Agentic AI commerce is here and it is predicted to start scaling this year. AI agents that can autonomously perform tasks for a user and can adapt over time as the agent learns more about the user, all without direct human intervention. Consumers can use agents to search for, select, purchase, and pay for a variety of goods and services. Many retailers offer their own AI agents or shopping bots to help their customers’ shopping experiences. Retailers that offer their own agents can control the user experience, the agents’ actions and the risks. But an army of third-party AI shopping agents are being deployed and users are creating their own agents. Retailers do not control these agents and as detailed below, this creates a host of potential legal and business risks for those retailers. Many retailers are not yet ready for the onslaught of AI agents hitting their sites and transacting on behalf users. But now is the time for retailers to manage the legal risks that will arise with these AI agents.
One major ecommerce site recently obtained a preliminary injunction to prohibit agents from transacting on the site. The court found that despite the user giving the agent permission to act, the site did not authorize the agent access the user’s password-protected account, without authorization of the site operator. AI agents developed by third parties and users, rather the ecommerce platform operator, a fraught with potential legal and business risks for the site operator.
The National Institute of Standards and Technology (NIST) has launched (through its Center for AI Standards and Innovation (CAISI)), an AI Agent Standards Initiative to support the development of interoperable and secure AI agent systems. Various industry groups are identifying and addressing the issues. The Consumer Bankers Association (CBA) met in the fall of 2025 to scope out consumer protection issues with agentic payment tools. We previously covered some of these issues. See, When AI Clicks “Pay”: The Emerging Compliance Risks of Agentic Commerce.
Various entities are developing AI agent-related protocols, including ones for agentic commerce transactions, agent to agent communication, enabling products on a website to be found by agents and agentic payments.
Some of the legal issues relate to new frauds and scams via AI agents, liability when an agent makes an unauthorized purchase, whether websites terms of service are enforceable against an agentic transaction (if the user has never seen and/or agreed to the terms), privacy issues when a site shares user information with a third party agent, among others.
For all of these and other reasons, site operators need to focus on these issues now. They should assess necessary updates to their ecommerce site technology (e.g., to identify and authenticate agents and ensure authorization for specific transactions). They also need to consider the legal issues (e.g., updating terms of service to address AI agent issues and consider privacy issues).
Read more here.
