The future of agentic AI: A cross-regulatory perspective from the UK

Published in March 2026, ‘The Future of Agentic AI‘ is a foresight paper from the Digital Regulation Cooperation Forum (DRCF), the joint body bringing together the Competition and Markets Authority (CMA), the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and Ofcom.

Drawn on a public call for views conducted through the DRCF Thematic Innovation Hub in autumn 2025 and a series of cross-regulatory workshops, it maps how agentic AI simultaneously activates the remits of all four regulators, and identifies the areas where cross-regulatory coherence will be most difficult to maintain as the technology advances.

The DRCF emphasises that regulation should function as an enabler of innovation rather than a barrier. All four regulators affirm that existing UK frameworks, across data protection, consumer protection, financial regulation and online safety, already apply to agentic AI.

Much of the analytical weight, therefore, lies not in proposing new rules but in mapping how the simultaneous application of those frameworks to a single agentic deployment creates coordination challenges that a sector-by-sector regulatory model was not designed to manage.

The document does not constitute regulatory policy and is explicitly framed as a contribution to the stakeholder debate.

Agentic AI: definition and current state of development

Agentic AI is defined as systems of AI agents that behave and interact autonomously to achieve their objectives, where each individual agent is an increasingly autonomous AI capable of directly affecting real-world environments. The key distinction from standard generative AI lies in what agents do beyond generating outputs: they assess goals and decompose them into subtasks, retrieve real-time data from external services, execute actions such as making payments or sending communications, and retain memory of past interactions.

Information retrieval alone does not make a system an agent. The critical feature is the autonomous plan-act loop through which multi-step tasks are completed, often by invoking external tools, with limited or no human intervention at each step.

A five-level autonomy spectrum structures the analysis of the current and near-future agent landscape. At the base sits the ‘tool’, a reactive system with no initiative or memory. Above it is the ‘assistant’, capable of planning a few steps and using approved tools while deferring to the user for execution.

The ‘operator’ handles bounded workflows end-to-end once authorised. The ‘collaborator’ and ‘autonomous actor’ tiers, capable of initiating and coordinating multi-step work with minimal human approval, remain largely theoretical at the time of publication.

Most practical deployments today sit at the assistant or operator tiers: customer-support copilots that triage tickets, workflow agents that automate expense claims, or fraud detection systems in financial services. Agentic AI is not exclusively software-based. Embodied agents in robotics and the Internet of Things (IoT) represent an important adjacent development, with LLM-enabled humanoid robots already deployed in some industrial settings.

Emerging opportunities across the economy

For individual users, the core opportunity lies in a ‘delegation layer’ between people and the digital services they rely on: agents that can translate natural-language intent into executable sequences of steps across tools, services and platforms, reducing friction and cognitive load. Specific consumer benefits highlighted include reduced search costs through conversational product comparison, improved deal quality through continuous price monitoring and automatic coupon application, and support for switching and cancellation journeys.

Particular potential is identified for users with disabilities or limited digital literacy, for whom conversational interfaces may substantially lower barriers to digital participation, touching directly on the future of work and labour market inclusion.

For businesses, a large-scale study of a generative AI assistant in customer support found improvements of around 14 to 15% in issues resolved per hour, with the greatest gains among less experienced workers.

Illustrations of current commercial deployment include Allianz’s agentic system for automating food spoilage claims, which uses seven specialised agents, and the UK Government Digital Service’s trial of Microsoft 365 Copilot across 20,000 staff, which reported time savings of 26 minutes per person per day.

For regulators, the CMA has already deployed agentic AI to detect consumer harms such as drip pricing. The DRCF discusses how agentic supervision tools could enable compliance monitoring at a scale and speed that would be impossible for human inspectors alone, pointing to a future in which regulators themselves are among the primary users of the technologies they oversee.

Amplified and novel risks

Agentic AI does not merely introduce new hazards; it amplifies existing ones through the combination of autonomy, multi-step execution and access to sensitive data. The most structurally significant risk is accountability fragmentation, which the DRCF describes as the ‘many hands problem’: when a deployment involves a model provider, a system provider and a downstream deployer, each contributing distinct elements to an outcome, attributing liability for harm becomes substantially more complex than in conventional software.

Model providers have a role in monitoring and emergency controls, system providers in adapting those tools to the context, and downstream deployers in maintaining oversight during operation. Importantly, the foresight paper makes clear that ‘my agent did it’ is not a defence any UK regulator will accept as organisational responsibility for legal compliance remains unchanged regardless of the agent autonomy.

Data protection risks are particularly acute. Agentic systems frequently require broad access to personal and operational data, which may be shared across multiple agents and integrated with external tools in ways that make it difficult to maintain the data minimisation principle under the UK GDPR.

Action bundling, the tendency of agents to execute sequences of steps that would normally represent separate consumer decisions simultaneously and at speed, raises questions about whether consent remains meaningful.

Cascading errors, where a flaw in one agent propagates across interconnected systems with amplified effect, are identified as a governance challenge with potentially systemic consequences touching on critical infrastructure. The Moffatt v. Air Canada case, in which an automated system provided incorrect information and the airline was held accountable, is cited by respondents to the call for views as an illustration of how accountability challenges in automated deployments are already reaching the courts.

Cybersecurity risks are materially increased by agentic capabilities. Agents designed to ingest and act on content from diverse external sources are particularly vulnerable to prompt injection attacks, in which malicious instructions are embedded in the content the agent processes, raising direct cybersecurity concerns.

Agents may also operate under non-human identities (NHIs) without the session-based oversight that applies to conventional user authentication, creating surfaces for privilege escalation and data exfiltration. A documented attack in which agentic AI was used to perform 80 to 90% of the attack lifecycle illustrates how the same capabilities that make agents useful can be weaponised at speeds and scales beyond human capacity to manage.

Hyper-personalisation adds a further risk dimension. Agents with persistent memory and detailed user profiles can generate highly persuasive communications, and the same techniques can be turned to personalised fraud, as demonstrated in documented AI-driven influence campaigns. Where agents are optimised to advance the commercial objectives of deployers through undisclosed advertising arrangements or data-extractive digital business models, they may channel users toward platform-preferred outcomes while presenting themselves as neutral intermediaries.

Foresight scenarios and their regulatory implications

A methodologically distinctive feature of the foresight paper is its use of scenario analysis to stress-test the cross-regulatory implications of different agentic AI futures. Building on the ICO’s Agentic AI Tech Futures Report, the DRCF constructed a two-by-two matrix of four plausible futures defined by two critical uncertainties: the capability level of agentic systems and the degree of their adoption in the economy.

Subject-matter experts from all four regulators examined each scenario for regulatory synergies and friction points in a cross-regulatory workshop.

The first scenario, ‘scarce, simple agents’, describes low capability and low adoption, in which agents remain narrow tools used in controlled professional contexts with close human oversight. The regulatory challenges here are primarily about maintaining proportionality without over-regulating an immature technology.

The second scenario, ‘just good enough to be everywhere’, combines low capability with high adoption: agents are widely deployed despite significant limitations, creating systemic consumer harm at scale and widespread accountability confusion. Of the four scenarios, this is considered the most acute near-term risk.

The third scenario, ‘agents in waiting’, describes high capability but low adoption, in which powerful agents are held back by regulatory uncertainty, liability concerns or lack of consumer trust. The regulatory challenge shifts from harm prevention to enabling conditions: excessive caution risks suppressing valuable innovation.

The fourth scenario, ‘ubiquitous agents’, represents high capability combined with high adoption, a fully agentic future in which agents mediate most consumer-market interactions and manage enterprise workflows autonomously. Winner-takes-most market concentration, spontaneous algorithmic collusion, systemic accountability gaps and agent-to-agent communication operating beyond human-readable oversight are identified as the primary governance challenges in this scenario.

The cross-regulatory workshop exercise enabled the four regulators to map not only sector-specific risks within each scenario but also the points where their remits intersect or conflict. The DRCF presents this methodology as a model for ongoing interdisciplinary horizon scanning that other jurisdictions could adapt to stress-test their own frameworks before tensions manifest in real-world deployments.

The cross-regulatory challenge

Using the example of a large UK retailer deploying an autonomous customer assistant, the DRCF demonstrates how a single agentic deployment can simultaneously raise data protection issues for the ICO through automated decision-making on credit or loyalty discounts, financial regulation concerns for the FCA if the assistant recommends or arranges financial products, online safety duties for Ofcom if the agent retrieves and synthesises information from third-party websites in ways that may constitute a regulated search service under the Online Safety Act 2023, and competition regulation and consumer protection matters for the CMA if the agent behaviour steers users away from competitors or constitutes algorithmic collusion.

No single regulator holds the full picture, yet each may need to act.

Each regulator sets out its current approach. The ICO launched a public consultation on updated automated decision-making and profiling guidance on 31 March 2026, responding to the reforms introduced by the Data (Use and Access) Act 2025, section 80 of which came into force on 5 February 2026.

That provision replaced Article 22 of the UK GDPR with new Articles 22A to 22D, substituting the previous near-prohibition on solely automated decision-making with a more permissive, safeguards-based framework. The consultation closed on 29 May 2026, with final guidance expected in summer 2026.

The ICO has also been formally commissioned under the Statutory Instrument 2026/425 to produce a statutory code of practice on AI and automated decision-making, which will carry evidential weight in enforcement proceedings and is expected to address agentic systems directly.

The FCA applies its outcomes-focused Consumer Duty to firms using agentic AI in financial services, with its AI Live Testing platform providing a supervised environment for firms to experiment with agentic use cases. Ofcom is assessing how agentic AI affects telecoms markets and whether agent-enabled services fall within the scope of its online safety regime.

The CMA draws on the Digital Markets, Competition and Consumers Act (DMCCA) to address strategic market status, self-preferencing and exclusionary conduct in agentic AI contexts, and has published guidance for businesses on complying with consumer law when using AI agents.

Governance, accountability and human oversight

Observability, defined as the ability of deployers to understand what is happening within a system by examining its outputs, including logs of interactions, reasoning steps, action traces and performance metrics, is identified as a foundational governance requirement. Legal obligations under data protection law, consumer law, competition law, financial regulation and online safety requirements apply regardless of the degree of automation involved.

Nominal human oversight, where a person is present but has no genuine capacity to intervene, does not satisfy the human-in-the-loop requirement under UK data protection law when automated decisions have legal or similarly significant effects on individuals. Permissions controls that specify which data sources an agent may access are presented as both a data governance and a data minimisation tool, with the additional benefit of reducing consent fatigue: the risk that users who are repeatedly prompted to approve the agent actions begin doing so without meaningful deliberation.

Responsibility in multi-agent systems remains one of the most unresolved points in the analysis. As agents interact with each other and blend datasets without human involvement, identifying who controls which data and who is responsible for a given compliance failure under the UK GDPR becomes progressively harder.

Respondents to the call for views proposed that regulators require firms to adopt AI supply chain governance frameworks addressing component integrity, compatibility, and risk propagation. The DRCF raises the concept of ‘transparency agents’, systems designed specifically to monitor inter-agent transactions and maintain audit trails, noting that governing agentic AI may itself require agentic tools.

Consumer rights, market dynamics and algorithmic collusion

The Consumer Rights Act 2015 and the consumer protection provisions of the DMCCA apply fully to agentic AI providers. Drawing on the CMA’s research on agentic AI and consumers, published on 9 March 2026, the core risk identified is that systems optimised for the deployer’s commercial objectives through undisclosed advertising arrangements or data-extractive business models may influence consumer protection outcomes in ways users cannot anticipate or contest.

‘Choice outsourcing’ is identified as an emerging structural risk: when consumers delegate comparison and transaction decisions to agents that, in turn, respond to platform incentives, competition shifts from the product layer to the agent layer, with firms competing to be favoured by assistants rather than to offer the best price or quality.

Digital inequality receives dedicated analysis across two distinct risk groups. Users with lower media literacy and limited device access may struggle to recognise AI-generated responses, navigate privacy controls or correct agent errors. Users with higher digital literacy may nonetheless find their critical assessment skills weakened by the reduced visibility into multi-agent decision-making.

As agentic AI becomes embedded in everyday systems, the DRCF cautions that users may increasingly feel that non-adoption means being shut out of services entirely, a form of structural compulsion that existing consumer protection frameworks were not designed to address.

Algorithmic collusion is among the most technically specific risk areas addressed. Experimental evidence suggests that LLM-based agents may spontaneously converge on supra-competitive prices in price-setting, bidding and financial market simulations without explicit instruction, maintaining those prices even as conditions change.

Research also demonstrates that AI systems can develop covert communication strategies, including hiding messages within ordinary text, and may evolve faster non-natural-language communication protocols as alternatives to human-readable exchange.

All existing collusion evidence comes from controlled experimental conditions rather than from real-world markets, but the DRCF treats the findings as sufficient to warrant caution in deploying agents in pricing roles. The CMA’s paper on AI and collusion, published on 4 March 2026, provides the most detailed UK regulatory analysis of these risks to date.

Open communication protocols such as the Model Context Protocol (MCP) and Agent2Agent (A2A) are discussed as tools for supporting interoperability and reducing vendor lock-in, although their competitive implications remain to be addressed.

Further developments

Since the foresight paper was published in March 2026, the regulatory programme it outlines has moved forward on several fronts. Most notably, on 3 June 2026 the DRCF launched a call for input on consumer interest and AI, open until 3 July 2026. Structured in two phases, the call gathers the consumer evidence that the four regulators need to apply their existing rules more effectively.

Phase one examines consumer attitudes: how much risk consumers will tolerate from generative and agentic AI in exchange for convenience and cost savings, how well they understand the technology, and whether disclosures and consent mechanisms have a meaningful effect. Phase two asks what tools, frameworks and obligations can best deliver good consumer outcomes.

The call is significant as it represents the first concrete step toward building an empirical evidence base for enforcement rather than anticipatory guidance. Findings will feed directly into the autumn regulatory agenda of all four member bodies.

The ICO’s consultation on the updated automated decision-making and profiling guidance closed on 29 May 2026, with final guidance expected later in 2026. The FCA’s Mills Review, which examined how advanced AI models could reshape retail financial services by 2030, is on track to deliver recommendations to the FCA Board in summer 2026, with an external publication to follow. Cohort 2 of the FCA’s AI Live

Testing programme has launched, building on findings from the first cohort. Ofcom is expected to publish its 2026 to 2027 strategic approach to AI later in the year, covering agentic AI’s implications for telecoms markets and online safety.

The UK regulatory landscape is also developing in an international context. Spain’s data protection authority, the AEPD, published a detailed technical guide on AI agent architecture in February 2026, addressing prompt injection vulnerabilities and automated decisions under Article 22 of the GDPR, one of the most granular analyses produced by a European data protection authority to date.

In March 2026, an EU Parliament committee voted in favour of amendments pushing EU AI Act high-risk compliance deadlines to December 2027 and August 2028, reflecting continued implementation pressure at the EU level.

Together, these developments illustrate that the governance issues raised by the DRCF are being worked through simultaneously across multiple jurisdictions, with regulatory divergence as real a risk as convergence.

Implications for the broader digital governance landscape

The DRCF’s multi-regulator framing reflects a structural reality that most national governance frameworks have not yet fully absorbed: agentic AI is not a sector-specific technology but a general-purpose capability that simultaneously activates legal obligations across multiple regulatory domains.

Countries that have assigned AI oversight to a single lead authority may find that agentic AI creates accountability gaps at the boundaries between those domains that a single-regulator model cannot address.

A fundamental difference between the UK approach and the EU AI Act is worth noting. The EU AI Act employs a risk-based classification system applied at the level of AI systems and their use cases, imposing pre-market obligations on high-risk systems before deployment.

The UK’s approach applies existing sector-specific rules to AI through the regulator most relevant to a given harm, without a central AI authority or horizontal AI statute. Both approaches acknowledge that deploying an AI agent does not transfer legal accountability to the agent; accountability remains concentrated on the deployer.

Where the two frameworks diverge is in their approach to ex ante versus ex post intervention. The UK model relies more heavily on enforcement after harm has occurred, supplemented by guidance and safe-space testing.

The EU model attempts to prevent certain harms before deployment. The ‘just good enough to be everywhere’ scenario, in which low-capability agents cause consumer harm at scale, implicitly raises the question of whether the post-hoc enforcement model is sufficiently robust for the near-term agentic AI risks the DRCF itself identifies as the most pressing.

On standards and interoperability, the governance of agent communication protocols is emerging as a question of digital standards and competition policy as much as a technical one. If open protocols such as the Model Context Protocol (MCP) and Agent2Agent (A2A) become widely adopted, they could reduce the ecosystem advantages that currently favour large incumbent platform operators.

If dominant firms instead establish proprietary standards, the market concentration risks in the ‘ubiquitous agents’ scenario could materialise more rapidly.

A related concept raised in the foresight paper is ‘know your agent’ protocols, analogous to ‘financial services ‘know-your-customer frameworks’ in financial services, as a tool for verifying agent identity, intent and permissions in commercial settings. Potential links are noted to the digital identity reforms currently under development in the UK. How these standards issues are addressed will significantly shape the competitive landscape of agentic AI markets over the next several years.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!