Compliance Engineering

AI Agent Compliance

Chatbots are 2024. Document processing is 2025. AI agents (autonomous systems using tools, calling APIs, and making decisions across multiple systems) are 2026 and beyond.

And almost nobody has worked out what compliance looks like for them yet. That's the gap this work lives in.

Why agents change the question

An AI chatbot answers a question. The DPIA writes itself. The data flow is one direction: user → server → LLM → server → user. You can document it on a single page.

An AI agent is different. The agent reads an email, decides whether to schedule a meeting, calls your calendar API, drafts a reply, and updates your CRM. It uses tools. It chains decisions. It accesses systems your DPIA never considered.

The compliance questions multiply:

  • Who is the data controller when an autonomous agent makes a decision?
  • How do you DPIA a system that adapts its behaviour based on past interactions?
  • What does Article 22 (automated decision-making) require when the agent escalates to a human after 3 failed attempts?
  • How do you audit a tool-using LLM when each tool has its own data flow?
  • What's the lawful basis when an agent reads private data to decide whether to take an action?
  • How do you handle a data subject access request when the agent's memory is stored across vector databases, conversation logs, and tool-call histories?

The current DPIA template doesn't cover any of this. The current privacy notice says nothing useful. The vendor due diligence checklist doesn't ask the right questions about tool-use boundaries.

That's the work I'm focused on. New patterns for new systems.

Singapore's IMDA published the world's first national framework for agentic AI in January 2026; it remains open for public feedback. The work covered here aligns directly with three of its four governance dimensions: risk bounding, human accountability checkpoints, and technical controls throughout the agent lifecycle. Organisations working through the IMDA framework consultation can use this practice as the operational counterpart. (IMDA framework.)

What I cover

Agent governance

When an agent acts autonomously, who's responsible? How do you set boundaries? What human-in-the-loop checkpoints does GDPR Article 22 actually require? What does the EU AI Act say about autonomous systems making consequential decisions? The deployer-side AI Act read covers the obligations that land on the team running the agent.

Tool use and MCP

Agents that use tools (Anthropic MCP, OpenAI function calling, LangChain tools) expand the data flow surface area. Each tool is a new processor relationship. Compliance documentation needs to cover the agent's decisions AND the tool calls it makes. Most current DPIAs miss this entirely.

Vendor-level summaries of DPA terms, sub-processor lists, and training-data policy: Anthropic compliance profile, OpenAI compliance profile, and Google Gemini compliance profile (Gemini powers Google Vertex Agent Builder and many enterprise agents). The full vendor compliance index covers the rest.

Memory, learning, and adaptation

Agents with persistent memory or learning loops complicate retention, purpose limitation, and data subject rights. Vector embeddings of personal data are personal data. Agent fine-tuning datasets are processing activities. Current frameworks don't handle this cleanly.

Auditability

If a regulator asks "why did your agent make that decision?", can you answer? Logging every tool call, every model output, every chain-of-thought step. What you keep, for how long, and what you delete on a data subject request.

Liability and accountability

Who's liable when an autonomous agent breaches GDPR? When it makes a discriminatory decision? When it sends a customer the wrong information? The EU AI Act Liability Directive answers some of this; contracts answer the rest. Most agent deployments have neither sorted.

Practitioner reads

Compliance Engineering · Issue 004 · May 2026

The AI Agent DPIA: What Changes When AI Stops Answering and Starts Acting

Five things change in the DPIA when AI moves from answering to acting. Tool-use as a first-class processing step. Article 22 in scope. Autonomous-action risk entries. Action authorisation gates instead of output filtering. Residual risk acceptance that admits what the deployment team doesn't yet know.

Practical DPIA writing guide

How to Write a DPIA for Your AI System

Step-by-step DPIA construction with worked examples for chatbots, document processors, and automated decision-making systems. The base layer the agent-specific work above sits on top of.

Article 35 entry guide

Do I Need a DPIA for My AI System?

When AI processing crosses the Article 35 threshold, what triggers the requirement, and what the DPIA actually has to cover.

Newsletter

Get one issue a month on agent compliance

Compliance Engineering covers AI compliance generally. One in every four issues focuses on agents specifically: practical patterns for autonomous systems, tool use, memory, and auditability.

Free. Unsubscribe anytime. No spam.

Open-source toolkit

DPIA templates for agent systems and chatbots, plus the NDPA Section 40 breach response framework, published as open source on GitHub. CC BY 4.0 licensed, attribution required when reused.

github.com/Thezenmonster/compliance-engineering-toolkit

Specifically for agents: the autonomous agent DPIA template.

Working with me on agent compliance

If you're deploying an AI agent (autonomous customer support, internal workflow automation, anything that uses tools or makes decisions across systems) and you need the compliance posture sorted, the right starting point is a scoping review.

One week, fixed price, written report. I look at your agent architecture, tool boundaries, decision points, data flows, and tell you exactly what documentation, controls, and disclosures the system needs.

Book a £500 scoping review

For ongoing agent governance support, see DPO-as-a-Service.