We’re pleased to share a newly released white paper, Governance in the Age of Agentic AI, developed by the Governance Institute of Australia in collaboration with Mallesons, SEEK, Diligent, EthicAI and the University of Melbourne’s Centre for AI and Digital Ethics.
AI agents are now being deployed across a growing number of Australian organisations. These systems are characterised by their ability to pursue goals and interact with real-world systems with a degree of autonomy. Many of these AI agents have broad access to proprietary data and internal IT systems and can potentially undertake many irreversible actions. Moreover, the volume and speed of agents’ interactions could mean it is impractical for a human to review each decision. These factors require a rethink of existing approaches to AI governance.
The Mallesons contributions to the white paper focused on the legal risks posed by AI agents and how Boards should be considering those risks in the context of AI governance. Other sponsors contributed on ethical dilemmas, technical foundations and data governance, as well as a case study on governing AI agents as a digital workforce.
The legal risks
AI agents create new categories of legal risks. For example, some agents may be able to enter into contracts or engage with consumers, competitors and regulators in ways that raise legal concerns under contract, competition and consumer law. Similarly, while AI agents have the potential to automate business workflows, they may not always be able to address the specific legal and regulatory requirements applying to those workflows. AI agents’ access to proprietary data and internal IT systems (paired with their autonomy and non-deterministic behaviour) also increases the risk of data breaches that could have significant consequences under privacy laws, cybersecurity laws and confidentiality obligations.
Liability for AI agents
Even as liability for agentic outcomes is yet to be tested in Australia, organisations and their directors should assume they will be held accountable. Unlike employees or agents in the legal sense, AI agents are not distinct legal entities from their users. Australian law is likely to treat an organisation’s AI agents as part of its IT systems. This means organisations may struggle to distance themselves from the actions of their agents in the same way as they might from a rogue employee acting outside the scope of their authority.
Directors and other officers may also face personal liability for their management of these risks.
What this means for your organisation
Organisations deploying these systems may need to rethink their approach to AI frameworks. While there is yet to be consensus on best practice for governance of AI agents and agentic AI, more guidance is emerging from governments and institutions both in Australia and internationally. Organisations should be engaging with that evolving guidance as they deploy these agents.
If you would like to discuss how these developments may affect your organisation or would like support reviewing your AI governance approach, please get in touch.
Insights by our specialists to guide you through the risks and opportunities of the fast-paced AI and GenAI landscape.
