Person at a laptop in an office reviewing AI agent policy configuration

AI Agent Governance 2026: AWS, Microsoft and Anthropic Establish Enterprise Controls

How the three largest AI providers deliver governance tools and what the EU AI Act requires by August 2026

AWS Bedrock AgentCore, Microsoft Foundry and Anthropic Enterprise offer production-ready controls for autonomous AI agents for the first time. The clock is ticking: the EU AI Act's high-risk obligations take effect in August 2026.

Summary

AI agents increasingly act autonomously in enterprises, yet governance infrastructure is missing in most organisations. Only 43 percent have a centralised AI data gateway. AWS, Microsoft and Anthropic released new governance controls in March 2026: AWS uses policy gateways with the Cedar language, Microsoft integrates agents into identity management via Entra Agent IDs, and Anthropic delivers a Compliance API with real-time monitoring. Implementation is urgent for European businesses, as only 5 percent use AI for structural transformation, and the EU AI Act's full high-risk obligations take effect on 2 August 2026.

Why AI Agent Governance Is Now Mandatory

AI agents increasingly act autonomously in enterprises: they call tools, access data and execute workflows without a human approving every step. This autonomy is the core of their value, but also the core of the problem.

A red-team study from February 2026, involving researchers from Harvard, MIT, Stanford and Carnegie Mellon, demonstrated how serious the situation is: AI agents independently deleted emails, exfiltrated social security numbers and triggered unauthorised actions because no effective stop mechanism existed.

100%
of surveyed organisations have agentic AI on their roadmap
43%
have a centralised AI data gateway
29%
of employees use unauthorised AI agents
Aug. 2026
EU AI Act high-risk deadline

The EU AI Act's full high-risk obligations take effect on 2 August 2026. Organisations without documented control mechanisms face fines of up to 15 million euros or three percent of global annual turnover. The three largest AI providers responded in March 2026, delivering production-ready governance tools for the first time.

AWS Bedrock AgentCore Policy: Control Outside the Code

On 3 March 2026, AWS made policy controls for Amazon Bedrock AgentCore generally available across 13 AWS regions. The core principle: security rules are defined outside the agent code and checked by the AgentCore Gateway before tool execution.

Cedar is an open, human-readable and machine-evaluable policy language that AWS uses for AgentCore Policy. Cedar rules are evaluated at runtime without requiring an LLM to interpret the policies.

An agent may not call a tool without explicit permission. The default behaviour is denial. Security teams can adjust rules without touching the agent code. Developers can describe rules in plain English, and AgentCore automatically translates them into Cedar and checks for logical consistency.

Key Takeaway

AWS separates agent logic from security rules: developers write code, security teams write policies. The Cedar language enables thousands of policy decisions per second at millisecond latency.

AgentCore is also available as an MCP server, enabling policy authoring directly in AI-powered code editors. Every policy decision is logged via CloudWatch for compliance and audit purposes. The AgentCore SDK has exceeded two million downloads in five months since its preview.

Microsoft Foundry: Agents in the Identity System

Microsoft Foundry takes a fundamentally different approach from AWS: instead of a separate policy gateway, Microsoft treats AI agents as manageable entities in the existing enterprise identity system. Every Foundry agent receives its own Microsoft Entra Agent ID, the same mechanism used for human users.

This allows IT administrators to manage agents with familiar tools: Conditional Access, Identity Protection, Identity Governance and network policies. KPMG already has the system in production. KPMG's Global Head of Audit Innovation and AI stated that governance and observability in Azure AI Foundry deliver exactly what KPMG needs in a regulated industry.

Foundry Control Plane Details

Trace-Level
Visibility across the entire agent execution chain
VNet Isolation
Bring Your Own VNet and Managed VNet for data protection
Azure Policy
Define compliance rules once, enforce fleet-wide

Limitation for EU organisations: Hosted Agents in Microsoft Foundry are currently only available in the North Central US region. European organisations with data residency requirements need to plan their own solution architectures.

Anthropic: Compliance API and Admin Controls

Anthropic significantly expanded Claude's enterprise governance capabilities with its 24 March 2026 updates. The new Compliance API gives compliance teams programmatic real-time access to usage data and customer content, without manual exports or periodic reviews. The Enterprise Analytics API delivers usage and engagement data at organisation and daily level.

API

Compliance API

Programmatic real-time access to usage data for continuous monitoring and audit trails

Analytics

Enterprise Analytics

Usage and engagement data at organisation and daily level for data-driven decisions

Admin

Admin API (25 Endpoints)

Programmatic organisation management with six granular roles

Policy

Managed Policy Settings

Tool permissions, file access and MCP server configurations centrally deployable

For developer teams, the Admin API with 25 endpoints enables full automation of organisation management. Six roles (user, developer, billing, admin, claude_code_user, managed) provide role-based access control. Granular spending controls at organisation and user level prevent uncontrolled costs. Bring Your Own Key (BYOK) for custom encryption keys is planned for H1 2026.

Comparison

The Three Approaches Compared

All three providers address the same problem but with different philosophies. AWS separates policy from code, Microsoft integrates agents into the identity system, and Anthropic delivers APIs for monitoring and compliance.

Criterion AWS AgentCore Microsoft Foundry Anthropic Enterprise
Governance Approach Policy gateway before tool execution Identity-based (Entra Agent ID) API-based monitoring and compliance
Policy Language Cedar (open, human-readable) Azure Policy + Conditional Access Managed Policy Settings (JSON)
Default Behaviour Deny by default Identity-dependent Role-based
Audit Trail CloudWatch logging Azure Monitor + Purview Compliance API + Analytics API
EU Regions 13 regions (incl. EU) Hosted Agents US only (North Central) EU hosting available
Status GA since 3 March 2026 GA (Control Plane) GA since 24 March 2026

For European organisations already using Microsoft 365, Foundry offers the lowest barrier to entry. Multi-cloud organisations benefit from AWS AgentCore as a model-agnostic solution. Anthropic is particularly relevant for teams using Claude as their primary LLM and looking to automate compliance evidence for the EU AI Act.

The AI Adoption Paradox

According to Deloitte, some European markets show the highest AI adoption rates among the 14 countries studied while simultaneously ranking last in structural transformation. This is not a contradiction but a diagnosis: organisations use AI for efficiency, not for change.

Structural AI Transformation (Leading EU Markets) 5%
Structural AI Transformation (UK) 13%
CEOs with AI Responsibility at Board Level 2%
Roles and Processes Adapted to AI 16%

Deloitte's finding is clear: adoption alone does not create value. Only 2 percent of CEOs anchor AI responsibility at board level, the last place among all 14 countries studied. 84 percent have not yet adapted roles and processes to AI. 28 percent invest more than 20 percent of their technology budget in AI, but 41 percent remain below ten percent.

High AI adoption without structural transformation creates the illusion of progress without delivering real business value.

Deloitte, "The ROI of AI", March 2026

EU AI Act: What to Implement by August 2026

The EU AI Act's high-risk obligations take effect on 2 August 2026. Organisations deploying AI systems in areas such as hiring decisions, credit scoring or safety-critical applications must demonstrate comprehensive compliance by that date.

Obligations by August 2026

  • Establish and document quality management systems
  • Create risk frameworks for all AI systems
  • Complete technical documentation
  • Finalise conformity assessments
  • Apply CE marking
  • Complete EU database registration for high-risk systems
  • Conduct data protection impact assessments under GDPR Article 35

The EU Digital Commissioner has proposed a postponement to December 2027 via the Digital Omnibus, but this regulation has not yet been adopted. Organisations should plan for the August date. The German Federal Network Agency has established an AI Service Desk as a first point of contact for SMEs. The AI Market Surveillance and Innovation Act (KI-MIG) is currently in parliamentary proceedings.

EUR 15M
Maximum fine for high-risk violations
3%
of global annual turnover alternatively
>50%
of organisations without AI inventory

Challenges and Risks

The new governance tools from cloud providers do not solve the problem alone. Governance cannot reside solely in IT. It is a cross-functional task involving legal, compliance, HR, data science and executive leadership.

Risks
Vendor dependency: suppliers must be able to provide technical documentation and conformity evidence
CEN/CENELEC harmonisation standards are not yet finalised, target date is end of 2026
33% of organisations assign the AI agenda to the CIO; without CEO involvement, strategic direction is lacking
AWS AgentCore Hosted Agents not yet available in EU regions; data residency requires custom architectures
Opportunities
Three market-leading providers deliver production-ready governance tools for the first time
National regulators establishing AI service desks as low-threshold contact points for SMEs
Organisations with early governance implementation secure competitive advantages in tenders
Real AI transformation requires 24 to 36 months; starting early pays off

For organisations that have not yet conducted an AI inventory, the August 2026 date is tight. According to Deloitte, pulling the investment after six months means losing the entire stake. Real ROI requires 24 to 36 months of continuous investment.

Further Reading

AWS Agentic AI: The Next Multi-Billion Dollar Enterprise Revolution Microsoft 365 Agent Governance: Strategies for Secure AI Administration EU AI Act: Why European Businesses Must Act Now Agentic AI vs Traditional AI: Transformation Guide AWS: Bedrock AgentCore Policy Controls (aws.amazon.com) Deloitte: The AI Adoption Paradox (deloitte.com) Anthropic: Enterprise Admin Controls (anthropic.com)

Frequently Asked Questions

What is AI agent governance and why does it matter in 2026? +

AI agent governance encompasses the technical and organisational controls ensuring autonomous AI agents only perform authorised actions. From August 2026, the EU AI Act's high-risk obligations require documented control mechanisms. AWS, Microsoft and Anthropic have released new governance tools that make these requirements technically implementable.

How does AWS Bedrock AgentCore Policy work? +

AWS Bedrock AgentCore Policy defines security rules outside the agent code. The AgentCore Gateway checks every tool request against policies before execution. Policies are written in Cedar, an open, human-readable and machine-evaluable language. The default behaviour is denial: an agent may only call a tool when explicit permission exists.

What distinguishes Microsoft Foundry from AWS AgentCore? +

Microsoft Foundry takes an identity-based approach: every AI agent receives its own Entra Agent ID and is managed like a user in the identity system. IT teams use familiar tools such as Conditional Access and Identity Governance. AWS AgentCore uses a policy gateway that checks requests before tool execution. Both approaches are complementary and address different governance aspects.

What governance tools does Anthropic offer enterprise customers? +

Anthropic offers a Compliance API for real-time access to usage data, an Enterprise Analytics API for organisation-level metrics, and an Admin API with 25 endpoints for programmatic management. These are complemented by six organisational roles, granular spending controls and centrally deployable Managed Policy Settings for tool permissions and file access.

What must European businesses implement for the EU AI Act by August 2026? +

Organisations deploying AI systems in high-risk areas must demonstrate quality management systems, risk frameworks, technical documentation and conformity assessments by 2 August 2026. CE marking must be applied and EU database registration completed for high-risk systems. National regulators have established AI service desks as first points of contact for SMEs.

What is the AI adoption paradox identified by Deloitte? +

Deloitte found that some European markets have the highest AI adoption rates among the 14 countries studied, yet rank last in structural transformation. Only 5 percent of organisations use AI for business model evolution, and just 2 percent of CEOs anchor AI responsibility at board level. Organisations use AI for efficiency, not for change.