## Weekly signal

The week’s signal is that agentic AI is being pulled into concrete governance rails. Governments and standards bodies are no longer treating agents as just “chatbots with tools.” They are focusing on autonomy, delegated authority, identity, permissions, auditability, and who is legally responsible when an agent acts.

The strongest move came from China, which published a national policy document specifically for “intelligent agents.” The EU, meanwhile, agreed to simplify and delay parts of AI Act implementation, giving builders more runway but not removing core risk duties. In the US, pre-release government testing of frontier models expanded to more major labs. Security authorities and standards groups also pushed agent-specific identity and access controls as an emerging baseline.

## What changed

1. China issued an agent-specific national framework. On May 8, China’s CAC, NDRC, and MIIT released implementation opinions for the standardized application and innovative development of intelligent agents. The document defines agents as systems with autonomous perception, memory, decision-making, interaction, and execution capabilities. It calls for standards, agent interconnection protocols, agent registration and digital identity services, risk classification, testing, certification, recall measures for sensitive sectors, and industry self-discipline. It also lists priority use cases, including finance, healthcare, public security, procurement, government services, and judicial services.

2. EU AI Act timing became clearer, but agent builders still need to map obligations. On May 7, EU institutions reached provisional agreement on the Digital Omnibus AI simplification package. Stand-alone high-risk systems would move to December 2, 2027, and high-risk systems embedded in products to August 2, 2028. The deal also adds prohibitions on non-consensual intimate-content generation and CSAM-related AI practices, and clarifies AI Office oversight for systems based on general-purpose AI models.

3. US frontier-model review became a stronger voluntary governance layer. NIST’s CAISI signed agreements with Google DeepMind, Microsoft, and xAI for pre-deployment evaluations, post-deployment assessment, and national-security research. For agent builders, this matters because many high-autonomy products depend on frontier models that may now face more structured government testing before release.

4. Agent security guidance hardened around identity, least privilege, and accountability. The Five Eyes cyber agencies’ agentic AI guidance, still central this week, recommends using agents only for low-risk and non-sensitive tasks, avoiding broad access, updating governance policies, defining legal accountability, and requiring runtime authentication through centralized policy decision points. CoSAI followed with agentic identity and access-management guidance aimed at making every agent a governable security principal.

## What to do with it

Treat agents as regulated actors inside your systems, not just model calls. Create an agent inventory, assign owners, classify use cases by jurisdiction and risk, and document what each agent can decide, spend, access, or change.

For builders, the priority backlog is clear: unique agent identity, scoped credentials, signed actions, durable logs, human escalation paths, incident response for agent compromise, and vendor terms that allocate responsibility when third-party agents act incorrectly.

For go-to-market teams, assume procurement questionnaires will start asking for evidence of agent permissions, audit trails, evaluation results, and rollback controls. The frameworks are still uneven, but the direction is now consistent across China, the EU, the US, the UK, and allied cyber agencies.