Responsible AI Platform

Does an AI agent fall under the EU AI Act?

··11 min read

A compliance officer types the question literally into ChatGPT: "Does an AI agent fall under the EU AI Act?" The answer that comes back is vague. Somewhere it says the law is "technology neutral", somewhere else that agents are "a grey area". Meanwhile her organisation has just launched a customer service agent that answers emails on its own, and the recruitment team wants an agent that pre-screens applications. So the question is anything but academic.

The direct answer: yes, an AI agent falls under the EU AI Act. Not through a separate agent category, but through the ordinary definition of an AI system in Article 3(1). That definition explicitly says an AI system operates "with varying levels of autonomy". Autonomy, the very feature that makes an agent an agent, is literally in the legal text. An agent that independently plans tasks, calls tools and prepares or takes decisions is a textbook example of an AI system. There is no separate agent regime, no agent exemption and no agent surcharge: the agent goes through the same risk-based framework as any other AI system.

That may sound like an anticlimax, but it is exactly the useful insight. Once you know an agent is an ordinary AI system, you also know which questions come next: which risk category does this agent fall into, who is the provider and who is the deployer, and which deadlines apply. We walk through those questions below, with concrete agent examples. For the full picture of agentic AI under the AI Act, see the in-depth guide agentic AI under the EU AI Act.

Why the definition settles the debate

Article 3(1) defines an AI system as a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment, and that infers from the input it receives how to generate outputs such as predictions, content, recommendations or decisions that can influence physical or virtual environments.

Put any agent next to that definition. A coding agent receives a ticket (input), reasons about the codebase, generates a patch (output) and thereby influences a virtual environment. A procurement agent compares quotes and prepares a purchasing decision. Every element of the definition is present, and the autonomy element is more pronounced in agents than in most classic AI applications. The question "is this covered" is thereby answered. The relevant follow-up question is: under which risk regime?

What it means per risk category

The AI Act works with a risk pyramid. The agent's task determines where it lands, not the technology.

Prohibited practices

The prohibitions of Article 5 have applied since 2 February 2025. An agent that, for example, recognises employees' emotions in the workplace, or that exploits people's vulnerabilities to steer their behaviour, is prohibited regardless of how it is built technically. For most business agents this is not a daily concern, but it deserves a place in every intake check: precisely because agents can develop behaviour nobody explicitly programmed, you want the prohibited boundaries to be crystal clear.

High-risk

This is where it gets concrete. A recruitment agent that assesses or pre-screens applicants touches Annex III (recruitment and selection). An agent that prepares credit decisions touches Annex III (access to essential services). The standalone Annex III obligations will apply from 2 December 2027, following the shift via the Digital Omnibus (which, note, has not yet been published in the Official Journal, so treat that date as the current planning rather than set in stone). For AI embedded as a safety component in regulated products (Annex I), the date is 2 August 2028.

Note the logic: the recruitment agent is not high-risk because it is an agent, but because recruitment is an Annex III task. The same agent architecture summarising meeting notes is not.

Transparency obligations

For agents this is the most underestimated category, and the deadline is close: Article 50 applies from 2 August 2026 and has not been postponed. A customer service agent that chats or emails with customers must be designed so that people know they are communicating with AI, unless that is already obvious from the context. If the agent generates content, additional marking requirements apply. Anyone running a customer-facing agent in July 2026 has weeks left here, not years.

Minimal risk

An internal coding agent, an agent that updates documentation or an agent that plans calendars often falls, in practice, outside the prohibitions, the high-risk list and the transparency cases. What remains are the general principles and, for everyone deploying AI, Article 4: since 2 February 2025 organisations must take measures to ensure sufficient AI literacy among their people. That is an obligation of measures, not a standalone fining ground, but with agents that literacy is no luxury: whoever supervises an agent must understand what the thing can and cannot do. For training agent users there is, for example, LearnWize.

The agent runs on a GPAI model: who carries what

Virtually every agent runs on a general-purpose AI model from a large provider. The AI Act then splits responsibility three ways:

  • The model provider (think of the providers of the large language models) carries the GPAI obligations of Chapter V: technical documentation, information for downstream providers, a copyright policy and a training data summary. Those obligations have applied since 2 August 2025; enforcement with fines sharpens from 2 August 2026. The European Commission published guidelines in July 2025 on the scope of these obligations.
  • The agent platform provider that places an agent on the market as a product is the provider of an AI system and carries the system obligations that go with that system's risk category.
  • The deployer, the organisation using the agent, carries the deployer obligations: following instructions, organising oversight, monitoring input and, for high-risk, monitoring and logging among other things.

And then Article 25, the provision that surprises organisations most often: whoever builds an agent on a GPAI model and puts it into use under their own name, whoever substantially modifies an existing system, or whoever shifts the intended purpose towards a high-risk task, can thereby become a provider themselves, with the full provider obligations. The internal AI team that "quickly builds a recruitment agent" on an external model is then no longer a deployer but a provider. Where exactly that line is crossed is set out in when do you become a provider under Article 25.

Does anything change when the agent acts autonomously, without a human in between?

This is the question behind the question. The answer has two layers.

Under the AI Act itself: no, there is no separate threshold that is crossed the moment the human disappears from the loop. But the degree of autonomy does weigh into almost every obligation. Article 14 requires effective human oversight for high-risk systems, and the more autonomous the agent, the heavier the demands on that oversight turn out in practice. Outside high-risk too, Article 14 is the practical anchor for agent governance: can a human intervene, stop the agent, disregard output?

Under the GDPR: yes, something does change here, and it applies right now. Article 22 GDPR gives data subjects the right not to be subject to solely automated decision-making with legal effects or similarly significant effects. An agent that independently rejects an applicant, denies a claim or terminates a contract sits exactly in that territory. Then human intervention is required, and meaningful intervention at that: someone with the authority and information to revise the decision, not a rubber stamp. This applies today, independent of any AI Act deadline.

The practical conclusion: you answer the question "may our agent do this autonomously" per task. Tasks without legal effects for individuals can be automated more broadly; tasks with legal effects require a human in a meaningful place in the process.

What this means for your agent inventory

Start not with the technology but with the tasks. Map per agent: what does it do, for whom, with what consequences, which model does it run on and who built it. That is the same exercise as an AI register and inventory, focused on agents. Prioritise by the calendar: Article 50 disclosure by 2 August 2026 for every agent that communicates with people, the high-risk route towards 2 December 2027 for agents with Annex III tasks, and GDPR Article 22 immediately for every agent that takes decisions autonomously. Organisations that want to put structural policy in place here, from inventory to oversight design, can turn to the agentic AI governance approach of Embed AI.

The full framework, including role allocation and oversight models, is in the pillar agentic AI under the EU AI Act. An overview of all obligations and deadlines is available in the AI Act Explorer.

Frequently asked questions about AI agents and the EU AI Act

Sources

EUR-Lex: Regulation (EU) 2024/1689 (AI Act) (accessed July 2026)
European Commission: AI Act Service Desk: implementation timeline (accessed July 2026)
Article 29 Working Party / EDPB: Guidelines on automated individual decision-making and profiling (WP251) (accessed July 2026)