AI Agents at Work: What AI Act Obligations Apply to Autonomous Systems?

In late 2025, MIT Technology Review estimated that 40% of enterprise applications will integrate agentic AI models by 2027. In 2026, the reality is already here: AI agents manage complete B2B purchases, screen candidates, orchestrate HR workflows, trigger financial transactions - often without human intervention at every step. Visa, Mastercard, hundreds of startups and large corporations are deploying these systems at scale.

For most decision-makers, the compliance question under the AI Act (Regulation EU 2024/1689) remains unclear on this topic. Does the AI Act cover autonomous agents? And if so, how? The answer is unambiguous: yes, and often with substantial obligations.

What Is an AI Agent Under the AI Act?

The AI Act doesn't explicitly mention "AI agents" or "agentic AI". But its general definition of AI system, in Article 3§1, is broad enough to encompass them:

An AI system is a machine-based system designed to operate with varying levels of autonomy and that may, for explicit or implicit objectives, generate outputs such as predictions, recommendations, decisions or content that influence real or virtual environments.

AI agents fit this definition precisely - and the European Commission confirmed it in its February 2026 guidelines on high-risk systems: autonomous agents carrying out financial transactions or influencing economic decisions are explicitly classified there.

What distinguishes an agent from an ordinary chatbot

The distinction is structural, not a matter of degree. A conventional AI system operates in request-response mode: the human asks a question, the AI answers, the human decides. The human stays in the loop at every consequential step.

An agent breaks this pattern. It receives a high-level objective, decomposes it into subtasks, selects and invokes tools (APIs, databases, external services), evaluates intermediate results and adjusts its approach - all with varying degrees of human supervision, sometimes none. It is precisely this autonomy that creates a different risk profile.

How to Classify an AI Agent's Risk Level

The most frequent mistake is assuming "agent = automatically high risk". That's wrong. Risk level depends on use case, not on autonomy level.

Minimal or limited risk

An agent automating tasks without direct impact on individuals falls under minimal or limited risk: content or email drafting agents, information monitoring and synthesis agents, calendar organisation or internal scheduling agents, document research or summarisation agents. For these uses, only Article 50 transparency obligations apply.

High risk - Annex III

An agent shifts to high risk as soon as its action falls within one of the eight Annex III domains:

• Autonomous HR agent screening candidates, evaluating performance or recommending dismissals - Annex III, section 4
• Financial scoring agent assessing creditworthiness, setting credit limits or triggering fraud alerts - Annex III, section 5
• Critical infrastructure management agent (energy, transport, water) making operational decisions - Annex III, section 2
• Public services access agent routing social benefit or housing applications - Annex III, section 5
• Agent in judicial or law enforcement domains analysing files, assessing risks or formulating decision recommendations - Annex III, sections 6 and 7

The practical rule: an agent that acts on decisions concerning natural persons - their employment, credit access, rights, safety - is almost certainly high risk. An agent acting on data or processes without direct impact on individuals is generally limited risk.

Concrete Obligations for High-Risk Agents

Article 14: effective human oversight

This is the central obligation for autonomous agents - and the hardest to reconcile with how they operate. Article 14 requires high-risk systems to be designed to allow a human to understand, monitor and interrupt their operation. For a high-risk AI agent, this means: an interruption mechanism, action explainability, validation thresholds for high-impact actions, and trained oversight personnel.

Articles 12 and 26§6: traceability and logs

Every action of a high-risk AI agent must be automatically logged. Logs must allow reconstruction of the agent's reasoning: what data it consulted, what tools it invoked, what intermediate decisions it made, and why. This requirement is particularly structuring for multi-agent architectures, where several agents chain together.

Article 9: risk management throughout the lifecycle

The capacity of agents to dynamically invoke tools at runtime creates a specific challenge: the system's capabilities on Monday may differ from its capabilities on Friday if new tools have been connected. Article 9 imposes a continuous process of risk identification and mitigation - not a one-time initial assessment.

Article 13: transparency toward the deployer

If you use an AI agent developed by a third party in a high-risk context, that provider must supply clear information on the agent's capabilities and limitations, the data it uses, and the contexts in which it may produce incorrect or biased results.

The Specific Case of Multi-Agent Systems

Architectures where multiple agents interact - an orchestrator agent delegating to specialist agents - raise a delicate responsibility question. The AI Act's structural answer:

• The entity developing and commercialising each component agent is the provider of that agent
• The entity orchestrating these agents in a workflow is the deployer of the overall system
• If you develop your own orchestrator agent by assembling third-party agents, you become the provider of the resulting system

What You Should Do If You Deploy AI Agents

1. Map every deployed agent: list all your agents, with their exact use case, the tools they invoke, the data they access, and the types of decisions they produce or influence.
2. Classify each agent's risk level: apply the Annex III grid. If the agent acts on decisions affecting natural persons in one of the 8 domains, it's high risk.
3. Implement human oversight by design: don't add oversight as an afterthought. Design agentic workflows with human validation points, escalation thresholds and interruption mechanisms from the outset.
4. Set up logs: every high-risk agent must generate automatic logs retained for at least 6 months, covering all actions and intermediate decisions.
5. Audit your agentic SaaS providers: if you use a third-party agent in a high-risk context, request usage instructions and verify AI Act compliance.

The free AiActo diagnostic helps you classify your AI systems - including your autonomous agents - and identify your obligations based on your provider or deployer profile.

Frequently Asked Questions

Is a fully autonomous AI agent banned by the AI Act?

No - total autonomy is not banned as such. What is required for high-risk systems is that autonomy be framed by effective human oversight mechanisms. An agent can act autonomously on low-impact tasks, but high-impact decisions affecting natural persons must be reviewable, contestable and correctable by a competent human.

How to manage human oversight when an agent operates 24/7?

Article 14 doesn't require a human to be present at every agent action - it requires oversight-enabling mechanisms to be in place. Concretely: automatic alerts when the agent crosses certain thresholds, monitoring dashboards, clear escalation procedures, and the ability to stop the agent at any time. Oversight can be asynchronous for low-impact actions but must be near-immediate for critical decisions.

My AI agent uses third-party tools via API - who is responsible if something goes wrong?

As the deployer of the agent, you are responsible for the overall behaviour of the system within your deployment. If the agent invokes a third-party API that produces an erroneous result, your liability is engaged for failing to implement adequate controls. You can seek contractual recourse against the API provider, but this does not exempt you from liability towards the affected person or the regulatory authority.

Are AI agents covered by GPAI (general-purpose AI model) obligations?

It depends on how the agent is built. If your agent is an LLM (like GPT-4 or Claude) used directly with a prompt, the underlying model is subject to GPAI obligations (Articles 51-56) as a provider. But your use of this model as an agent is subject to deployer obligations. Both layers apply simultaneously and don't substitute for each other.

What's the difference between an RPA workflow and an AI agent under the AI Act?

An RPA system executing fixed, predetermined rules without adaptation capacity generally doesn't fall under the AI Act's definition of an AI system. An AI agent using a language or machine learning model to adapt to unforeseen situations, choose between possible actions, or generate variable outputs does fall under the AI Act. The dividing line is the capacity for adaptation and learning, not the level of automation.

Agentic AI is the next frontier of AI Act compliance. Businesses deploying these systems today without structuring their governance are taking growing regulatory risk as August 2026 approaches. But those that anticipate - human oversight by design, action traceability, precise use case classification - turn this constraint into a structural advantage on European markets. Check the AI Act timeline to follow all key compliance dates.