The Information Commissioner’s Office has published its Tech Futures report on agentic AI, and the message is clear: autonomous systems that plan and act on behalf of users raise data-protection questions that current compliance models are not fully answering. The report identifies four red-line issues that organisations deploying agentic AI should address before the systems reach production.
Blurred controller and processor roles
Traditional data-processing relationships assume one party decides the purposes and means of processing, and another carries it out. Agentic AI disrupts that clarity. An agent may combine data from multiple sources, initiate actions across systems and make context-dependent choices that neither the user nor the provider explicitly approved.
When something goes wrong, regulators will ask who was in control. If your contracts and technical architecture do not make that clear, you may find yourself accountable for decisions you thought belonged to a vendor or to the end user. The ICO is signalling that ambiguity here is itself a compliance risk.
Scaled automated decision-making
Agentic AI can make or execute decisions at a scale and speed that would be impossible for human teams to review in real time. That matters because data-protection law restricts solely automated decisions with legal or similarly significant effects, unless an exception applies or meaningful human involvement is built in.
The ICO’s concern is not just that decisions are automated, but that the scale of automation makes meaningful human review impractical. If an agent can adjust credit limits, flag claims or shortlist candidates thousands of times a day, a theoretical right of human review is not enough. The design must allow a person to intervene before harm occurs.
Purpose creep
Agents are particularly prone to purpose creep because they are often given broad objectives and then find routes to achieve them that were not anticipated. An agent asked to “improve customer retention” might infer sensitive characteristics, combine data in unexpected ways or contact individuals for purposes that were not originally disclosed.
Data-protection law requires processing to be limited to the purpose for which it was collected. Organisations deploying agents need technical and governance guardrails that prevent mission drift — not because the agent is malicious, but because it is opportunistic.
Transparency gaps
The ICO also flags transparency. Users may not know that an agent is acting for them, collecting data on their behalf, or making decisions that affect them. Even where disclosure exists, it may not be meaningful: a long privacy notice does not help a user who does not understand what the agent is doing or why.
The report suggests that transparency for agentic AI needs to be dynamic and contextual. Users should understand the agent’s purpose, the data it is using, the actions it can take and how to stop it.
What to do now
Map agentic workflows to data-processing roles. Be explicit about who is controller, processor and user at each step. Update contracts and technical logs accordingly.
Define decision authority. Specify which decisions an agent may make autonomously, which require human approval, and which are off-limits entirely.
Lock down purpose and data use. Use system prompts, tool permissions and data-access controls to keep the agent within its intended scope.
Design transparency into the interface. Disclose the agent’s role, capabilities and data sources at the point of use, not buried in documentation.
The bottom line
Agentic AI is moving from experiment to operational tool faster than many governance frameworks can adapt. The ICO’s report is a useful early signal of where it will focus. Addressing these four red lines now will put you ahead of both regulatory expectations and operational risk.