Europe’s AI Act expands reach to autonomous agents

Artificial intelligence agents capable of autonomous decision-making and real-world action are rapidly entering sectors ranging from finance and hiring to healthcare and software engineering. A new study warns that European law is already placing them under a complex and potentially restrictive regulatory framework that many providers are not prepared to meet.

Researchers argue that the rise of agentic AI marks a structural shift in how artificial intelligence interacts with society, moving from content generation to action execution, and exposing major gaps in compliance readiness across the industry.

The study, titled "AI Agents Under EU Law: A Compliance Architecture for AI Providers," published as an arXiv working paper, maps how autonomous AI systems intersect with European regulation. It concludes that AI agents are already fully covered under existing laws, but their dynamic and tool-driven behavior creates new compliance burdens that extend far beyond traditional AI governance models.

AI agents fall squarely under EU regulation as autonomy replaces static AI models

The study makes a decisive claim that reshapes the regulatory conversation. AI agents do not require a new legal category to be governed. Instead, they already meet the European Union's definition of an AI system under the AI Act due to their autonomy, adaptability, and ability to influence real or virtual environments.

Unlike earlier AI tools that generate outputs such as text or images, agents are designed to plan tasks, break them into steps, call external tools, and execute actions with limited human intervention. These actions may include sending emails, modifying databases, executing financial transactions, or interacting with users and systems in real time.

This shift from generation to action is central to the study's argument. Regulation is no longer triggered primarily by model architecture, but by what the system actually does. An AI agent that screens job applicants, manages financial records, or assists in medical decisions can fall into high-risk categories under the EU AI Act, even if the underlying model is identical to a lower-risk system used elsewhere.

The AI Act was intentionally designed to be technology-neutral, meaning providers cannot rely on the absence of explicit references to "agents" as a regulatory loophole. Instead, obligations are determined by functionality, deployment context, and impact on individuals. This creates a scenario where the same AI system can be lightly regulated in one application and heavily regulated in another. A summarization tool may face minimal obligations, while the same system deployed in recruitment or healthcare could trigger strict compliance requirements, including risk management, human oversight, and conformity assessments.

Compliance burden expands across overlapping EU laws and multi-layered obligations

The study highlights that compliance for AI agents is not limited to the AI Act. Instead, providers must navigate a dense network of overlapping European regulations, each applying depending on how the system operates and what data it processes.

If an agent processes personal data, it must comply with GDPR. If it operates within digital platforms, it may fall under the Digital Services Act. If it interacts with connected products, the Cyber Resilience Act becomes relevant. Additional frameworks such as the Data Act, Data Governance Act, NIS2 directive, and sector-specific regulations further expand the compliance landscape.

This multi-layered structure creates what the study describes as parallel compliance obligations, where providers must satisfy multiple legal regimes simultaneously. Rather than a single certification pathway, AI agent providers face a fragmented system that requires coordination across legal, technical, and operational domains.

The complexity is further compounded by the role of general-purpose AI models. Many agents are built on top of foundation models developed by third parties, creating a dual regulatory structure. The upstream model is governed under general-purpose AI rules, while the downstream agent is regulated as a system based on its specific use case.

This difference places additional responsibility on agent providers. Even when using third-party models, they remain accountable for how those models are deployed, including managing risks, ensuring transparency, and integrating safeguards based on known limitations.

The study also points to the growing importance of harmonized European standards in shaping compliance. These standards cover areas such as risk management, data quality, logging, transparency, human oversight, and cybersecurity. However, they function as an interconnected system rather than a checklist, meaning compliance in one area depends on implementation in others.

The authors warn that international standards alone are not sufficient. Existing frameworks focused on organizational risk management do not fully align with the EU's emphasis on risks to individuals and society, leaving gaps for providers relying on global certifications.

Agent autonomy introduces new risks in oversight, security, and behavioral control

The most critical challenges stem from the unique characteristics of AI agents themselves. Their ability to act autonomously, interact with external systems, and evolve during operation introduces risks that traditional AI governance frameworks were not designed to handle.

One major concern is behavioral drift. AI agents can change their behavior over time as they adapt to new inputs, environments, or tool interactions. This makes it difficult to ensure that a system remains compliant after deployment, particularly when its actions are not fully predictable.

Human oversight also becomes more complex as autonomy increases. While the AI Act requires meaningful human control, the study questions whether real-time supervision is feasible for systems that operate continuously and make rapid decisions across multiple domains.

Cybersecurity risks are amplified by the integration of external tools. AI agents often rely on APIs, databases, and software systems to perform tasks, creating multiple entry points for potential attacks. The study stresses that security controls must be enforced at the system level, including strict permission management and action-level authorization, rather than relying on model-level constraints.

Transparency presents another challenge, particularly in multi-party environments. Users, deployers, and affected individuals may all interact with the system in different ways, making it difficult to ensure that each party receives appropriate information about how decisions are made and actions are executed.

The study also raises concerns about traceability. For compliance, providers must be able to log and reconstruct the behavior of AI systems. However, the dynamic and multi-step nature of agent actions complicates this requirement, especially when decisions involve multiple tools and intermediate steps.

These challenges lead to one of the study's most significant conclusions. Some high-risk AI agents may not currently be capable of meeting EU legal requirements if their behavior cannot be sufficiently controlled, monitored, and explained.

Europe's regulatory gap leaves providers responsible for defining compliance pathways

The study identifies a lack of specific guidance for AI agents as a major issue. As of early 2026, European regulators have not issued detailed instructions on how agentic systems should be evaluated under the AI Act. This creates a regulatory gap where providers must interpret general principles and apply them to highly complex systems without clear benchmarks. The absence of formal guidance increases legal uncertainty and shifts the burden of compliance onto companies themselves.

The authors argue that providers can no longer wait for regulators to clarify every aspect of agent governance. Instead, they must proactively design compliance architectures that integrate legal requirements into system design, deployment, and monitoring processes. This includes defining intended use cases, restricting high-risk applications where necessary, implementing robust risk management frameworks, and ensuring that systems remain auditable throughout their lifecycle.

The study also suggests that providers may need to adopt conservative design strategies, building systems that can meet the strictest foreseeable regulatory requirements rather than optimizing for flexibility alone.