You have connected an AI assistant to your email, your calendar, and your CRM. It can draft responses, schedule calls, and pull customer records when it needs context. Most of the time, that feels like a productivity gain. Then someone raises a question you hadn’t thought to ask: at what point does this become a data protection issue?
The UK’s data protection regulator has started putting its thinking on paper.
What does the ICO mean by agentic AI?
In January 2026, the Information Commissioner’s Office published Tech Futures: Agentic AI, its first structured look at AI systems that can plan and act with a degree of autonomy. The ICO describes these systems as built on large language models given goals, then left to break those goals into tasks, call external tools, and execute them without step-by-step human prompting.
The examples in the paper range from research assistants that gather information across multiple sources, to coding agents that write and test code, to commerce agents that can book services or make purchases on a user’s behalf. If you have set an AI tool to handle something end-to-end and come back with the result, you are already inside this territory.
One framing to hold from the start: the ICO explicitly says this paper should not be read as formal guidance or a statutory code. It is early-stage thinking, intended to help organisations prepare. As A&O Shearman noted in its analysis of the paper, it is a clear signal of where regulatory scrutiny will land, rather than a current enforcement baseline. That distinction matters. You are not yet running against finalised rules, but the direction of travel is clear enough to act on.
Why does this matter if you run a small firm?
The ICO’s paper is labelled “early thinking” rather than statutory guidance. But the regulator’s message is plain: existing UK GDPR and Data Protection Act 2018 rules apply in full to agentic AI right now, with no carve-out for small firms or early-stage deployments. Accountability stays with the organisation running the system. If your agent processes personal data, you are the controller, and the full framework applies.
The ICO has already shown willingness to use its enforcement powers on AI-enabled systems. Its action against Experian over opaque credit-profiling practices, where the ICO’s original intended penalty was £20 million before remediation led to an enforcement notice, illustrates that complex, data-driven decision systems are well within its remit. Maximum fines under UK GDPR reach £17.5 million or 4% of global annual turnover, whichever is higher.
The ICO’s core statement on accountability is worth quoting directly: “AI agency does not mean the removal of human, and therefore organisational, responsibility for data processing.” Responsibility for what the agent does with personal data sits with the firm running it. That applies regardless of how autonomous the AI becomes.
Where do UK GDPR obligations bite agentic AI in practice?
The obligations concentrate in four areas. Transparency: can you explain what your agent did and why, to any individual whose data it touched? Purpose limitation: did the agent use that data only for the stated purpose? Data minimisation: does it see only the information it needs? Security: have you controlled what external systems the agent can reach and what it can do once it gets there?
A further pressure point is automated decision-making. Article 22 of UK GDPR applies where an agent makes or substantially supports decisions with legal or similarly significant effects on individuals, such as credit assessments, hiring decisions, or personalised pricing. Skadden’s March 2026 analysis of the ICO paper notes that these provisions remain active regardless of how automated the decision-making chain has become.
The ICO also flags a risk particular to agentic systems: shadow AI. If staff start using agents outside any governance structure you have set up, the firm can still be held responsible for what those systems do with personal data. The ICO expects organisations to address this explicitly, with clear policies on which agents are approved, a process for handling unsanctioned tools if discovered, and a documented approach to decommissioning agents that are retired.
A practical step the ICO suggests is standalone monitoring for agent behaviour: recording what actions an agent took, what interventions occurred, and what outcomes resulted. This is especially relevant where agents interact with multiple external systems or with other agents.
When should you pay close attention, and when can it wait?
Pay close attention now if your agent processes personal data, makes or influences decisions with significant effects on individuals, or calls external tools such as CRMs, email platforms, payment systems, or booking APIs. The more your agent acts independently across those areas, the more directly UK GDPR applies. If you are still in a human-in-the-loop phase where you review every proposed action before it executes, your immediate risk exposure is lower.
The ICO has not yet published a statutory code of practice for agentic AI, though one is planned for 2026, alongside updates to its guidance on automated decision-making. For many owner-managed businesses, 2026 is the year to build basic compliance habits rather than optimise against finalised rules.
If you are building an innovative agentic project that uses personal data in the public interest, the ICO’s Regulatory Sandbox offers a structured route to test your compliance approach before scaling. It is a dialogue rather than a tick-box exercise, and it can surface gaps before they become enforcement problems.
The practical starting point is straightforward: review what personal data your current AI tools can access, what actions they can take without your review, and whether any of those actions could be read as automated decision-making with significant effects on the people involved. Book a conversation if you want to work through what that assessment looks like for your specific setup.
What else is in the regulatory picture alongside the ICO?
The ICO is coordinating with the Competition and Markets Authority, Ofcom, and the Financial Conduct Authority through the Digital Regulation Cooperation Forum, which includes a Thematic Innovation Hub on agentic AI. For regulated firms, the FCA has confirmed that AI-driven activities remain fully accountable under existing conduct, operational resilience, and consumer duty rules; its 2023 machine learning survey found 72% of regulated firms were already using or developing AI.
The National Cyber Security Centre’s guidelines for secure AI system development cover data security, model security, and deployment security in terms that apply directly to agentic systems. For firms with cybersecurity obligations, the NCSC guidance and ICO expectations on security overlap substantially, and both point in the same direction: control what your agents can access, and monitor what they do with it.
For businesses serving customers in the EU, the EU AI Act adds a further layer. Formally adopted in 2024, it applies extraterritorially where AI systems affect EU residents. Agentic systems used for credit scoring, employment decisions, or critical infrastructure may qualify as high-risk under its definitions, with obligations on risk management, data governance, transparency, and human oversight. Phase-in timelines run two to three years depending on risk classification, so early-stage preparation is the right posture for any UK firm with EU customers.
The government’s “Agentic AI and consumers” report, published by DSIT alongside the CMA, also signals that as agents begin transacting and contracting on behalf of users, digital identity and authentication will become central compliance considerations, with the UK Digital Identity and Attributes Trust Framework becoming relevant infrastructure for firms operating at that level.
