An autonomous AI agent operating in a company's IS is almost always covered by multiple regulatory frameworks in 2026. Many teams assume "it's just an assistant" and discover during audit that the demanded compliance is heavy. Here's the pragmatic read of what the AI Act, ISO 42001 and NIS2 require for an autonomous agent, and what to produce now.
AI Act: is your agent high-risk?
The AI Act (EU Regulation 2024/1689) classes AI systems in 4 tiers. For enterprise agents, two tiers matter:
"Limited risk"
Conversational agents without high-stakes external impact: support chatbots, internal research assistants. Main obligations:
- Transparency: the user must know they interact with an AI.
- Marking of generated content (if producing text, image, etc.).
"High risk" (Annex III)
If your agent operates in a domain listed in Annex III — HR (recruitment, evaluation), access to essential services (health, finance, education), law enforcement, critical-infrastructure management — it's high-risk. Obligations from August 2, 2026:
- Documented risk management system.
- Data governance (quality, bias, representativeness).
- Complete technical documentation.
- Automatic logging of operations.
- Transparency toward users.
- Effective human oversight.
- Robustness, accuracy, cybersecurity.
- CE marking + conformity declaration.
- Registration in the EU database.
Heavy. Also very clear on what to produce.
ISO 42001: the AIMS as backbone
ISO 42001:2023 (Artificial Intelligence Management System) mandates a management system dedicated to AI, analogous to ISO 27001's ISMS for cybersecurity. For an autonomous agent:
- Documented AI policy (objectives, principles, scope).
- Impact assessment per use case.
- Inventory of deployed AI systems and characteristics.
- Documented lifecycle: design → development → tests → deployment → monitoring → retirement.
- Change management.
- Internal audits.
ISO 42001 doesn't replace the AI Act. It helps structure it. Many AI Act auditors will lean on ISO 42001 (or equivalent) as proof of implementation.
NIS2: your agent as critical asset?
If your company is an essential or important entity under NIS2, your autonomous agent may count as a critical IT asset. Consequences:
- Listed in the internal registry of critical systems.
- NIS2 controls apply (cyber risk management, incident handling, BCP).
- Significant-incident notification within 24h.
Rarely a topic in itself for SMBs outside regulated sectors. For SaaS serving NIS2-regulated customers, it becomes contractual — they'll ask for aligned commitments.
8 deliverables to produce now
Without waiting for an audit, without waiting for August 2026:
1. Agent ID sheet
One page:
- Name, version, business owner.
- Goal and use case.
- Model(s) used.
- Tools accessible.
- Data processed (types, sources, recipients).
- Preliminary AI Act assessment (high-risk / not, justified).
2. AI Impact Assessment
Structured doc:
- Identified risks (cybersecurity, bias, performance, GDPR).
- Mitigations.
- Residual risks and management acceptance.
Different and complementary to a GDPR DPIA when personal data is processed.
3. Data mapping
What enters the agent, what exits, where stored, how long, who accesses. Cross-referenced with your GDPR Article 30 registry if applicable.
4. Human-oversight policy
- Which actions are fully autonomous?
- Which require human validation?
- How can a human stop the agent?
- Who supervises and with what training?
5. Technical documentation
- System architecture (DFD).
- Models used, versions, providers.
- Dataset if in-house training.
- Tests performed (performance, robustness, bias, security).
6. Audit log
Explicitly demanded by AI Act high-risk (Article 12).
7. Post-deployment monitoring plan
- Indicators tracked.
- Review cadence.
- Triggers for re-assessment.
8. Incident handling procedure
Specific to the agent.
Common pitfalls
Conflating "transparency" with "watermarking"
The AI Act transparency obligation (Article 50) requires users to know they interact with an AI. Not necessarily a cryptographic watermark on outputs. Watermarking is required for specific cases (deepfakes notably), not all.
Over-complying from day one
The AI Act clearly distinguishes tiers. An internal assistant that helps write emails has almost nothing to do. An agent filtering applications has a lot. Don't apply the strictest tier by default — it costs and delays the real work.
Forgetting upstream providers
If you use a foundation model (Claude, GPT, Gemini, Mistral, Llama), you have user obligations. The model provider has different obligations as GPAI provider. Read provider terms to understand what they cover and what falls to you.
A good calendar
For an agent shipping after August 2026:
- May to July 2026: produce the 8 deliverables. 3-6 weeks for a 50-150-person scale-up.
- August 2026: deployment with full file.
- Quarterly after: indicators review, documentation updates.
If you launch before August 2026, you have more iteration room; use it to produce the deliverables without regulatory urgency.