Agent AI Compliance and Regulations: What should you know?

Applications of AI
Michael LewisLeave a Comment on Agent AI Compliance and Regulations: What should you know?


The widespread adoption of artificial intelligence by organizations has provided countless advantages, but it also has its drawbacks.

In fact, 95% of executives say they have experienced negative consequences over the past two years as a result of their use of corporate AI, according to an August 2025 report from the “Responsible Enterprise AI in the Agent Era.” Direct economic losses are the most common outcome, reported in 77% of cases.

As these numbers may be visible, they could get even worse as organizations begin implementing Agent AI. Infosys found that 86% of executives who knew Agent AI believe the technology poses additional risk and compliance challenges to their businesses.

“Agent AI introduces additional risks for non-human autonomous decisions and autonomous behavior in the loop,” said Valence Howden, an advisory fellow at the Information Technology Research Group.

term Agent AIor AI Agentrefers to an AI system that allows you to make independent decisions and autonomously adapt your actions to achieve specific goals. Unlike traditional automation tools that follow a strict fixed instruction set, agent AI systems use learned patterns and relationships to infer and coordinate actions in real-time. The ability to act independently distinguishes AI agents from basic automation.

https://www.youtube.com/watch?v=5eqwl9yaeje

Why Agent AI needs a new compliance strategy

Agent AI's ability to make decisions and carry out actions on its own will inspire increased risk to the organization and encourage AI experts and compliance personnel to advise management to pay attention to incorporating the necessary controls into the system from the start.

Valence Howden, Advisory Fellow, Information Technology Research GroupValence Hauden

“An [agentic AI] Agents analyze data through many layers, and all of these layers have compliance, governance and risk,” Howden explained. The more complex and important the activities carried out by the agent, the greater the risk.

At the same time, compliance is difficult because under any circumstances, compliance is a moving target, Howden emphasizes. “It's always moving, but you still need to build a compliance structure for something that doesn't stay the same,” he said.

Asha Palmer, Senior Vice President of Compliance at Skillsoft, created learning management system software and corporate training content, witnessed how additional security risk agent AI poses could manifest. She cited the case from another company where AI agents breached the firewall and accessed sensitive data during the testing phase.

In fact, access and exposure to sensitive data is one of the main risks offered by Agent AI, Palmer and others have said. For example, if programmed to gather insights, AI agents can access sensitive areas of the system without appropriate safeguards, leading to unintended exposure. If an agent agent is compromised, it can also be manipulated to expose those weak spots.

Other risks to Agent AI include hallucinations of AI, infringement of copyright or other protected material, the use of bias or bad information to make decisions, and fraudulent conduct.

These risks are also related to general artificial intelligence, and are not necessarily specific to Agent AI. However, as others who interviewed Palmer pointed out, these risks are increased in Agent AI: the sequence of Agent AI actions that occur within the workflow, the layers on which the actions are taking place, the speed of those actions, and the autonomous nature of those actions all make it more difficult to route where and what is going wrong.

Andrew Grosso, Chief Attorney, Andrew Grosso & AssociatesAndrew Grosso

This complexity has convinced experts like Andrew Grosso, the lead lawyer for Andrew Grosso & Associates and the current chair of the Computing Machinery Subcommittee on Law for the American Technical Policy Committee. “In my opinion, Agent AI needs a new compliance strategy,” Grosso said.

Address new risks and implement agent AI controls

How can businesses deal with the risks inherent in using agent AI? Palmer said her approach to ensuring agent AI complies with relevant regulations and standards is the same approach she takes to ensure compliance and reduce risk with other types of AI.

  • Understand and evaluate use cases. Working with a sensual team, we begin by understanding and evaluating the use cases in which AI is deployed. Lists the specific risks associated with your use case.
  • Identify key stakeholders. To ensure accountability, identify both the technology developers responsible for AI systems and the business owners responsible for use cases.
  • Consider the purpose of your use case. Make it clear what the purpose of the use case is. Understand how AI is used to achieve its objectives.
  • Identify relevant data. Identifies data that the AI ​​system accesses while it is running. Evaluate the sensitivity and protection that data requires to mitigate security risks.

Palmer said the information they gather from these steps will determine which controls will be implemented so that AI tools (whether agent AI or another type) work in a way that complies with all relevant regulations, standards, and best practices.

Asha Palmer, Senior Vice President of Compliance at Skillsoft Asha Palmer

According to her, these controls include technical management, continuous testing, human surveillance and revisions.

“At Skillsoft, we run agent AI controls and report the results. We perform bias tests, hallucination tests, and aggression tests. We do our own tests to ensure the right guardrail,” Palmer added.

Grosso emphasized the need for human surveillance during Agent AI training.

“In the end, after a lot of 'job' training exercises, the system will become fully proficient in the work it is designed to perform, allowing it to retreat or perhaps eliminate human surveillance,” he said.

But he said, “The real problem is that experts may find the machine counterparts too quickly and may stop monitoring too easily.”

A new AI compliance framework for businesses

Ensuring that your AI agent is compliant with applicable rules, regulations, standards and best practices falls under the idea of ​​responsible AI.

Responsible AI It is an approach to developing and deploying AI, ensuring that AI is accountable, ethical, fair, safe, transparent and reliable.

There are several frameworks that can be used to ensure that an organization is developing responsible AI, and as part of it, it is AI agent-compliant.

  • European Union AI law. The legislation promotes safe and transparent AI by categorizing risk levels, guiding responsible development, and ensuring compliance through clear rules, accountability, and enforcement mechanisms.
  • AI's G7 Code of Conduct. This set of voluntary guidelines encourages the safe, secure and reliable development and deployment of advanced AI systems, and advises organizations to identify, assess, and mitigate risks throughout the AI ​​lifecycle.
  • ISO/IEC 42001. This set of voluntary guidelines cover the development and use of responsible AI by ensuring accountability, transparency and risk management. This helps to align AI systems with ethical principles and regulatory requirements and promote trust, safety and compliance throughout the AI ​​lifecycle.
  • NIST AI Risk Management Framework. This framework aimed at voluntary use helps organizations design, develop and deploy responsible AI by addressing the risks across these efforts. This promotes trustworthy AI through core functions (e.g. mapping, measurement, management) that helps ensure compliance, transparency, and integrity with ethical and legal standards.

Agent AI Regulatory Trends

The Infosys report found that 78% of the executives surveyed were viewed.”[Responsible AI] “Practices as having a positive impact on business growth,” and most of the executives surveyed said, “We welcome new AI regulations, primarily because such regulations provide clarity, confidence and trust in corporate AI, both internally and clients.”

However, regulations are still evolving, and experts say they are not specifically addressing agent AI.

“The current trend is to use the EU's AI law framework as a foundation,” the report states, saying that most countries use the framework with only a small variation, so that the rules match the EU to avoid patchworking the rules.

At both the federal and state levels, U.S. lawmakers are considering regulations, but are not offering firm direction for the organization. In 2023, then-President Joe Biden issued an executive order on safe, secure and reliable AI. His successor, President Donald Trump, rescinded the order in 2025 and issued an executive order rescinding further policies that were considered a barrier to American AI development.

How businesses prepare for AI agent compliance today: 7 steps

Even in an evolving regulatory environment, compliance experts said organizations can take the following seven steps to ensure that AI agents develop and deploy in compliance with laws and standards:

Sugand Arabi, Associate Professor, Tippie University, University of Business, University of IowaSugand Arabi
  1. Palmer said that it is clear what purpose the AI ​​agent will have and what compliance measures will be needed, making sure the compliance programme is in line with business strategy and business operations.
  2. Soogand Alavi, an assistant professor at Tippie College of Business at the University of Iowa, says it will identify actions occurring at every layer and every point in your workflow so that you can address your compliance needs and organize accountability and transparency into your system.
  3. Auditing AI agents, “checking the responses they are giving and knowing they are complying with regulations,” Alavi added.
  4. Train your employees with responsible AI. “Each unit of an agent AI system used in professional or other complex fields must undergo training, review and certification processes even after it is used,” Grosso said. “Companies shouldn't ask too much [their] Individual Agent AI systems are well trained and demonstrated their capabilities. ”
  5. “Grosso resists resisting “it's too early for an agent-based AI system.” “Compliance needs to strengthen that they are still under control and still responsible for the processes and outcomes when these devices are in use.”
  6. Don't assume: The habits that users may not think are important are not too far from the timeline, and can have serious and unfavourable effects, Grosso said. “These systems have the ability to act on their own and to self-correct,” he emphasized. “Therefore, users need to consult with designers and uninterested experts regarding the tasks on which these devices are located. Small initial errors in AI systems can snowball into big problems in the long run.”
  7. Howden explained that appropriate and continuous resources must be developed to ensure compliance and governance in AI development and deployment, and that compliance work must evolve as is the case with AI systems. “If not, we'd chase after something we couldn't catch,” he said. “If you don't embed it now, you can't do it later.”

Mary K. Pratt is an award-winning freelance journalist with a focus on enterprise IT and cybersecurity management.



Source link

Related Posts

NVIDIA, T-Mobile, and partners integrate physical AI applications into AI-RAN-enabled infrastructure

Michael Lewis

‘How do you use AI?’ Experts say therapists should ask you: NPR

Michael Lewis

Tollring and Amity win awards for specialized AI tools

Michael Lewis

Leave a Reply

Your email address will not be published. Required fields are marked *