New paperThe Agentic Customer Experience: real-world use cases and a verifiable agent-to-agent trust framework for customer interactions.Read now
All posts
Industry

The regulatory perimeter is moving: 2026 trends in agentic AI law

The first wave of AI law was written for models. The next wave is being written for agents. A forward look at where agentic-AI regulation is heading — identity, contract formation, liability, and disclosure — and what operators should build now.

Teleperson Team · June 10, 2026 · 4 min read

The first two years of modern AI law were written for models: how they are trained, what data they ingest, what risks a single system poses to the people who use it. The next two years will be written for agents — systems that plan, use tools, transact, and increasingly communicate with other agents largely without a human in the loop. That is a different regulatory object, and the perimeter is already moving to meet it.

This is a trends note, not a survey. The point is not to catalog every statute but to name the vectors along which the rules are changing, so that anyone deploying agents can build ahead of the requirements rather than behind them.

From model-centric to agent-centric

Existing frameworks — the EU AI Act foremost among them — are organized around developers, deployers, and end users of a model. Agentic systems strain that taxonomy. When an agent decomposes a goal, calls external tools, and hands a sub-task to another agent, "the deployer" is no longer a single accountable party. The regulatory center of gravity is shifting from what the model can do to what the agent is allowed to do on someone's behalf — from capability to authority. Expect rules to start attaching to the delegation itself: what was authorized, by whom, within what bounds.

Identity and provenance

In a machine-to-machine market, the threshold question is "are you really who you say you are?" — asked by software, about software. Regulators and standards bodies are converging on the same answer researchers reached first: agents will need verifiable identity and provenance. Who does this agent act for? What authority does it carry? Can the counterparty check that, cryptographically, rather than take it on faith? The technical primitives already exist — verifiable credentials, DID-style identifiers, protocol-level agent cards. The regulatory trend is toward making some form of them mandatory for consequential transactions.

Contract formation and liability

Two of the oldest questions in law get new teeth in the agentic era. First, contract formation: when an electronic agent commits to a purchase or a change on a person's behalf, is the human bound? Doctrine mostly says yes — but doctrine assumed a deterministic script, not a probabilistic planner. Second, liability: when an autonomous agent causes harm, who owns the outcome — the developer, the deployer, the operator who set the bounds, or the user who delegated? The trend is toward allocating responsibility to whoever held meaningful control over the agent's authority, which makes how you scoped and logged that authority a legal artifact, not just an engineering detail.

Disclosure when an agent transacts for you

Consumer-protection law is moving toward a simple principle: people should know when they are dealing with an agent rather than a human, and when an agent is acting for them rather than merely advising. Disclosure obligations — "an automated agent completed this on your behalf," "this counterparty is an agent" — are the most likely near-term requirement because they are cheap to impose and easy to justify. Operators who bury the fact that an agent acted will find themselves offside first.

Antitrust in the machine market

A quieter trend worth watching: when many agents optimize against each other at machine speed, algorithmic coordination can emerge without anyone agreeing to anything. Competition authorities have signaled they will treat coordinated outcomes produced by autonomous pricing and negotiation agents as within reach of antitrust law, intent or no intent. For anyone building agents that transact in a market, "our agents just learned to do that" will not be a defense.

What operators should build now

The regulatory direction is legible enough to design for today. Three things travel well across every jurisdiction's likely path:

  • Scoped, delegated authority. Grant agents narrow, time-bound permission — read this order, refund up to this limit — and nothing more. Authority should be explicit and revocable, never inferred.
  • An auditable record. Log every consequential action with the operator, the target, and the authority under which it happened. When the liability question comes, the audit trail is the answer.
  • Gates on high-risk steps. Route regulated, identity-sensitive, and payment actions to a human by rule. Disclosure, controlled-substance handling, and consent belong behind a gate, not inside the model's discretion.

None of these are speculative. They are the same controls that make agents trustworthy, which is the whole point: in the agentic era, the compliant architecture and the trustworthy architecture are the same architecture. The perimeter is moving toward it either way — better to be standing there when it arrives.