EU AI Act compliance depends on identity controls for AI agents

At a glance

What this is: The article argues that EU AI Act readiness for AI agents depends on identity, authorization, logging, and oversight controls rather than model-centric governance alone.

Why it matters: IAM, NHI, autonomous, and human governance teams all need the same operational evidence trail for who approved, what acted, what data was touched, and whether the workflow can be audited.

By the numbers:

• 74% of organizations expect to use AI agents at least moderately by 2027, and almost a quarter plan to use them widely across their operations.
• The EU AI Act can impose penalties of up to €35 million or 7% of global annual turnover for certain violations.

👉 Read Descope's analysis of EU AI Act controls for AI agents

Context

The core issue is not whether an organization uses AI, but whether it can govern the identity behind each AI action. As AI agents gain access to systems, data, APIs, and workflows, traditional IAM models that assume a human operator or a static service account behind every action start to strain.

The EU AI Act turns that strain into a compliance problem. Deployers and providers both need evidence of transparency, accountability, human oversight, logging, and risk management, which means identity context now has to travel with the action, not sit outside it.

Key questions

Q: How should security teams govern AI agents that access enterprise systems?

A: Security teams should treat AI agents as governed identities, not just applications. That means scoping permissions tightly, binding actions to an accountable principal, logging token issuance and downstream access, and inserting human approval for sensitive steps. The goal is to make every privileged action traceable, reviewable, and defensible under policy and regulation.

Q: Why do third-party AI models still create compliance obligations?

A: Third-party AI does not remove deployer responsibility. If an organisation uses external models, copilots, or agent workflows inside its own products or operations, it still needs oversight, logging, risk management, and evidence of accountability. The obligation follows the use case and the workflow, not just who built the model.

Q: What breaks when AI actions cannot be traced to a user or policy decision?

A: When AI actions cannot be traced, the organisation loses auditability, incident reconstruction, and accountability. Security teams cannot prove who approved access, which permissions were active, or whether the workflow stayed within scope. That failure turns governance into guesswork and makes EU AI Act readiness difficult to demonstrate.

Q: How can organisations prepare for EU AI Act oversight requirements?

A: Organisations should inventory AI usage, classify risk, define ownership, and build controls for delegated access, human oversight, and logging before enforcement pressure rises. The most useful evidence will be the operational record of who acted, what the agent touched, and how exceptions were handled.

Technical breakdown

Agentic identity controls for EU AI Act readiness

Agentic identity controls are the mechanisms that connect an AI system to an accountable principal, a scoped permission set, and an audit trail. In practice, this means authenticating the agent, constraining what it can request, enforcing delegated authorization at token issuance or exchange, and recording every significant action. Without that chain, governance teams cannot prove who initiated an action, what permissions were in force, or whether the system stayed within approved scope. For EU AI Act use cases, this is the difference between a monitored workflow and an ungoverned autonomous action path.

Practical implication: Treat agent identity as a first-class control plane and require explicit approval, scoping, and logging for every privileged agent action.

Delegated access and human oversight in AI workflows

Delegated access means an AI agent acts under permissions granted for a specific purpose, not under broad standing rights. Human oversight is the control that interrupts or constrains the workflow when risk rises, especially for sensitive actions such as data access, external API calls, or customer-impacting decisions. The article’s emphasis on approval records and step-up controls reflects a basic governance requirement: if the organization cannot show where human oversight applied, it cannot show compliant oversight. That is especially important when third-party AI models or copilots are embedded into existing business processes.

Practical implication: Scope delegated access tightly and preserve a human approval path for actions that can change data, decisions, or system state.

Auditability, logging, and traceability for AI actions

Auditability is the ability to reconstruct what the AI system did, when it did it, under whose authorization, and against which systems or data. The EU AI Act pushes this from a nice-to-have into an operational requirement for many deployments. Logging must therefore include user attribution, policy decisions, token issuance, delegated approvals, and downstream access events. If logs do not capture the identity chain, they cannot support incident review, regulatory response, or internal accountability. In AI governance, an incomplete audit trail is effectively the same as no audit trail at all.

Practical implication: Build log retention and event capture so investigators can reconstruct the full agent-to-resource access chain without guessing.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Identity is becoming the compliance boundary for AI governance. The EU AI Act does not only ask what the model can do. It asks who can use it, what it can access, and whether those actions can be traced and justified. That makes authentication, delegated authorization, and audit logging the operational evidence layer for AI governance. Practitioners should treat identity controls as compliance controls, not as adjacent infrastructure.

Provider and deployer responsibilities create a governance gap when AI is embedded by third parties. Many organisations assume they escape the regulation if they do not build the model, but deployer obligations still attach when AI is used inside products, workflows, or internal operations. That means third-party AI does not remove accountability. The practitioner conclusion is that vendor due diligence must extend to identity, logging, and oversight mechanics, not just model claims.

Traceability becomes the named control concept for AI-readiness. The article’s real through-line is not generic “AI security”, but traceability across delegated actions. That concept spans user approval, token issuance, policy enforcement, and downstream API activity. Without traceability, teams cannot prove compliance, detect misuse, or explain decision paths after the fact. Practitioners should frame AI readiness around traceable identity chains rather than isolated model controls.

Human oversight fails when approval is not embedded into the execution path. The EU AI Act’s oversight expectations only matter if the workflow can pause, escalate, or step up before sensitive action completes. If AI agents can act across systems without a decision point, oversight becomes retrospective rather than operative. The field implication is that governance cannot rely on after-the-fact review for agentic systems; the control has to exist at action time.

Identity and access management is now part of AI risk management, not a downstream implementation detail. AI systems that access enterprise data or customer workflows create a direct dependency between privilege scope and regulatory exposure. That shifts the centre of gravity from model oversight alone to least privilege, delegated access, and event-level accountability. Practitioners should expect AI programmes to be judged by their identity discipline as much as by their model governance.

From our research:

• 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• That gap is why the Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs remains the right next step for lifecycle, access, and offboarding discipline.

What this signals

Traceable identity chains will become the practical test of AI readiness. If a workflow cannot show who approved access, which token was issued, and what the agent touched, the organisation will struggle to satisfy both security review and regulatory evidence requests. That is where AI governance becomes measurable rather than aspirational.

The governance challenge is no longer limited to model choice or prompt safety. AI programmes will increasingly be judged on whether they can constrain delegated access, preserve human intervention points, and maintain logs that survive legal and audit scrutiny across business units and regions.

With 80% of organisations reporting AI agents performing actions beyond intended scope in our AI Agents: The New Attack Surface report, the operational signal is clear: visibility and scope control need to be designed before broad deployment, not retrofitted after exceptions accumulate.

For practitioners

• Inventory every AI entry point Map internal copilots, embedded SaaS features, API-connected agents, and shadow AI workflows so you know where AI can act, what it can reach, and which business owner is accountable for each deployment.
• Bind agent actions to explicit principals Require user attribution, delegated authorization, and scoped token issuance for each agent session so auditors can reconstruct who approved the action and under what authority it occurred.
• Enforce step-up controls for sensitive operations Route data access, external API calls, and customer-impacting decisions through a human approval path or escalation gate before the action completes.
• Extend logging beyond login events Capture policy decisions, token exchanges, downstream resource access, and approval records in a tamper-resistant audit trail that supports compliance review and incident investigation.
• Review third-party AI contracts for governance evidence Ask vendors how they support logging, visibility, delegated access, and oversight so you can prove deployer responsibilities even when the model is externally supplied.

Key takeaways

• EU AI Act readiness for AI agents depends on identity, logging, and oversight, not just model governance.
• Deployers remain accountable even when they consume third-party AI, so vendor risk reviews must include access and audit mechanics.
• Teams that cannot reconstruct agent actions from logs, approvals, and delegated rights will struggle to prove compliance or contain incidents.

Key terms

• Agentic Identity Controls: The identity, authorization, and logging controls that bind an AI agent to a specific principal and a limited permission set. They let security teams prove what the agent did, under whose authority, and with which downstream systems it interacted.
• Delegated Authorization: A permission model where an AI system acts only within rights granted for a specific purpose and scope. It is narrower than broad service access because the permission is tied to the action context, approval chain, and governance record.
• Traceability: The ability to reconstruct an AI action from initiation through authorization to downstream impact. In AI governance, traceability depends on logs, approvals, policy decisions, and identity context that survive long enough for audit and incident review.
• Deployers: Organisations that use an AI system internally or embed it into products and workflows, even if they did not build the model. Under the EU AI Act, deployers can still carry oversight, logging, and risk management obligations.

Deepen your knowledge

AI governance and delegated access are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for AI agents, it is a practical place to start.

This post draws on content published by Descope: The EU AI Act: Map Agentic Identity Controls For AI-Readiness. Read the original.