Zum Inhalt springen
Back to overview
06 · AI agents

AI-agent workflows: compliance is architecture

Several AI agents working together is state-of-the-art — but legally demanding. You combine AI Act duties (Art. 26 human oversight, Art. 50 labelling) with GDPR Art. 22 (no fully automated individual decisions). Without an audit trail, no compliance proof.

AI-agent workflows: compliance is architecture

What it's about

Multi-agent systems are programs in which several AI agents split tasks — for example a 'CEO agent' planning strategy, an 'engineer agent' writing code, a 'reviewer agent' checking it. Sounds elegant; legally tricky. Which agent saw which data? Who made the decision? Who is responsible? The AI Act requires human oversight at critical decision points (Art. 26); GDPR forbids fully automated individual decisions without opt-in (Art. 22).

What makes it especially demanding: agents can cascade. Agent A produces a suggestion, Agent B refines it, Agent C executes — every hand-off a potential error source, every step a data-processing activity. Without a structured audit trail the question 'why did the system do this?' cannot be answered later. Yet that is precisely what both the AI Act (Art. 11 risk-management system, Art. 13 transparency duties) and GDPR (Art. 30 records of processing, Art. 22 right to explanation) require.

The practical answer is almost always: approval gates wherever money, people or customer-facing content is involved. Plus a searchable log per agent run, EU hosting for sensitive workloads, and a kill switch for anomalies. If you have these building blocks in place, you can show any auditor in five minutes how a specific output came about — and that is the test.

Who is affected

  • Software providers and agencies building or operating AI agents for clients — 'providers' in the AI Act sense.
  • SaaS companies with autonomous AI features: auto-reply, auto-booking, auto-purchase, content automation — anything that happens without human approval is scrutinised more strictly.
  • HR and recruiting tools with CV scoring, video interview analysis, applicant ranking — high-risk under Annex III with elevated duties.
  • Fintech and credit providers with ML scoring, creditworthiness or fraud detection — also high-risk (Annex III), plus GDPR Art. 22.
  • E-commerce with dynamic pricing, personalised recommendations or autonomous bot support toward end customers.
  • Businesses with internal AI agents for accounting, reporting or compliance checks — documentation duty applies even without external effect.
  • Operators of chatbots and virtual assistants — Art. 50 AI Act requires labelling, even for simple FAQ bots.

What is mandatory

  • Per agent run: full log (input, model, output, timestamp, tool calls).
  • Approval gates at critical decisions (hiring, budget, code deploy, customer contact).
  • Memory system for the audit trail (continuous-learning pattern, insights, improvements).
  • Rollback option for every agent action (no 'irreversible by design').
  • EU-hosted models for sensitive workloads (Scaleway Paris, no US provider).
  • Tool rules per agent: which APIs may it call, which data read, which actions take.
  • Human oversight dashboard for admin review of agent outputs before production.
  • Retention: delete AI prompts and logs after 30 days (unless legal retention applies).
  • AI labelling for every output to end users (Art. 50 AI Act): AiBadge, audible cue, text marker — machine-readable AND visible to humans.
  • Model card per deployed model: provider, version, training data provenance, known bias, language coverage — foundation for risk decisions.
  • Kill switch for anomalies: rate explosion, token overrun, content floods or hallucination cascade — automatic stop, not 'I'll check tomorrow'.

What I take care of

  • Architecture with clear agent roles (e.g. CEO/CTO/engineer pattern), tool rules per role.
  • Memory system (insights/improvements as separate collections with audit reference).
  • Approval workflow before production actions (admin UI, email notification).
  • Audit logging in Postgres with search UI: agent, run, input, model, output, time.
  • EU-hosted models by default (Scaleway Mistral, Pixtral) — US LLMs only on opt-in.
  • AiBadge integration on every AI output (DE+EN, visible to end users).
  • Dashboard with agent run history and filters (by agent, date, status).
  • Cost control per agent run: budget limit, token counter, automatic brake on overrun — protects against runaway bills and runaway agents.
  • Hallucination detection with confidence score: below threshold X automatic human triage instead of auto-publish — including a UI to refine.

Regulation (EU) 2024/1689 (AI Act) · GDPR Art. 22 · GDPR Art. 30 (records of processing) · GDPR Art. 35 (DPIA for profiling)

Frequently asked

Is a simple log file enough as an audit trail for AI agents?
In theory yes, in practice no. A flat log file is not searchable, not auditable, not access-controlled. In the worst case the supervisory authority wants to know per run: which agent? what input? which model? what output? which tools? Structured logging in Postgres with a search UI is the minimum standard for compliance proof.
When exactly do I need an approval gate?
Before any action with external impact: customer-facing content (blog post, email, invoice), money movement, HR decision, code deploy to production. Rule of thumb: 'Would I let an inexperienced employee do this without review?' — if no, then not an AI agent either. Approval can be a one-click UI, but must be documented (who, when, what).
Why EU-hosted models when OpenAI offers contracts too?
Three reasons. (1) Third-country transfer costs compliance effort (TIA, SCCs, risk weighing — repeated on every change of business basis). (2) Schrems II risk: US authorities can compel US providers. (3) Data sovereignty: for sensitive workloads (HR files, health, strategy papers) 'stay in the EU' is gold standard. Scaleway Mistral costs about the same and avoids the entire third-country topic.
Does my simple chatbot already fall under the AI Act?
Yes — Art. 50 requires labelling as AI as soon as a user interacts with the system. Even the simplest FAQ bot is covered. Additionally Art. 5 applies: no manipulation, no subliminal influence, no exploiting vulnerabilities. In practice a visible hint at the chat window (e.g. 'This chat is answered by an AI') plus an escalation path to a human is sufficient.
How do I comply with GDPR Art. 22 when the agent prepares decisions?
Human-in-the-loop only works if the human has real control — not if they formally rubber-stamp what the algorithm delivers. Concretely: the human must see the inputs, be able to justify the result, have alternatives, and be given time to review. A 'This decision was AI-prepared, approve?' without a real alternative violates Art. 22. For automated individual decisions (credit granting, applicant rejection, termination): obtain opt-in or route to humans.
What do I do if an agent made a wrong decision?
Immediately: reconstruct the run from the audit trail (input, model, prompt, tool calls, output) and roll the action back. With external effect (customer received wrong email, invoice mismatched): actively inform affected parties — a GDPR request may follow, and you need evidence. Document root-cause analysis (was it the prompt, the model, a tool call, an edge case in the data), tune guardrails, log it as a lesson learned in the memory system. Log every step — that is also the base for the 'lessons learned' duty under Art. 11 AI Act.

Need support?

Let's talk for 30 minutes. I'll look at your situation and tell you what makes sense as a next step.

Book a slot
Made in Germany100% DSGVO-konformEU AI Act ReadySicheres HostingBarrierefreiCookie ConsentDaten-Anonymisierung