Agentic AI in Commerce: What You Need to Know Now

When AI starts to act on its own

Agentic AI – systems that can plan, decide, and act autonomously – is opening up new possibilities in commerce and customer service. Think of automated reordering, contract suggestions, real-time FAQ generation, or chatbots negotiating with customers. But as autonomy increases, so do the questions:

• Who is liable if an agent makes a mistake?
• How do you retain control?
• What should businesses consider from a legal and operational perspective?



Especially in e-commerce, where decisions happen fast, clarity is essential. Without it, efficiency can quickly become a legal or reputational risk.

From tool to actor: A new layer of responsibility

Traditional AI has mostly played a supporting role – recommendation engines, customer service bots, or content generators. Agentic AI represents a shift: systems are now actively initiating actions and making decisions that affect business processes.

What’s often overlooked: these agents don’t just act faster, they act in more complex ways. This introduces challenges around transparency, auditability, and compliance – especially in regulated sectors like retail, finance, or logistics. Businesses must ensure that agentic systems follow rules, not just code.

This is particularly relevant when we look at what Ignitiv and Kantar describe as the "Agentic Commerce Continuum" – a maturity model with four levels:

1. Discovery & research
2. Find & compare
3. Seamless execution
4. Fully proactive agents



Most companies today operate somewhere between levels 2 and 3 – using agents for automation and transactional support, but not for fully autonomous, unsupervised decision-making. This controlled deployment ensures operational efficiency without sacrificing oversight.

Legal landscape: Between grey zones and regulation

Across Europe, the regulatory environment for AI is changing rapidly. The centerpiece is the EU AI Act, which introduces a risk-based classification system for AI applications. Under this law, many agentic AI use cases in commerce – such as autonomous ordering, customer communication, or contract suggestions – are likely to fall under the high-risk category.

For these high-risk systems, companies will need to comply with requirements such as:

• Performing a risk and impact assessment
• Providing human oversight mechanisms
• Ensuring transparency toward end users
• Maintaining detailed logs and documentation
• Guaranteeing robust data quality and governance

The EU AI Act is expected to come into full effect in 2026, with some obligations starting earlier. It will apply to any organization doing business in the EU, regardless of where they are based.

🇨🇭 And what about Switzerland?

Switzerland currently has no dedicated AI legislation. However, Swiss companies are not off the hook:

• If they operate in the EU or serve EU customers, they will need to comply with the EU AI Act.
• The Swiss Federal Council has announced its intent to align future national regulation with international and EU standards.
• In the meantime, existing laws such as the Data Protection Act (revDSG) and contract law still apply – and liability remains with the company, even when actions are executed by an AI agent.

Bottom line: Whether you're based in Zurich, Vienna, or Berlin – it's time to prepare. Responsible agentic AI requires governance, documentation, and legal foresight across all markets.

What businesses need to clarify now

Across dozens of client projects at dreamleap, we’ve seen the same key challenges come up repeatedly – regardless of size or industry:

• Who is legally responsible for AI-driven decisions?
• What data powers the agent, and where does it come from?
• How can the decision path be reviewed if something goes wrong?
• Can the agent trigger legally binding actions – and is user consent required?

It’s also important to differentiate between “visible” and “invisible” AI.

Customer-facing agents – like sales bots or chat assistants – carry higher brand and legal risk. On the other hand, backend AI agents (e.g. in supply chain or order management) are often easier to control and test. Starting with invisible intelligence can be a safe and scalable way to build maturity.

Checklist: 10 essentials for deploying AI agents responsibly

To help businesses tackle these questions proactively, we’ve created a hands-on checklist. It includes ten essential considerations for deploying agentic AI systems – covering legal, technical, and operational dimensions.

This resource is ideal for decision-makers and project leads alike. Whether you're planning a proof of concept or refining an existing use case, the checklist provides a solid foundation for risk-aware implementation.

Best practices from industry leaders

Looking at global benchmarks, it’s clear that agentic AI adoption must go hand in hand with governance. For example, Mastercard is piloting Agentic Token & Agent Pay infrastructure – which allows trusted agents to transact securely while keeping control, consent, and traceability in human hands. Their model reinforces the need for robust identity and consent frameworks in AI commerce.

Similarly, modern order management systems (OMS) are becoming more modular and AI-driven, embedding agentic logic in a workflow-first structure – an approach we also follow at dreamleap: agents execute within defined boundaries, reducing unpredictability while maintaining autonomy.

Conclusion: Set the rules, don’t build a black box

Agentic AI has the potential to significantly improve how commerce works – making it more efficient, intelligent, and responsive. But it comes with serious responsibilities. Anyone deploying autonomous agents needs more than curiosity or speed – they need structure, legal awareness, and clear oversight mechanisms.

With a defined framework – and the right checklist – agentic AI becomes a competitive advantage, not a liability.

Want to dive deeper into agentic AI?

Subscribe to our newsletter or reach out to book a free consultation. We’ll help you evaluate agentic AI for your e-commerce, customer service, or internal operations use cases.