NoraSoft
Torna agli articoli
Intelligenza Artificiale Agentic AI Sicurezza

EU AI Act and Governance: Rules for AI Agents in Business from 2 August 2026

2026-05-11 NoraSoft
Classify the risk

What risk level is your use case?

The EU AI Act classifies AI systems by risk. Pick a use case and discover its category and the main obligations.

Adopting AI agents is not merely a technological and business matter: it is also a question of regulatory compliance. The EU AI Act, the world’s first comprehensive regulatory framework for artificial intelligence, becomes fully applicable on 2 August 2026. For Italian and European businesses that use AI agents to automate processes, understanding these obligations is essential to avoid fines that can reach 7% of annual global turnover. In this article we explain what the EU AI Act requires of AI agents, what the principal obligations are, and how to build a robust governance structure.

The EU AI Act: What Changes from 2 August 2026

The EU AI Act enters its phase of full applicability on 2 August 2026. Some provisions are already in force: the prohibitions on banned AI practices and AI literacy obligations from 2 February 2025, and the governance rules and obligations for GPAI models from 2 August 2025. From 2 August 2026, the obligations for high-risk systems come into effect, which apply to many business use cases for AI agents.

The Risk-Based Approach

The EU AI Act classifies AI systems according to risk level:

  • Unacceptable risk: prohibited practices (e.g. social scoring, manipulation).
  • High risk: systems that affect rights and safety (e.g. recruitment, credit, healthcare), subject to stringent obligations.
  • Limited risk: transparency obligations (e.g. disclosing that one is interacting with an AI).
  • Minimal risk: the majority of applications, with no specific obligations.

Obligations for High-Risk AI Agents

If an AI agent falls into the high-risk category, the company must guarantee a set of requirements to ensure its safety and reliability. The principal ones are:

  • Documented risk management system: continuous identification and mitigation of risks.
  • Robust data governance: data that is high-quality, representative, and free from bias.
  • Detailed technical documentation: to demonstrate compliance.
  • Automatic logging: traceability of the agent’s operations.
  • Appropriate human oversight: structured intervention points.
  • Accuracy, robustness, and cybersecurity: technical guarantees of reliability.

The Key Requirement: Human Oversight

For autonomous agents, the EU AI Act mandates human oversight as a fundamental requirement. Every agent must include structured intervention points at which a human being can monitor performance, and must be equipped with a mechanism to stop, correct, or override operations. This human-in-the-loop principle is not merely a regulatory obligation, but a risk management best practice: no agent should operate without the possibility of genuine human control.

The Responsibility of the Deploying Organisation

A crucial point: the regulation makes the company responsible for every AI system operating within its business, regardless of who built it. It is not possible to shift responsibility onto the technology provider. Moreover, like the GDPR, the EU AI Act has extra-territorial reach: any organisation must comply if its AI systems are used in the EU or produce outputs affecting EU residents.

The Penalties

The penalties for non-compliance are severe: up to 7% of annual global turnover or €35 million, whichever is the greater. A financial risk that alone justifies serious investment in governance.

The Governance Gap to Be Closed

The problem is that few companies are ready. Deloitte finds that only one in five companies has a mature governance model for autonomous AI agents. The remaining 79% are putting into production systems that will make decisions without the audit trails, escalation logic, and explainability mechanisms that regulators, auditors, and clients will require. Closing this gap is urgent.

How to Build Compliant Governance

  • Map your AI systems and classify them by risk level according to the EU AI Act.
  • Implement human oversight with checkpoints and override mechanisms for high-risk agents.
  • Document everything: risk management system, data governance, technical decisions.
  • Ensure traceability with automatic logging of agent decisions.
  • Establish cross-functional governance involving IT, legal, and business units — not just a single department.
  • Treat governance as a continuous process, not a one-off compliance exercise.

Conclusion

The EU AI Act transforms the governance of AI agents from an option into an obligation. With full applicability from 2 August 2026, fines of up to 7% of turnover, and responsibility falling on the deploying organisation, building robust governance can no longer be deferred. The good news is that governance and business value point in the same direction: AI agents that are well-governed, transparent, and supervised are also more reliable and effective. Turning compliance into a competitive advantage is possible. If you wish to automate your processes with AI agents that comply with the EU AI Act, contact us for a consultation on AI governance and compliance.

Keywords: EU AI Act AI Act AI agents AI governance AI Act compliance human oversight AI AI Act penalties European artificial intelligence regulation compliant process automation

Ti interessa questo argomento?

Contact Us per scoprire come possiamo aiutarti a implementare soluzioni simili nel tuo business.

Richiedi informazioni

Related Articles

View all articles

Pronto a innovare?

Contact Us per discutere come possiamo aiutarti a raggiungere i tuoi obiettivi.

Get started