At a Glance
-
DATA RESIDENCY DETERMINES ELIGIBILITY: EU-region hosting and a compliant Data Processing Agreement are threshold requirements before any technical evaluation of a framework begins; absent these, GDPR Chapter V creates transfer liability that contractual workarounds cannot reliably resolve.
-
GOVERNANCE STRUCTURE IS MEASURABLE: Empirical analysis of practitioner-authored agent governance files finds that 37% fall below a structural completeness threshold, with data classification and assessment rubrics most consistently absent [10]; open-source frameworks expose this gap more visibly than commercial SaaS alternatives.
-
PAYMENT AND IDENTITY INTEGRATION ARE STRUCTURALLY UNEVIDENCED: PSD2 certification attaches to the licensed institution (ASPSP or TPP), not to framework vendors, so no framework vendor carries or can carry PSD2 compliance certification; the burden falls entirely on the deploying institution, and no framework has published tested connectors against SEPA Instant or EBA Clearing infrastructure. eIDAS 2.0 and EUDI Wallet integration is addressed at neither the framework level nor the protocol interface by any major offering; operators must construct both bridges, adding compliance surface and development cost at each layer.
-
SELF-CERTIFICATION IS THE DEFAULT POSTURE: In the absence of framework-level conformity assessments from notified bodies, operators are effectively self-certifying compliance posture against three independent regulatory instruments simultaneously.
Why This Matters Now
Three regulatory instruments reached distinct stages of operational weight between 2024 and 2026. The EU AI Act's General-Purpose AI provisions applied from August 2024. The high-risk provisions under Annex III, which cover agent configurations used in credit scoring, fraud detection, and automated financial advising, do not apply until August 2026, but the conformity assessment preparation cycle for those applications is already underway. GDPR enforcement activity against international data transfers intensified following the Schrems II consequences working through national supervisory authorities. PSD2's open banking mandate matured to the point where API-based payment orchestration became a standard architectural component rather than an advanced experiment [6][7].
Agent frameworks sit at the intersection of all three instruments. A framework that orchestrates multi-step tasks on behalf of a user in a financial services context is simultaneously subject to AI Act risk classification (if its outputs affect credit, insurance, or investment decisions), GDPR transfer obligations (if its inference or memory components process personal data outside the EU), and PSD2 licensing requirements (if it initiates or facilitates payment transactions) [9][12].
Framework deployment preceded the convergence of binding obligations, leaving operators without settled guidance on which configurations trigger which requirements. The consequence is that operators evaluating frameworks now are self-certifying compliance posture against instruments whose application to multi-agent architectures is still being defined. The three operational axes this brief examines are not abstract rating criteria; they are the specific dimensions on which supervisory scrutiny will land when the August 2026 high-risk provisions become enforceable.
The Three Operational Axes
Framework selection for European agentic deployments involves three independent compliance dimensions, each of which can disqualify an otherwise capable system on its own terms.
Data residency operates at the infrastructure layer. GDPR Chapter V prohibits personal data transfers to third countries without an adequacy decision, standard contractual clauses with a transfer impact assessment, or a binding corporate rules regime. For agent frameworks, this means that model inference endpoints, memory stores, tool call logs, and orchestration telemetry must each be evaluated as potential personal data flows. A framework that routes these components through non-EU infrastructure (even transiently) creates a transfer liability that persists regardless of the framework's domestic licensing status. Commercial hyperscaler offerings typically provide EU-region deployments, but contractual protections in standard tiers frequently fall short of the GDPR Chapter V standard without negotiated addenda [9][12].
Open-source governance operates at the supply-chain and auditability layer. An open-source framework's licence determines whether derivative works carrying EU-regulated logic (credit scoring, fraud detection, automated advising) can be distributed under proprietary terms, and whether the framework owner can compel downstream operators to disclose modifications. Separately, the structural completeness of the governance artefacts that practitioners attach to agent configurations determines whether an agent system can demonstrate the accountability trail the EU AI Act requires for high-risk applications [10]. Governance file completeness is therefore an operationally testable criterion, not merely a normative aspiration.
EU infrastructure integration operates at the protocol and certification layer. PSD2-compliant Open Banking APIs require Strong Customer Authentication and explicit consent flows that differ structurally from generic API calls [6][7]. Agents that initiate or orchestrate payment actions must implement these flows at the framework level or accept that every deployment team will rebuild them independently, generating inconsistent compliance posture across operators. The same logic applies to identity: agent systems interacting with EU residents on behalf of regulated entities need a mechanism to assert, verify, and delegate identity in terms that eIDAS 2.0 and future EUDI Wallet infrastructure will recognise. No current framework provides for this at the framework level; the gap sits at the framework-to-protocol interface and is not resolved by application-layer workarounds alone [12].
Essential References
-
Tsiridou & Angelaki (2026): The most current analysis of how the EU AI Act, GDPR, and ESG frameworks compound compliance obligations for agentic AI in financial services; establishes the regulatory baseline against which framework selection must be measured [9].
-
Zhang & Maharjan (2026): Systematic treatment of security, privacy, and agentic AI under current regulatory instruments; maps definitional ambiguities that create compliance exposure at the framework selection stage, and addresses the framework-to-protocol interface gaps relevant to identity and payment integration [12].
-
Zietsman (2026): Empirical study of structural quality in practitioner AI governance prompts; the 37% incompleteness finding is the only quantified evidence currently available on real-world agent governance file quality [10].
-
Ferrari (2022): Examines PSD2-driven platformisation and the gap between consumer empowerment rhetoric and actual regulatory protection; essential context for evaluating payment integration claims made by framework vendors [6].
-
Otto, ten Hompel & Wrobel (2022): Designs the data space model that underlies EU data governance architecture; frames the API standardisation inconsistencies that affect data-residency compliance for agent deployments [5].
Operational Consequences
In the near term (zero to twelve months), the absence of framework-level payment integration means that operators building payment-adjacent agents must budget for bespoke connector development, independent SCA implementation, and the compliance review cycle that accompanies each. SCA-compliant flows interacting with SEPA Instant require tested interoperability that framework vendors have not published, and that burden falls on the licensed institution. Procurement teams evaluating commercial frameworks should require contractual commitments on EU-region inference endpoints, auditable transfer impact assessments, and documented AI Act conformity assessment status before signature. Standard enterprise agreements from major hyperscalers do not currently carry these provisions in their base tier [9].
In the medium term (one to three years), the EU AI Act's high-risk classification provisions under Annex III will apply from August 2026 directly to agent frameworks used in credit scoring, fraud detection, and automated financial advising. Operators who adopted frameworks under a compliance-neutral assumption will face conformity assessment requirements against a foundation that was not designed to produce the required technical documentation. Open-source frameworks that permit full auditability of training data provenance, inference logic, and output logging will be structurally better positioned for this assessment than commercial black-box alternatives, provided their governance artefacts satisfy the completeness threshold [10].
Over the longer horizon (three-plus years), regulatory competition between EU-sovereign framework initiatives and incumbent hyperscaler offerings will determine whether the platformisation dynamic identified in payment infrastructure [6] reproduces itself in the agent framework layer. If it does, the operator community will face the same concentration and switching-cost structure that PSD2 created in open banking: technically open by mandate, but commercially captured in practice [7][8].
The Case for Agnostic Framework Adoption
The strongest argument against heavy compliance weighting at the framework selection stage runs as follows. The EU regulatory instruments under discussion were drafted for systems that were current at the time of drafting; the AI Act's risk classification tiers were not designed with multi-agent orchestration architectures in mind, and supervisory guidance on exactly which agent configurations constitute high-risk systems is still being written. Treating unresolved classification questions as settled compliance burdens at the procurement stage front-loads cost against obligations that may never materialise in their anticipated form.
Proponents of framework-agnostic adoption also note that the tooling convergence trajectory is real: abstraction layers such as model-agnostic orchestration specifications and standardised tool-calling protocols are actively reducing the cost of migrating between frameworks, which means today's lock-in concern overstates tomorrow's switching cost. On payment and identity integration specifically, the argument holds that these remain application-layer responsibilities under every EU regulatory instrument currently in force; no framework vendor carries certification liability for PSD2 SCA compliance, and expecting them to do so misallocates compliance responsibility from the licensed institution to an unlicensed software vendor.
This position is coherent, but it carries a specific and quantifiable risk grounded in each of the three operational axes. On data residency: where a framework's inference endpoints or orchestration telemetry route personal data through non-EU infrastructure, the GDPR Chapter V transfer liability accrues to the operator from the first production transaction, and remediation requires re-architecting infrastructure already in service. On open-source governance: where the governance artefacts attached to agent configurations fall below the structural completeness threshold the AI Act's conformity assessment demands, the operator cannot reconstruct the required documentation retrospectively from inference logs alone [10]. On EU infrastructure integration: where payment and identity flows are built as bespoke application-layer workarounds rather than framework-level capabilities, each operator deployment creates an independent compliance surface that supervisory review will assess individually. In each case, the absence of advance documentation does not reduce supervisory liability; it relocates its discovery to enforcement rather than procurement [9][12].
Unresolved Gaps
-
Which open-source agent frameworks (LangChain, AutoGen, Haystack, CrewAI, Semantic Kernel) have published EU-region hosting configurations and compliant DPA templates, and which have not addressed this in public documentation.
-
Whether commercial hyperscaler agent offerings (Microsoft Copilot Studio, Google Vertex AI Agents, AWS Bedrock Agents) can satisfy GDPR Chapter V transfer obligations under their standard enterprise agreements without supplementary contractual measures.
-
Whether any framework vendor has sought or received a conformity assessment from a notified body under the EU AI Act for agent configurations used in financial services decision support; this remains undocumented in the public record.
-
The extent to which the 37% structural incompleteness finding in practitioner governance files [10] holds across European enterprise deployments specifically, given that the original sample does not distinguish by operator jurisdiction.
-
How EU competition authorities will classify the structural relationship between hyperscaler-provided agent frameworks and the underlying cloud infrastructure those frameworks require, a classification that will determine whether EU-sovereign alternatives receive preferential regulatory treatment.
For European operators, the choice of agent framework is a compliance commitment that determines data transfer liability, governance auditability, and payment protocol exposure for the operational life of the system.
On data transfer liability: a framework whose inference endpoints, memory stores, or telemetry route personal data through non-EU infrastructure creates GDPR Chapter V exposure from the first production transaction. That exposure cannot be resolved by application-layer configuration once the architecture is established.
On governance auditability: a framework whose licence restricts inspection of training data provenance or output logging, or whose governance artefacts fall below the AI Act's structural completeness requirements, will be unable to produce the documentation a notified body demands under Annex III. The gap cannot be closed retrospectively.
On payment protocol exposure: because PSD2 certification attaches to the licensed institution and not to the framework vendor, every operator building payment-adjacent agents constructs SCA-compliant flows on their own terms. A framework that provides no tested scaffolding for those flows means that compliance architecture is rebuilt independently at each deployment, and assessed independently at each supervisory review.
The three dimensions compound rather than offset each other. An operator who resolves data residency but neglects governance auditability remains exposed on the axis that the August 2026 high-risk provisions will examine most directly. A framework selected for its open-source auditability but deployed on non-EU inference infrastructure satisfies one requirement while creating another liability. Treating framework selection as a technical preference that can be revised later understates the cost of remediation across all three axes once a system is in production.
Sources
[5] Otto, B., ten Hompel, M., & Wrobel, S. (2022). Designing Data Spaces.
[6] Ferrari, V. (2022). The platformisation of digital payments: The fabrication of consumer interest in the EU FinTech agenda. Computer Law & Security Review.
[7] Preziuso, M., Koefer, F., & Ehrenhard, M. (2023). Open banking and inclusive finance in the European Union: perspectives from the Dutch stakeholder ecosystem. Springer Nature.
[8] Alt, R., Fridgen, G., & Chang, Y. (2024). The future of fintech: Towards ubiquitous financial services. Springer Science+Business Media.
[9] Tsiridou, I., & Angelaki, A. (2026). The Regulatory Jungle of the Financial Sector: A Meeting Point of the EU AI Act, GDPR, and ESG Regulatory Frameworks in the Era of Agenting AI. International Journal of Social Science and Economic Research.
[10] Zietsman, C. (2026). Structural Quality Gaps in Practitioner AI Governance Prompts: An Empirical Study Using a Five-Principle Evaluation Framework. arXiv preprint.
[12] Zhang, S., & Maharjan, S. (2026). Security, privacy, and agentic AI in a regulatory view: From definitions and distinctions to provisions and reflections. arXiv preprint.