Thing Event SystembyPentatonic

Legislation

The regulatory landscape for AI agents

AI agents acting autonomously in commerce face new regulatory requirements worldwide. Understanding these regulations — and building governance now — is essential.

EU AI Act

Status

Enacted. High-risk requirements enforce August 2026.

Penalties

Up to €35M or 7% of global annual turnover.

Key Requirements

  • -Risk classification for AI systems
  • -Documented risk management systems
  • -Conformity assessments before deployment
  • -Human oversight mechanisms (Art. 14)
  • -Ongoing monitoring and reporting
  • -Transparency and documentation (Art. 13)

How TES helps

  • Immutable event log satisfies Art. 13 transparency requirements
  • VI delegation chains recorded as events satisfy Art. 14 human oversight
  • Continuous agent session monitoring with compliance checks
  • Exportable audit trails for conformity assessments
  • Jurisdiction-based compliance event routing

Colorado AI Act

Status

First US state-level AI regulation. Pattern-setter for other states.

Significance

Establishes the template other US states are expected to follow.

Key Requirements

  • -Impact assessments for high-risk AI systems
  • -Disclosure when AI is making consequential decisions
  • -Risk management programmes for deployers

How TES helps

The same event-sourced governance that satisfies the EU AI Act applies here. Immutable agent session logs, correlation-based audit trails, and exportable compliance reports meet Colorado's impact assessment and disclosure requirements.

Verifiable Intent + TES

Verifiable Intent (VI) and TES serve complementary roles in agent governance. VI is the per-transaction receipt — SD-JWT delegation chains that prove a specific action was authorised. TES is the continuous governance layer — an immutable event log of everything the agent did, before, during, and after.

"Verifiable Intent is the receipt. TES is the CCTV."

L1: Identity

Who is the human principal?

L2: Intent & Constraints

What are they allowed to do?

L3: Action

What did the agent actually do?

VI covers L1 and L2. TES wraps around and between all three layers — recording everything.

Regulatory Timeline

Aug 2024EU AI Act enters into force
Feb 2025Prohibited AI practices apply
Aug 2025GPAI model obligations apply
Aug 2026High-risk AI system requirements apply
Aug 2027Full enforcement for all AI systems

Build governance in now. Be compliant before the deadline.

See how TES helpsTalk to our team

Time is running out

August 2026 is closer than you think

Start building governance into your AI agent infrastructure today.

Explore features