If you deploy an autonomous AI agent at a regulated team today, the rules that already bind you are narrower and more specific than the headlines suggest. As of June 2026, the enforceable items are the EU AI Act’s prohibitions (live since February 2025), its general-purpose AI and transparency duties (live since August 2025), and a handful of US state laws (Texas and several California statutes took effect on January 1, 2026). The big high-risk obligations, the ones most agent workflows worry about, have been pushed back, and the US picture is shifting under a federal effort to override state rules. This post gives you the dated map, with primary sources, so you can tell what is law now from what is coming.
This is general information, not legal advice. Dates and texts move; confirm current obligations with counsel for your jurisdiction and use case.
What is enforceable under the EU AI Act right now?
The EU AI Act (Regulation 2024/1689) applies in phases. Two phases are already live.
The prohibitions (Article 5) have applied since February 2, 2025. These ban a defined set of practices outright. The ones an agent builder is most likely to touch are social scoring, certain manipulative or deceptive techniques, untargeted scraping to build facial-recognition databases, and, importantly for the workplace, emotion recognition (covered below). The AI literacy duty in Article 4 also started on this date. The official phase dates are published by the European Commission on the AI Act implementation timeline.
The general-purpose AI (GPAI) rules and the governance and penalty provisions have applied since August 2, 2025. GPAI means a model trained broadly enough to do many tasks, the foundation-model layer underneath most agents. Providers of these models now carry documentation and transparency duties. The Act’s governance structure (the AI Office, the national authorities) and its penalty articles also became operative on this date. Models already on the market before August 2, 2025 have until August 2, 2027 to come into compliance.
What got delayed, and to when?
The most consequential change since this topic was last simple is the Digital Omnibus. On November 19, 2025 the European Commission proposed simplifying parts of the digital rulebook, and on May 7, 2026 the Council and Parliament reached a provisional agreement on targeted AI Act amendments. The headline for agent teams: the high-risk obligations for Annex III systems, originally due to apply on August 2, 2026, now apply no later than December 2, 2027. Law firms tracking the file, including Gibson Dunn and White & Case, describe the new fixed timeline.
The stated reason is that the harmonized technical standards that high-risk providers are supposed to build against arrived late. That is a fair, documented rationale: you cannot hold a company to a conformity standard that does not yet exist. The legitimate enterprise concern on the other side is that a moving deadline rewards waiting, and waiting is exactly how a regulated team ends up with an undocumented, unlogged agent already in production when the date finally lands.
Which agent workflows are high-risk under Annex III?
Annex III lists the use cases the Act treats as high-risk. For agents inside a company, the employment category is the one that catches the most real workflows. Annex III names two employment buckets:
- Recruitment and selection: systems used to place targeted job ads, filter applications, and evaluate candidates.
- Decisions in the employment relationship: systems that make or materially inform decisions on promotion, termination, and task allocation, and systems that monitor and evaluate the performance and behaviour of workers.
That last clause is the one to read twice. A “productivity agent” that scores how employees work can fall inside Annex III. Other high-risk categories that agents touch include credit and creditworthiness scoring, access to essential private and public services, and certain biometric and critical-infrastructure uses.
| EU AI Act item | What it covers | Status as of June 2026 |
|---|---|---|
| Article 5 prohibitions | Social scoring, manipulation, workplace emotion recognition, etc. | Applies (since Feb 2, 2025) |
| Article 4 AI literacy | Staff understand the AI they use | Applies (since Feb 2, 2025) |
| GPAI model duties (Ch. V) | Documentation, transparency for foundation models | Applies (since Aug 2, 2025) |
| Governance and penalties | AI Office, authorities, fines | Applies (since Aug 2, 2025) |
| Article 50 transparency | Tell users it is AI; mark synthetic content | Applies (since Aug 2, 2025) |
| High-risk, Annex III (stand-alone) | Employment, credit, essential services, etc. | Delayed to no later than Dec 2, 2027 |
| High-risk in regulated products | Safety components (medical devices, machinery) | Applies Aug 2, 2027 |
What does the workplace emotion-recognition ban actually prohibit?
This one is live and absolute, with a narrow carve-out. Article 5 prohibits placing on the market or using AI systems to infer emotions of a person in the workplace and in education institutions. The only exception is for medical or safety reasons, such as a system that detects driver fatigue for safety. The Future of Privacy Forum has a clear breakdown of this red line.
For an agent program, the practical reading is direct. An agent that listens to support calls to coach reps is fine if it grades the workflow (resolution time, policy adherence, accuracy). It is on prohibited ground the moment it starts inferring the agent’s or the customer’s emotional state to evaluate the worker. The distinction between scoring the work and scoring the worker’s feelings is not a style choice. It is the line between a high-risk system you can document and a prohibited one you cannot deploy at all.
Where does the US stand, state by state?
The US has no single federal AI statute. Instead there is a patchwork of state laws and a federal push to flatten it. Here is the dated state of play.
Federal executive guidance. In April 2025 the Office of Management and Budget issued two memos for federal agencies: M-25-21 on accelerating federal AI use with governance and minimum risk-management practices for high-impact AI, and M-25-22 on AI acquisition. These bind agencies, not private companies, but they are a useful template: chief AI officers, public use-case inventories, and risk controls for consequential systems.
A move to preempt the states. On December 11, 2025, the President signed an executive order, Ensuring a National Policy Framework for Artificial Intelligence, which sets up an AI Litigation Task Force to challenge state AI laws in court and threatens certain federal funding for states with laws Washington deems onerous. An executive order cannot repeal a state statute by itself; only Congress or the courts can do that. But it has already changed the risk calculus, and several states have slowed down.
State laws in effect now (January 1, 2026):
- Texas (TRAIGA, HB 149) took effect January 1, 2026. It prohibits AI used to intentionally incite harm, to unlawfully discriminate, or to assign a government “social score,” requires government entities to disclose when a person is interacting with AI, and tightens biometric-identifier consent.
- California put several statutes into effect on January 1, 2026, including the Training Data Transparency Act (AB 2013), which requires developers to publish a high-level summary of training data. The AI Transparency Act (SB 942) duties were phased and partly delayed by AB 853, with platform obligations reaching into 2027.
A law that was delayed:
- Colorado (SB 24-205), the first comprehensive US AI law, was pushed from February 2026 to June 30, 2026, and then, after further amendment, to January 1, 2027, with its risk-based, anti-discrimination framework narrowed in the process. Its enforcement was also stayed earlier in 2026.
| US item | Type | Status |
|---|---|---|
| OMB M-25-21 / M-25-22 | Federal agency guidance | In effect (April 2025), binds agencies |
| Dec 11, 2025 executive order | Federal preemption effort | Active; litigation and funding pressure |
| Texas TRAIGA (HB 149) | State statute | In effect Jan 1, 2026 |
| California AB 2013, SB 942/AB 853 | State statutes | In effect Jan 1, 2026 (some phased to 2027) |
| Colorado SB 24-205 | State statute | Delayed to Jan 1, 2027 |
What should an agent deployment build, regardless of date?
The dates move. The obligations rhyme. Across the EU framework and every serious US bill, five operational requirements recur, and all five are easier to build in from day one than to retrofit after an audit request.
- Classify the workflow. Decide, per workflow, whether it is prohibited, high-risk, transparency-only, or minimal-risk, and write down why. Classification is the input to every other control. Our autonomy ladder shows how the unit of governance is the workflow, not the agent.
- Disclose the AI. Where a person interacts with the agent, or sees content it produced, tell them. Article 50 already requires versions of this.
- Log decisions for replay. Keep inputs, tool calls, outputs, and the policy decision for every consequential run, so a run can be reconstructed and defended. This is the audit trail regulators and auditors ask for.
- Keep a human in the loop where it counts. High-risk and consequential actions need a defined approver and a real ability to override, not a rubber stamp.
- Monitor at the workflow level, not the individual. Measure cost, quality, and outcomes per workflow. Do not turn the trace lake into worker surveillance, which is exactly what the Annex III employment-monitoring category and the emotion-recognition prohibition are policing.
This is also the connective thread of our thesis. Vendor policies change, model versions get deprecated, and the legal map redraws itself twice a year, as this very post documents. The defensible response is to keep the agent, its evals, its pinned models, and its audit trail inside your own boundary, where you control the evidence. When a regulator, an auditor, or your own general counsel asks what the agent did and why, the answer lives in your control tower, not in a third party’s logs. See how this maps to a private deployment model and our security posture, and browse more on these themes in our insights.
FAQ
Are autonomous AI agents specifically regulated, or just “AI systems”?
The laws regulate AI systems by use case and risk, not by the label “agent.” An autonomous agent that screens job candidates is governed by the same Annex III high-risk rules as any other system doing that task. The autonomy raises the practical stakes (more actions taken without a human in the loop), which is why logging and human oversight matter more, not less, for agents.
My EU high-risk obligations were delayed to 2027. Can I wait?
You can wait to file conformity paperwork, but you should not wait to build the underlying controls. Classification, risk assessment, logging, and human oversight take quarters to stand up and are needed the moment the date lands. The prohibitions and transparency duties, including the workplace emotion-recognition ban, are already enforceable regardless of the high-risk delay.
Does the US executive order mean I can ignore state AI laws?
No. The December 11, 2025 executive order directs federal agencies to challenge state laws and pressures funding, but it does not repeal any statute. Texas and California laws are in effect now, and Colorado’s takes effect in 2027 unless changed again. Until courts or Congress act, the state obligations that apply to your workflow still apply.