When AI Acts: The UK Regulatory Response to Agentic AI

Winona Chan takes a look at recent moves by the ICO and CMA in the face of agentic AI and what they mean in practice.

The shift from generative AI to agentic AI represents more than a technological step-change; it marks a fundamental reorientation of the relationship between AI systems and the humans they serve. Where generative AI produces outputs for human review, agentic AI takes action. It can plan multi-step tasks, retrieve data from external sources, interact with third parties and execute transactions – all with limited, and sometimes minimal, human oversight. The implications for legal compliance are profound.

What Makes AI “Agentic”?

Before examining the regulatory responses, it is worth pausing on what distinguishes agentic AI from the generative AI systems that have dominated public and regulatory attention since late 2022. Both the CMA and the ICO offer broadly consistent definitions. The ICO describes agentic AI as systems that “combine the capabilities of generative AI with additional tools and new ways of interacting with the world”, enabling them to “operate using natural human language and automate more open-ended tasks”. The CMA’s research paper similarly characterises AI agents as systems that pursue higher-level goals, break them into steps, retrieve data from multiple sources and take actions, sometimes with limited human intervention.

The critical distinction is not merely one of capability but of autonomy. A generative AI tool that drafts an email for human review is qualitatively different from an agentic system that reads your inbox, prioritises messages, drafts responses and sends them on your behalf. The former assists; the latter acts. This distinction has direct legal consequences, because the moment an AI system begins interacting with third parties, making representations or executing transactions, the full weight of consumer protection law and data protection regulation is engaged.

The CMA’s Guidance: Consumer Law Applies, Full Stop

The CMA’s guidance, published on 9 March 2026, takes a characteristically direct approach. Its central message is that the same consumer law rules apply whether a business uses human or AI agents to interact with customers. This is not, strictly speaking, a novel legal proposition – but stating it explicitly in the context of agentic AI is both timely and necessary, given the pace at which businesses are deploying AI agents for customer-facing functions including handling queries, processing refunds, recommending products and managing marketing campaigns.

Transparency and labelling

The guidance is clear that businesses should be transparent about their use of AI agents. If the fact that a customer is dealing with AI rather than a person might affect their decisions, the business should tell them. The CMA warns against overstating the role of AI in providing a service, or misrepresenting what an AI agent can and cannot do. This cuts both ways: businesses should neither conceal AI involvement where it is material, nor use the label “AI-powered” as a marketing device where the reality is more mundane.

Compliance by design

Perhaps the most practically significant aspect of the CMA’s guidance is its emphasis on building compliance into the design, training and prompting of AI agents. The CMA advises businesses to think carefully about what data an AI agent will need, and how it will be prompted to respect customers’ statutory rights and contractual terms. This includes ensuring that cancellation rights are not being breached, that customers are not being misled (whether by acts or omissions), and that any necessary consents required by consumer law are properly obtained.

This has significant implications for how AI agents are developed and deployed. It is no longer sufficient to test an AI agent for accuracy or user experience alone; compliance testing must be a distinct workstream. The CMA specifically advises businesses to use the results of testing to check, and if necessary improve, an AI agent’s performance before deployment. This echoes the “compliance by design” approach familiar to data protection practitioners, but applied here squarely in the consumer law context.

Monitoring, hallucination and enforcement

The guidance also addresses the ongoing obligations that follow deployment. Businesses must monitor how their AI agents perform, check that they are delivering correct results, and verify that they are behaving as intended. The CMA acknowledges the well-documented risk of AI hallucination – the generation of outputs that are nonsensical or inaccurate – and emphasises that human oversight is essential to catch mistakes and ensure legal compliance.

The enforcement stakes are significant. The CMA reminds businesses that breaches of consumer protection law could result in fines of up to 10% of worldwide turnover, with the possibility of being required to compensate affected consumers. Notably, the guidance makes clear that businesses are responsible for their AI agents even if they were designed or provided by a third party. This is a point that will resonate with practitioners advising businesses that procure AI agent solutions from technology vendors: contractual allocation of risk upstream does not remove downstream regulatory liability.

The Wider Consumer Landscape: The CMA’s Research Paper

Alongside its practical guidance, the CMA published a research paper exploring how agentic AI could affect consumers’ lives more broadly. This paper is worth reading for the risks it identifies, several of which go beyond the scope of the compliance guidance.

The CMA identifies manipulation through dark patterns as a key concern: AI agents could be designed or could learn to nudge consumers toward choices that benefit the business rather than the consumer. The paper also raises the risk of consumer over-reliance, where users defer too readily to automated decisions and become less able to scrutinise outcomes or intervene over time. Additionally, the CMA flags the risk of algorithmic coordination between businesses – a competition law concern where AI agents acting on behalf of competing firms might facilitate tacit collusion. For practitioners, the research paper signals the direction of regulatory travel and the kinds of conduct that may attract scrutiny even before formal enforcement action.

The ICO’s Tech Futures Report: Data Protection in an Agentic World

The ICO acknowledges that it has already carried out a series of consultations on generative AI that cover many of the issues agentic AI shares. Its report therefore focuses on what is novel about agentic systems.

Controller and processor responsibilities

First, the ICO highlights the difficulty of determining controller and processor responsibilities through the agentic AI supply chain. In a typical agentic deployment, multiple organisations may contribute different components – the foundation model, the orchestration layer, specific tools or plugins, and the data sources the agent accesses. Determining who is the controller and who is the processor (or whether joint controllership applies) becomes significantly more complex than in conventional data processing arrangements. For practitioners, this means that data processing agreements and controllership analyses need to be revisited for agentic deployments, even where existing agreements are in place for the underlying AI models.

Automated decision-making and purpose limitation

Second, the ICO notes that agentic AI dramatically increases the volume and complexity of automated decision-making. As AI agents automate increasingly complex tasks, more decisions will be taken without meaningful human involvement, triggering the protections in data protection law around automated decision-making (ADM) and profiling. Relatedly, the ICO raises concerns about purpose limitation: because agentic systems are designed to handle open-ended tasks, there is a risk that the purposes for processing personal data are defined too broadly, undermining one of the foundational principles of data protection law.

Transparency, special category data and cybersecurity

The ICO also flags the risk that increased system complexity will make it harder for individuals to understand how their data is being used and to exercise their information rights. Agentic systems that chain multiple tools and data sources together create data flows that are difficult to map, let alone explain to a data subject in intelligible terms. The report additionally identifies the potential for unintended use or inference of special category data – a risk that arises when an agent draws on diverse data sources and makes connections that were not anticipated at the design stage. Finally, the ICO highlights new cybersecurity threats that arise from the nature of agentic AI, including the risk that compromised agents could be used to exfiltrate data or manipulate downstream systems.

The concentration problem

One risk that deserves particular attention is what the ICO terms the “concentration of personal information” in personal assistant agents. As consumers increasingly rely on AI agents to manage their email, calendar, finances and communications, these agents will accumulate vast repositories of personal data in a single location. The data protection implications – in terms of security, breach notification and the potential for function creep – are substantial.

Not All Risk: Privacy-Positive Opportunities

The ICO’s report identifies several innovation opportunities where agentic AI could support data protection and contribute to privacy-positive outcomes. These include the development of data protection compliant agents – AI systems designed from the ground up to respect data protection principles – as well as privacy management agents that could help organisations automate compliance tasks such as data subject access requests, data mapping and information governance. The ICO also sees potential for agentic systems to serve as benchmarking and evaluation tools, enabling organisations to test the privacy properties of their AI deployments more rigorously. These are not speculative suggestions; they represent genuine areas of opportunity for privacy-by-design innovation.

Cross-Cutting Themes: What Practitioners Should Take Away

Reading the CMA and ICO publications together, several themes emerge that should inform how practitioners advise their clients.

Responsibility persists

The most fundamental theme is that deploying an AI agent does not transfer or diminish legal responsibility. Both regulators make this point emphatically. The CMA states that businesses are responsible for their AI agents even if designed by a third party. The ICO confirms that organisations “remain responsible for data protection compliance of the agentic AI they develop, deploy or integrate in their systems and processes”. For practitioners, this means that clients cannot treat AI agent deployment as a simple procurement exercise; legal due diligence must extend to the design, training, monitoring and governance of the agent itself.

Design choices matter

Both regulators emphasise that the specific design and architecture of an agentic system has direct legal consequences. The ICO notes that choices about “the data and tools that a system can access and which governance and control measures to put in place really matter”. The CMA similarly advises businesses to be clear about what tasks an AI agent is allowed to perform and what constraints apply. This reinforces the importance of involving legal and compliance functions at the design stage, not merely at the point of deployment.

The regulatory landscape is coordinated

It is significant that both publications appeared within weeks of each other and address overlapping territory from their respective regulatory perspectives. This is not coincidental. The Digital Regulation Cooperation Forum, which brings together the ICO, CMA, the Office of Communications and the Financial Conduct Authority, has announced a Thematic Innovation Hub offering tailored engagement and regulatory advice on priority topics. The first focus of this hub will be agentic AI. The ICO is also developing a statutory code on AI and automated decision-making, with public consultations expected in 2026 in light of the Data (Use and Access) Act. Practitioners should therefore anticipate further, and increasingly coordinated, regulatory activity in this space.

Practical Steps for Businesses

Drawing together the guidance from both regulators, businesses deploying or considering deploying agentic AI should, at a minimum, take the following steps.

First, conduct a comprehensive mapping exercise to understand what tasks the AI agent will perform, what data it will access, and what third-party interactions it will undertake. This mapping should inform both the data protection impact assessment and the consumer law compliance review.

Second, revisit controllership and processor analyses for agentic deployments, particularly where multiple vendors contribute components to the agentic system. Existing data processing agreements may not adequately address the novel data flows that agentic systems create.

Third, build consumer law compliance into the design and prompting of AI agents. This means training and testing agents specifically to respect statutory rights, avoid misleading representations and obtain necessary consents – not merely testing for accuracy or user satisfaction.

Fourth, establish robust monitoring and intervention mechanisms. Both regulators expect ongoing oversight, not a one-off compliance review. Businesses should be prepared to act quickly if an AI agent is not performing as intended, particularly where it interacts with large numbers of people or with vulnerable customers.

Fifth, consider the transparency obligations carefully. Where AI agents are customer-facing, businesses should assess whether labelling is required to avoid misleading customers. Where agents process personal data, organisations must ensure that privacy notices and transparency measures reflect the reality of agentic processing.

Conclusion

The CMA and ICO publications reviewed in this article represent the opening chapter of the UK’s regulatory response to agentic AI. Neither regulator has proposed new legislation; both have instead sought to show how the existing legal framework – consumer protection law and data protection law – applies to this new category of AI system. The message is consistent: the law follows the function, not the form. Whether a task is performed by a human agent, a generative AI tool or an autonomous AI agent, the legal obligations remain the same.

For practitioners, this is both reassuring and demanding. Reassuring, because the legal framework is familiar. Demanding, because the practical challenges of applying that framework to agentic systems – mapping data flows through multi-vendor supply chains, testing AI agents for consumer law compliance, establishing meaningful human oversight over increasingly autonomous systems – are genuinely novel. The businesses that engage with these challenges early, and the practitioners who advise them well, will be best placed to realise the considerable benefits that agentic AI promises.