Three jurisdictions. Three weeks. Three different answers to the same question: how do we govern AI systems that act autonomously in the world?
That question has moved from theoretical to urgent as agentic AI systems, systems capable of planning, tool use, and multi-step execution without step-by-step human direction, move from research to production deployment. The governance frameworks attempting to answer it are not waiting for each other.
The Agentic AI Governance Moment
The timing is striking. The UK’s Digital Regulation Cooperation Forum published “The Future of Agentic AI” on March 31, 2026, according to PPC Land reporting. The Trump administration released its National Policy Framework for Artificial Intelligence on March 20, 2026, per the White House. The EU AI Act’s AI Omnibus proposals, including a delay to the high-risk system compliance deadline that directly affects where agentic systems fall, were advancing through Parliament and Council in the same period, with positions confirmed by TechPolicy.Press and EU Council documents.
These developments aren’t coordinated. But they’re happening simultaneously. That convergence, even without coordination, is itself a signal. Regulators in all three jurisdictions are trying to get ahead of the same technology at the same moment.
What the UK DRCF Paper Says
The DRCF, the body coordinating AI oversight across the UK’s Competition and Markets Authority, Financial Conduct Authority, Information Commissioner’s Office, and Ofcom – defines agentic AI as “systems of AI agents that behave and interact autonomously to achieve their objectives,” capable of assessing goals, decomposing tasks, retrieving data, and executing actions, according to PPC Land reporting pending direct DRCF source confirmation.
The paper doesn’t establish regulations. It’s a foresight document, a systematic attempt to map where oversight pressure will be needed as agentic systems evolve. The DRCF commits to further horizon-scanning through 2026 and 2027 across user interfaces, consumer robotics, and physical AI.
What makes the paper significant isn’t its binding force. It has none. What matters is who wrote it. The CMA, FCA, ICO, and Ofcom represent the regulatory remit across competition, financial services, data protection, and communications in the UK. An agentic AI system operating in UK financial markets sits at the intersection of FCA oversight (conduct risk, consumer duty) and CMA oversight (market competition effects) simultaneously. The DRCF’s joint framing is a response to that regulatory fragmentation, and it signals these bodies are already coordinating their thinking, which means enforcement coordination will follow.
How the US Framework Addresses Agentic AI
The White House framework, built on Morrison Foerster’s analysis, spans seven legislative pillars. Agentic AI doesn’t appear as a distinct category. The framework doesn’t define agentic systems, doesn’t establish specific compliance requirements for them, and doesn’t direct any agency to develop agentic-specific guidance.
This isn’t oversight. It’s absence of oversight, deliberate or otherwise.
The framework’s pillar on “enabling innovation” signals the administration’s disposition: the regulatory default leans toward permissiveness. The preemption pillar, which would override state AI laws that impose “undue burdens”, suggests that state-level agentic AI governance efforts (several states have agentic-specific bills in committee) would face federal challenge if the preemption provision is enacted.
For teams building agentic systems in the US, the operative message from the federal framework is: no new federal requirements are coming in the near term. Existing obligations – under sector-specific law, state law, and existing federal requirements around data protection, financial regulation, and consumer protection, still apply. Agentic doesn’t change that calculus under current US federal law.
How the EU AI Act Captures Agentic AI
The EU AI Act’s approach is indirect but consequential. The Act doesn’t define “agentic AI” as a category. Instead, it works through use-case classification: systems used in employment decisions, access to essential services, law enforcement, and other high-risk applications face compliance obligations regardless of whether they’re agentic in architecture.
An agentic AI system used to screen job applications in the EU is a high-risk AI system under the Act, full stop. Its autonomy level doesn’t change the classification. The compliance obligations attach to the use case, not the architecture.
The AI Omnibus delay, however, changes the timing. The proposed shift of the high-risk compliance deadline to December 2027 or August 2028, confirmed through EU legislative positions, means organizations deploying agentic systems in EU high-risk categories before the new deadline may argue, per the non-retroactivity structure, that their systems fall outside the Act’s prospective reach unless substantially modified. That argument is contested and hasn’t been confirmed by EU regulatory authorities. But the window it creates is real.
A Three-Jurisdiction Comparison
| Dimension | UK (DRCF) | US (White House) | EU (AI Act + Omnibus) |
|---|---|---|---|
| Agentic AI defined? | Yes, five autonomy levels (per DRCF paper) | No | No (indirect via use-case classification) |
| Binding requirements? | No, foresight document | No, legislative recommendations | Yes, but delayed |
| Compliance deadline? | None | None | August 2026 (original); 2027-2028 (proposed) |
| Enforcement body | CMA, FCA, ICO, Ofcom (joint) | AI Litigation Task Force (challenge function), Congress (action required) | European AI Office |
| Default posture | Collaborative horizon-scanning | Innovation-permissive | Risk-based, category-driven |
What This Means for Teams Building Agentic Systems
The three-jurisdiction picture produces a practical set of guidance questions for development and compliance teams.
On scope: An agentic system operating only in the US faces no new federal agentic-specific requirements today. The same system operating in the EU faces use-case-based classification under the AI Act, with a compliance timeline that’s in flux but still operative. The same system in the UK faces no binding requirements today, but four regulators are actively building their oversight framework.
On documentation: The DRCF’s framework for agentic AI oversight, even as a foresight document, tells you what regulators are already thinking about. Documenting your system’s autonomy level, goal-setting mechanism, tool-use boundaries, and human oversight architecture now positions you well regardless of which jurisdiction’s requirements crystallize first.
On design: The EU’s use-case classification approach means the compliance risk for an agentic system is driven by what it does in practice, not how it’s architected. An agentic system designed for a genuinely low-risk use case faces different obligations than one designed for employment screening, even if both are architecturally identical. Use-case intentionality matters.
On jurisdiction strategy: Multi-jurisdiction teams need to model each jurisdiction’s requirements independently. The UK’s absence of binding requirements today doesn’t mean the absence of oversight tomorrow, the DRCF is explicitly building toward it. The US federal absence of agentic-specific requirements doesn’t mean state-level absence. The EU’s delay doesn’t eliminate compliance obligations.
What to Watch
The DRCF’s 2026-2027 horizon-scanning commitments will produce follow-up papers. Each narrows the distance between regulatory thinking and regulatory action. Watch specifically for publications on user interfaces and consumer robotics, the categories where agentic AI meets the widest consumer populations.
In the US, watch for state-level agentic AI bills. Several states have introduced or are developing legislation that specifically targets autonomous AI systems. If the federal preemption proposal doesn’t move in Congress, state-level agentic AI requirements may emerge before federal ones.
In the EU, the June 2026 political agreement deadline for the Omnibus is the key signal. If agreement is reached, the non-retroactivity window opens formally. If it slips, August 2026 remains operative, and agentic systems in EU high-risk categories face an immediate compliance question.
TJS Synthesis
The three major regulatory jurisdictions produced significant agentic AI governance signals within the same two-week window. None of them requires immediate compliance action today beyond existing obligations. All of them are pointing at the same problem, autonomous systems acting in the world, from different angles and with different tools.
For teams building agentic systems, the right response is to treat the DRCF’s framework as the most concrete signal of where regulatory scrutiny will land, use the EU’s use-case classification as the compliance architecture that’s most likely to produce binding requirements first, and treat the US federal framework as a permissive default that doesn’t eliminate state-level or sector-specific obligations.
Build for the EU. Watch the UK. Don’t ignore your state.