Este artigo está disponível apenas em inglês no momento.
Agentic AI Governance: How to Govern AI That Takes Actions in the World
AI agents — systems that browse the web, write and execute code, send emails, manage files, and take sequences of autonomous actions — are being deployed in enterprises now. Existing AI governance frameworks were not designed for them. Here is what needs to change.
Key Takeaways
Agentic AI — AI that takes sequences of autonomous actions rather than responding to individual prompts — is being deployed in enterprises today under governance frameworks designed for prompt-response AI. The mismatch creates real governance gaps.
The fundamental governance challenge of agentic AI: human oversight mechanisms designed for reviewing AI outputs are inadequate when the AI is taking actions faster and in more domains than human review can keep pace with.
The five governance requirements specific to agentic AI deployment: action scope limitation, pre-execution plan review, real-time monitoring with circuit-breakers, comprehensive action logging, and clear accountability for agent-initiated actions.
The EU AI Act's human oversight requirements apply to agentic AI but were written with prompt-response AI in mind — regulators are beginning to develop agentic-specific guidance, and organisations deploying agents in high-risk contexts should engage proactively.
Practical immediate actions: define the action scope for each agentic deployment, implement logging of all agent actions, establish a human review trigger for unusual agent behaviour, and assign a named accountable owner for each agentic AI system.
"Apenas para fins informativos. Este artigo não constitui aconselhamento jurídico, regulatório, financeiro ou profissional. Consulte um especialista qualificado para orientação específica."
What agentic AI actually is
The term "agentic AI" describes AI systems configured to take sequences of actions in pursuit of goals, rather than responding to individual prompts and producing single outputs. An agentic AI might: receive a goal ("research and summarise the five largest competitors in this market"), then autonomously browse websites, read documents, take notes, synthesise information, and produce a report — without human review at each intermediate step. A more consequential agentic deployment might: monitor a customer service inbox, draft responses, send those responses, escalate complex cases, and log interactions — again, with minimal human involvement in each individual action.
The deployment of AI in agentic configurations has grown rapidly in 2025-2026, driven by the increasing capability of large language models to follow complex instructions, use tools reliably, and maintain coherent behaviour over extended task sequences. Enterprise agentic deployments include: AI research agents that gather and synthesise information; AI coding agents that write, test, and deploy code; AI customer service agents that handle enquiries end-to-end; AI procurement agents that manage supplier interactions; and AI operations agents that monitor systems and take automated responses to alerts.
Why existing governance frameworks fail for agentic AI
Governance frameworks for AI were largely developed in response to specific, bounded AI applications — models that take specific inputs, perform specific functions, and produce specific outputs. The human oversight mechanisms in these frameworks assume that a human can review the AI's output before it has significant consequences. These assumptions break down for agentic AI in two ways. First, the speed problem: agentic AI takes actions faster than human review can keep pace with — an email agent handling customer enquiries may send hundreds of responses per hour, each of which has consequential implications for the organisation. Second, the scope problem: agentic AI may take actions across multiple systems and domains simultaneously, making holistic review by a single human reviewer impossible.
The five governance requirements for agentic AI
Action scope limitation defines the boundaries of what an agentic AI can do without explicit human approval. Each agentic deployment should have a documented action scope: which systems can it access, which actions can it take autonomously, and which actions require human approval. Actions outside the defined scope should require explicit escalation to a human. The scope limitation is both a technical control (implemented through API permissions and action restrictions) and a governance control (documented, reviewed, and enforced).
Pre-execution plan review enables human oversight before the agent begins taking actions. For complex agentic tasks, the agent should be required to produce a plan — the sequence of actions it intends to take — for human review before execution begins. This is particularly important for high-stakes tasks where individual actions may have irreversible consequences. Pre-execution review is less necessary for routine, low-stakes agentic tasks where the action space is well-defined and bounded.
Real-time monitoring with circuit-breakers detects and stops unexpected agent behaviour during execution. The monitoring system should alert on: actions outside the defined scope, unusual frequencies of specific actions, actions in systems the agent has not previously accessed, and actions that exceed defined thresholds (spending above a dollar amount, sending above a number of messages). Circuit-breakers that pause agent execution pending human review are the primary safety mechanism for agentic AI in production.
Comprehensive action logging creates the audit trail necessary for accountability, incident investigation, and regulatory compliance. Every action taken by an agentic AI system — every API call, every message sent, every document accessed or modified, every decision made — should be logged with sufficient detail to reconstruct the agent's reasoning and action sequence after the fact. This logging is required by the EU AI Act's record-keeping obligations for high-risk AI and is increasingly expected by enterprise procurement requirements.
Clear accountability assigns a named human who is responsible for each agentic AI system's behaviour. The accountability must be genuine — not nominal. The accountable person must have the information, authority, and capacity to oversee the agent's operations and to respond when the agent behaves unexpectedly. An accountable owner who is not informed when the agent takes unusual actions, or who lacks the authority to pause the agent, is not providing real accountability.