Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Security, privacy, and agentic AI in a regulatory view: From definitions and distinctions to provisions and reflections

Shiliang Zhang, Sabita Maharjan

Abstract

The rapid proliferation of artificial intelligence (AI) technologies has led to a dynamic regulatory landscape, where legislative frameworks strive to keep pace with technical advancements. As AI paradigms shift towards greater autonomy, specifically in the form of agentic AI, it becomes increasingly challenging to precisely articulate regulatory stipulations. This challenge is even more acute in the domains of security and privacy, where the capabilities of autonomous agents often blur traditional legal and technical boundaries. This paper reviews the evolving European Union (EU) AI regulatory provisions via analyzing 24 relevant documents published between 2024 and 2025. From this review, we provide a clarification of critical definitions. We deconstruct the regulatory interpretations of security, privacy, and agentic AI, distinguishing them from closely related concepts to resolve ambiguity. We synthesize the reviewed documents to articulate the current state of regulatory provisions targeting different types of AI, particularly those related to security and privacy aspects. We analyze and reflect on the existing provisions in the regulatory dimension to better align security and privacy obligations with AI and agentic behaviors. These insights serve to inform policymakers, developers, and researchers on the compliance and AI governance in the society with increasing algorithmic agencies.

Security, privacy, and agentic AI in a regulatory view: From definitions and distinctions to provisions and reflections

Abstract

The rapid proliferation of artificial intelligence (AI) technologies has led to a dynamic regulatory landscape, where legislative frameworks strive to keep pace with technical advancements. As AI paradigms shift towards greater autonomy, specifically in the form of agentic AI, it becomes increasingly challenging to precisely articulate regulatory stipulations. This challenge is even more acute in the domains of security and privacy, where the capabilities of autonomous agents often blur traditional legal and technical boundaries. This paper reviews the evolving European Union (EU) AI regulatory provisions via analyzing 24 relevant documents published between 2024 and 2025. From this review, we provide a clarification of critical definitions. We deconstruct the regulatory interpretations of security, privacy, and agentic AI, distinguishing them from closely related concepts to resolve ambiguity. We synthesize the reviewed documents to articulate the current state of regulatory provisions targeting different types of AI, particularly those related to security and privacy aspects. We analyze and reflect on the existing provisions in the regulatory dimension to better align security and privacy obligations with AI and agentic behaviors. These insights serve to inform policymakers, developers, and researchers on the compliance and AI governance in the society with increasing algorithmic agencies.
Paper Structure (9 sections, 1 figure, 6 tables)

This paper contains 9 sections, 1 figure, 6 tables.

Table of Contents

  1. Introduction
  2. Overview of the EU AI regulatory documents
  3. Definitions and distinctions from a regulation perspective
  4. Concepts for AI systems and examples
  5. Privacy, security, and closely relevant concepts
  6. Regulatory provisions
  7. Privacy provisions
  8. Security provisions
  9. Conclusions

Figures (1)

  • Figure 1: An overview of the EU AI regulatory documents and their relevance with privacy, security, and agentic AI. The word "General" indicates the presence of privacy/security provisions that do not target any specific AI systems. The word "Dedicated" indicates the presence of privacy/security provisions that target one or more specific AI systems, and the provision of specific measures/obligations/recommendations towards such AI systems.