{"id":32292,"date":"2026-07-11T08:00:00","date_gmt":"2026-07-11T06:00:00","guid":{"rendered":"https:\/\/pegamento.nl\/niet-gecategoriseerd\/what-is-agentic-ai-and-what-ai-act-requirements-apply-to-autonomous-ai-agents\/"},"modified":"2026-07-11T10:00:53","modified_gmt":"2026-07-11T08:00:53","slug":"what-is-agentic-ai-and-what-ai-act-requirements-apply-to-autonomous-ai-agents","status":"publish","type":"post","link":"https:\/\/pegamento.nl\/en\/contact-center\/what-is-agentic-ai-and-what-ai-act-requirements-apply-to-autonomous-ai-agents\/","title":{"rendered":"What is Agentic AI, and what AI Act requirements apply to autonomous AI agents?"},"content":{"rendered":"<p><strong>Agentic AI<\/strong> is a new generation of artificial intelligence in which systems not only respond to instructions but also set goals, make decisions, and take actions independently without constant human guidance. Under the European AI Act, autonomous AI agents generally fall into the high-risk category or are classified as General Purpose AI models, depending on their application and scale. In this article, we answer the most frequently asked questions about <a href=\"https:\/\/pegamento.nl\/en\/ai-powered-intelligence\/\">Agentic AI<\/a> and the associated obligations under the AI Act.  <\/p>\n<h2>How is Agentic AI different from regular AI models?<\/h2>\n<p>Agentic AI differs from conventional AI models in that the system does not wait for step-by-step instructions, but instead independently plans and executes a series of actions to achieve a goal. Whereas a traditional AI model answers a question or performs a task as soon as it is instructed to do so, an Agentic AI system takes the initiative, evaluates interim results, and adjusts its approach. <\/p>\n<p>Traditional AI models are reactive: they process input and produce output. Think of a chatbot that answers a question or a model that classifies an image. Agentic AI goes a step further by combining multiple steps: it devises a plan, calls upon external tools or systems, processes the results, and then decides on the next course of action. This makes the system proactive and autonomous.   <\/p>\n<p>A practical example: A standard AI assistant answers the question, \u201cWhen does my contract expire?\u201d An Agentic AI system independently locates the contract, checks the expiration date, compares it with company policies, and then sends a renewal proposal to the appropriate employee\u2014without anyone having to give it instructions to do so. <\/p>\n<p>This distinction is also relevant for organizations that use Robotic Process Automation. What used to be called RPA\u2014where bots carried out fixed instructions\u2014is evolving into Agentic AI: self-thinking assistants that not only follow instructions but also take the initiative and act independently based on context and objectives. <\/p>\n<h2>Under the AI Act, what risk category will autonomous AI agents be assigned?<\/h2>\n<p>In most cases, autonomous AI agents fall under the \u201chigh-risk\u201d category of the AI Act, especially when deployed in areas such as human resources management, access to essential services, law enforcement, or critical infrastructure. The exact classification depends on the specific use, not on the technology itself. <\/p>\n<p>The AI Act uses a four-tier risk classification system: prohibited applications, high-risk AI, low-risk AI, and minimal-risk AI. Agentic AI systems are assessed based on their application and the domain in which they operate. <\/p>\n<ul>\n<li><strong>High-risk (Annex III):<\/strong> Agents who make decisions regarding creditworthiness, evaluate job applicants, manage patient records, or handle emergency calls automatically fall into this category.<\/li>\n<li><strong>Limited risk:<\/strong> Agents who perform solely informational tasks with no direct impact on human rights or security may be subject to less stringent transparency requirements.<\/li>\n<li><strong>Minimal risk:<\/strong> Fully internal process automation that involves no contact with consumers or sensitive decision-making may fall outside the regulated categories.<\/li>\n<\/ul>\n<p>An important point to note is that an Agentic AI system that performs profiling of natural persons is always classified as high-risk, regardless of the context. Organizations that are unsure about the classification of their system would be wise to proactively document this, including the rationale for why a system might fall outside the high-risk category. <\/p>\n<h2>What specific obligations apply to Agentic AI providers?<\/h2>\n<p>Providers of Agentic AI systems classified as high-risk must comply with a comprehensive set of requirements regarding risk management, technical documentation, human oversight, and conformity assessment before the system is placed on the market.<\/p>\n<p>The main obligations for providers of high-risk Agentic AI are:<\/p>\n<ul>\n<li><strong>Risk Management System:<\/strong> An ongoing system that identifies, assesses, and mitigates risks throughout the system&#8217;s entire lifecycle.<\/li>\n<li><strong>Technical Documentation:<\/strong> Detailed documentation on the system\u2019s operation, training data, performance, and limitations, in accordance with the requirements of the AI Act.<\/li>\n<li><strong>Human oversight:<\/strong> The system must be designed so that people can intervene effectively, understand how it works, and shut it down if necessary.<\/li>\n<li><strong>Robustness and accuracy:<\/strong> Demonstrable technical measures to ensure consistent performance and resistance to tampering.<\/li>\n<li><strong>Registration in the EU database:<\/strong> High-risk AI systems must be registered in the central European database before they are deployed.<\/li>\n<li><strong>Declaration of Conformity:<\/strong> A formal statement that the system complies with all applicable requirements of the AI Act.<\/li>\n<\/ul>\n<p>When an organization modifies an existing Agentic AI system, adds its own name to it, or changes its intended use in such a way that the system becomes high-risk, that organization itself becomes a provider, with all the associated obligations. This is a crucial point for organizations that deploy and customize off-the-shelf AI platforms for their own use. <\/p>\n<h2>What are the transparency requirements for AI agents with regard to end users?<\/h2>\n<p>AI agents that interact with people must clearly inform end users that they are communicating with an AI system, unless this is evident from the context. This transparency requirement already applies to low-risk AI and becomes more stringent as the system becomes more autonomous and has a greater impact. <\/p>\n<p>Specific transparency requirements apply to Agentic AI that go beyond the basic obligation to disclose that AI is involved:<\/p>\n<ul>\n<li>Users must understand what decisions the system makes and on what basis.<\/li>\n<li>For high-risk AI systems, users must be informed about the system&#8217;s capabilities and limitations.<\/li>\n<li>When an Agentic AI system simulates emotions or imitates human behavior, this must be explicitly stated.<\/li>\n<li>Users should always have the option to contact a person, especially when it comes to decisions that affect their rights or interests.<\/li>\n<\/ul>\n<p>This is particularly relevant for organizations that use Agentic AI in customer interactions. An AI agent that independently handles complaints, processes orders, or provides information about services must clearly communicate its nature and limitations. This not only protects the end user but also limits the legal risk for the organization using it.  <\/p>\n<h2>When will the AI Act take effect, and what are the deadlines?<\/h2>\n<p>The AI Act will take effect in phases. The first requirements are already in effect, and most of the relevant deadlines for high-risk AI systems\u2014including Agentic AI\u2014are in 2026 and 2027. Organizations that have not yet taken any action are falling behind schedule.  <\/p>\n<p>The most important milestones are:<\/p>\n<ul>\n<li><strong>February 2, 2025:<\/strong> The prohibited practices set forth in Article 5 are in effect, as is the requirement for AI literacy within organizations (Article 4).<\/li>\n<li><strong>August 2, 2025:<\/strong> Requirements for general-purpose AI models, penalty provisions, and the governance structure are in effect. National regulators must have been designated. <\/li>\n<li><strong>August 2, 2026:<\/strong> Most of the requirements for high-risk Annex III systems take effect. This is the most relevant deadline for most Agentic AI applications in customer-facing and business processes. <\/li>\n<li><strong>August 2, 2027:<\/strong> Requirements for high-risk AI used as a safety component in regulated products take effect. GPAI models that were on the market before August 2025 must be compliant by this date at the latest. <\/li>\n<\/ul>\n<p>By 2026, most organizations will therefore already be required to meet the requirements for high-risk AI. Those who start now by mapping out their AI systems and preparing the required documentation will have enough time to become compliant. <\/p>\n<h2>What are the penalties for noncompliance with the AI Act?<\/h2>\n<p>The fines for noncompliance with the AI Act are substantial and follow a three-tiered structure. The most severe penalties apply to prohibited AI practices and can amount to 35 million euros or 7% of global annual revenue, whichever is higher. <\/p>\n<p>The three levels of the penalty structure are:<\/p>\n<ul>\n<li><strong>Prohibited Practices (Article 5):<\/strong> A maximum of 35 million euros or 7% of global annual revenue. This applies, for example, to manipulative AI systems or social scoring by governments. <\/li>\n<li><strong>Other non-compliance:<\/strong> Up to 15 million euros or 3% of global annual revenue. This includes failure to meet the requirements for high-risk AI, such as missing documentation or insufficient human oversight. <\/li>\n<li>Providing <strong>false information to authorities:<\/strong> Up to 7.5 million euros or 1% of global annual revenue.<\/li>\n<\/ul>\n<p>For small and medium-sized enterprises, the lower of the percentage or the fixed amount applies in each case, which offers some protection for smaller organizations. Enforcement is the responsibility of national market surveillance authorities, with the European AI Office serving as the supervisory authority for general-purpose AI models. In January 2026, Finland became the first member state to grant formal enforcement powers to its national authority.  <\/p>\n<h2>How Pegamento Helps with Agentic AI and AI Act Compliance<\/h2>\n<p>We understand that the combination of new AI technology and complex regulations can feel overwhelming. At Pegamento, we help organizations deploy Agentic AI responsibly and effectively, keeping in mind both the business value and the legal obligations under the AI Act. <\/p>\n<p>What we specifically offer:<\/p>\n<ul>\n<li><strong>Agentic AI solutions for customer contact:<\/strong> Self-learning assistants that handle, route, and escalate repetitive questions, allowing your employees to focus on complex issues.<\/li>\n<li><strong>Transparency and human oversight built in:<\/strong> Our systems are designed with the AI Act in mind, including clear user communication and effective mechanisms for human intervention.<\/li>\n<li><strong>No costly custom development, but a smart combination of proven modules:<\/strong> We build customized solutions using standard building blocks that already meet the relevant compliance requirements.<\/li>\n<li><strong>Everything under one roof:<\/strong> From consulting and implementation to management and support\u2014without having to manage multiple vendors.<\/li>\n<li><strong>ISO 27001 certified:<\/strong> Our approach meets the highest standards for information security, complemented by ISO 9001 and ISO 26000 certification.<\/li>\n<\/ul>\n<p>Would you like to know how <a href=\"https:\/\/pegamento.nl\/en\/agentic-ai-for-customer-service\/\">Agentic AI for customer service<\/a> can help your organization, and how to implement it in a compliant manner? <a href=\"https:\/\/pegamento.nl\/en\/contact-2\/\">Contact us,<\/a> and we\u2019d be happy to work with you to find a solution.<\/p>\n        <div class=\"wp-block-seoaic-faq-block\">\n            <h2 class=\"seoaic-faq-section-title\">Frequently Asked Questions<\/h2>\n                            <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        How do I start mapping my Agentic AI systems for AI Act compliance?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        Start with an AI inventory: create an overview of all AI systems your organization uses, modifies, or offers, and assess the domain of application and the degree of autonomy for each system. Map this to the risk categories outlined in the AI Act to determine which obligations apply. Document your findings immediately, as this documentation is itself a requirement for high-risk systems. Those who start now will have plenty of time to be fully compliant by the August 2026 deadline.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        What if I use a standard AI platform from an external vendor and customize it for my own organization?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        As soon as you customize an existing AI system, put your own name on it, or change its intended use in such a way that the system falls into a high-risk category, you legally become the provider with all the associated obligations. This means you are personally responsible for the technical documentation, the risk management system, and the declaration of conformity. Therefore, always verify contractually which compliance responsibilities fall to you and which fall to the original supplier.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        Does the AI Act also apply to Agentic AI systems that are used exclusively internally, without any contact with customers?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        Yes, the AI Act makes no distinction between internal and external use when it comes to high-risk applications. For example, an internal Agentic AI system that evaluates job applicants, supports personnel decisions, or manages access to internal systems is subject to the high-risk obligations. Only fully internal process automation that involves no sensitive decision-making and has no impact on human rights may fall outside the regulated categories. Always have this reviewed by legal counsel before assuming your system falls outside the scope.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        What is the difference between a &#039;provider&#039; and a &#039;user&#039; under the AI Act, and why does it matter?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        A provider is the party that develops, places on the market, or puts an AI system into service, while a user (referred to as a \u2018deployer\u2019 in the AI Act) uses another party\u2019s system for their own purposes. Providers bear the heaviest obligations, such as conformity assessment and registration in the EU database. Users have lighter but still concrete obligations, such as ensuring human oversight and informing end users. This distinction is crucial because many organizations unknowingly assume the role of provider by making modifications to purchased AI systems.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        How do I ensure that &#039;human oversight&#039; actually works in practice and isn\u2019t just a requirement on paper?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        Effective human oversight means that employees understand the system, can assess the results, and can actually intervene when necessary. This requires training in AI literacy (which will also be mandatory as of February 2025), clear escalation procedures, and technical capabilities to pause or override the system. Avoid the pitfall of \u2018supervision on paper,\u2019 where an employee is formally responsible but, in practice, is unable to understand or correct the system\u2019s decisions.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        Can an Agentic AI system change its risk category if I expand its use to new applications?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        Absolutely, and this is a common mistake in practice. A system that starts as a low-risk information tool can become high-risk as soon as you use it for decision-making regarding credit, personnel, or access to services. Any significant expansion of use requires a renewed risk analysis and possibly a completely new compliance assessment. Therefore, establish an internal process in which new applications of existing AI systems are always assessed against the AI Act classification before they are rolled out.                    <\/p>\n                <\/div>\n                                <div class=\"seoaic-faq-item\">\n                    <h3 class=\"seoaic-question\">\n                        What are the most common mistakes organizations make when preparing for the AI Act?                    <\/h3>\n                    <p class=\"seoaic-answer\">\n                        The three most common mistakes are: first, starting too late, resulting in the required documentation and risk analyses being missing by the deadline; second, underestimating their own role as a provider when making adjustments to purchased AI platforms; and third, treating compliance as a one-time project rather than an ongoing process. The AI Act requires a dynamic risk management system that evolves with the system, not a document that is drafted once and then filed away.                    <\/p>\n                <\/div>\n                        <\/div>\n        ","protected":false},"excerpt":{"rendered":"<p>Agentic AI operates autonomously\u2014and is subject to strict AI Act regulations. What does this mean for your organization? <\/p>\n","protected":false},"author":2,"featured_media":32293,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[500],"tags":[],"class_list":["post-32292","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-contact-center"],"_links":{"self":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts\/32292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/comments?post=32292"}],"version-history":[{"count":2,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts\/32292\/revisions"}],"predecessor-version":[{"id":32295,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/posts\/32292\/revisions\/32295"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/media\/32293"}],"wp:attachment":[{"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/media?parent=32292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/categories?post=32292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pegamento.nl\/en\/wp-json\/wp\/v2\/tags?post=32292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}