Module 6

Regulation, Risk & Compliance

Shipping agents without guardrails is how you get regulated out of the market.

---

The Regulatory Landscape

The year of experimentation is over. 2026 is the year of enforcement. The regulatory frameworks that will govern agentic commerce are taking effect now, and the penalties for non-compliance are severe.

EU AI Act

The EU AI Act takes full effect for high-risk AI systems on August 2, 2026. It is the first comprehensive legal framework for AI worldwide, and its implications for agentic commerce are significant.

Risk Classification: Many agentic AI systems in commerce will be deemed "high-risk," especially those that influence financial decisions, access essential services, or handle sensitive consumer data. This triggers extensive compliance obligations.

Prohibited Practices: AI agents that use manipulative or deceptive techniques to exploit a user's vulnerabilities (age, disability, socio-economic status) to cause significant harm are banned outright.

Transparency: If an AI system is interacting with a human, the human must know they are talking to a machine. Voice bots must announce they are AI immediately.

Human Oversight: Effective human oversight must be maintained, particularly for decisions with significant consequences. The Act does not specify that human control must be real-time, creating ambiguity for autonomous purchasing.

Documentation and Assessment: High-risk systems require detailed technical documentation, risk assessments, conformity assessments, and ongoing monitoring.

Penalties: Up to 35 million euros or 7 percent of global annual turnover, whichever is higher. The Act also introduces potential criminal liability in certain jurisdictions.

US Regulatory Landscape

The United States lacks a comprehensive federal AI law. Regulation is fragmented across state-level frameworks.

Colorado AI Act (effective June 2026): Requires risk management policies, impact assessments, and transparency for high-risk AI systems.

Illinois AI in Employment Law (effective January 2026): Mandates disclosure when AI influences employment decisions.

Multiple additional state proposals are in various stages of legislation. Federal guidance comes primarily from NIST's AI Risk Management Framework, which provides governance and risk terminology that organisations can map to agent controls.

GDPR Intersections

The General Data Protection Regulation applies to any agent processing personal data of EU residents, regardless of where the agent operator is based. For commerce agents, this means:

• Consent for data processing must be informed, specific, and freely given. An agent processing purchase history, preferences, and payment data must have a lawful basis for each category.
• Data minimisation requires agents to process only the data necessary for the specific transaction. An agent does not need access to a consumer's entire purchase history to buy a birthday gift.
• The right to erasure means consumers can require deletion of their agent interaction data, which may conflict with audit trail requirements under financial regulations.
• Cross-border data transfers become complex when agents autonomously route data through APIs in different jurisdictions.

---

The Liability Gap

When an AI agent makes a purchase that the consumer did not intend, who is responsible? This question has no settled legal answer, and it is the single biggest unresolved issue in agentic commerce.

The Accountability Chain

Consider a scenario: a consumer asks an agent to buy a winter jacket under $200. The agent, due to a misinterpretation, prompt manipulation, or system error, instead purchases $2,000 of electronics. The potential liable parties include:

• The consumer: Did they provide sufficiently clear instructions? Did they set appropriate spending limits?
• The agent developer: Did the agent interpret instructions correctly? Was it vulnerable to prompt injection?
• The agent deployer: Did they implement adequate guardrails and monitoring?
• The platform: Did the marketplace where the agent operated provide accurate product data?
• The payment provider: Did the payment system enforce the consumer's authorisation limits?
• The merchant: Did they accept a transaction that should have triggered fraud detection?

Current law does not cleanly assign liability in this chain. Courts have not yet ruled on autonomous agent purchasing errors at scale. Organisations deploying agentic commerce today are accepting legal uncertainty.

Human-in-the-Loop as Liability Shield

The concept of "meaningful human oversight" is emerging as a potential liability shield. The EU AI Act requires it. Legal experts suggest that documented human-in-the-loop processes can demonstrate "reasonable care" if an agent causes harm.

But there is a critical nuance: the oversight must be meaningful. A rubber-stamping process where a human approves every transaction without genuine review does not qualify. The human must have the competence and authority to actually override the AI.

The Practical Middle Ground: Risk-tiered oversight (low-value, low-risk transactions proceed autonomously; high-value or unusual transactions require human approval), audit-based oversight (all transactions logged, a sample reviewed by humans, anomalies trigger investigation), and threshold-based oversight (agent operates autonomously within predefined parameters; any deviation triggers escalation). Document whatever you choose. The documentation itself is a compliance asset.

---

Fraud at Machine Speed

Agentic commerce creates new attack vectors that traditional fraud systems are not designed to detect.

The Attack Surface

Prompt injection: Manipulating the agent's instructions through carefully crafted inputs that cause it to deviate from its mandate. An agent told to "buy the cheapest option" could be tricked into buying from a specific fraudulent merchant through injected context.

Agent impersonation: Creating fake agents that mimic legitimate ones to intercept consumer credentials or redirect transactions. Without KYA verification, impersonation is difficult to detect.

Credential replay: Capturing valid agent credentials and reusing them for unauthorised transactions. SPTs and agentic network tokens mitigate this through scoping and expiration, but compromised tokens remain a risk.

Multi-agent collusion: In environments where buyer agents negotiate with seller agents, collusion between compromised agents can manipulate pricing, hide terms, or extract value.

Detection and Response

Fraud detection for agentic commerce requires:

• Behavioural baselines: Establish normal patterns for each agent (transaction volume, amount range, merchant categories, time patterns). Deviations trigger alerts.
• Velocity monitoring: Track the rate of transactions. An agent suddenly executing 100 transactions per minute when it normally does 10 is a red flag.
• Mandate verification: For each transaction, verify the agent's current authorisation against the consumer's active permissions in real time.
• Cross-agent correlation: Monitor for patterns across multiple agents that suggest coordinated fraud (same merchant, similar amounts, simultaneous execution).
• Response time targets: Detection must operate at machine speed. Automated response is essential for the highest-risk scenarios.

---

Data Governance for Agents

Commerce agents consume, process, and generate data at a scale and speed that challenges traditional data governance frameworks.

Agentic Tool Sovereignty

A structural problem has emerged that regulatory frameworks have not anticipated: autonomous tool selection. When an agent dynamically chooses which APIs to call at runtime, it may route consumer data through services in different jurisdictions without any human making that decision.

The EU AI Act assumes predefined relationships between AI systems and the data they process. Agents that autonomously select tools break this assumption. GDPR compliance becomes complex when an agent decides, in real time, to route data through a non-EU API to fulfil a request.

Practical Data Governance

Approved tool registries: Define which APIs and services the agent can access. Do not allow arbitrary tool discovery in production.

Data flow mapping: Document every data flow the agent can initiate, including the jurisdictions involved. Update this mapping as new tools are added.

Data classification: Tag consumer data by sensitivity level. Restrict agent access to sensitive categories based on the specific task.

Consent management: Maintain a real-time record of what data processing the consumer has consented to. Verify consent before each new data operation.

Retention policies: Define how long agent interaction data is retained, for what purpose, and when it is deleted. Balance audit trail requirements with data minimisation obligations.

---

Building Your Governance Stack

A governance stack for agentic commerce is not a single system. It is a layered set of controls that work together.

Layer 5: Policy. The documented rules: what agents can do, what they cannot, who authorised them, and what happens when they breach limits. Updated quarterly or when regulations change.

Layer 4: Monitoring. Real-time observation of agent behaviour. Dashboards, alerts, anomaly detection, and pattern analysis. Humans supervise the fleet, not individual transactions.

Layer 3: Controls. Runtime enforcement. Spending limits, merchant restrictions, geographic boundaries, time-based permissions, and automated blocks on out-of-policy actions.

Layer 2: Audit. Tamper-evident logging of every agent decision and action. The record that proves compliance, supports dispute resolution, and enables investigation.

Layer 1: Kill Switch. The ability to immediately revoke any agent's access. Automated triggers for critical thresholds. Manual override for human decision-makers. Tested regularly.

Each layer depends on the ones below it. Policy without monitoring is unenforceable. Monitoring without controls is observational. Controls without audit are unverifiable. And everything without a kill switch is irresponsible.

---

Compliance Roadmap

Immediate (now through June 2026): Complete an agent inventory (every AI agent in your ecosystem, documented). Classify each agent by risk tier using the EU AI Act framework. Implement basic KYA controls for high-risk agents (identity, authorisation, audit trail). Review data flows for GDPR compliance, particularly cross-border data movement. Prepare for Colorado AI Act (risk management policies and impact assessments for US operations).

Near-term (June through August 2026): EU AI Act high-risk compliance (conformity assessments, technical documentation, risk management systems, human oversight mechanisms operational). Full governance stack deployed for all production agents. Transparency measures implemented (consumers informed when interacting with AI). Incident response plan tested. Staff training on agent governance.

Medium-term (August 2026 through Q1 2027): Post-enforcement review of compliance gaps. Continuous monitoring refinement based on real operational data. Cross-jurisdictional alignment of compliance across EU, US state, and other applicable frameworks. Preparation for August 2027 provisions (high-risk AI embedded in regulated products).