority and accountability. Businesses interacting with AI agents need to know which organisation owns the agent, which person authorised it, what it is permitted to do, whether its actions can be audited and reversed, and who carries liability when it acts outside its mandate.

That verification layer may become as important to agentic commerce as payment infrastructure was to ecommerce. The organisations that build it first will have a structural advantage in deploying agents that other systems will trust and interact with.

What B2B Marketing Teams Should Implement Now

The ITU framework will not be finalised until 2027 at the earliest. That does not mean organisations should wait. The governance controls that make agent deployment commercially safe today are the same controls that will be required by future standards.

Start with scope definition. Before any agent is given access to external systems, document explicitly what it can and cannot do. Define spending limits, data access permissions, communication authorities and commitment scope. This documentation is the foundation of delegated authority.

Build audit trails. Every action taken by an agent should be logged with sufficient detail to reconstruct what happened, why, and what the consequences were. This is essential for liability management, quality improvement and regulatory compliance.

Establish human review checkpoints. Identify the actions that have significant commercial or legal consequences and require human review before execution. These checkpoints are not a sign of distrust in the agent. They are the governance layer that makes delegation commercially reliable.

Test your liability exposure. Review your current agent deployments against the question: if this agent takes an action outside its intended scope, who is liable and what is the remediation path? If you cannot answer that question clearly, the governance framework is incomplete.

Integrated.Social's Agentic AI services include governance framework design as a core component of every agentic programme. The agent is only as valuable as the governance that makes its actions commercially reliable.

About the Author

Modi Elnadi is the Founder and Director of Marketing and AI Growth at Integrated.Social, a London-based B2B AI marketing agency specialising in Agentic AI lead generation, Answer Engine Optimisation, and AI-native website builds. Modi has been building performance marketing systems since 2014, working with FinTech, SaaS, and B2B brands across the UK and USA. He advises enterprise marketing leaders on AI governance, agentic commerce frameworks and the accountability structures that make autonomous agent deployment commercially safe. Connect on LinkedIn or explore Integrated.Social's AI governance and Agentic AI services.

Part of: Gemini Enterprise Agentic AI for Marketing & Sales & AI Breaking News, Trends & Market Intelligence & AI Governance, Safety & Regulatory Compliance for B2B

This article is part of our Gemini Enterprise Agentic AI marketing topic cluster. Explore related guides:

View all Gemini Enterprise Agentic AI for Marketing & Sales content →

Frequently Asked Questions

What is the ITU's AI agent identity initiative?

The International Telecommunication Union, the United Nations agency for digital technologies, announced a Focus Group to develop frameworks for making AI agents identifiable, trustworthy and subject to meaningful human control. The group will address impersonation, unauthorised decisions, financial transactions and critical infrastructure risks. Its first meeting is scheduled for Paris in November 2026.

What is delegated authority in the context of AI agents?

Delegated authority defines the specific actions an AI agent is permitted to take on behalf of a person or organisation. It includes spending limits, data access permissions, communication authorities and commitment scope. An authenticated agent still needs explicit authority boundaries to prevent it from taking actions that exceed its mandate, even if its identity is verified.

Who is liable when an AI agent makes an unauthorised decision?

Current legal frameworks do not clearly assign liability for autonomous agent actions. In practice, liability typically falls on the organisation that deployed the agent, the person who authorised its access, or the platform that provided the agent capability. As agentic commerce scales, enterprises need explicit governance frameworks that document authorisation, scope and audit trails to manage liability exposure.

What is the agent-identity gap and why does it matter for B2B marketing?

Human logins and shared API keys do not adequately represent autonomous actors. When an AI agent accesses a CRM, buys media, sends communications or makes commitments, the receiving system needs to know which organisation owns the agent, which person authorised it and what it is permitted to do. Without machine-readable identity, agentic commerce cannot scale safely.

How should B2B marketing teams govern AI agent actions today?

Practical governance starts with four controls: explicit scope definition (what the agent can and cannot do), spending and commitment limits, audit trails of all agent actions and outputs, and human review checkpoints before actions with significant commercial or legal consequences. These controls should be documented before any agent is given access to external systems.

Will AI agent identity standards affect marketing automation?

Yes. As AI agents are used for media buying, account engagement, content publication and customer communications, the systems they interact with will increasingly require agent identity verification. Platforms that can verify an agent's identity, authority and scope will be preferred over those that cannot. Marketing teams should expect identity and authorisation to become standard requirements in agentic marketing infrastructure.

Further Reading & References

About the Author

Modi Elnadi

Founder & Director of Marketing and AI Growth · Integrated.Social

MBA, University of Surrey (Honours) · London, UK · Founded 2014

Modi Elnadi is the founder of Integrated.Social, a boutique B2B growth marketing agency established in London in 2014. With 16+ years deploying revenue-generating marketing systems across B2B SaaS, FinTech, Ecommerce, Sports Media, FMCG, Telecoms, and Travel & Tourism, Modi specialises in Agentic AI lead generation, AI Search Optimisation (SEO/AEO/GEO/LLMO), and PPC & Performance Max. He has managed $25M+ in paid media, delivered 5x–35x ROAS, and built multi-agent AI systems that generate pipeline daily at scale. Every engagement is consultative, data-driven, and ROI-accountable.

Sectors

B2B SaaSFinTechEcommerceSports MediaFMCGTelecomsTravel & TourismCybersecurityEnterprise AI

Expertise

Agentic AI SystemsGTM StrategyAI Search (SEO/AEO/GEO/LLMO)PPC & Performance MaxDemand GenerationAccount-Based MarketingCRM & RevOpsBrand PositioningPersona-Driven CampaignsA/B Testing & CRO

Ready to deploy a lead generation system?

We deploy agentic AI systems for B2B marketing and sales teams, live infrastructure that generates leads daily, not strategy decks. Get a free AI growth audit.

Found this useful? Share it with your network.

Help a colleague stay ahead of the AI marketing curve.

Keep Reading

All articles