{"id":20578,"date":"2026-04-27T17:09:53","date_gmt":"2026-04-27T17:09:53","guid":{"rendered":"https:\/\/letslaw.es\/?p=20578"},"modified":"2026-04-27T17:09:53","modified_gmt":"2026-04-27T17:09:53","slug":"aepd-guidance-on-the-use-of-agentic-ai","status":"publish","type":"post","link":"https:\/\/letslaw.es\/en\/aepd-guidance-on-the-use-of-agentic-ai\/","title":{"rendered":"AEPD Guidance on the Use of Agentic AI"},"content":{"rendered":"<p>On 18 February 2026, the <a href=\"https:\/\/letslaw.es\/en\/aepd-and-aesia-to-supervise-artificial-intelligence-in-spain\/\">Spanish Data Protection Agency (AEPD)<\/a> published its &#8220;Guidance on Agentic Artificial Intelligence from a Data Protection Perspective&#8221;, aimed at helping controllers and processors identify the risks that arise when AI agents are used in personal data processing operations. The underlying message is clear: agentic AI requires a reassessment of how processing operations are governed and how individuals&#8217; rights are protected.<\/p>\n<p>The AEPD makes clear that it is not seeking to resolve any particular case, but rather to provide a framework for managing the specific features introduced by this technology. It is not guidance on prompts, but on how processing changes when the system plans, consults tools, accesses memory and performs actions with varying degrees of autonomy.<\/p>\n<h2>What the AEPD Means by Agentic AI<\/h2>\n<p>The AEPD defines agentic AI as systems capable of acting autonomously in order to achieve objectives. Unlike a reactive model, an agent can break down tasks, use tools, consult memory and perform actions in several steps.<\/p>\n<p>Put differently, agentic AI is not just &#8220;another chatbot&#8221;. There are at least four elements that explain why the AEPD has devoted specific guidance to it:<\/p>\n<ul>\n<li><strong>It works towards objectives, not just isolated instructions.<\/strong> The agent does not merely respond: it can plan subtasks and chain steps until it reaches an outcome, with different systems and trust levels involved.<\/li>\n<li><strong>It can use tools and connect to the outside world.<\/strong> These systems can interact with multiple services and external sources, which broadens the exposure surface and explains why the analysis cannot be limited to the LLM in isolation.<\/li>\n<li><strong>It can incorporate memory.<\/strong> Memory makes it possible to contextualise future actions, but it may also carry forward personal data and bias if there are no clear retention and deletion rules.<\/li>\n<li><strong>It can operate with different levels of autonomy.<\/strong> The AEPD distinguishes between agents that merely propose and agents that execute. The greater the autonomy, the greater the need for supervision, minimisation, explainability and reversibility.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>How the Data Protection Approach Changes<\/h2>\n<p>Introducing agentic AI into a processing operation changes its nature: it may reduce existing risks, but it may also create new ones. For that reason, the AEPD requires the risk analysis and management process to be reopened.<\/p>\n<p>The autonomy of the agent shifts the analysis to the system&#8217;s overall behaviour: what it consults, remembers, shares, infers and executes. As a result, the parties involved, the data, the flows, the retention periods, the transparency and the purposes may all change.<\/p>\n<p>The guidance also clarifies that <a href=\"https:\/\/letslaw.es\/en\/big-data-impact-assessment\/\">agentic AI does not automatically require a DPIA in every case<\/a>, but it may require one \u2014 or require the review of an existing one \u2014 where it alters the risk initially assessed.<\/p>\n<h2>The Risks That Most Concern the AEPD<\/h2>\n<p>The guidance identifies specific risks and does not stop at a generic warning about &#8220;using AI carefully&#8221;.<\/p>\n<ul>\n<li><strong>Opacity and a false sense of control.<\/strong> Users and developers may not fully understand how the agent makes decisions. The combination of distributed inferences, external tools and memory may create an appearance of reliability while making explainability, auditing and human oversight more difficult.<\/li>\n<li><strong>Data excess, persistent memory and profiling.<\/strong> Retaining too much context or reusing memory across cases may carry forward irrelevant data and enable the profiling of system users if records are not limited, pseudonymised and subject to retention periods.<\/li>\n<li><strong>Excessive access to information and breach of the minimisation principle.<\/strong> Agents with autonomous access to multiple sources may engage in mass scraping or forward more data than is necessary.<\/li>\n<li><strong>Prompt injection and indirect threats.<\/strong> Malicious instructions may be embedded in a website, an email or a document consulted by the agent.<\/li>\n<li><strong>Shadow leaks or silent leakages.<\/strong> The AEPD also warns about shadow leaks: partial outputs that make it possible to reconstruct confidential information.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>What Measures the AEPD Recommends to Organisations<\/h2>\n<p>The AEPD&#8217;s response is structural: governance and design, rather than mere notices or final-stage validations.<\/p>\n<p>First, it requires agentic AI to be integrated into the governance of the processing operation and the DPO to be involved from the design stage.<\/p>\n<p>Second, it insists on <a href=\"https:\/\/letslaw.es\/en\/data-protection-and-its-connection-to-artificial-intelligence\/\">data protection by design<\/a>: processing only the data that is necessary and maintaining traceability and explainability.<\/p>\n<p>Third, it calls for specific technical measures: granular minimisation, filtering between components and the removal of unnecessary metadata.<\/p>\n<p>It also calls for limiting memory and logs, pseudonymising records and setting retention periods.<\/p>\n<p>Lastly, the controller must define and document the agent&#8217;s level of autonomy according to the context and the risk. The &#8220;rule of 2&#8221; warns against combining uncontrolled input, sensitive data and automatic action.<\/p>\n<div class=\"cyp_post_formulario\"><h2>Contact Us<\/h2>\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f3074-o1\" lang=\"es-ES\" dir=\"ltr\" data-wpcf7-id=\"3074\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/posts\/20578#wpcf7-f3074-o1\" method=\"post\" class=\"wpcf7-form init wpcf7-acceptance-as-validation\" aria-label=\"Formulario de contacto\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"3074\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.5\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"es_ES\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f3074-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/><input type=\"hidden\" name=\"_wpcf7_recaptcha_response\" value=\"\" \/>\n<\/fieldset>\n<div class=\"campo_nombre\" style=\"width:100%\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"your-name\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required datos-contacto2\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Name\" value=\"\" type=\"text\" name=\"your-name\" \/><\/span><\/div>\n<div class=\"campo_telefono\" style=\"width:100%\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"your-phone\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-tel wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-tel datos-contacto2\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Phone\" value=\"\" type=\"tel\" name=\"your-phone\" \/><\/span><\/div>\n<div class=\"campo_email\" style=\"width:100%\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"your-email\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email datos-contacto2\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Email\" value=\"\" type=\"email\" name=\"your-email\" \/><\/span><\/div>\n<div class=\"campo_asunto\" style=\"width:100%\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"your-asunto\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required datos-contacto2\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Subject\" value=\"\" type=\"text\" name=\"your-asunto\" \/><\/span><\/div>\n<div class=\"campo_mensaje\" style=\"width:100%\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"your-mensaje\"><textarea cols=\"40\" rows=\"10\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea wpcf7-validates-as-required datos-contacto2\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Message\" name=\"your-mensaje\"><\/textarea><\/span><\/div>\n<input class=\"wpcf7-form-control wpcf7-hidden\" value=\"\" type=\"hidden\" name=\"cyp_form_url\" \/>\n<input class=\"wpcf7-form-control wpcf7-hidden\" value=\"cyp_zonaweb\" type=\"hidden\" name=\"zonaweb\" \/>\n<span class=\"wpcf7-form-control-wrap recaptcha\" data-name=\"recaptcha\"><span data-sitekey=\"6LfbCuUpAAAAAGu5f0__hms_y9Kscc_NCNdDGnEJ\" class=\"wpcf7-form-control wpcf7-recaptcha g-recaptcha\"><\/span>\r\n<noscript>\r\n\t<div class=\"grecaptcha-noscript\">\r\n\t\t<iframe loading=\"lazy\" src=\"https:\/\/www.google.com\/recaptcha\/api\/fallback?k=6LfbCuUpAAAAAGu5f0__hms_y9Kscc_NCNdDGnEJ\" frameborder=\"0\" scrolling=\"no\" width=\"310\" height=\"430\">\r\n\t\t<\/iframe>\r\n\t\t<textarea name=\"g-recaptcha-response\" rows=\"3\" cols=\"40\" placeholder=\"Aqu\u00ed la respuesta de reCAPTCHA\">\r\n\t\t<\/textarea>\r\n\t<\/div>\r\n<\/noscript>\r\n<\/span>\n<div style=\"width:100%\">\n<p class=\"form-input-check\" style=\"color:#444444 !important;padding:0px !important;margin:0px !important;font-size:12px !important;margin-bottom:15px !important\">\nBy clicking on \"Send\" you accept our <a href=\"https:\/\/letslaw.es\/en\/privacy-policy\/\" target=\"_blank\">Privacy Policy<\/a> - <a href=\"javascript:\/\/\" class=\"cyp_legal_popup_ingles\">+ Info<\/a>\n<\/p>\n<p class=\"form-input-check\" style=\"color:#444444 !important;padding:0px !important;margin:0px !important;font-size:12px !important\">\n<span class=\"wpcf7-form-control-wrap\" data-name=\"checkbox-173\"><span class=\"wpcf7-form-control wpcf7-checkbox wpcf7-exclusive-checkbox\"><span class=\"wpcf7-list-item first last\"><label><input type=\"checkbox\" name=\"checkbox-173\" value=\"\" \/><span class=\"wpcf7-list-item-label\"><\/span><\/label><\/span><\/span><\/span> I agree to receive outlined commercial communications from LETSLAW, S.L. in accordance with the provisions of our <a href=\"https:\/\/letslaw.es\/en\/privacy-policy\/\" target=\"_blank\">Privacy Policy<\/a> - <a href=\"javascript:\/\/\" class=\"cyp_legal_popup\">+ Info<\/a>\n<\/p>\n<\/div>\n<div class=\"vc_col-sm-12 botton-datos-contacto\"><input class=\"wpcf7-form-control wpcf7-submit has-spinner\" type=\"submit\" value=\"Send\" \/><\/div><input type='hidden' class='wpcf7-pum' value='{\"closepopup\":false,\"closedelay\":0,\"openpopup\":false,\"openpopup_id\":0}' \/><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n<div>","protected":false},"excerpt":{"rendered":"<p>On 18 February 2026, the Spanish Data Protection Agency (AEPD) published its &#8220;Guidance on Agentic Artificial Intelligence from a Data Protection Perspective&#8221;, aimed at helping controllers and processors identify the risks that arise when AI&#8230;<\/p>\n","protected":false},"author":82,"featured_media":20582,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[258],"tags":[],"class_list":["post-20578","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-digital-law"],"_links":{"self":[{"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/posts\/20578","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/users\/82"}],"replies":[{"embeddable":true,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/comments?post=20578"}],"version-history":[{"count":2,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/posts\/20578\/revisions"}],"predecessor-version":[{"id":20580,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/posts\/20578\/revisions\/20580"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/media\/20582"}],"wp:attachment":[{"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/media?parent=20578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/categories?post=20578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/tags?post=20578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}