Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NL·EN
Explainer

AI agent vs chatbot: what is the difference and why does it matter legally?

Adopted 2026-06-28 · ≈ 1 min read · Dirk Baaijen

A chatbot answers; an AI agent plans, uses tools and acts on its own. That difference drives your risk and obligations — an agent that takes actions touches not just the AI Act but also the GDPR, liability and oversight duties.

Short answer: A chatbot responds to what you ask and stops there. An AI agent is given a goal and plans steps itself, uses tools and takes actions — sending email, calling systems, placing orders. That difference is not just technical: once a system acts on its own, your risks and obligations shift.

The distinction

With a chatbot the human stays in the loop: the system suggests, the human decides and acts. With an agent that shifts: the system decides and acts within a brief, sometimes across multiple steps and systems. The more autonomy, tool access and reach, the bigger the impact of a mistake — and the heavier the governance must be.

Why it matters legally

Agentic AI has no category of its own in the AI Act, but it is covered — via the GPAI regime, the risk classification of the application, and the transparency and oversight duties. If the agent carries out decisions with legal or significant effect, GDPR art. 22 (automated decision-making) also applies and, for high-risk, the human oversight of art. 14. On top of that, liability, security (CRA/NIS2) and the Data Act may apply, depending on what the agent does. See Agentic AI and the rules.

Practical consequence

Do not treat an agent as "a smarter chatbot". Define its scope, permissions and stop button up front, record who is responsible for its actions, and set up human oversight at the moments that matter. A chatbot calls for transparency; an agent calls for control.

Lees ook: Human oversight of AI agents and AI agent governance checklist.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act), authentic text; risk classification, transparency (art. 50) and human oversight (art. 14).
  2. https://eur-lex.europa.eu/eli/reg/2016/679/oj
    Regulation (EU) 2016/679 (GDPR), Article 22 — automated individual decision-making.

Share on LinkedIn

Read next

U

Agentic AI: how do autonomous AI agents fall under the rules?

Agentic AI — systems that plan, use tools and take actions on their own — has no dedicated category in the AI Act. Yet it is covered: through the GPAI regime, risk classification that follows the use, and the transparency and human-oversight duties. Open question: liability for autonomous actions.

U

Human oversight of AI agents: how to keep a grip on autonomy

The more autonomously an AI agent acts, the more oversight matters. Human oversight (AI Act art. 14 for high-risk) means, for agents: bounded permissions, intervention and stop capabilities, and logging that makes actions explainable after the fact.

U

AI agents in logistics planning: opportunities and rules

AI agents can plan, re-plan and adjust in logistics — from trip planning to chain coordination. That touches the AI Act (oversight, classification), the Data Act (chain data) and liability for autonomous decisions.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject — programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method →

A project or programme? Work with YRproject →

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.