As 2025 is shaping up to be “the year of AI agents,” the question of their regulation is becoming central.
Without explicitly designating AI agents, the AI Act already sketches out governance perspectives, particularly in terms of transparency and shared responsibility throughout the value chain.
1. Presentation of AI agents
Although AI agents do not constitute a distinct category under the European Regulation on Artificial Intelligence (hereinafter referred to as the “AI Act”), the Commission has clarified that agents may be required to comply with the requirements applicable to AI systems and/or the obligations imposed on providers of general-purpose AI models.
Agents therefore fall within the category of AI systems with regard to the criteria that determine their qualification:
- Automated system;
- Designed to operate at different levels of autonomy (fully guided by human instructions, semi-autonomous, decision-making and execution without supervision);
- Which may show an ability to adapt (learning, adjustment, improvement, even if this is not a determining criterion of an AI system);
- And which infers how to generate outputs that may influence physical and virtual environments (planning the movement of a car or a robot, adjusting a trading portfolio, etc.).
Nevertheless, AI agents present certain specific characteristics:
- They rely on an AI model pursuing a defined or undefined objective, which has not been subject to further development or significant modification;
- They are accessible through a studio in which the user can edit their parameters;
- They are configured with the purpose of automating a complex, contextualized, and less procedural task, of making decisions and executing actions without necessarily resorting to human intervention.
For example:
- A classic machine-translation AI system, such as DeepL or Google Translate, translates each message separately. When a customer writes “No puedo acceder a mi cuenta,” the system returns “I can’t access my account ». It does not know that the message comes from a customer, does not recognize the tone to adopt, does not apply the company’s internal vocabulary, and retains no memory of the conversation thread. It translates text, not an interaction.
- Conversely, an AI translation agent is specifically designed to handle customer–service exchanges. It detects the language of the message, chooses the optimal translation tool for conversational text, applies the company glossary (“account” → “user profile”), adapts the tone to the brand’s style, checks coherence with previous messages and, if necessary, flags a sensitive case to a human agent. Finally, it sends the translated response through the appropriate channel (chat, email, CRM). Unlike the system, the agent is built to understand business context, maintain coherence, and improve the overall quality of the customer experience.
The regulation of AI agents remains unclear, in the absence of a clearly defined legal or normative framework.
Guidance is therefore expected at two levels:
- On the one hand, regulators may, in the coming months, specify the conditions of development, supervision and security applicable to AI agents;
- On the other hand, providers of AI models will be required to formalize contractual “agentic use policies,” clearly defining the rights, obligations and responsibilities associated with the use of their models, as well as the limits of autonomy granted to deployed agents.
| Focus: Autonomy in AI The autonomy of an AI system refers to the degree to which a system can learn or act without human intervention, following the delegation of autonomy and the automation of processes by humans. Autonomy is a key element that differentiates AI agents from traditional AI systems. An AI system generally performs tasks based on precise human instructions or predefined parameters. Conversely, an AI agent generally presents a higher degree of autonomy: it can perceive its environment, analyze available information, make certain decisions, and act without direct human intervention. This level of autonomy enables it to adapt its actions to situations not initially foreseen, making it a system capable of interacting more dynamically and contextually with its environment. |
| Focus: Agentic AI Agentic AI is an artificial-intelligence system capable of achieving a specific goal with limited supervision and is composed of AI agents. It is therefore a global system endowed with capabilities of autonomy and coordination. In a multi-agent system, each agent performs a specific sub-task to reach the requested objective, and their efforts are coordinated through AI orchestration functionalities. |
2. Specific risks related to artificial-intelligence agents
2.1 Understanding the nature of new risks
AI agents amplify certain risks already known from general-purpose models (GPAI) and introduce new ones linked to their autonomy and their capacity to take broader, goal-oriented actions (end-to-end decision-making capacities).
Their operation may generate unforeseen effects that are difficult to control or supervise.
A few examples are enough to measure the scale:
- Lack of transparency and concealment: difficulty in detecting certain intentions or maintaining effective human supervision;
- Uncontrolled automation: execution of tasks without sufficient human validation or control;
- Loss of control: undesirable behaviors in case of failure, cyberattack, or model error;
- Psychological manipulation: autonomous planning and anthropomorphic behaviors that may influence users, particularly vulnerable populations;
- Bias amplification: reproduction or aggravation of weaknesses of the underlying model.
2.2 The two fundamental mechanisms of risk
Two structuring functions lie at the heart of risks specific to AI agents:
2.2.1 Autonomous planning and end-to-end execution of complex tasks
Agents can operate autonomously to plan and carry out complex tasks within an automated, end-to-end process.
This extended autonomy has two major consequences:
- It delays the detection of deviant behavior, since deviations in action may occur before any human intervention;
- It multiplies cascade effects, where each erroneous decision produces exponential consequences on the environment.
2.2.2 Direct interaction with the real world
AI agents no longer merely generate text: they interact concretely with external systems and tools through API interfaces, browsers, or even physical sensors.
This extension into the real world considerably increases the scale of potential harm.
When integrated into critical infrastructures — such as financial systems, energy networks, health, or education — the risks may become societal, exposing populations to risks of emotional dependence, opinion manipulation, or errors with high economic or human impact.
As AI agents gain autonomy, their decisions chain together and produce effects that exceed their initial scope.
A flaw in one AI model can therefore impact the entire value chain, particularly downstream agents.
Governance thus becomes the central issue of a responsible and controlled deployment of AI agents.
3. Toward Structured Governance of AI Agents
The governance of AI agents is structured around four pillars, with the objective of guaranteeing transparent, controlled, and trustworthy AI.
Pillar 1: Risk Assessment
AI agents must be subject to a structured assessment to anticipate undesirable behaviors and their potential effects.
This process includes two components:
- Risk identification: detect scenarios related to the autonomy of agents and their interactions with the environment;
- Impact assessment: measure robustness, security, and consequences on fundamental rights.
Pillar 2: Transparency Tools
The transparency of AI agents aims to make their behaviors readable, their actions traceable, and their risks predictable, while maintaining a balance between performance and supervision.
It relies on four complementary levers:
- Agent identifiers: ensure traceability and authenticity of interactions through metadata or watermarks;
- Agent cards: document the purpose, capabilities, limitations, and external accesses of each agent;
- Activity logs: record decisions and interactions to facilitate auditability and accountability;
- Real-time monitoring: detect and quickly correct behavioral drifts.
Pillar 3: Technical Deployment Controls
Technical controls ensure real-time management of the behavior of AI agents and prevent drifts through mechanisms integrated into their architecture.
They rely on three key mechanisms:
- Real-time action filters: block or suspend dangerous outputs before their execution;
- Emergency stops: automatically or manually interrupt an agent’s activity in case of anomaly;
- Acceptable use policies: frame authorized uses, duration of autonomy, and conditions of human supervision.
Pillar 4: Human Supervision
Human supervision guarantees that automated decisions remain controllable, understandable, and aligned with human judgment.
It relies on two essential levers:
- Human-in-the-loop control points: validate critical actions and interrupt operations in case of anomaly, ensuring direct and reactive supervision;
- Dynamic authorizations: adjust in real time access rights, permitted actions, and the level of autonomy of agents according to context.
Pillar 5: AI Literacy
Training of operators ensures that those responsible for oversight possess the technical, regulatory, and ethical skills necessary to create agents, authorize their use, and exercise informed judgment — reducing automation bias.
Govern the Power of AI Agents with Confidence and Compliance
AI agents are redefining how organizations interact, decide, and create value.
But this new power demands governance that is solid, traceable, and scalable.
With Naaia, turn your compliance obligations into a lever for performance and strategic control.