AI adoption is moving beyond tools that simply generate outputs. As AI systems begin to make recommendations, support decisions, and take actions, businesses need to rethink how they approach risk, oversight, and accountability.
Back
Back
Back
Technology
3 min read
Read more
By Tim Ryan, Peter Given and Alistair Cooper
|Published 15 July 2026
AI adoption is moving beyond tools that simply generate outputs. As AI systems begin to make recommendations, support decisions, and take actions, businesses need to rethink how they approach risk, oversight, and accountability.
For many businesses, the early conversation around AI has focused on tools that generate content. Those tools can draft text, summarise information, produce code, and support analysis. The risk conversation has therefore tended to focus on the output, particularly around who owns it and whether it is accurate, defamatory, confidential, or potentially infringing.
Agentic AI moves that conversation on. It describes AI systems that can analyse information, interact with other tools, and take action to achieve a particular outcome, moving technology away from passive tools and towards something closer to actors within an operational process. (At this stage it's worth acknowledging the subtle difference between the meaning of the terms ‘AI agent’ and ‘agentic AI’, with the former referring to a stand-alone tool designed to execute a specific task, and the latter referring to a broader system capable of independent reasoning and performing multi-step processes).
It is no longer enough to ask whether an AI system produces a good output. Businesses also need to ask what the AI system is permitted to do, what approvals are required, and what happens if the AI system takes an action that has legal, commercial, or regulatory consequences.
A simple way to frame the difference is to distinguish between content risk and conduct risk. Generative AI creates content, which means businesses need to think about the quality, accuracy, and ownership of what is produced.
Agentic AI introduces conduct risk because the concern shifts from what the model says to what the model does. If an AI-enabled system is involved in recruitment screening, customer onboarding, underwriting, claims handling, or other operational decision-making, the core issue may be the action taken or influenced by the system rather than the wording of an output.
This distinction is becoming more important as AI systems become more embedded in business processes. Businesses may find themselves relying on AI, not only to support human judgement, but to trigger workflows, recommend decisions, escalate cases, or take operational steps.
The shift from outputs to actions creates a more complex accountability challenge. Businesses need to understand who controls the system, who oversees it, what data and systems it can access, and whether human oversight is meaningful.
This is particularly important in areas such as recruitment, customer onboarding, credit decisions, claims handling, and other regulated activities, where AI-driven decisions can directly affect individuals, customers, or regulatory outcomes. Businesses should be clear about the system's role, the limits on its authority and the safeguards that apply.
As AI moves from generating content to influencing decisions and taking actions, businesses need to focus not only on what AI produces, but also on what it is permitted to do. Clear governance, effective oversight, and defined accountability will be essential to managing the risks and realising the benefits of agentic AI.
Authors
Tim Ryan
Partner
London
Peter Given
Partner
London
Alistair Cooper
Partner
London
