The UK Information Commissioner’s Office (ICO) has released its latest Tech Futures report on agentic AI (the Report), highlighting several key privacy compliance risks for organisations, including around human oversight and accountability, reduced transparency due to agentic system complexity, and purpose creep and data minimisation concerns (such as the inference of special category data or data collection without a legal basis).(1) In this article, we explore the ICO’s suggested mitigations for such risks through AI governance, technical controls and (in some cases) even the use of agentic AI to support compliance. We also consider how the ICO’s forward-looking scenarios may shape its priorities and expectations when regulating this emerging technology.