The European Commission has fundamentally reshaped how regulators will evaluate complex AI systems made up of multiple interacting components, including agentic AI systems that can autonomously plan and execute tasks. On May 19, 2026, the Commission published long-awaited draft guidelines clarifying when AI systems fall under the EU AI Act's strict high-risk regime, with particular implications for developers building multi-component AI agents.

What Are Agentic AI Systems Under EU Law?

Agentic AI systems are AI applications designed to operate with some degree of autonomy, often combining multiple AI components that work together to accomplish goals. Think of them as AI systems that can break down a task, decide on steps to take, use various tools, and execute those steps with minimal human intervention. The new EU guidelines make clear that these systems cannot be evaluated component-by-component for compliance purposes.

Instead, the Commission states that "complex systems made up of several AI components, including so-called agentic AI systems, must be assessed holistically." This means if multiple AI components interact and their combined outputs materially influence a decision in a high-risk use case, the entire system must be treated as a single AI system for regulatory purposes.

How Should Companies Assess Agentic AI Systems for Compliance?

The practical implications are significant for organizations deploying agentic AI. Here are the key steps companies should take when evaluating whether their systems meet EU high-risk criteria:

• Holistic Assessment Required: Evaluate the entire agentic system as one unit, not individual components in isolation, even if some components perform narrow procedural or preparatory tasks.
• Material Influence Test: Determine whether the combined outputs of all interacting components materially influence a decision in any Annex III high-risk use case, such as employment decisions, credit scoring, or law enforcement applications.
• Separability Exception: Only treat components as separate if they are genuinely separable and do not contribute to a high-risk purpose; merely asserting separation is insufficient if the components functionally interact.
• Documentation of Interactions: Clearly document how each component contributes to the system's overall decision-making process and what outputs flow between components.

The guidelines emphasize that individual components cannot rely on exemptions under Article 6(3) of the AI Act in isolation unless they are truly separable and do not contribute to high-risk outcomes. This creates a significant compliance burden for developers of multi-agent systems, as even a component performing only a narrow task may be classified as high-risk if it contributes to outputs that materially influence a high-risk use case.

Why Does This Matter for AI Agent Developers?

The holistic assessment requirement fundamentally changes how companies must approach building and deploying agentic AI systems in Europe. Previously, developers might have hoped to classify individual components separately, potentially avoiding high-risk designation for some parts of their system. The new guidelines close that loophole.

For organizations using agentic frameworks like LangChain or similar multi-agent platforms, this means the entire orchestration layer, all tool-use components, and function-calling mechanisms must be evaluated together. If the system is designed to make decisions in regulated domains like hiring, credit assessment, or law enforcement, the entire agent framework becomes subject to high-risk requirements, which include extensive testing, documentation, human oversight mechanisms, and third-party conformity assessments.

The Commission also clarifies that safety functions will be interpreted broadly, potentially including monitoring and detection of hazardous situations, predictive maintenance where failure could create safety risks, prevention or mitigation of harm, and supervision of other safety components. This broad interpretation means agentic systems designed for efficiency or user experience may still qualify as safety components if their failure creates or amplifies safety risks.

Organizations deploying agentic AI systems in the EU market now face a clearer but more stringent regulatory landscape. The guidelines signal that the Commission views agentic systems as inherently complex and therefore requiring integrated compliance assessment rather than modular exemptions. Companies building or deploying such systems should begin auditing their architectures against these holistic criteria immediately, as the guidelines provide the Commission's official interpretation of how the AI Act applies to the emerging category of autonomous, multi-component AI agents.