Agentic AI: How to balance compliance and control

The rise of agentic AI systems represents a significant shift in artificial intelligence, enabling autonomous, self-evolving systems that operate with goal-directed behavior. Unlike traditional AI, which primarily reacts to inputs, these systems are proactive, adaptive and self-managing. For example, agentic AI can autonomously plan and book an entire trip. Today, it can select flights, accommodations and activities based on your preferences, budget and real-time availability... saving you hours of research and decision-making. By 2030, spending on agentic AI software is projected to reach $155 billion. However, as these systems become less predictable, concerns about loss of control arise. This demands a focus on safety, transparency and regulatory compliance.  

Can we control agentic AI?  

One of the primary concerns with agentic AI is the loss of control. As these systems become more autonomous and complex, it becomes increasingly difficult to predict their actions and ensure they align with human intentions. This unpredictability can lead to unintended consequences, such as biased decision-making or even harmful actions. Some key challenges that arise include:  

1.        Safety and reliability: Autonomous systems must be able to operate safely in a wide range of environments and conditions. This requires robust mechanisms for error detection and correction, as well as the ability to handle unexpected situations.  

2.        Transparency and accountability: As AI systems become more complex, it becomes harder to understand how they make decisions. This “black box” has a lack of transparency that makes it difficult to assign responsibility. Additionally, the EU’s AI Act mandates explainability for high-risk AI systems, requiring clear documentation of how decisions are made. 

3.        Regulatory and legal frameworks: Proof that autonomous AI systems are to be able to comply with existing legal frameworks (such as GDPR) to address liability, privacy and data security. For example, in healthcare, AI diagnostic tools must meet both GDPR and MDR (Medical Device Regulation) standards before deployment in the EU. 

How to set up for control 

To address these concerns about control, it is essential to ensure that these agentic AI systems are safe, transparent and compliant with regulations. 

Make it safe 

Safety is a top priority when it comes to agentic AI systems. First, implement fail-safes, such as the ability to shut down or revert to a safe state in case of failure with a procedural back up plan to keep operations live. Second, develop redundancy measures to help ensure that AI systems operate safely and reliably. This includes mechanisms for error detection and correction. For instance, in automated fraud detection, an agentic AI system can run parallel models trained on different datasets to cross-validate suspicious transactions. If the primary model fails or flags inconsistently, the secondary model ensures continuity and accuracy in decision-making.  

Make it transparent 

By documenting decision-making processes and providing explanations for actions, these systems can become more understandable while accountability increases. First, create and share thorough documentation. Second, design AI systems that can provide clear, understandable reasons for their outputs. Third, keep logs of decisions and input/output data to enable traceability. For example, OpenAI’s GPT-4 Turbo includes a system message log that helps developers understand how prompts affect responses. Fourth, Offer user-facing explanations appropriate to the audience. This transparency helps in debugging, optimization, understanding model behavior and, most importantly, builds trust with users and stakeholders. 

Make it compliant 

Regulatory compliance is essential for ensuring that agentic AI systems operate within legal frameworks. This requires ongoing adjustments throughout the AI lifecycle as you align with legal, ethical and technical standards. For example, the EU AI Act defines four risk categories: unacceptable, high, limited and minimal/no risk. High-risk systems face strict requirements, including risk assessment, data quality, documentation, transparency, human oversight and accuracy. 

First, start with a compliance-aware AI lifecycle. This means embedding legal, ethical, and regulatory considerations from the very beginning of your AI development process—not as an afterthought. It includes identifying applicable laws, defining risk thresholds, and setting up governance structures before any code is written. Second, embed regulatory requirements into technical design and hardwire legal & ethical constraints into the tech stack. Third, conduct built-in risk & impact assessments and integrate human intervention for outliers.  

Agentic AI is here, and it’s evolving fast. As these systems take on more responsibility, the question isn’t just what they can do, but how we ensure they do it safely, transparently and within the bounds of law. The path forward starts with intentional design: building compliance into your AI lifecycle, embedding explainability and keeping human oversight at the core. In the age of autonomous systems, control isn’t about holding the reins tighter; it’s about designing smarter, safer systems from the start.  

Ready for a smart approach to agentic AI? Reach out to

Niels van Lieshout

E: niels.vanlieshout@igh.com

T: +31 650657444