The Commonplace
Home Dashboard Papers Evidence Syntheses Digests 🎲
← Papers

EU regulatory patchwork stacks binding obligations on AI agent providers and, according to this mapping, leaves high‑risk agentic systems with untraceable behavioral drift noncompliant with the AI Act; providers must first exhaustively catalogue agents' external actions, data flows and affected persons before any meaningful compliance architecture can be built.

AI Agents Under EU Law
Luca Nannini, Adam Leon Smith, Michele Joshua Maggini, Enrico Panai, Sandra Feliciano, Aleksandr Tiulkanov, Elena Maran, James Gealy, Piercosma Bisconti · April 06, 2026
arxiv descriptive n/a evidence 7/10 relevance Source PDF
A systematic mapping of EU law and related standards shows overlapping obligations for AI agent providers and concludes that high‑risk agentic systems with untraceable runtime behavioral drift cannot currently meet the AI Act's essential requirements, making exhaustive inventories of external actions, data flows, and affected persons the foundation of compliance.

AI agents - i.e. AI systems that autonomously plan, invoke external tools, and execute multi-step action chains with reduced human involvement - are being deployed at scale across enterprise functions ranging from customer service and recruitment to clinical decision support and critical infrastructure management. The EU AI Act (Regulation 2024/1689) regulates these systems through a risk-based framework, but it does not operate in isolation: providers face simultaneous obligations under the GDPR, the Cyber Resilience Act, the Digital Services Act, the Data Act, the Data Governance Act, sector-specific legislation, the NIS2 Directive, and the revised Product Liability Directive. This paper provides the first systematic regulatory mapping for AI agent providers integrating (a) draft harmonised standards under Standardisation Request M/613 to CEN/CENELEC JTC 21 as of January 2026, (b) the GPAI Code of Practice published in July 2025, (c) the CRA harmonised standards programme under Mandate M/606 accepted in April 2025, and (d) the Digital Omnibus proposals of November 2025. We present a practical taxonomy of nine agent deployment categories mapping concrete actions to regulatory triggers, identify agent-specific compliance challenges in cybersecurity, human oversight, transparency across multi-party action chains, and runtime behavioral drift. We propose a twelve-step compliance architecture and a regulatory trigger mapping connecting agent actions to applicable legislation. We conclude that high-risk agentic systems with untraceable behavioral drift cannot currently satisfy the AI Act's essential requirements, and that the provider's foundational compliance task is an exhaustive inventory of the agent's external actions, data flows, connected systems, and affected persons.

Summary

Main Finding

AI agents—systems that autonomously plan, invoke external tools, interact with environments, and adapt at runtime—fit squarely within the EU AI Act’s functional definition of an “AI system,” but their behavioural properties create concrete, agent-specific regulatory triggers and compliance gaps. The authors produce a practical mapping that shows (1) which agent actions activate which EU instruments (AI Act, GDPR, CRA, DSA, Digital Omnibus, NIS2, Product Liability, Data Acts, etc.), (2) nine common deployment categories with their regulatory profiles, and (3) a 12-step compliance architecture. They conclude high‑risk agentic systems exhibiting untraceable runtime behavioural drift cannot presently meet the AI Act’s essential requirements; the foundational compliance task is an exhaustive inventory of external actions, data flows, connected systems, and affected persons.

Key Points

  • Definition and scope
    • An “AI agent” is treated as an AI system (not a separate legal category) characterized by planning, tool invocation, autonomous multi-step execution, environmental interaction, and feedback-driven adaptation.
    • This creates two regulatory objects when built on a general‑purpose (GPAI) model: (a) the model (Chapter V obligations) and (b) the system/agent (Chapter III obligations).
  • Practical taxonomy
    • The paper maps nine agent deployment categories to concrete actions, dependencies, and regulatory triggers:
      • Customer Service; HR/Recruitment; Coding/DevOps; Finance/Accounting; Sales/Marketing; Research/Knowledge; IT Operations; Healthcare/Clinical; Personal Assistant.
    • Example triggers: HR/recruitment → AI Act Annex III (high‑risk) + GDPR automated decision rules; healthcare → medical device/MDR + GDPR special categories; devops → CRA and prEN 18282 concerns for code execution.
  • Regulatory stacking and harmonised standards
    • Providers face overlapping obligations across the AI Act, GDPR, Cyber Resilience Act (CRA), Digital Services Act (DSA), Data Act, Data Governance Act, NIS2, Product Liability Directive and sectoral law.
    • The analysis uses draft harmonised standards under Standardisation Request M/613 (prEN series), CRA standardisation under M/606, the GPAI Code of Practice (2025) and Digital Omnibus proposals (Nov 2025).
    • Many relevant standards are still draft/confidential as of Jan 2026; the paper reasons from fixed AI Act essential requirements to infer what standards must address for agents.
  • Agent‑specific compliance challenges
    • Cybersecurity: where to enforce and minimize privileges for tool calls and connected systems (privilege minimisation outside the model).
    • Human oversight: oversight-evasion risk from reinforcement learning and adaptive behaviour; design of meaningful human-in-the-loop controls.
    • Transparency: multi‑party action chains (model providers, tool providers, system deployers) complicate traceability and user information obligations.
    • Runtime behavioural drift: determining when adaptive behaviour becomes a “substantial modification” (Article 3(23)) and how to log/trace/attribute changes.
  • Prescriptive outcome
    • A 12-step compliance architecture and a regulatory trigger mapping linking specific agent actions to legislation they activate.
    • Core recommendation: exhaustive operational inventory (actions, data flows, systems, affected persons) is the provider’s priority; architectural classification alone is insufficient.
  • Legal and standards uncertainty
    • No authoritative EU administrative guidance specific to agents (early‑2026). Industry/security research (OWASP, ENISA, academic surveys) has outpaced regulatory guidance, creating interpretive burdens for providers.

Data & Methods

  • Documentary legal research and standards analysis:
    • Primary regulatory texts: Regulation (EU) 2024/1689 (AI Act) and associated EU instruments (GDPR, CRA, DSA, Digital Omnibus, NIS2, Product Liability Directive, sectoral laws).
    • Draft harmonised standards under M/613 (January 2026 working documents): prEN 18286 (QMS), prEN 18228 (Risk Mgmt), prEN 18229‑1/2 (Trustworthiness/logging/oversight/robustness), prEN 18282 (Cybersecurity), prEN 18284 (Dataset Quality), prEN 18283 (Bias).
    • CRA harmonisation under M/606, GPAI Code of Practice (July 2025), and Digital Omnibus proposals (Nov 2025).
    • Supporting material from ENISA, EDPS, OECD, ACM, OWASP, security research (e.g., Kim et al.) and public drafts from ETSI CYBER‑EUSR.
  • Analytical approach:
    • Constructed a practical taxonomy linking concrete agent actions to external systems and the EU instruments that are triggered.
    • Inferred necessary standard-level requirements by reasoning from fixed AI Act essential requirements where draft standards are not public.
  • Limitations:
    • Several harmonised standards were working drafts and not publicly finalised; analysis distinguishes between binding Regulation text and expectations about what standards must operationalise.
    • No authoritative administrative guidance on agent specifics as of early 2026, so interpretation draws on the intersection of Regulation, draft standards scope, and technical security literature.

Implications for AI Economics

  • Compliance costs and operational overhead
    • Exhaustive inventories, logging, privilege minimisation architectures, continuous monitoring for behavioural drift, and cross‑instrument compliance (GDPR, CRA, DSA, sectoral law) substantially raise fixed and variable costs for agent providers.
    • Smaller firms and startups face disproportionate burdens; compliance complexity can produce scale economies that advantage large incumbents or specialist compliance vendors.
  • Market structure and entry barriers
    • High compliance and certification costs for high‑autonomy agent deployments may deter entrants and push innovation toward lower‑autonomy (semi‑autonomous) designs to avoid high‑risk designations.
    • Providers capable of demonstrating compliance (and offering audited evidence) will capture price premiums and market share; certification/assurance services become an important adjacent market.
  • Business model and vertical integration incentives
    • The split regulatory objects (GPAI model provider vs system/agent provider) create incentives for vertical integration (model+system) to consolidate liability and simplify compliance, or conversely for specialization where parties trade compliance responsibilities via detailed contracts.
    • Contracting complexity and liability allocation will affect outsourcing decisions (e.g., using third‑party tool APIs vs in‑house tool implementations).
  • Liability, insurance, and capital costs
    • Ambiguity about behavioural drift and “substantial modification” increases liability risk and may raise product liability insurance costs for agent deployments that interact with physical systems, healthcare, finance, or employment.
    • Insurers and capital providers will price perceived regulatory and operational risks into funding and financing terms; firms may face higher cost of capital for agent projects.
  • Innovation incentives and safety investment trade-offs
    • Regulatory stacking creates stronger incentives to invest in safety, auditing, observability, and robust cybersecurity—shifting R&D budgets toward compliance engineering and monitoring tooling.
    • Potential chilling effect on frontier agent deployment in risky domains; alternatively, stronger safety investments may accelerate trustworthy‑by‑design market segments and premium services.
  • Policy and research opportunities for AI economics
    • Quantify compliance burden: estimate one‑time and recurring costs for different agent categories and autonomy levels; model how those costs scale with firm size.
    • Market concentration analysis: simulate how regulatory costs affect entry, pricing, and concentration in agent markets.
    • Welfare and productivity impacts: measure trade‑offs between increased safety/compliance and reduced adoption speeds or reduced functionality (e.g., preference for semi‑autonomous agents).
    • Contracting/liability models: study optimal allocation of compliance responsibilities between model providers, system integrators, and deployers; implications for platform competition.
    • Insurance and capital markets: investigate how regulatory uncertainty affects provisioning of insurance for agentic deployments and investor behavior.
  • Practical takeaways for economists advising firms or policymakers
    • Firms: perform the exhaustive operational inventory early; favor modular auditing-capable designs; consider strategic vertical integration or long-form contracting to manage multi-party obligations.
    • Policymakers: reduce uncertainty by clarifying guidance for agents (privilege minimisation, behavioural drift thresholds, logging standards) to lower compliance transaction costs and avoid unintended concentration effects.
    • Researchers: provide empirical estimates of compliance costs, and model distributional effects across firm sizes and sectors.

If you’d like, I can (a) extract the 12 compliance steps the authors propose into an operational checklist for product teams, or (b) draft a simple economic model or back‑of‑envelope estimate for compliance costs across agent categories. Which would be most useful?

Assessment

Paper Typedescriptive Evidence Strengthn/a — Paper is a legal-regulatory mapping and taxonomy rather than an empirical study testing causal hypotheses, so traditional evidence strength ratings for causal inference do not apply. Methods Rigormedium — The paper systematically integrates multiple regulatory instruments, draft harmonised standards, and international codes of practice and produces a concrete taxonomy and compliance architecture, which indicates careful document-based scholarship; however, it lacks empirical validation (e.g., case studies, audits, or deployment testing), legal interpretive uncertainty remains, and normative claims about infeasibility of compliance are not backed by systematic enforcement or technical measurements. SamplePrimary sources are EU legislation and related instruments (AI Act Regulation 2024/1689, GDPR, Cyber Resilience Act and its harmonised standards programme under Mandate M/606, Digital Services Act, Data Act, Data Governance Act, NIS2 Directive, revised Product Liability Directive), draft harmonised standards under Standardisation Request M/613 to CEN/CENELEC JTC 21 as of January 2026, the GPAI Code of Practice (July 2025), the CRA harmonised standards programme (Mandate M/606, accepted April 2025), Digital Omnibus proposals (November 2025), and sector-specific rules; the paper also derives a taxonomy of nine agent deployment categories and a twelve-step compliance architecture based on these documents and author interpretation. Themesgovernance adoption org_design human_ai_collab GeneralizabilityEU-centric: analysis focuses on EU legislation and standards and may not apply to non-EU jurisdictions (US, China, other regional regimes)., Time-bound: relies on draft and recently adopted standards and proposals (as of 2025–Jan 2026) that may change through standardisation or legislative amendment., Normative/legal interpretation: conclusions depend on authors' legal readings; different legal advisors or national implementers may interpret obligations differently., No empirical deployment validation: taxonomy and compliance architecture are untested against real-world agent deployments or enforcement actions., Technology-definition dependency: findings assume the paper's operational definition of 'AI agents'; changes in technical definitions or architectures could alter regulatory mappings.

Claims (9)

ClaimDirectionConfidenceOutcomeDetails
AI agents - i.e. AI systems that autonomously plan, invoke external tools, and execute multi-step action chains with reduced human involvement - are being deployed at scale across enterprise functions ranging from customer service and recruitment to clinical decision support and critical infrastructure management. Adoption Rate positive high deployment/adoption of AI agents across enterprise functions
0.09
The EU AI Act (Regulation 2024/1689) regulates these systems through a risk-based framework, but it does not operate in isolation: providers face simultaneous obligations under the GDPR, the Cyber Resilience Act, the Digital Services Act, the Data Act, the Data Governance Act, sector-specific legislation, the NIS2 Directive, and the revised Product Liability Directive. Governance And Regulation negative high regulatory obligations faced by AI agent providers
0.3
This paper provides the first systematic regulatory mapping for AI agent providers integrating (a) draft harmonised standards under Standardisation Request M/613 to CEN/CENELEC JTC 21 as of January 2026, (b) the GPAI Code of Practice published in July 2025, (c) the CRA harmonised standards programme under Mandate M/606 accepted in April 2025, and (d) the Digital Omnibus proposals of November 2025. Governance And Regulation positive high existence of an integrated, systematic regulatory mapping
0.18
We present a practical taxonomy of nine agent deployment categories mapping concrete actions to regulatory triggers. Governance And Regulation positive high taxonomy of agent deployment categories (count = 9)
n=9
0.18
The paper identifies agent-specific compliance challenges in cybersecurity, human oversight, transparency across multi-party action chains, and runtime behavioral drift. Governance And Regulation negative high compliance challenges (cybersecurity, human oversight, transparency, runtime drift)
0.18
We propose a twelve-step compliance architecture and a regulatory trigger mapping connecting agent actions to applicable legislation. Governance And Regulation positive high proposed compliance architecture (12 steps) and regulatory trigger mapping
n=12
0.18
High-risk agentic systems with untraceable behavioral drift cannot currently satisfy the AI Act's essential requirements. Governance And Regulation negative high compliance feasibility of high-risk agentic systems with untraceable behavioral drift under the AI Act
0.18
The provider's foundational compliance task is an exhaustive inventory of the agent's external actions, data flows, connected systems, and affected persons. Governance And Regulation positive high recommended compliance practice (exhaustive inventory of actions, data flows, systems, affected persons)
0.03
AI agents autonomously plan, invoke external tools, and execute multi-step action chains with reduced human involvement. Other positive high technical capability characteristics of AI agents (autonomous planning, tool invocation, multi-step action chains, reduced human involvement)
0.18

Notes