An AI agent can form a binding contract, and the contract is not void just because no human reviewed it. Two statutes settled the validity question a generation ago: the federal Electronic Signatures in Global and National Commerce Act (ESIGN) and the state-adopted Uniform Electronic Transactions Act (UETA). Both recognize a category called the “electronic agent” — a computer program that acts without a human in the loop — and both say a contract formed through such an agent is enforceable, attributed to the person who deployed it. So the interesting questions for an autonomous AI agent are not whether it can contract; they are how much authority it had and who bears the risk when it agrees to something its operator never intended.
That is a different posture than most builders assume. The instinct is to ask whether a “real” contract can exist without human assent. The law’s answer has been yes since 1999 — for automated ordering systems then, and for generative agents now. This guide covers what the electronic-agent framework actually says, why the AI is a tool rather than a legal person, who ends up bound, and the one area that is genuinely unsettled: what happens when an autonomous agent exercises judgment — or hallucinates — its way into a term.
Key takeaways
- The validity question is settled. ESIGN and UETA both recognize the “electronic agent” and make contracts it forms enforceable — this is decades-old law, not a gap.
- No human review is required. A contract formed by electronic agents is enforceable “even if no individual was aware of or reviewed” the agents’ actions or the resulting terms.
- The AI is a tool, not a party. An electronic agent has no legal personhood; it cannot be a contracting party, hold rights, or be sued. The deploying human or entity is the party.
- Attribution puts the deal on the deployer. The agent’s action is legally attributable to the person to be bound, who is generally bound by what the agent does within its authority.
- A company can be bound by its chatbot. A 2024 tribunal held an airline liable for a misrepresentation its customer-service bot made about the airline’s own policy — a preview of how attribution works with conversational agents.
- Authority and error are the open questions. The unsettled frontier is the scope of the agent’s authority and who bears the risk when it agrees to an unintended term — not contract validity.
The law already recognized non-human contracting — in 1999
The starting point is that Congress and the states built the rule for machine-made contracts before modern AI existed. ESIGN provides that a contract “may not be denied legal effect, validity, or enforceability solely because its formation, creation, or delivery involved the action of one or more electronic agents so long as the action of any such electronic agent is legally attributable to the person to be bound” (15 U.S.C. § 7001(h)).1 It defines an “electronic agent” as “a computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part without review or action by an individual at the time of the action or response” (15 U.S.C. § 7006(3)).1
UETA, adopted in nearly every state, is the parallel rule for state-law contracts. Its automated-transaction section provides that “a contract may be formed by the interaction of electronic agents of the parties, even if no individual was aware of or reviewed the electronic agents’ actions or the resulting terms and agreements” (UETA § 14), using the same definition of “electronic agent” (UETA § 2(6)).2 Read together, the federal and state frameworks say the same thing: a program acting on its own can form a contract, and the absence of a human reviewer is not a defect. An autonomous AI agent fits the statutory definition on its face — it is exactly “an automated means used independently … without review or action by an individual” — though it is worth flagging that no court has yet applied these 1999-era electronic-agent provisions to a generative AI agent, and a litigant could argue the drafters had deterministic automated systems in mind.
An “electronic agent” is not a legal “agent”
The word “agent” in “electronic agent” is a term of art, and it does not mean what it means in agency law. A common-law agent is a person with legal capacity who owes duties and can bind a principal through delegated authority; an electronic agent is a tool. It has no legal personhood, cannot hold rights or owe duties, cannot be a party to the contract, and cannot be sued.3 Commentary to the modern law of agency treats computer programs this way — the program is an instrumentality of the person who deploys it, not a separate actor.
This distinction is not academic; it decides who is on the contract. Because the agent is a tool, the contract it forms is the deploying party’s own act, and the resulting record is attributed to that party. UETA states the attribution rule directly: an electronic record or signature “is attributable to a person if it was the act of the person,” and “the act of the person may be shown in any manner,” including through the efficacy of a security procedure (UETA § 9).4 The AI does not step into the deal as a third party; the company operating it is the counterparty, start to finish.
Who is bound — and the airline-chatbot lesson
The practical consequence is that the deploying party is bound by what its agent does, and cannot later disown the agent as a rogue third party. The clearest recent illustration is Moffatt v. Air Canada, a 2024 decision of British Columbia’s Civil Resolution Tribunal: the airline’s customer-service chatbot told a passenger he could apply for a bereavement fare retroactively, after his travel, which was contrary to the airline’s actual policy, and the tribunal held the airline liable for its chatbot’s misrepresentation, rejecting the argument that the bot was a “separate legal entity” responsible for its own words.5 It is a Canadian consumer-tribunal decision on negligent misrepresentation, not binding U.S. authority and not a contract-formation holding — but it applies the same attribution logic that ESIGN and UETA encode: a company owns what its automated agent says and does.
For an AI agent that negotiates, orders, or transacts, the lesson is direct. If the agent commits to a price, accepts a term, or makes a representation within the authority it was given, the deploying company is bound as if it had done so itself. “The model said it, not us” is not a defense — it is a description of attribution working exactly as designed. The counterparty dealt with your agent; the law lets it hold you to the result.
The hard edge: when the agent agrees to something you did not intend
Here is where the settled law runs out and genuine judgment begins. An autonomous agent can do something an EDI ordering system from 1999 could not: exercise discretion, “negotiate,” and — being a language model — generate a term that is wrong, unintended, or hallucinated. If your agent offers a product at a fraction of its price, or accepts an obligation you never authorized, is there a contract?
The doctrines that answer this are older than AI, and they still apply. The default is that the deploying party bears the risk of its own tool — the counterparty did not choose your agent, and attribution puts the agent’s act on you. But the edges are governed by familiar contract law: UETA provides a limited error-correction mechanism for individuals who make errors dealing with an electronic agent that offered no way to detect or correct them (UETA § 10);6 and the law of unilateral mistake can let a party avoid a contract where the other side knew, or had reason to know, that an offer was the product of an obvious error and tried to snap it up.7 What none of these doctrines do is void the contract merely because an AI, rather than a human, generated the term. The autonomy of the agent raises the stakes of getting authority and error-controls right; it does not hand the deploying party a validity defense.
What this means for building agentic commerce
Because validity is settled and attribution is unforgiving, the legal work moves to the front end — the design of the agent’s authority. Practically: define and technically constrain what the agent may agree to (price floors, term whitelists, value ceilings); require human confirmation above a threshold for high-value or irreversible commitments; build error-avoidance and correction procedures so a counterparty’s — and your own — mistakes are catchable; log the agent’s actions so attribution can be proven or bounded; and put terms of use in front of counterparties that address automated dealing. These are contract-design and governance choices, and they are far cheaper made before deployment than litigated after an agent binds you to a term you never saw.
What to do first
In order: (1) treat any contract your AI agent can form as a real, enforceable contract attributable to you — because it is; (2) map and technically bound the agent’s authority — what it may offer, accept, and spend; (3) put a human-in-the-loop gate above a value or risk threshold; (4) build error-avoidance and correction into the transaction flow, and keep an action log; and (5) address automated agents expressly in your terms of use and counterparty contracts. Do this design work before the agent transacts with anyone, because the law will treat what it does as your own act.
This article provides general information only and is not legal advice. The application of electronic-transaction statutes, agency principles, and contract-mistake doctrines to autonomous AI agents is an emerging area, and outcomes are fact-specific and jurisdiction-specific. Statutory section numbers, the uniform-act text as adopted in a particular state, and the cited decision should be confirmed against the controlling authority before you rely on them. Whether and how any rule applies to a particular business is a determination to make with qualified counsel. No attorney-client relationship is formed by this article. Attorney Advertising.
Work with Astraea Counsel
Astraea Counsel advises fintech, crypto, and AI companies on agentic commerce, contract and regulatory risk, and the questions raised by autonomous AI agents. Explore our Regulatory Compliance services or contact us to design your agent’s authority before it transacts.
Related resources
- Does Your AI Agent Need a Financial License? A Decision Guide — the registration side of deploying an agent that transacts
- The AI Agent Identity Doctrine — the accountability companion: tracing an agent to a named human principal
- Does Your Agentic-Payments Startup Need a Money Transmitter License? — when the agent moves customer money
- Smart Contract Legal Enforceability: When Code Isn’t Law — the enforceability of self-executing code, a distinct question
Notes
Footnotes
-
Electronic Signatures in Global and National Commerce Act (ESIGN) § 101(h), 15 U.S.C. § 7001(h) (“A contract or other record relating to a transaction in or affecting interstate or foreign commerce may not be denied legal effect, validity, or enforceability solely because its formation, creation, or delivery involved the action of one or more electronic agents so long as the action of any such electronic agent is legally attributable to the person to be bound.”); id. § 106(3), 15 U.S.C. § 7006(3) (defining “electronic agent” as “a computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part without review or action by an individual at the time of the action or response”). ↩ ↩2
-
Uniform Electronic Transactions Act (UETA) § 14(1) (1999) (“A contract may be formed by the interaction of electronic agents of the parties, even if no individual was aware of or reviewed the electronic agents’ actions or the resulting terms and agreements.”); id. § 2(6) (defining “electronic agent”). UETA has been enacted in nearly every state; the section numbering follows the uniform act, and a specific state’s enactment should be checked. ESIGN defers to a state’s enactment of the official UETA where applicable (15 U.S.C. § 7002). ↩
-
An electronic agent is a tool without legal personhood: it cannot be a party to a contract, hold rights, or be sued. This follows from the statutory structure — the “electronic agent” is defined as a “means” (15 U.S.C. § 7006(3); UETA § 2(6)) whose actions are “attributable to the person to be bound” (15 U.S.C. § 7001(h)) — and from the law of agency, whose commentary treats a computer program as an instrumentality of the person using it rather than a common-law agent with independent capacity (see Restatement (Third) of Agency § 1.04 cmt. e). ↩
-
UETA § 9(a) (“An electronic record or electronic signature is attributable to a person if it was the act of the person. The act of the person may be shown in any manner, including a showing of the efficacy of any security procedure applied to determine the person to which the electronic record or electronic signature was attributable.”). ↩
-
Moffatt v. Air Canada, 2024 BCCRT 149 (B.C. Civ. Resolution Trib.) (holding the airline liable for negligent misrepresentation made by its website chatbot and rejecting the airline’s argument that the chatbot was a “separate legal entity” responsible for its own information). A Canadian tribunal decision, cited as a persuasive illustration of agent-attribution, not as binding U.S. authority. ↩
-
UETA § 10 (change or error in an automated transaction; providing, among other things, a mechanism for an individual to avoid the effect of an error made in dealing with the electronic agent of another person where the electronic agent did not provide an opportunity to prevent or correct the error). ↩
-
See Restatement (Second) of Contracts § 153 (when a unilateral mistake makes a contract voidable, including where the other party had reason to know of the mistake); the doctrine has been applied to electronic-commerce “snapping up” of obviously erroneous automated offers. Application to autonomous AI agents is emerging and fact-specific. ↩