Agentic AI and data protection: the new legal challenge of systems that decide and act on their own

Agentic AI and data protection: the new legal challenge of systems that decide and act on their own

Agentic artificial intelligence — or agentic AI — represents a significant evolution compared to traditional AI systems. We are no longer speaking only about tools that generate text, classify information or make recommendations, but about systems capable of planning tasks, making intermediate decisions, interacting with other applications and executing actions with a certain degree of autonomy. In the business environment, these agents may schedule meetings, select suppliers, prioritise candidates, manage complaints, launch commercial communications or modify platform settings without direct human intervention at each step.

From a data protection perspective, this shift is far from minor. The General Data Protection Regulation (GDPR) already addressed the risks of automated decision-making, particularly where such decisions produce legal effects or similarly significantly affect individuals. Article 22 GDPR recognises the right not to be subject to a decision based solely on automated processing, including profiling, where those relevant effects arise. Agentic AI intensifies this debate because it does not merely “decide”; it also “acts”: it executes instructions, chains processes together and may generate practical consequences before a person has reviewed the outcome.

The main legal challenge lies in determining who actually controls the processing. In an agentic system, several actors are usually involved: the model provider, the agent developer, the company implementing it, the services connected through APIs and, in some cases, third parties whose data are processed indirectly. This architecture makes it harder to clearly identify the controller, the processor and any possible joint controllers. Without a precise contractual and operational allocation of roles, the organisation deploying the agent may assume significant risks in terms of lawfulness, transparency, security and accountability.

The legal basis for processing is another critical issue. Many agents operate by accessing large volumes of personal data: emails, customer histories, internal files, employment information, user preferences or inferred data. It is not enough to rely generically on legitimate interest or contractual necessity. The organisation must justify which data the agent needs, for what specific purpose, for how long, under what limits and with what safeguards to prevent incompatible uses. The principle of data minimisation becomes especially relevant: an agent should not have unlimited access to all corporate systems merely because this is technically convenient.

Transparency obligations are also reinforced. Data subjects must be able to understand, at least in a meaningful way, that automated processing is taking place, what general logic is being used, which data influence the decision and what consequences it may have. European guidance on automated decision-making and profiling stresses the need to provide adequate information to individuals and to establish effective safeguards against relevant automated decisions. In agentic systems, this information must be even clearer, because the decision-making chain may be dynamic and difficult to explain if it is not documented by design.

Human intervention is probably one of the most delicate elements. It is not enough to include a symbolic or merely formal review. For a safeguard to be genuine, the supervising person must have the authority, competence and real ability to modify or reverse the system’s decision. In other words, the so-called human in the loop cannot become an empty formality. Where the agent makes decisions affecting recruitment, credit, personalised pricing, access to services, employment management or complaints handling, human oversight must be integrated into the procedure and not appear only once harm has already occurred.

The European Artificial Intelligence Act must also be taken into account. The AI Act entered into force on 1 August 2024 and establishes a framework of obligations graduated according to the risk level of the system. Although it does not replace the GDPR, both frameworks complement each other: the AI Act focuses on the safety, traceability, governance and control of the system, while the GDPR protects individuals’ rights and freedoms in relation to the processing of their data. This means that companies deploying agentic AI will often need to comply with both regulatory regimes simultaneously.

In practice, organisations wishing to deploy agentic AI should adopt a preventive approach. Before activating an agent, it is advisable to map the processing activities, assess whether a data protection impact assessment is required, define access permissions, record instructions, configure operational limits, audit outcomes and establish complaint mechanisms. It will also be advisable to adopt internal policies defining which decisions the agent may take autonomously and which require prior human approval.

Security also requires specific attention. An agent connected to internal systems may become a channel for data exposure if it receives malicious instructions, misinterprets an order or accesses information it does not need. For this reason, organisations should apply segregation controls, activity logs, robustness testing, measures against prompt injection and procedures for rapidly blocking or disconnecting the system.

Ultimately, agentic AI does not remove traditional data protection obligations: it amplifies them. Technical autonomy cannot translate into legal opacity. Organisations incorporating intelligent agents must be able to demonstrate that they retain control over the purposes, data, decisions and consequences of the system. The real legal challenge will not be to prevent AI from acting, but to ensure that it does so within verifiable, transparent limits that respect fundamental rights.