Agentic AI Regulation: The Closing Gap in AI Law (2026)

Last reviewed: April 29, 2026

For most of 2024 and 2025, agentic AI regulation looked like the biggest gap in AI law. Frameworks designed before agents could act autonomously assumed humans approved consequential decisions. As enterprise deployments of AI agents accelerated through 2025 — calling APIs, modifying records, coordinating with other agents — the regulatory vacuum grew obvious. Then, between January and April 2026, the picture changed. Singapore published the world’s first dedicated agentic AI governance framework. NIST released AI 100-5 specifically addressing agentic systems. The EU AI Office issued FAQ guidance. Academic regulatory mapping appeared. The “biggest gap” framing is becoming dated. The accurate framing for mid-2026 is that the gap is closing fast but unevenly: Singapore is most concrete, NIST is catching up via profiles and a new Agent Standards Initiative, the EU AI Act applies in principle but has not addressed agents at the Article level, and US enforcement is taking shape case by case under existing law. This article maps the comparative state of agentic AI governance and identifies the liability questions still unanswered.

Key Takeaways

Singapore is the only jurisdiction with a dedicated agentic AI governance framework. The IMDA Model AI Governance Framework for Agentic AI, published January 22, 2026, is the world’s first comprehensive guidance and the de facto reference document globally.
NIST has launched but not yet shipped agent-specific guidance. The NIST AI Agent Standards Initiative through the Center for AI Standards and Innovation (CAISI), launched February 2026, plans an AI Agent Interoperability Profile for Q4 2026. The Cloud Security Alliance’s Agentic Profile (April 2026) is the most current third-party extension to NIST AI RMF for agentic systems. NIST itself has not yet released a finalized agent-specific publication.
The EU AI Act covers agents in principle but not in detail. The AI Act applies to “AI systems” broadly, and the EU AI Office Service Desk now publishes FAQ guidance specifically on AI agents. Article-level rules do not exist; the GPAI Code of Practice (July 2025) and CRA standards are the closest things.
US enforcement is reactive, not framework-led. The FTC’s Air AI case (March 2026) was the first agentic-AI enforcement action — Section 5 deception theory applied to autonomous AI claims. Federal sector regulators are watching but have not issued agent-specific guidance.
The liability question remains the hardest unsolved problem. When an autonomous agent causes harm, current law accommodates the case but does not always answer it cleanly. Singapore’s framework asserts that humans remain accountable; US doctrine increasingly treats AI vendors as agents of deployers (post-Workday class certification, May 2025). EU jurisprudence is unsettled. Singapore alone among major jurisdictions has shipped a comprehensive agentic AI governance document; NIST and the EU are still in development.

What makes agentic AI different from earlier AI?

Agentic AI systems plan, reason, and take action autonomously on a user’s behalf. The defining feature is that the decision-to-action loop closes inside the system. A traditional machine-learning system produces a prediction; a human decides what to do with it. A generative AI system produces text or code; a human decides whether to execute it. An agentic system reasons about a goal, plans steps, invokes tools — search engines, APIs, payment systems, other agents — and takes actions before any human reviews each step.

The European Data Protection Supervisor’s Techsonar monitoring page captures the technical distinction: “AI agents are single systems that autonomously perform tasks and use tools such as search engines or code generation to achieve simple goals. Agentic AI goes further by coordinating multiple agents, managing their communication, and distributing tasks to accomplish larger, more complex objectives.”

Three properties of agentic systems break assumptions baked into existing AI governance:

Action autonomy. The system takes consequential actions before human review. This breaks frameworks that assume per-decision human approval, including the EU AI Act’s “deployer” model and Singapore’s pre-2026 Model AI Governance Framework.
Multi-agent coordination. Agents call other agents. Cascading failures propagate; accountability diffuses across orchestrator, sub-agent, and tool provider. Existing AI risk-assessment frameworks operate at the system level, not the system-of-systems level.
Behavioral drift at runtime. Agents adapt strategies in deployment based on memory, tool feedback, and changing context. The same agent can behave differently across sessions even with identical inputs. Pre-deployment conformity assessment cannot fully characterize a system that mutates after deployment.

These three properties define what makes agentic AI a distinct governance category, not just a faster version of generative AI. The arXiv paper “AI Agents Under EU Law” (April 2026) concludes that “high-risk agentic systems with untraceable behavioral drift cannot currently satisfy the AI Act’s essential requirements.” This is the operative challenge for regulators and deployers alike.

How does the EU AI Act apply to agentic AI?

The EU AI Act applies to agents in principle. Article 3 defines “AI system” as “a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions, that can influence physical or virtual environments.” Agents fall squarely within this definition. If an agentic system is used in an Annex III high-risk area — employment, lending, healthcare, critical infrastructure, education — the high-risk obligations apply.

The Act applies in principle, but it does not address agents at the Article level. Three gaps stand out:

Gap 1: Conformity assessment assumes static behavior. The EU AI Act’s conformity assessment regime expects pre-deployment characterization of how a system behaves. An agent whose behavior drifts at runtime cannot be fully characterized pre-deployment. Notified bodies have not yet published guidance on how to assess systems with runtime behavioral mutation.

Gap 2: Human oversight (Article 14) assumes meaningful per-decision review. Article 14 requires that high-risk AI systems be designed so that humans can effectively oversee their operation. Agentic systems that take actions before human review challenge this. The Singapore approach — significant checkpoints for high-stakes actions rather than per-decision review — is operationally workable but does not map cleanly to Article 14’s text.

Gap 3: Multi-party accountability is unresolved. When an agent calls another agent which calls a third-party tool, the AI Act’s provider/deployer/distributor framework does not always assign accountability cleanly. The arXiv paper “AI Agents Under EU Law” (April 2026) proposes a twelve-step compliance architecture for agent providers but acknowledges that the regulatory mapping is “the first systematic” attempt — meaning the doctrinal questions remain open.

The European Commission has begun addressing these gaps. The EU AI Act Service Desk now publishes FAQ guidance on how AI agents are addressed within the AI Act and how they fit within the GPAI framework. The GPAI Code of Practice (July 2025) addresses general-purpose AI models that underlie most agents. The Cyber Resilience Act (CRA) harmonised standards programme (Mandate M/606, accepted April 2025) covers cybersecurity expectations relevant to agentic deployments. The November 2025 Digital Omnibus proposals — under trilogue as of April 2026 — would adjust some implementation timelines.

What does not yet exist: an AI Office–issued horizontal guidance document specifically on agentic systems. Compared to Singapore’s MGF for Agentic AI, the EU’s agent-specific guidance is fragmented and indirect.

How is the United States approaching the NIST gap?

For most of 2024 and 2025, the NIST AI Risk Management Framework had no agentic-specific extension. The framework’s Govern, Map, Measure, and Manage functions applied conceptually but offered no specific guidance on agent autonomy, multi-agent risk, or runtime drift. By early 2026, NIST began addressing this — though the agent-specific work is in progress, not yet shipped.

NIST AI Agent Standards Initiative (February 2026) — launched through the Center for AI Standards and Innovation (CAISI, the rebranded former AI Safety Institute). The initiative is developing voluntary guidelines on three tracks: identity and authorization, security and risk management, and monitoring and logging. NIST has indicated that an AI Agent Interoperability Profile is planned for release in Q4 2026. (Source: Cloud Security Alliance Agentic Profile whitepaper, April 2026, citing NIST announcements.)

NIST AI RMF Profile activity continues across sectors. On April 7, 2026, NIST released a concept note for an AI RMF Profile on Trustworthy AI in Critical Infrastructure. Earlier profiles include NIST AI 600-1 (Generative AI Profile, July 2024). NIST AI 100-5 is “A Plan for Global Engagement on AI Standards” — not an agent-specific document, despite some third-party characterizations to the contrary.

Cloud Security Alliance Agentic Profile (April 2026) — proposed third-party extension to NIST AI RMF, aligned with the CSA AI Controls Matrix (243 controls, 18 domains, July 2025) and the CSA AAGATE reference architecture (December 2025, a Kubernetes-native runtime governance overlay). CSA’s profile organizes its extensions by NIST RMF function and adds concepts for agent autonomy, tool-use risk, runtime behavioral governance, and delegation chain accountability. The CSA paper is currently the most concrete US-aligned operational guidance for agentic systems.

The cumulative picture: by April 2026, US practitioners have access to the CSA Agentic Profile (industry extension), the NIST AI Agent Standards Initiative roadmap signaling Q4 2026 deliverables, and broad NIST AI RMF principles applied conceptually. What does not yet exist: a finalized NIST agent-specific publication, or a federal sector regulator agentic-specific rule. The FDA, CFPB, and EEOC operate under existing authorities; none has issued an agent-specific guidance document.

US enforcement, by contrast, has begun. The FTC’s Air AI case (March 24, 2026) was the first US enforcement action explicitly addressing agentic AI marketing claims. Air AI marketed “agentic AI” as autonomous customer-service representatives that could replace human staff. The FTC alleged the agents did not perform as marketed. The case settled with a permanent ban on the operators marketing business opportunities and an $18 million monetary judgment (suspended to $50,000 cash relief based on inability to pay). The doctrinal significance: agentic AI marketing claims are subject to Section 5 substantiation requirements like any other product claim. For the broader US enforcement context see FTC Operation AI Comply.

Who is liable when an agent causes harm?

The liability question is the hardest unsolved problem in agentic AI governance. Singapore’s framework asserts that humans remain accountable. US case law is moving toward AI vendor liability. EU doctrine is unsettled. Three liability theories compete:

Theory 1: The deployer is accountable. The organization that put the agent into production carries responsibility for its actions. This is the dominant model — Singapore’s framework operationalizes it through “significant checkpoints” and named accountable persons; the EU AI Act treats the deployer as the regulated actor; US tort law applies through respondeat superior or product liability.

Theory 2: The vendor is accountable. The company that built the agent shares liability with the deployer. The Mobley v. Workday class certification (N.D. Cal. May 2025) extended Title VII liability to AI vendors as “agents” of employers — a doctrinal shift that, if adopted broadly, makes AI vendors directly suable for hiring discrimination. The EU Product Liability Directive (Directive (EU) 2024/2853, effective December 9, 2026) similarly treats AI software as a defective product subject to no-fault liability.

Theory 3: Multi-party accountability mapping. When orchestrator, sub-agent, and tool provider all contribute to harm, liability should map to causal contribution. Singapore’s framework recommends pre-deployment mapping of which actor is accountable for which class of failure. No legal regime currently codifies this approach; it remains a best-practice recommendation.

The unresolved questions are most acute when agent harm cannot be traced to any specific upstream decision. If an agent emerges to a behavior through compounding tool-use feedback, and that behavior causes harm, no actor in the chain may have proximately caused the failure. The arXiv “AI Agents Under EU Law” paper identifies “untraceable behavioral drift” as the property that makes high-risk agentic systems incompatible with the AI Act’s essential requirements. The same property makes traditional liability theories awkward to apply.

For US-specific liability framing, see our AI Liability in the US coverage.

What does Singapore’s IMDA framework propose?

Singapore’s Model AI Governance Framework for Agentic AI is the most concrete document on agentic AI governance globally. Published January 22, 2026 by IMDA, it organizes governance around four dimensions: assess and bound risks upfront, make humans meaningfully accountable, implement technical controls across the agent lifecycle, and enable end-user responsibility through transparency and training. Companion guidance from the Cyber Security Agency of Singapore (October 2025 addendum) addresses agent-specific cybersecurity threat modeling.

The framework’s distinctive contributions:

Significant checkpoints as the operational solution to “human in the loop” — checkpoints required at high-stakes actions (financial transfers above thresholds, external customer communications, production data modifications, multi-agent handoffs) rather than per-decision approval.
Multi-agent governance as a distinct category requiring system-level red-teaming, cascading-failure circuit-breakers, and orchestrator accountability.
Living document approach — IMDA is actively soliciting feedback and case studies, with updated versions expected throughout 2026 and 2027.

For full coverage of the framework — including its definitions, governance principles, fit with Singapore’s broader AI governance ecosystem, and recommended steps for organizations — see our Singapore Agentic AI Framework deep dive.

How does China apply existing rules to AI agents?

China’s approach is to apply existing generative-AI rules to agentic systems without new agent-specific regulation. The Interim Measures for the Management of Generative AI Services (effective August 15, 2023) cover generative AI services provided to the public in China and apply to agentic AI to the extent agents incorporate generative components. Three specific applications:

Algorithm filing requirement — providers of generative AI services with public opinion or social mobilization attributes must file with the Cyberspace Administration of China (CAC). Agentic systems that produce content or take actions affecting public discourse fall within this scope.
Content labeling — synthetically generated content must be labeled. This applies to agent outputs that produce text, images, or other media for public distribution.
Provider responsibility — the operator providing the service to the public bears responsibility for compliance, content moderation, and security incident reporting. For agentic systems, the operator is whoever offers the agent service to end users.

China has not published agent-specific guidance equivalent to Singapore’s MGF for Agentic AI or NIST AI 100-5. The general Generative AI Measures apply by default; sectoral regulators (financial, healthcare, automotive) may impose additional obligations. The CAC’s algorithm registry and the State Administration for Market Regulation (SAMR) consumer protection regime supply the enforcement layer.

The practical effect: agentic AI deployments in China face the same regulatory machinery as generative AI deployments. This is operationally simpler than the multi-track Singapore approach but provides less specific guidance on agent autonomy, multi-agent governance, or runtime drift.

What regulatory signals are emerging?

Three signals shape the 2026-2027 regulatory horizon:

Signal 1: NIST AI Agent Interoperability Profile (Q4 2026). Will likely become a US baseline reference for federal AI agent procurement and a starting point for state-level rules. State AGs and state legislatures often borrow NIST framing.

Signal 2: EU AI Office agent-specific guidance. The Service Desk FAQ is the precursor to a likely formal guidance document. The Digital Omnibus trilogue (Council March 13, 2026; Parliament March 27, 2026; target April-May 2026) may include agent-related implementation timeline adjustments. The arXiv mapping suggests agent-specific harmonized standards will follow.

Signal 3: Convergence on the Singapore four-dimensional framework. Singapore’s framework is being studied by ASEAN regulators and referenced in academic and industry analyses. ISO/IEC technical committees that previously incorporated AI Verify content into ISO/IEC 42001 are likely candidates to incorporate agentic governance into ISO/IEC 42005 or a successor.

What is not coming on the near-term horizon: a single global agentic AI treaty or convention. The Council of Europe AI Convention (signed 2024) addresses AI broadly, not agents specifically. The G7 Hiroshima AI Process and OECD AI Principles operate at high level. International convergence is happening through framework cross-reference rather than treaty negotiation.

What should organizations do now?

For organizations building or deploying agentic AI in 2026, the operating baseline is clear even as the regulatory framework continues to crystallize. Five steps:

Adopt Singapore’s MGF for Agentic AI as the working framework. It is the only comprehensive agentic AI guidance globally and is being treated as authoritative by sophisticated practitioners regardless of where they operate. The four-dimensional structure is operationally tractable and maps cleanly to risk-management programs.
Map your agentic systems against the CSA Agentic Profile and NIST AI RMF core. US-headquartered organizations should treat the CSA Agentic Profile (April 2026) as the most current operational extension to the NIST AI RMF, pending the formal NIST AI Agent Interoperability Profile expected in Q4 2026. Document which CSA AICM controls apply to each deployed agent, and which mitigation strategies are in place. This documentation is increasingly cited in FTC consent orders and SEC AI enforcement.
Build the audit trail. Every agent action should generate logs sufficient to reconstruct the decision: prompt, tools called, data accessed, action taken, outcome, human approver. Use structured logging (JSON) so logs can be queried by regulators or incident responders. The CSA AICM 243 controls and AAGATE architecture provide reference implementations.
Designate named accountable humans. Singapore’s framework, NIST AI 100-5, and EU AI Act Article 14 all converge on this requirement: a named human carrying operational accountability for each agentic deployment, with periodic audit-trail review and incident response responsibility.
Plan for compliance to be a moving target. EU AI Office guidance is forthcoming. NIST AI Agent Interoperability Profile is planned for Q4 2026. Singapore’s MGF for Agentic AI is a living document. Build internal review cadence (quarterly minimum) to update governance against the evolving framework landscape.

For US-EU dual-jurisdiction operations, see US vs EU AI Regulation: A US Practitioner’s Guide and our definitive EU vs US comparison.

Sources

IMDA. “Model AI Governance Framework for Agentic AI.” Version 1.0, January 22, 2026. https://www.imda.gov.sg/-/media/imda/files/about/emerging-tech-and-research/artificial-intelligence/mgf-for-agentic-ai.pdf
NIST CAISI. “AI Agent Standards Initiative.” Launched February 2026 (per Cloud Security Alliance reporting; AI Agent Interoperability Profile planned Q4 2026).
NIST. “AI Risk Management Framework — Updates and Resources.” Including April 7, 2026 concept note for AI RMF Profile on Trustworthy AI in Critical Infrastructure. https://www.nist.gov/itl/AI-risk-management-framework
NIST AI 600-1. “Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile.” July 26, 2024.
Cloud Security Alliance. “Agentic NIST AI RMF Profile v1.” April 2026. https://labs.cloudsecurityalliance.org/agentic/agentic-nist-ai-rmf-profile-v1/
European Data Protection Supervisor. “Agentic AI.” Techsonar Technology Monitoring. https://www.edps.europa.eu/data-protection/technology-monitoring/techsonar/agentic-ai
European Commission. “EU AI Act Service Desk — FAQ on AI Agents.” https://ai-act-service-desk.ec.europa.eu/en/faq
“AI Agents Under EU Law.” arXiv preprint, April 6, 2026. https://arxiv.org/abs/2604.04604v1
Federal Trade Commission. “Air AI and its Owners will be Banned from Marketing Business Opportunities.” March 24, 2026. https://www.ftc.gov/news-events/news/press-releases/2026/03/air-ai-its-owners-will-be-banned-marketing-business-opportunities-settle-ftc-charges-company-misled
Federal Trade Commission. “AI Policy Statement on Section 5 Application.” March 11, 2026.
Cyberspace Administration of China. “Interim Measures for the Management of Generative AI Services.” Effective August 15, 2023.
Cyber Security Agency of Singapore. “Securing AI Systems Guidelines + Agentic AI Addendum.” October 2025.
EU AI Act (Regulation (EU) 2024/1689) — Articles 3, 14, 50, 53; Annex III.
Mobley v. Workday Inc. (N.D. Cal. — class certification May 2025).
EU Product Liability Directive (Directive (EU) 2024/2853) — effective December 9, 2026.

Reg Intel is not a law firm and does not provide legal services. This article is for informational purposes only and should not be relied upon as legal advice. Consult qualified counsel for your specific compliance situation.