ICO on Agentic AI

The ICO has published a Tech Futures report on Agentic AI, outlining how this emerging technology may evolve over the next few years, and what it means for data protection, privacy, and governance.

Agentic AI goes beyond traditional generative AI. It combines:

➡️ generative models,

➡️ access to tools and systems,

➡️ contextual awareness,

➡️ and the ability to perform open-ended, goal-driven actions with limited human intervention.

While the technology is still evolving, the ICO is clear that organizations remain responsible for how these systems process personal data.

Obraz autorstwa rawpixel.com na Freepik

The report highlights several novel and amplified risks compared to traditional AI systems:

SupplyChain

Agentic systems often involve:

➡️ foundation model providers,

➡️ tool and API providers,

➡️ integrators,

➡️ deployers.

Determining controller vs. processor roles becomes more complex.

Automated Decision-Making

Agentic AI can rapidly automate complex, multi-step decisions, increasing:

➡️ scale,

➡️ speed,

➡️ and potential impact on individuals.

This raises direct implications for:

➡️ automated decision-making rules,

➡️ transparency,

➡️ explainability,

➡️ and human oversight under UKGDPR.

Broad or Undefined Purposes

The ICO warns against:

➡️ vague purposes,

➡️ “general-purpose agents” without clear boundaries,

➡️ open-ended instructions that allow unnecessary personal data processing.

Data Minimisation and Special Category Data

Agentic AI may:

➡️ access more data than necessary,

➡️ infer sensitive attributes,

➡️ unintentionally process special category data.

Transparency and Data Subject Rights

As agentic systems become more complex:

➡️ it may be harder to explain how decisions are made,

➡️ individuals may struggle to exercise access, objection, or erasure rights.

Cybersecurity Risks

Because agentic AI can interact with multiple systems and tools, it may:

➡️ expand attack surfaces,

➡️ be abused to automate malicious actions,

➡️ introduce new vectors for data exfiltration.

High-risk examples include systems that:

➡️ have no clearly defined purpose,

➡️ are connected to unnecessary databases,

➡️ lack access controls or activity monitoring,

➡️ allow uncontrolled onward data sharing.

From an ITGRC perspective, the ICO’s approach makes sense. Agentic AI introduces new technical capabilities, but not new governance principles.

Organizations remain responsible for:

➡️ data protection,

➡️ risk management,

➡️ security,

➡️ and accountability.

What changes is the need for stronger integration between:

➡️ AI governance,

➡️ data governance,

➡️ security governance,

➡️ and overall IT governance.

Link

Author: Sebastian Burgemejster