The rise of agentic artificial intelligence

The rise of agentic AI fuels AI in ways traditional AI can’t. The scope of AI is plentiful, but there’s a small subsection of tasks Agentic AI is just better at, thanks to its increased levels of autonomy. With the improvement in capability comes a fresh look at how to manage such a tool within the AI regulatory regime in the UK and abroad.

Some are calling for separate pieces of legislation to address the regulatory challenges Agentic AI addresses specifically, but some are equally recommending that such advancements can be addressed within the existing framework. This article will explore both of these scenarios, as well as explore what the future may hold in this space.

Managing agentic AI within interconnected regulation

AI governance is deeply rooted across the globe, with the OECD Policy Observatory listing 668 national AI governance initiatives across 69 countries, territories, and the EU. These include a combination of national strategies, action plans, and public consultations with input from a variety of stakeholders.

Within the United Kingdom, 18 interconnected frameworks control both the development and use of AI, outlining the motivation for the government to take a relaxed legal stance compared to other jurisdictions.

The additional challenge facing policymakers and legislators is how to regulate a subset of AI that can behave completely independently and make decisions on something without the need for any human involvement. Or, putting it another way: Human Out Of The Loop (HOOTL)

The foundation of effective regulation starts with businesses' understanding of how AI will contribute to business functions. When ChatGPT was introduced back in November 2022, businesses were keen to utilise it as a major cost-saving tool which led to industry reports collectively forecasting Generative AI’s economic contribution to GDP to exceed $20 trillion and save 300 billion work hours per annum.

However, as a consequence of Generative AI’s rapid uptake, Gartner is forecasting that at least 30% of Generative AI projects will be abandoned by the end of 2025 due to a combination of poor-quality data and inadequate risk management.

With the uptake of Generative AI continually expanding and knowledge distillation facilitating the creation of new Large (and small) Language Models (S/LLMs), the question turns to how this new wave of AI, namely Agentic AI, will make its mark in the wider technological landscape.

Do we need a new suite of regulations?

To determine whether the risks of Agentic AI are suitably covered within existing regulations, policymakers and business leaders will need to assess their internal governance against the broader approaches specific to the jurisdiction(s) they’re operating in.

There’s an array of existing literature covering Agentic AI within the EU’s AI Act, so for the purposes of this article, I will cover it within the context of the UK’s pro-innovation approach. Ultimately, the question on policymakers' minds will stem from the fact that aspects of AI are moving in a direction where they take an arguably uncomfortable level of control.

From the UK’s standpoint, Agentic AI has been referenced both in the 2025 AI Opportunities Action Plan and the prior 2024 independent report, highlighting its prominence as an area to watch from a regulatory perspective. Similar to the original Pro-innovation white paper published back in 2023, sector-specific regulators will monitor and issue guidance accordingly.

One area that could affect how governments plan their Compute strategy is the recent passing of the Data (Use and Access) Act 2025. The act doesn’t replace the Data Protection Act 2018 or General Data Protection Regulation (GDPR), but instead introduces changes to the interpretation of certain aspects of data processing.

Notably, allowing for a broader spectrum of processing without requiring a full balance test against an individual’s rights arguably “frees up” innovative practices that may have been prohibited in the past under the existing rules. However, on the contrary, concerns could arise with the level of flexibility and may ultimately, in certain scenarios, result in an increase in civil claims.

As with the rest of the UK’s AI regulation, the regulators and government will likely need to see such cases arise and their outcome before determining what, if any, changes are required in the legislation.

The challenges of a specific regulation

The foreseeable future is unlikely to introduce Agentic AI-specific regulation. However, the Department for Science, Innovation and Technology (DSIT), back in January 2025, published the UK’s Code of Practice for the Cyber Security of AI, outlining how companies should, within the AI lifecycle, look out for use cases pertaining to increasingly autonomous agents.

This guidance, in tandem with existing regulatory frameworks, will likely remain for some time unless there is a material shift in the Agentic AI landscape that would deem the current intersecting frameworks unsustainable from a legal perspective. The latter, however, does raise questions about the legal effectiveness of certain subsets of the UK’s GDPR, namely Articles 13 and 14, along with Article 22.

Under Article 13/14 of GDPR (Transparency, Explainability and Right to Information), citizens are entitled to information on how their data will be used. However, when Agentic AI is introduced, this adds a layer of complexity.

The benefits of increased autonomy also carry the risk of self-generated decisions that aren’t observable or foreseen during the deployment stage, leading to gaps in DPIA development and explainability in system output.

The latter has always been a challenge with AI, but to manage these difficulties within the parameters of Agentic AI companies, they should describe in layman’s terms how far AI’s autonomy can extend. Whilst this won’t directly ameliorate any unintended consequences, it will go some way in outlining how actions may stem from model outputs that humans may not understand.

More pressingly, the increased automation Agentic AI brings risks of Article 22 GDPR being invoked. Data subjects have the right not to have a decision made on and/or about them through an entirely automated means, and as a result, organisations will need to ensure they have, in amongst other scenarios, measures in place to allow for contestability of decisions in high-impact use cases.

In the event of Agentic AI’s involvement in decisions in the likes of finance or employment, there’s a risk that automated recommendations could result in automated final outcomes, posing a significant risk to human rights without the requisite legal oversight.

Conclusion

Over the coming years, regulation of Agentic AI will present a significant challenge on top of the already-challenging regulatory arena.

As the regulators, over time, start to see consequences of AI emerge across different sectors, existing compliance measures will be tested to determine how well Agentic AI responds to the UK’s approach, and what, if any, changes are required.

Bibliography

[1] oecd.ai. (n.d.). OECD’s live repository of AI strategies & policies. [online] Available at: https://oecd.ai/en/dashboards/overview/policy.

[2] Wyman, O. (2024). How Generative AI Is Transforming Business and Society. [online] Oliver Wyman Forum. Available at: https://www.oliverwymanforum.com/global-consumer sentiment/how-will-ai-affect-global-economics.html.

[3] Gartner. (2024). Market Guide for Generative AI Consulting and Implementation Services. [online] Available at: https://gcom.pdo.aws.gartner.com/en/documents/5752115 [Accessed 25 Jun. 2025].

[4] Legislation.gov.uk. (2025). Data (Use and Access) Act 2025. [online] Available at: https:// www.legislation.gov.uk/ukpga/2025/18/enacted [Accessed 25 Jun. 2025].

[5] for, D. (2025). AI Cyber Security Code of Practice. [online] GOV.UK. Available at: https:// www.gov.uk/government/publications/ai-cyber-security-code-of-practice.

[6] GDPR (2013). General Data Protection Regulation (GDPR) – Final text neatly arranged. [online] General Data Protection Regulation (GDPR). Available at: https://gdpr-info.eu/ art-13-gdpr/.

#2022, #2023, #2024, #2025, #300Billion, #ActionPlan, #Adoption, #AgenticAI, #Agents, #Ai, #AiAct, #AIAdoption, #AICyberSecurity, #AiGovernance, #AIRegulation, #Amp, #Approach, #Arena, #Art, #Article, #Articles, #Artificial, #ArtificialIntelligence, #Automation, #Autonomous, #AutonomousAgents, #AWS, #Billion, #Building, #Business, #Challenge, #ChatGPT, #Code, #Companies, #Complexity, #Compliance, #Consulting, #Cyber, #CyberSecurity, #Data, #DataProcessing, #DataProtection, #Deployment, #Development, #Direction, #Distillation, #Documents, #Economic, #Economics, #Employment, #Eu, #Event, #Explainability, #Finance, #Foundation, #Framework, #Fuels, #Full, #Functions, #Future, #Gartner, #Gdpr, #GeneralDataProtectionRegulation, #Generative, #GenerativeAi, #Global, #Governance, #Government, #Growth, #Guidance, #How, #HowTo, #HTML, #Human, #HumanRights, #Humans, #Impact, #Industry, #InformationAge, #Innovation, #Intelligence, #It, #KnowledgeDistillation, #Landscape, #Language, #LanguageModels, #LED, #Legal, #Legislation, #Literature, #LLMs, #Loop, #Management, #Material, #Model, #Models, #Monitor, #Motivation, #Namely, #One, #Other, #Paper, #Pieces, #Plan, #Policies, #Policy, #Prolific, #PublicServices, #QualityData, #Raise, #Regulation, #Regulations, #Report, #Reports, #Repository, #REST, #Risk, #RiskManagement, #Risks, #Rules, #Science, #Security, #Society, #Space, #Spectrum, #STEM, #Strategy, #Subset, #Technology, #Test, #Text, #Time, #Tool, #Transparency, #UK, #UkGovernment, #UnitedKingdom, #Vs, #Wave, #Work

Published on The Digital Insider at https://is.gd/rFlq5w.

Julio Marchi © Speaks Out Network

Search This Blog