Register for NEXIS INVOLVE | September 9-10 | Regensburg
EN DE
Request a Demo
CONFERENCES

AI Agent Governance: My EIC 2026 Takeaways

1 Jun 2026
Dr. Heiko Klarl
Dr. Heiko Klarl CEO, Nexis

AI agent governance was the question that followed me through every hallway conversation at KuppingerCole Analysts EIC 2026 – not whether we should do it, but how to start. The gap between urgency and a concrete first step defined the conference this year more than any product announcement.

By mid-2026, non-human identities outnumber human identities by 50 to 140 times in large enterprises – a range cited consistently across analyst research. Classical IAM – built for human joiner-mover-leaver cycles – cannot govern agents that have no hire date, no manager, and no offboarding trigger. The pilots are everywhere, however production deployments are rare. The digital divide and education gap is real: in the same panel discussion, you will find people who have built agent orchestration frameworks and people who are still forming their first mental model of what an agent actually is.

That combination of high stakes, low readiness, and uneven knowledge made this the most energizing EIC I have attended in years.

One signal came through louder than everything else

Agentic AI governance dominated my conversations, but what struck me was not the excitement but the honesty. IAM peers acknowledged that governance frameworks, standards, and product capabilities have not yet caught up. Organizations are running pilots under pressure to show results, while the controls layer that should underpin those pilots does not yet exist.

I presented on governing AI agents within the enterprise, and the response confirmed what I had suspected: practitioners are not looking for vision statements. They want a framework they can hand to a governance committee next week. The gaps I named – ownership assignment, SoD (Segregation of Duties) policy coverage that spans human and non-human identities, recertification of policies rather than thousands of individual agents – landed because they are concrete and actionable today, regardless of what the standards bodies publish next.

The digital divide I observed is worth naming directly. Some attendees are already past first-generation implementations. Others are starting from scratch with a fragmented IAM landscape and no baseline to build on. Any governance approach for AI agents must account for both.

The pattern I kept seeing across enterprise sessions

Three enterprise presentations stood out, and they told a coherent story.

Erste Group – 55,000 employees across eight countries in Central Europe – opened with a frank diagnosis: IAM had evolved differently across entities, ownership was blurry, and the discipline was still perceived as a technology topic despite carrying clear business consequences. KuppingerCole’s framing for their program was to the point: capabilities before tools. Know what you need organizationally and functionally before you select technology. Their 7-milestone program starts with foundation work – assigning responsibility and building an access governance framework – before touching a product selection.

BMW Group presented a data-driven governance model across 155,000 employees, 110 nations, and more than 9,000 applications. Their core insight was that you do not need new data – you need to connect the data you already have. Linking strategic targets to objectives, risks, controls, IT systems, and infrastructure assets produces 360-degree governance transparency without starting from scratch. What resonated with me was the framing around horizontal and vertical integration: data-driven automation across governance domains, and seamless embedding of governance into the operational lifecycle of IT systems. That combination is what turns governance from a periodic project into something that runs continuously.

Munich Re described their DORA-driven IAM framework and the journey from manual processes – 25 application onboardings per month handled through Word and Excel documents with no version control – toward a standardized, integrated architecture. NEXIS serves as the governance hub in their planned target state, alongside SailPoint and One Identity, precisely because DORA requires audit-ready documentation of who authorized what and when. Their 6-step onboarding process makes that requirement a repeatable workflow rather than a pre-audit scramble.

The thread connecting all three: you cannot govern what you cannot see, and most enterprises still cannot answer “who has access to what” for human identities, let alone AI agents. Foundation work is the only path to governance that scales.

Why classical IAM cannot govern non-human identities and AI agents

Classical IAM was designed around a lifecycle that has clear organizational events at its core – someone joins, moves to a different role, or leaves, and access follows those transitions on a predictable schedule with clear ownership at every step.

Agents break all of that. A single agent might assume thousands of entitlement combinations in a day, guided by dynamic intent rather than a static role definition. Permission creep compounds at scale: at 50 to 140 times the human identity count, even small governance gaps multiply into serious exposure. Agents outlive their creators. They have no offboarding trigger. An orphaned agent with valid credentials to production systems is not a theoretical risk.

DORA and NIS2 do not distinguish between human and non-human identities. An agent acting on behalf of an employee carries the same regulatory exposure as the employee. Auditors will ask who authorized that access. Classical IAM has no good answer for agents.

A framework for agentic identity governance: the Intent Hierarchy

The framework I presented at EIC centers on the Intent Hierarchy [1] – four layers that define what an agent is permitted to do, in descending order of authority.

  1. Organizational Intent – Corporate policies, regulatory requirements, and data protection standards. Highest priority. Not overridable by any lower layer. Connected to ISMS and GRC.
  2. Role-Based Intent – The agent’s digital job description: its area of responsibility, autonomy boundaries, and scope. Mappable as an organizational role in IGA systems.
  3. Developer Intent – Technical capability boundaries: allowed APIs, resource constraints, operational guardrails set at build time.
  4. User Intent – The concrete task a user asks the agent to perform. Fulfilled only if all higher layers permit it.

Governance lives in layers 1 and 2. That is where policies are defined, where SoD constraints are enforced, and where regulatory obligations are encoded. Recertifying at the policy level – rather than reviewing thousands of individual agent configurations – makes the governance process tractable. SoD enforcement at the policy level spans all siloed IAM systems rather than requiring per-agent rules in each one.

What to do now, before the standards arrive

The standards are coming. The products are maturing. But the foundation work is available today, and waiting costs more than starting imperfectly. Here is the sequence I recommended to attendees, and that I stand behind now:

  1. Assign ownership – Cluster agents by organizational function and assign a human owner to each cluster. No agent should exist without a named owner accountable for its entitlements. This is also the basis for connecting agent lifecycle to human JML processes.
  2. Review SoD policies for non-human scope – Your existing SoD matrix almost certainly covers only human identities. Extend it explicitly to cover agents. The policy work is governance work, not a product deployment.
  3. Recertify policies, not agents – You will not certify 50 to 140 agents per employee. You can certify the policy framework that governs them. Design your recertification program around policies from the start.
  4. Treat external agents as third-party risk – Any agent not built and operated internally carries third-party risk under DORA and NIS2. Your existing third-party risk framework applies. Extend it now rather than after your first external agent incident.

An Identity Visibility and Intelligence Platform (IVIP) provides the unified view of human and non-human identities that makes this work tractable at enterprise scale. Without that visibility layer, the ownership assignment and policy reviews remain manual and incomplete.

Looking ahead

EIC 2026 confirmed that the enterprises moving fastest on AI agent governance are the ones that invested in identity foundation work before the agents arrived. That is not a coincidence. Governance does not start with the technology. It starts with knowing what you have, who owns it, and what the rules are.

The pilots running today will become production systems. When they do, the question will shift from “how do we start?” to “how do we prove it?” The organizations that can answer that question are already building their foundation now.

Thinking about your agentic AI governance foundation? Start the conversation with our team!

Book a Demo

 

Frequently Asked Questions

What is AI agent governance?

AI agent governance is the set of policies, ownership structures, and enforcement controls that determine what AI agents are permitted to do within an enterprise, on whose authority, and subject to what regulatory constraints.

Does DORA apply to AI agents?

Yes. DORA and NIS2 do not distinguish between human and non-human identities. An agent acting on behalf of an employee carries the same regulatory exposure as the employee, including audit trail requirements for access authorization.

What is a non-human identity?

A non-human identity is any system, service account, API key, bot, or AI agent that accesses enterprise resources without direct human authentication. By mid-2026, non-human identities outnumber human identities by 50 to 140 times in large enterprises.

 

Sources

[1] Klarl, H. (2026, May 3): AI Agent Governance: Why Discovery Isn’t Enough (https://nexis-secure.com/insights/blog/ai-agent-governance-why-discovery-isnt-enough/)