Download PDF

Agentic AI and Accountants: Emerging Regulatory and Professional Risks

May 2026

The ICAEW’s recent article, “Can AI agents create regulatory compliance risks?” (28 April 2026), highlights the increasing deployment of so‑called “agentic AI” systems and the associated regulatory risks as a developing issue for the accountancy profession.

The ICAEW’s article is based on the Digital Regulation Cooperation Forum’s (“DRCF”) March 2026 foresight paper, The Future of Agentic AI, which provides a cross‑regulatory perspective on how these technologies interact with existing legal frameworks.

The DRCF was established to ensure coherence between the regulatory regimes of its member regulators (the Competition and Markets Authority, the Financial Conduct Authority, the Information Commissioner’s Office, and Ofcom), to work together on complex challenges and develop capabilities for the future.

The DRCF paper is not meant to indicate any current or future regulatory policy. The objective of the paper is to facilitate discussion of agentic AI and how UK regulatory frameworks can help realise the opportunities of this technology in a responsible and safe way.

While acknowledging that agentic AI has the potential to provide significant consumer benefits, the paper emphasises that it may also intensify existing risks and create new ones, particularly in areas such as data protection, consumer protection, online safety, and cybersecurity.

For accountants, and those advising them on risk, agentic AI is not simply a technological development. It raises fundamental questions of regulatory compliance, governance, and ultimately professional negligence exposure.

What is “agentic AI” and why does it matter?

The DRCF describes agentic AI as systems capable of acting autonomously to achieve user-defined goals, including planning workflows and executing actions across systems. Unlike traditional AI tools that simply generate outputs, agentic systems can act, for example, by initiating transactions, compiling reports, or interacting with third-party platforms.

Regulation applies equally to AI and human decision-making

The potential benefits of agentic AI are clear. As the ICAEW notes, AI agents can automate both front-office and back-office tasks, delivering productivity gains in areas such as reporting, workflow management and data analysis. The DRCF similarly emphasises that such technologies may drive efficiency, innovation and improved consumer outcomes.

However, the defining feature of agentic AI, its ability to act independently, is also the source of its risk, particularly in the absence of sufficient transparency or human oversight.

A clear and central message from both the ICAEW and the underlying DRCF report is that agentic AI does not replace or override existing regulatory obligations. Obligations relating to transparency, fairness, consumer protection and accountability therefore remain unchanged, regardless of whether decisions are made by a human or an AI agent.

Key compliance risks identified

The ICAEW article highlights that the DRCF identified seven key areas of compliance risk. While not exhaustive, several themes are particularly relevant from a legal risk perspective:

1. Fragmented accountability

Where AI is introduced into decision-making processes, responsibility may become spread across multiple parties – developers, vendors and users. The “many hands problem” complicates assigning responsibility when errors arise.

However, regulators are unlikely to accept fragmented responsibility as a justification for failure. The DRCF paper highlights that every stage of the value chain has a part in managing risks.

The firm deploying the system remains answerable for its outputs. Therefore, the accountancy practice will remain accountable to clients and regulators. This has clear implications for professional negligence claims: liability cannot be outsourced along the technology chain.

2. Reduced human oversight

Although agentic system’s autonomy can improve efficiency, it raises the possibility that errors may go unnoticed until after they have caused harm.

A key issue in disputes will be whether the firm maintained adequate human supervision and whether it would have been reasonable to implement additional controls.

3. Data protection and confidentiality risks

Given that AI agents often ingest, process and transfer large volumes of data, data protection risks are both significant and foreseeable.

For accountants, this raises acute concerns around client confidentiality, GDPR compliance and the security of commercially sensitive information.

While these risks are not entirely new compared to earlier forms of AI, the autonomous nature of agentic systems can amplify existing issues and introduce new ones. These systems often require extensive access to personal and operational data, which may be shared across multiple agents and integrated with external tools, raising questions around lawful processing, especially where automated decision-making affects individuals’ rights or interests.

There is a particular risk of breaching key GDPR principles, such as data minimisation, where there may be a tendency to grant agents broad or unrestricted data access to improve performance. In addition, the speed and complexity of multi-step automated workflows may undermine individuals’ ability to provide informed consent.

To mitigate these risks, organisations should ensure they limit data use to what is strictly necessary for the intended purpose and maintain clear transparency about how personal data is used within agentic systems. This is critical both for regulatory compliance and for building trust.

4. Cybersecurity vulnerabilities

As agentic ecosystems become more interconnected, the potential attack surface for malicious actors may grow, increasing cybersecurity vulnerabilities. Agents are often granted broad permissions and access to sensitive information – such as emails, browsing histories, and customer records – which they may inadvertently disclose or which attackers could exploit to abuse privileges or extract data.

Risks such as prompt injection are heightened because autonomous agents ingest and act on untrusted inputs from a wide range of sources, including the open internet. Their capacity to take actions also makes them attractive targets, while the use of non-human identities without robust session controls may create opportunities for unauthorised access or impersonation.

At the same time, it is worth noting that agentic AI may also offer benefits, including enhancing cybersecurity by helping organisations detect and respond to complex threats.

5. Transparency and explainability

Without robust governance and meaningful human oversight, multi-agent systems risk becoming opaque “black boxes,” meaning their internal decision-making processes are difficult for users, deployers, and regulators to understand or trace.

This lack of transparency can lead to non-compliance with consumer, contract, and data protection laws, as it may hinder the ability to challenge decisions, understand how they were reached, and track how data has been shared.

This sits uneasily with existing obligations to provide clear advice and reasoning to clients. It also creates evidential challenges in defending claims: if a firm cannot explain how a recommendation was generated, it may struggle to demonstrate that reasonable skill and care were exercised.

Practical steps for accountancy firms

From a defence lawyer’s perspective, the key issue is not whether AI will be used in accountancy, but rather whether firms can demonstrate defensible governance around its use. Several practical points emerge:

1. Governance and audit trails

Firms will need clear governance frameworks documenting how AI tools are selected, deployed and monitored. The ability to reconstruct decision-making processes (including data inputs and system outputs) will be critical in both regulatory investigations and civil claims.

2. Human oversight and control

“Set and forget” deployment is unlikely to be defensible. Continuous monitoring, escalation protocols and defined points of human intervention will be expected.

3. Risk assessment and classification

The DRCF’s concept of a “spectrum of autonomy” suggests that not all AI systems present equal risk. Firms should classify their systems accordingly and calibrate controls to the level of autonomy.

4. Contractual allocation of risk

While contractual protections with software providers will remain important, firms should not assume these will shield them from regulatory or client-facing liability. As noted above, accountability to both regulators and clients ultimately remains with the deploying firm.

Professional negligence exposure: a forward look

Agentic AI raises a number of likely future battlegrounds in a dispute:

• Standard of care: what constitutes reasonable skill and care where AI tools are used? Will it be negligent not to use AI, or negligent to rely on it?
• Causation: how will courts approach causation where outcomes are produced by complex, multi-layered AI systems?
• Evidence: how will firms prove what an AI agent “did” and why, particularly where systems lack transparency?
• Systemic risk: the scaling effect of AI means that a single error could affect multiple clients simultaneously, increasing exposure in group claims.

Key takeaways

The ICAEW article rightly presents AI agents as both an opportunity and a risk. While the DRCF’s paper makes clear that regulatory expectations are evolving in a consistent direction. Existing frameworks will be applied, and firms will be required to adapt accordingly.

For accountants, the message is clear. Agentic AI is not merely a technical development – it represents a governance challenge. For advisers to the profession, it also signals an emerging area of potential liability that is likely to give rise to significant disputes in the coming years.

Firms that invest early in strong oversight, thorough documentation, and effective risk management will be best positioned not only to meet regulatory expectations, but also to defend their position if issues arise.

If you have any questions regarding the information discussed in this article, please contact David McArdle and Wilhelm Matthee.

Download PDF