The Compliance Officer That Never Sleeps

For two decades, the legal spine of global trade ran on human attention. A container could not leave a port, a supplier could not be onboarded, and a cross-border contract could not be signed until a person somewhere had read a name, checked it against a list, and initialed a form. That model worked when the lists were short and the rules were stable. Both assumptions have collapsed. The U.S. Treasury added a record 3,135 names to its sanctions list in 2024 alone, a 25 percent jump over the prior year and more than four times the 2021 figure, according to a year-in-review analysis by the law firm Miller & Chevalier drawing on the Center for a New American Security. The compliance task did not shrink to fit the workforce. So a new kind of worker has arrived: software that does not merely flag the problem but works the problem, step by step, within fixed guardrails, escalating to a lawyer only when it is unsure.

This is the agentic shift, and it is landing hardest in the legal and compliance machinery that sits underneath logistics, procurement, trade and manufacturing. The technology is not a smarter search box. An agent is given a trigger and an objective, "screen this new vendor," "renew this supply contract," "clear this shipment", and then plans and executes a chain of sub-tasks autonomously, leaving an audit trail behind it. Where it crosses a confidence threshold or a policy boundary, it stops and hands the file to a person. The question for the supply-chain bar is no longer whether this works, but how far to let it run.

The Old Way: Read Everything, Trust No One, Sign Here

The legacy of trade compliance is paper and patience. A multinational moving goods across borders faced a stack of obligations that each demanded manual review: restricted-party screening against government lists, export-control classification, customs documentation, contract clauses for each jurisdiction, and supplier vetting that often stopped at the first tier because going deeper was simply too slow. When global merchandise trade reached US$24.43 trillion in 2024, per World Trade Organization figures, the volume of transactions requiring some legal touch became impossible for human teams to process at the pace commerce demanded.

The screening burden alone tells the story. Sanctions lists were once a stable reference; the invasion of Ukraine turned them into a moving target. Annual U.S. designations tripled in a single year after February 2022 and have stayed elevated since, with Russia-related entries making up roughly 70 percent of 2024 additions, the Center for a New American Security review records. The total roster of sanctioned entries now sits near 17,000, by one practitioner tally. Each new name multiplies the screening hits an analyst must clear, and most hits are false positives that still need a human to dismiss.

The cost of getting it wrong also climbed. In April 2024, Congress doubled the statute of limitations for civil and criminal sanctions violations from five to ten years, and Treasury extended recordkeeping obligations to match, as Gibson Dunn documented. Forced-labor enforcement, meanwhile, moved from theory to seizures: U.S. Customs detained roughly 428 shipments a month in 2024, up from 342 the year before, holding $1.34 billion in merchandise, the Kharon analysis of CBP data shows. The manual model was not just slow. It was structurally incapable of keeping up.

The Shift: From Flagging the Problem to Working It

Three forces converged to make autonomy attractive. The lists exploded, the laws hardened, and the language-model capability needed to reason over messy legal documents finally matured. The market response has been swift. The research firm Gartner forecasts that at least 15 percent of day-to-day work decisions will be made autonomously by agentic AI by 2028, up from effectively zero in 2024, and that a third of enterprise software applications will embed agentic AI by the same year, as reported by Reuters. Gartner is careful to scope this to high-volume, bounded, reversible decisions, exactly the texture of routine compliance work, and explicitly excludes high-risk legal approvals from near-term autonomy.

Contract operations are an early proving ground. Surveys of legal professionals show generative-AI use nearly doubling in a year, from 14 percent in 2024 to 26 percent in 2025, with the strongest adoption of any profession measured by the Thomson Reuters Institute. The same body estimates the technology could free roughly 240 hours per professional per year, per its Future of Professionals report. In procurement, McKinsey research found 40 percent of functions had piloted generative AI, with copilots already lifting productivity 25 to 40 percent.

An agent does not just find the sanctions hit. It pulls the ownership graph, applies the fifty-percent rule, drafts the memo, and books the escalation, then waits for a human only where it must.

What separates an agentic workflow from earlier automation is the chaining of steps under guardrails. A restricted-party screen no longer ends at a hit; the agent resolves the entity, tests indirect ownership against Treasury's 50 percent rule, assembles the supporting documents, and writes a recommendation, pausing only when its confidence drops or a rule says a human must decide. The economics underneath are equally striking: independent benchmarks cited in contract-automation research put AI-assisted contract review at 72 to 80 percent faster than manual review, while MarketsandMarkets projects the contract-lifecycle-management software market growing from $2.9 billion in 2023 to $6.9 billion by 2028.

What It Looks Like Now: Triggers, Guardrails, and the Hand-Off

In a present-day compliance function, the agentic pattern is consistent across very different legal tasks. A trigger fires, a new vendor record, a contract approaching renewal, a shipment manifest, a list update. The agent decomposes the objective into steps, gathers evidence from internal systems and public registries, applies the relevant rule set, and either completes the action or escalates. Crucially, every action is logged with its inputs, reasoning and source citations, producing the kind of audit trail that a regulator extending recordkeeping to ten years now expects by default.

Consider supplier due diligence under Europe's incoming Corporate Sustainability Due Diligence Directive. The law obliges large companies to identify and address human-rights and environmental harms across their chain of activities, backed by penalties of up to 5 percent of worldwide turnover and a civil-liability regime, as detailed by White & Case and the European Commission. Roughly 6,000 EU and 900 non-EU companies fall in scope under a phased timeline running from 2027 to 2029. Mapping a supply chain down to raw-material level, the standard anti-slavery guidance now expects, is precisely the multi-step, evidence-heavy task agents are built to grind through.

The forced-labor frontier shows why speed matters. U.S. detentions shifted dramatically in 2024: the automotive and aerospace sector saw a near 1,580 percent surge in detained shipments, and roughly 47 percent of all detained shipments were ultimately denied entry, the Kharon review of CBP data reports. A company that cannot trace a tier-three input quickly loses the goods. An agent that continuously re-screens suppliers and watches for new designations turns a periodic audit into a live monitoring posture.

The Next Few Years: More Autonomy, Sharper Liability

The trajectory points toward agents that negotiate, not just screen. In one industry survey, 53 percent of executives expected AI agents to autonomously negotiate customer and supplier deals within twelve months, as reported in the 2026 State of Contracting research. The trade-compliance software market that underpins this is forecast to keep growing at low-double-digit rates, one estimate has it expanding from roughly $1.95 billion in 2025 to $3.45 billion by 2030, per Research and Markets. Cross-border compliance automation specifically is projected to add $1.74 billion between 2025 and 2030, the same publisher estimates.

But the near future is not a smooth ascent, and the legal risks sharpen as autonomy widens. Gartner expects more than 40 percent of agentic AI projects to be scrapped by the end of 2027, citing costs, unclear value and inadequate controls, Reuters reported. For legal and compliance leaders, three questions dominate. First, autonomy versus oversight: how much can an agent decide before a licensed professional must sign? Second, liability: when an autonomous system clears a transaction that turns out to violate sanctions, who is accountable, and a ten-year limitations window means that question can be asked long after the fact. Third, auditability: can the organization reconstruct exactly why the machine acted as it did.

Governance frameworks are converging on the same answer: keep a human meaningfully in the loop and keep the trail complete. The NIST AI Risk Management Framework emphasizes documented, accountable oversight, and the EU's due-diligence regime expects companies to evidence their reasoning, not just their outcomes. The defensible design is now widely shared in practice, bound the agent's authority, log every step, and escalate uncertainty by default.

The liability picture deserves particular care in trade compliance, because the consequences of an autonomous decision can surface years later and across multiple jurisdictions at once. A single shipment may implicate U.S. sanctions, U.S. forced-labor law, and EU due-diligence obligations simultaneously, each with its own enforcement body, its own evidentiary expectations, and its own penalty ceiling, up to 5 percent of global turnover under the European regime. When an agent clears that shipment, the organization cannot simply point to the software; regulators expect a named, accountable owner and a reconstructable rationale. This is why the most durable deployments treat the agent's confidence threshold as a governance instrument rather than a performance dial: lowering it widens human review and shrinks legal exposure, raising it does the reverse. Tuning that single number is fast becoming one of the more consequential decisions a compliance function makes.

The Bottom Line

Supply-chain law is being rebuilt around a simple division of labor: machines handle the volume, humans hold the judgment. The agentic model fits the shape of modern trade compliance almost perfectly, endless bounded decisions, exploding lists, lengthening liability tails, and a regulatory appetite for documented diligence. The organizations that win will not be the ones that automate the most, but the ones that draw the autonomy line most carefully, instrument every decision, and treat escalation as a feature rather than a failure. The compliance officer that never sleeps is here. The lawyer who decides what it is allowed to do still matters more than ever.

Sources

1. Reuters, "Over 40% of agentic AI projects will be scrapped by 2027, Gartner says", reuters.com
2. Center for a New American Security / FluxForce, OFAC SDN List growth statistics, fluxforce.ai
3. Global Sanctions, CNAS "Sanctions by the Numbers" 2024, globalsanctions.com
4. Miller & Chevalier, UFLPA Enforcement 2024 Year in Review, millerchevalier.com
5. Kharon, UFLPA Enforcement & Compliance for Supply Chains, kharon.com
6. Stratis Advisory, 2024 Sanctions Year in Review, stratisadvisory.com
7. Gibson Dunn, International Trade 2024 Year-End Update, gibsondunn.com
8. World Trade Organization figures via IOL, Global merchandise trade 2024, iol.co.za
9. WTO Statistics dashboard, Merchandise trade, stats.wto.org
10. Thomson Reuters Institute, 2025 Generative AI in Professional Services report, legal.thomsonreuters.com
11. Thomson Reuters, Future of Professionals Report 2025, thomsonreuters.com
12. McKinsey procurement research via WebProNews, AI agents in procurement, webpronews.com
13. Contract-automation statistics (MarketsandMarkets / benchmarks), stealthagents.com
14. OpenHelm, Gartner autonomous-decision adoption by task type, openhelm.ai
15. White & Case, EU adopts Corporate Sustainability Due Diligence Directive, whitecase.com
16. European Commission, Corporate sustainability due diligence, commission.europa.eu
17. State of Contracting research 2026 (industry survey), icertis.com
18. Research and Markets, Trade Compliance Software Market Report 2026, researchandmarkets.com
19. Research and Markets, Cross-Border Trade Compliance Automation Market, researchandmarkets.com
20. NIST, AI Risk Management Framework, nist.gov