Guide
The EU AI Act does not have a separate chapter for agents. It regulates AI by risk, so an agent is covered the way any AI system is, and what you owe depends on what it is used for. This guide is the practical version: whether it applies to you, what the high-risk obligations actually mean, where the timeline landed after it was delayed, and what is worth building now regardless of the date.
The EU AI Act is the European Union's risk-based regulation of artificial intelligence. It does not single out agents; it classifies AI systems by how risky their use is and attaches obligations to each tier. So the first question is never "is it an agent," it is "what is the agent used for." This guide walks through how to answer that, what the obligations are, and the honest state of the timeline, which has already shifted once.
We build Pinchy, a self-hosted AI agent platform, and several of the Act's technical expectations overlap with what we build, so we are not neutral. This is a practical orientation, not legal advice; for a specific deployment, get advice that knows your situation.
Two things decide it. First, reach: the Act applies extraterritorially, so if you provide or deploy an AI system whose output is used in the EU, you are in scope regardless of where your company sits. A self-hosted agent run by an EU company, or serving EU users, counts.
Second, risk tier. The Act sorts AI systems into four bands, and the band sets the obligations:
| Tier | Examples | What it means |
|---|---|---|
| Prohibited | Social scoring, certain manipulation | Not allowed at all |
| High-risk | Hiring, credit, critical infrastructure, safety components | The full obligation set |
| Limited-risk | Chatbots, most business assistants | Transparency (tell people it is AI) |
| Minimal-risk | Most internal tooling | No specific obligations |
The practical takeaway: most internal business agents (summarizing support tickets, drafting copy, querying your own data) land in limited or minimal risk, where the burden is mainly being transparent that users are dealing with AI. An agent becomes high-risk because of its use case, such as making or materially informing decisions about employment, creditworthiness, or a regulated product, not because it is technically sophisticated. Classify the use, not the model.
The Act entered into force in 2024 and applies in phases. The phase that matters for most high-risk obligations was originally 2 August 2026, and this is where recent news matters: under the 2026 Omnibus package, obligations for use-based (Annex III) high-risk systems were postponed from 2 August 2026 to 2 December 2027, and product-related (Annex I) high-risk obligations from 2 August 2027 to 2 August 2028 (Gibson Dunn). General-purpose AI model obligations sit on their own schedule.
The useful lesson is not the new date, it is that the date moved. A regulation this large, operationalized through standards that are still being drafted, will keep adjusting. Building your agent program to a single deadline is fragile. Building it to the underlying requirements (which do not move) is not.
If an agent is high-risk, the obligation set is substantial, and most of it is recognizable as good engineering and governance:
Read that list as an agent operator and it maps cleanly onto the four layers of agent governance: a record you can prove, access you can bound, a human who can intervene, and documentation of intent and ownership. The Act is, for agents, largely a legal restatement of controls a careful team would want anyway.
The numbers are sized to be taken seriously, and they scale with the breach. A prohibited practice can draw up to 35 million euro or 7% of global annual turnover, whichever is higher. Non-compliance with high-risk or other obligations can reach up to 15 million euro or 3%. Supplying incorrect or misleading information to authorities can reach up to 7.5 million euro or 1%. The exposure is meaningful enough that "we will deal with it later" is itself a risk decision.
Even with high-risk deadlines pushed toward late 2027, the move that ages well is to build the controls now, because they are the same controls that make an agent trustworthy independent of the law:
This is the part about our own product, and the honest framing matters here more than anywhere: no platform makes you compliant. Compliance is a program (classification, risk management, documentation, human process) that is yours to run. What a platform can do is provide the technical building blocks so the engineering side is not the hard part. Pinchy gives you a tamper-evident audit trail that lines up with the record-keeping expectation, a default-deny permission model for bounded access, roles and ownership for accountability, and a self-hosted deployment that keeps the data inside your control. It does not classify your use cases or write your documentation, and it is not a certification. It makes the parts that are technical, technical, and leaves the parts that are judgment to you.
FAQ
Yes, where an agent falls into one of the Act's risk categories. The AI Act regulates AI systems by risk rather than by whether they are agentic, so an agent is covered the same way any AI system is. What it must do depends on whether its use case is prohibited, high-risk, limited-risk, or minimal-risk. The Act also applies extraterritorially: providers and deployers serving users in the EU are in scope regardless of where they are established.
Only if its use case is on the Act's high-risk lists, for example agents used in employment decisions, credit scoring, critical infrastructure, or as a safety component of a regulated product. Most internal business agents (summarizing tickets, drafting text, querying your own systems) are limited or minimal risk and carry mainly transparency obligations. The honest first step is to classify the use case, not the technology.
The timeline is phased and was recently adjusted. Under the 2026 Omnibus changes, obligations for use-based (Annex III) high-risk systems were postponed from 2 August 2026 to 2 December 2027, and product-related (Annex I) high-risk obligations from 2 August 2027 to 2 August 2028. General-purpose AI model obligations have their own dates. Because the dates have moved once, treat any single date as subject to change and build for the requirements rather than to a deadline.
High-risk obligations include automatic record-keeping (Article 12: logs over the system's lifetime, retained at least six months), a risk-management system, human oversight, technical documentation, transparency to deployers, and appropriate accuracy and robustness. For an agent, most of this maps onto governance you would want anyway: a tamper-evident audit trail, bounded access, a human able to intervene, and documentation of what the agent is and does.
Fines scale with the breach. Engaging in a prohibited practice can reach up to 35 million euro or 7% of global annual turnover, whichever is higher. Non-compliance with high-risk or other obligations can reach up to 15 million euro or 3% of turnover. Supplying incorrect or misleading information to authorities can reach up to 7.5 million euro or 1% of turnover.
Pinchy gives you the audit trail, bounded access, and self-hosting that the technical side of AI agent compliance needs. Open source, self-hosted, free to run.
Or email us: info@heypinchy.com