GDPR, NIS2, DORA, and NIST CSF become relevant when AI agents can reach regulated data or critical systems because the organisation must still demonstrate control, accountability, and incident readiness. The practical test is whether identity governance can prove who approved the access, what the agent can do, and how quickly it can be removed if risk changes.
Why This Matters for Security Teams
When AI agents can reach regulated data or operational systems, the question stops being abstract policy and becomes evidence, accountability, and containment. Frameworks such as GDPR, NIS2, DORA, and the NIST Cybersecurity Framework 2.0 still apply because the organisation must prove access was authorised, monitored, and revocable. That obligation becomes harder when the “user” is an autonomous agent that can chain tools, move laterally, and act outside the original intent.
NHIMG research on AI Agents: The New Attack Surface found that 80% of organisations report their AI agents have already performed actions beyond intended scope, while only 52% can track and audit the data those agents access. That gap is exactly where regulatory exposure becomes operational exposure. The risk is not just a policy violation; it is loss of control over who, or what, touched sensitive records and why. Current guidance suggests that agent governance should be treated as a control plane issue, not a model-only issue.
In practice, many security teams encounter this after an agent has already accessed sensitive systems, rather than through intentional access design.
How It Works in Practice
The practical answer is to map agent access to the same obligation stack used for human and machine identities, but with stronger runtime controls. For agentic workloads, static role assignment is usually too coarse because the agent’s actions are task-driven, not job-description-driven. Current best practice is evolving toward context-aware authorisation, just-in-time credential issuance, and workload identity so the system can validate what the agent is trying to do at the moment of access.
That means pairing identity proof with policy evaluation at request time. Standards and guidance such as the OWASP Top 10 for Agentic Applications 2026, the NIST AI Risk Management Framework, and CSA MAESTRO agentic AI threat modeling framework all point toward runtime governance, traceability, and explicit accountability. In practical terms, teams should be able to answer four questions for each sensitive action:
- What workload identity proved this was the right agent?
- What policy allowed the action right now?
- What sensitive data or system was touched?
- How quickly can access be revoked if behaviour changes?
That is why many teams pair NHI controls from the Ultimate Guide to NHIs — Regulatory and Audit Perspectives with agent-specific logging and short-lived secrets. These controls tend to break down when agents are allowed to reuse long-lived credentials across multiple tools because revocation and attribution become too slow for autonomous execution.
Common Variations and Edge Cases
Tighter control often increases latency and operational overhead, requiring organisations to balance auditability against task completion speed. That tradeoff is especially visible in regulated sectors, where agents may need access to customer records, payment workflows, or production infrastructure. There is no universal standard for this yet, so guidance should be treated as risk-based rather than one-size-fits-all.
One common edge case is delegated access for multi-agent workflows. If one agent plans and another executes, the organisation still needs a single accountable control point for approval, logging, and revocation. Another is emergency or break-glass access, where a human may approve elevated rights for an agent under incident conditions. That can be defensible, but only if the elevation is time-bound and fully auditable. NHIMG’s Top 10 NHI Issues and the OWASP Non-Human Identity Top 10 both reinforce that weak lifecycle control is a recurring failure mode for machine identities.
For compliance teams, the practical test is whether the organisation can demonstrate least privilege, removal on demand, and incident readiness even when the agent’s behaviour is not fully predictable. These controls tend to break down in highly dynamic environments where agents can create new tool chains faster than governance rules are reviewed.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A-03 | Covers agent misuse of tools and excessive authority in autonomous workflows. |
| CSA MAESTRO | MT-02 | Addresses agent threat modeling, control boundaries, and traceability. |
| NIST AI RMF | GOVERN | Supports accountability, oversight, and risk ownership for AI systems. |
Constrain agent tool use with runtime policy checks and explicit approvals for sensitive actions.
Related resources from NHI Mgmt Group
- When is it crucial to implement least-privilege access for AI agents?
- How should security teams govern AI agents that use OAuth access?
- How should security teams limit the risk from AI agents that have access to production systems?
- How should security teams govern AI agents that can access enterprise systems?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 24, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
