When Four Regulators Speak in Unison, the Message Is Not Optional

On 31 March 2026, four UK regulators did something they rarely do: they co-signed a warning.

The Digital Regulation Cooperation Forum — comprising the Competition and Markets Authority, the Financial Conduct Authority, the Information Commissioner's Office, and Ofcom — published a foresight paper titled "The Future of Agentic AI," setting out the UK's most detailed cross-regulatory assessment yet of autonomous AI systems.

The paper carries a diplomatic disclaimer that it should not be read as policy. Read it as policy.

The DRCF emphasises that agentic AI does not fall outside existing legal frameworks, and that obligations on transparency, fairness, accountability, and consumer outcomes continue to apply. When four regulators issue the same warning at the same time, the direction of travel is no longer ambiguous.

The one sentence that changes everything

Buried in the diplomatic language of a foresight paper is a statement with immediate operational consequences.

The DRCF makes one point unambiguous: organizational responsibility for legal compliance is unchanged regardless of how autonomously an AI agent acts. "My agent did it" is not a defense any UK regulator will accept.

This single sentence reframes every AI agent deployment decision made in 2026. The autonomy of the agent does not transfer the accountability of the organization. When the agent violates a rule — when it processes data it shouldn't, when it makes a decision it wasn't authorized to make, when it manipulates a consumer outcome — the company is liable. Not the model. Not the provider. The company.

Most enterprises deploying AI agents today have not yet absorbed this. Their governance programs treat agents as software to be configured and monitored. The DRCF is treating agents as organizational actors whose behavior is attributable to the organizations that deploy them — at the same legal standard as the behavior of human employees.

The seven risks the DRCF expects every organization to answer for

The paper identifies seven categories of compliance risk businesses now face as AI agents move from pilots into operations.

Accountability

When multiple model providers, system integrators, and deploying organizations all contribute to an agent's behavior, the DRCF's answer is clear: the deploying organization is responsible. The complexity of the supply chain does not dilute accountability.

Data

Agents that access data they don't need for the task at hand create GDPR exposure. The data minimization principle applies to agents with the same force it applies to human employees — and most agent deployments have no mechanism to enforce it in real time.

Injection

External inputs — emails, documents, web content — can redirect agent behavior in ways the deploying organization never intended. The organization that deployed an agent without injection-resistant architecture is liable for the result.

Consent

When an agent executes a sequence of decisions that were never explicitly authorized — booking a service, committing to a contract, making a payment — the consumer's right to informed consent has been bypassed.

Collusion

Agents optimizing for commercial objectives in a manner that leads to worse personal outcomes for consumers — including implicit coordination on pricing without explicit human instruction — create competition law exposure.

Dark patterns

Agents optimized for engagement or conversion at the expense of consumer outcomes fall under existing consumer protection frameworks. The FCA Consumer Duty applies.

OSA

An agentic search or comparison tool may qualify as a regulated search service under the Online Safety Act — with compliance obligations the deploying organization may not have anticipated.

The "Many Hands" problem is an audit trail problem

The DRCF paper dedicates significant attention to what it calls the "Many Hands" problem — the diffusion of accountability across model providers, platforms, integrators, and deploying organizations.

When something goes wrong, regulators expect to see who authorized what, when, against which data. Most organizations cannot produce that record for AI agent activity at the level of detail enforcement will demand.

This is not a documentation problem. It is an architecture problem.

Producing the record that regulators expect requires that the record exists — continuously, for every agent action, in a form that cannot be altered after the fact. It requires that every agent action is attributed to a specific agent identity. That every tool call captures the causal context — what the agent was shown, what it retrieved, why it decided what it decided. And that the record is cryptographically signed at the point of capture, so that its integrity can be verified independently of any vendor's infrastructure.

Most enterprise agent deployments today rely on provider-native logs. Those logs are self-reported by the provider, stored on infrastructure the provider controls, and signed by the provider's own keys. They are vendor reports. When the FCA or ICO asks for a complete, verifiable account of what an agent did, a vendor report is not an independent audit trail.

The "Many Hands" problem is solved by removing the ambiguity: one governance layer, external to every agent and every provider, that captures and signs every action in a single tamper-evident record. Not many hands. One record.

Why this matters beyond the UK

All DRCF members share the view that existing UK legal frameworks apply to agentic AI in any event, and businesses must adapt their governance accordingly.

The UK is not legislating alone. The seven risks the DRCF identifies map almost exactly to the requirements of the EU AI Act, GDPR Article 22, NIS-2, DORA, and ISO/IEC 42001. This is not coincidence — it is regulatory convergence across jurisdictions reaching the same conclusions from different starting points.

An enterprise that addresses the DRCF's seven risks has, in the process, addressed most of the EU AI Act's high-risk logging requirements, DORA's independent audit trail obligations, and NIS-2's forensic evidence requirements. The frameworks are converging. The governance infrastructure that satisfies one satisfies most of the others.

The practical consequence: organizations that build compliant agent governance now are not building for one jurisdiction. They are building for the regulatory baseline that is emerging globally.

What to do before enforcement begins

Three concrete actions before Q3 2026:

Classify your agents against the seven risks. The DRCF has provided the risk register. For each agent in production, answer: which of the seven risks apply? Which can you demonstrate you have addressed? Which cannot you demonstrate? The gap between those two lists is your regulatory exposure.

Audit your audit trail. Can you produce, for any agent action in the past 90 days, a complete and verifiable record of what the agent processed, what it decided, what systems it touched, and under what authorization? If the answer requires calling your LLM provider for logs, you do not have an independent audit trail. You have a vendor dependency.

Move enforcement outside the agent. Identity controls, model guardrails, and prompt filters all share the same vulnerability: they can be bypassed by a sufficiently capable or sufficiently compromised agent. Policy enforcement that lives inside the agent is subject to the agent's own failure modes. The governance layer that satisfies the DRCF's accountability framework must sit outside the agent — in the data path, at the point of action, independent of any single vendor's infrastructure.

The DRCF has provided a free risk register from regulators who have both the means and the motivation to enforce it. Three of the four DRCF members — the FCA, ICO, and CMA — have active enforcement powers and have used them recently.

The foresight paper is not policy today. The enforcement actions that follow it will be.

↳ KYDE

KYDE sits between your agent fleet and every system your agents act on — capturing every action in a cryptographically signed, tamper-evident audit trail that is independent of every LLM provider. One governance layer. One record. The "Many Hands" problem has one answer.