?asOf= parameter to see the current catalog state.Obligations specific to AI systems that take autonomous multi-step actions (browse, transact, plan, recurse). Distinct from foundation_models (capability) and catastrophic_risk (outcome) — this is the action-surface frame. Surfaces in EU AI Office GPAI Code drafts, UK AISI agent evaluations, Seoul Frontier AI Safety Commitments §3, NIST AI 600-1.
Definition & scope
The cross-jurisdiction picture below shows how each of 45 tracked instruments treats this topic. The patterns vary substantially — and 27 regimes are silent, leaving gaps that future policy work could address.
Coverage across jurisdictions
Historical primacy & cross-jurisdiction tension
First addressed by NIST AI Risk Management Framework on (implicit). Subsequent regimes have either codified, diverged from, or remained silent on this baseline.
- Forum-shoppingSeoul Declaration on Safe, Innovative and Inclusive AI↔Executive Order 14110 on Safe, Secure, Trustworthy AI
- Forum-shoppingNIST AI RMF Generative AI Profile↔Executive Order 14179 — Removing Barriers to American Leadership in AI
- Forum-shoppingAnthropic Responsible Scaling Policy (RSP) v2↔UK Pro-Innovation Approach to AI Regulation (White Paper)
Compare jurisdictions: EU vs US · EU vs UK · EU vs CN
Enforcement & impact
Silent regimes — gap signal
Instruments that do not address Agentic AI Governance — candidates for future policy work.
- Executive Order 14110 on Safe, Secure, Trustworthy AIUS
- Executive Order 14179 — Removing Barriers to American Leadership in AIUS
- UK Pro-Innovation Approach to AI Regulation (White Paper)UK
- OECD AI Principles (Recommendation)OECD
- UN GA Resolution on Safe, Secure, Trustworthy AIUN
- California SB-1047: Safe and Secure Innovation for Frontier AI Models ActUS
- India Digital Personal Data Protection Act + AI Advisory (MEITY)IN
- ASEAN Guide on AI Governance and EthicsASEAN
- African Union Continental AI StrategyAfrican_Union
- White House Voluntary AI CommitmentsUS
- Singapore Model AI Governance Framework for Generative AISG
- Japan METI AI Guidelines for BusinessJP
- General Data Protection Regulation (GDPR)EU
- EU General-Purpose AI Code of PracticeEU
- OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI)US
- GSA Generative AI and Specialized Computing Infrastructure Acquisition Resource GuideUS
- DoD Responsible AI Strategy and Implementation PathwayUS
- FedRAMP AI Cloud Procurement GuidanceUS
- DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)US
- California SB 243: Companion ChatbotsUS
- California SB 942: AI Transparency ActUS
- UNESCO Recommendation on the Ethics of Artificial IntelligenceUNESCO
- Provisions on the Administration of Deep Synthesis of Internet Information ServicesCN
- TAKE IT DOWN Act (Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act)US
- Italy Law No. 132/2025 on Artificial Intelligence (Legge 23 settembre 2025, n. 132)IT
- Japan AI Promotion Act (Act on the Promotion of Research, Development and Utilization of AI-Related Technologies)JP
- UN Global Digital CompactUN
See also
Further reading
11 academic & grey-literature sources bearing on this topic — catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- Governing AI Agents Preprint✦ AIUses "agency law and theory to identify and characterize problems arising from AI agents" and proposes governance infrastructure built on inclusivity, visibility, and liability.
- Infrastructure for AI Agents Peer-reviewed✦ AIProposes "agent infrastructure": external technical systems for attributing actions "to specific agents, their users, or other actors," shaping interactions, and remediating harms.
- Multi-Agent Risks from Advanced AI Research institute✦ AIIdentifies three failure modes of advanced multi-agent systems — "miscoordination, conflict, and collusion" — plus seven risk factors, posing challenges distinct from single-agent AI.
- Authenticated Delegation and Authorized AI Agents Preprint✦ AIIntroduces a framework for authenticated, authorized, and auditable delegation to AI agents by extending OAuth 2.0/OpenID Connect, maintaining accountability chains for agent actions.
- AgentHarm: A Benchmark for Measuring Harmfulness of LLM Agents Peer-reviewed✦ AIProvides a 440-task benchmark across 11 harm categories measuring whether LLM agents resist or comply with harmful multi-step tool-use tasks, grounding safety-evaluation regimes for agents.
- Better together? Human oversight as means to achieve fairness in the European AI Act governance Peer-reviewed✦ AIExamines whether Article-14 human oversight of high-risk/autonomous AI can actually deliver fairness, probing the limits of human-in-the-loop as a governance mechanism.
- Visibility into AI Agents Peer-reviewed✦ AIProposes agent identifiers, real-time monitoring and activity logs to give governance actors visibility — "where, why, how, and by whom certain AI agents are used."
- IDs for AI Systems Preprint✦ AIProposes ascribing IDs to instances of AI systems so users can verify safety certifications, investigate incidents, and enable oversight of agentic deployments.
- Secret Collusion among AI Agents: Multi-Agent Deception via Steganography Preprint✦ AIShows LLM agents can use steganography to communicate covertly, exposing a monitoring/oversight gap for governing multi-agent systems and motivating ongoing mitigation.
- A Safe Harbor for AI Evaluation and Red Teaming Preprint✦ AIProposes legal and technical safe-harbor protections so independent researchers can conduct good-faith safety evaluation and red-teaming of AI agents/systems without ToS reprisal.
- Chain-of-Thought Monitoring PreprintKorbak, T., Balesni, M., Barnes, E., Bengio, Y., et al. (2025), 'Chain of Thought Monitorability: A New and Fragile Opportunity for AI Safety.' arXiv:2507.11473.
References
The primary instrument sources behind the article's classifications.
- EU-AIA-2024: Arts. 26-29 deployer obligations apply to agent operators; Arts. 51-55 GPAI obligations capture the underlying model
- CN-GENAI-2023: Arts. 4, 8 (service-provision scope) — agent-like generative services fall within registration + safety-assessment obligations
- G7-HIROSHIMA: Code §1 'advanced AI systems' + §3 risk-identification cover agentic behaviour through capability frame
- COE-AI-CONV: General-AI scope (Art. 3) covers agent systems; no agent-specific provision
- NIST-AI-RMF: Map / Manage functions apply to autonomous systems; no agent-specific profile yet
- BLETCHLEY-2023: Frontier-AI risk frame includes autonomous-action risks; no specific obligation
- SEOUL-2024: Frontier AI Safety Commitments §3 — pre-deployment capability evaluations include agentic behaviours under 'realistic deployment conditions'
- NIST-AI-RMF-GENAI: NIST AI 600-1 names Value Chain + Component Integration as risk category covering agentic / tool-use deployments
- BR-AIBILL-2024: Risk-based framework (PL 2338 Arts. 13-15) covers agent systems under high-risk tiers if applicable
- ANTHROPIC-RSP-2024: RSP v2 — ASL thresholds include 'autonomous AI replication' + agentic capability evaluations
- OPENAI-PREPAREDNESS-2023: Preparedness Framework — Model Autonomy is one of four named risk categories
- DEEPMIND-FSF-2024: FSF Critical Capability Levels — Autonomy is one of four named CCL domains
- META-FRONTIER-2024: Capability tiers cover agentic behaviour; not named as a distinct category
- UK-US-AISI-MOU-2024: Joint AISI capability evaluations include agentic-behaviour testing
- CA-SB-53: Bus. & Prof. Code § 22757.11 catastrophic-risk prongs cover a model acting 'without meaningful human oversight' or 'evading the control of its developer or user' (§ 22757.13 incident reporting); reached only via the catastrophic-risk lens, not a dedicated agentic-autonomy regime
- EU-PLD-2024: Art. 7(2)(c) — defectiveness accounts for a product's ability to continue to learn or acquire new features after market placement; Art. 11(2) — post-placement software-update liability within the manufacturer's control
- EU-PWD-2024: Directive (EU) 2024/2831, Articles 9-11
- NY-RAISE-2025: N.Y. Gen. Bus. Law § 1420(7) critical harm includes model conduct 'with no meaningful human intervention'; § 1420(13) 'safety incident' includes autonomous model behaviour + control failures — autonomy reached via the catastrophic-risk/incident lens, not a dedicated agentic regime
Cite this article 8 formats · BibTeX, RIS, APA, Chicago, … · 1-click copy
Persistent identifier: https://policywindow.org/wiki/agentic-systems-governance — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here
18 instruments tracked.