AI Governance & Risk
AI agents governance: who holds the keys?
The Meta–Manus case may first look like a geopolitical story. For professionals beginning with AI, it raises a more practical question: before an AI agent acts on your behalf, what should it be allowed to access, move, decide or change?
Imagine you hire a highly capable assistant. You give them a task — research, write, send emails, book appointments, file reports — and come back three hours later to a completed folder. Impressive. But one question surfaces: did you check what that assistant was allowed to do on your behalf?
The Meta–Manus case makes this question concrete. In April 2026, China's top economic regulator ordered Meta to unwind its acquisition of Manus — described by Reuters as an AI startup with Chinese roots that had relocated to Singapore, whose agent technology can independently execute complex multi-step tasks. For most SME leaders and independent professionals, the headline reads as geopolitics. Underneath it lies a practical question: when you adopt an autonomous AI agent, who exactly are you delegating to — and who owns the system doing the work on your behalf?
Key takeaways
- AI agents execute tasks independently, not just generate text. That changes the nature of the risk.
- The Meta–Manus case shows that AI tools can change ownership without warning — and governance follows ownership. When a tool is acquired, its data policies, access rules and terms of service may change too.
- Every level of automation is a level of access delegation. Knowing what you are delegating is a business skill, not only an IT concern.
- For SMEs, the key governance questions are: who owns the agent, what can it access, and who is responsible when it acts?
- You do not need to be an AI expert to protect yourself — you need the right questions before the first integration.
What the Meta–Manus case reveals about AI delegation
In April 2026, according to Reuters, China's National Development and Reform Commission ordered Meta to unwind its acquisition of Manus, a deal valued at more than $2 billion. Reuters described the move as an attempt to block a cross-border acquisition of an AI startup with Chinese roots that had relocated to Singapore. Fortune reported that reversing such a transaction may be complicated in practice, since employees, investors and technical integration had already moved.
Then, on June 1, 2026, Reuters reported that China had issued new rules tightening oversight of overseas deals involving Chinese investors, technology, data and national security — a broader framework for reviewing sensitive cross-border transactions.
For a small business, coach, consultant or independent professional, this may seem remote. Yet the case reveals something concrete: some AI agents can start to look like strategic infrastructure — when they combine data access, tool connections, automation methods and autonomous execution. They do not only answer questions. They can carry knowledge, workflows and decision logic from one environment to another.
According to analysts cited by Reuters, the Meta–Manus decision signals that an AI agent can be treated as more than software. It can represent strategic capability: technical talent, intellectual property, data practices, automation methods and business leverage. That is why access and ownership matter before productivity.
The lesson is not that every small company faces geopolitical risk. The lesson is that AI adoption is moving from "asking a tool a question" to "letting a system act inside your digital environment." Once a system acts, governance becomes practical: who approves the action, which data can it see, can it send an email, can it decide the next step without you?
What makes an AI agent different from a chatbot
Simple definition: a chatbot usually responds to a request and stops. An AI agent can be designed to plan steps, use tools, interact with files or external systems, and produce an outcome with a higher degree of autonomy — without requiring a human prompt at each step.
The distinction is not always clean. Many tools use the word "agent" as marketing language. Some are little more than guided chat interfaces. Others can browse, write, calculate, call external tools, update documents or trigger workflows. According to Reuters, Manus was developed as an autonomous agent designed to plan and execute multi-step tasks — going beyond answering questions to acting inside connected systems.
This is the real shift. With a classic prompt, you are still holding the pen. The tool helps you think, rewrite, summarize or generate options. With an agent, the system can become closer to a delegated operator. It can receive a goal and work through several steps to reach it.
The risk appears when action is confused with judgment. A system that can produce work can also produce mistakes at scale. It can misunderstand a task, overreach, use the wrong source, or act in a way that looks efficient but is not aligned with the business context. According to OWASP, several things can go wrong when an AI agent is given too much access or too little oversight — particularly when an AI model is combined with tool access and real-world execution:
- The agent can be hijacked through its own inputs.
- The agent can have more power than it needs.
- Humans stop checking because the system appears to work.
This does not mean professionals should avoid agents. It means autonomy is a design choice, access is a governance choice, and supervision is a business decision — not a technical setting to leave at default.
In practice
- If the AI only helps you think or write, the risk is limited by your review before you act.
- If the AI can act inside your tools, files, accounts or client processes, you need governance before convenience.
- The question to ask before any integration: "Is this tool assisting me, or acting for me?"
The keys analogy: understanding delegation before choosing a tool
Imagine your business as a building. Inside, you keep your client conversations, invoices, draft proposals, methods, calendar, files and reputation. Using AI is not automatically risky. The question is which room you allow it to enter — and whether you remain present while it works.
A simple prompt is like speaking to someone through the door. You describe the problem; they give you ideas; you decide what enters the building. A more configured assistant is like inviting someone into one room with clear instructions. A workflow gives a limited key for a defined route: when this happens, do that, then wait for confirmation. An agent moves further. It may navigate several rooms, use tools and complete a task with less step-by-step direction.
The analogy is a starting point. A fuller decision also depends on data sensitivity, the degree of autonomy, the reversibility of the action and the consequences of an error. This article focuses on the first decision: what level of access is justified for this task? Do not choose an AI system only by its capability. Choose it by the access it needs.
Would I give these same permissions to a new human collaborator on their first day? If the answer is no, the AI tool should not receive them without safeguards and a clear review process in place.
For example, asking AI to help rewrite a newsletter draft is not the same as letting it send that newsletter to your audience. Asking AI to structure a proposal is not the same as letting it update a signed commercial document. Asking AI to summarize public regulation is not the same as letting it advise a client on compliance. The threshold between assistance and delegation is a professional judgment — and it remains yours to make.
Access is the real governance issue
Many AI discussions focus on capability. Is the model smarter? More creative? Better at reasoning? Those questions matter, but for everyday professional use, the more immediate question is access.
Access has several layers. There is access to data: client notes, contracts, health-related information, HR documents, invoices or strategic plans. There is access to tools: email, calendar, spreadsheets, file storage, websites, payment systems or customer platforms. There is access to action: sending, deleting, publishing, classifying, recommending or triggering another process. And there is access to interpretation: the AI may shape how you understand a situation before you have verified the facts yourself.
Regulatory note — AI Act and risk levels: The European Commission describes the AI Act as a risk-based framework. It distinguishes between different levels of AI risk and sets specific obligations for high-risk systems, including human oversight, data quality, logging and documentation. For a small business, not every AI use is high-risk. But the intended use, the people affected and the possible consequences of an error all determine where on that scale a given tool sits. If sensitive personal data is involved, GDPR obligations may also apply alongside AI Act requirements. Professionals in regulated areas — health, employment, education, finance or legal work — should seek appropriate human and legal review before deploying autonomous AI systems. This article provides general education. It is not legal advice.
The NIST AI Risk Management Framework frames AI risk as something that can affect individuals, organizations and society. It describes voluntary guidance to help organizations incorporate trustworthiness into the design, development, use and evaluation of AI systems — organized around four functions: Govern, Map, Measure, Manage.
For SMEs, this translates into a practical rule: before asking what the AI can do, identify what it can touch. A low-risk AI use is usually one where the human provides limited information, reviews the output and decides the final action. A higher-risk AI use is one where the system receives sensitive data, connects to operational tools or affects another person without clear human review at a meaningful point in the process.
Governance is also a question of roles, not only tools. Who in the business is allowed to connect tools to an AI system? Who can upload client data? Who checks whether an automation still behaves as expected after a tool update? Who stops the system if something goes wrong? These are professional responsibility questions, not IT settings.
What changes for SMEs and independent professionals
AI use now requires a simple governance habit, even in a small structure — not a compliance department, just a few clear rules about what AI may access, what it must not, and who approves before an action reaches a client.
For a consultant, the risk may be client confidentiality: if an AI tool summarizes client notes, the professional must understand what data is being shared and whether the client relationship allows that use. For a trainer, AI-generated exercises or feedback need human verification for accuracy and relevance. For a coach, AI can help structure content but must not replace professional judgment or provide individualized advice. For a small business leader, an agent managing communications or files can affect client trust if misconfigured.
The opportunity is equally real. AI can save time, clarify documents, prepare drafts and support research. Agents may reduce repetitive work when a process is stable and low-risk. But the opportunity becomes healthier when the professional can say clearly: this task is appropriate for AI assistance, this one needs human review, and this one should not be automated yet.
The Meta–Manus case makes one thing clear at any scale: when an AI agent can access your data and act on it, governance is not optional. It is part of using the tool responsibly.
The case also points to something relevant at any scale: data governance can itself become a competitive advantage. Not because data alone has value, but because knowing which data can be used, who controls access, how decisions are traced and when human review is required is what allows an organization to delegate to AI without losing control of its own business logic.
A first readiness check before using an AI agent
This is not a complete diagnostic. It is a first filter — a pause before a risky automation decision. A fuller method covering task mapping, access levels and escalation paths belongs in a more structured context. Here, the objective is simpler: decide whether a use case is ready for an agent, for human-reviewed assistance only, or not yet ready at all.
Three questions before any agentic delegation
Answer these before connecting any AI agent to your tools or data. If any answer is unclear, pause before proceeding.
What exactly should the AI do — and what could go wrong?
If the task cannot be described in one clear sentence, it is too vague for autonomous delegation. If an error would affect a client, a document, a payment or a reputation, human review is needed before action.
What data and tools will it access — and is that the minimum required?
List what the agent would need to see or touch. If the answer includes sensitive client data, health records, financial information or confidential strategy, verify the provider's data processing terms before connecting anything.
Where does a human review and approve before the action affects someone else?
If there is no clear review point before the action reaches a client, a contact, a published page or an external system, the use case is not yet ready for autonomous execution.
Many AI mistakes happen not because the tool failed, but because no one decided what it should actually be allowed to do.
How to start without over-delegating
The safest starting point is not the most capable tool — it is a well-chosen task with a clear boundary. A professional can begin in a closed loop: draft, review, correct, decide. The AI contributes; the human validates before anything reaches a client or an external system.
From there, a configured assistant helps produce more consistent work — one that knows your tone, your audience and your service descriptions. More efficient, but it should not automatically publish, send or decide.
Workflows come next, when a process is predictable and low-stakes: collect a response, create a draft, prepare a summary. The human checkpoint is the important part. Automation should prepare the work, not remove the decision.
Agentic use — where a system acts across tools with minimal oversight — should be reserved for tasks where the environment, permissions and review rules are explicit and tested. The agent should have the minimum access required, not broad permissions when a narrower scope would do the same job with less risk.
Start with three written rules: what AI may be used for in your business, what data must never be entered into an AI tool, and which actions always require human approval before they reach a client or an external system. Three sentences are enough to begin.
This approach does not block progress — it makes experimentation safer and reversible. It protects against two common errors: refusing all AI because the risks feel unclear, and over-delegating because a demo looks impressive.
Further reading
Conclusion: do not automate before deciding who holds the keys
The Meta–Manus case is about a large acquisition, national security, AI talent and strategic technology. For a professional beginning with AI, the useful lesson is much closer to daily work. AI agents force us to look at delegation with more precision.
A prompt asks. A configured assistant supports. A workflow repeats. An agent may act. Each level can be useful — and each changes the degree of access, autonomy and responsibility the professional accepts, whether they have thought it through or not.
The right question is not "should I use AI agents?" It is "which task deserves which level of delegation, with which safeguards?" When the task is simple, public, reversible and reviewed, AI can be a practical support. When the task touches clients, money, health, employment, law, reputation or sensitive data, the threshold must be higher and the oversight more deliberate.
Who holds the keys? In a responsible AI practice, the answer should remain clear: the professional does. The tool may help, prepare, structure and execute within defined limits. The judgment, the boundaries and the accountability remain human.
Need guidance?
Ethical AI project — Let's clarify your needs, audiences and use cases
Facilitator — AI ethics review, use governance or AI Act compliance
Book a meeting →FAQ — AI agents, governance and business risk
What is the difference between an AI chatbot and an AI agent?
A chatbot responds to a prompt and stops. An AI agent may be designed to plan, use tools and complete tasks with more autonomy. The difference matters because tool access and action create additional risk that a simple chat interface does not.
Should a small business use AI agents?
Possibly, but not as a first step for every task. A small business should start with low-risk, human-reviewed tasks before allowing an AI system to act inside business tools or client processes. The starting point is a clear task, not the most advanced tool.
What is the biggest risk when using AI agents?
The biggest practical risk is letting the agent act before you have defined its limits. If a system can access sensitive data, send messages or affect clients without a human review point, the business may lose control over quality, confidentiality and accountability — often without noticing until the damage is done.
Does the EU AI Act apply to AI agents used by an SME?
Not every use will be high-risk under the AI Act, but the intended use matters. AI deployed in areas such as employment, education, essential services or sensitive personal data may be subject to specific obligations.
How can I start safely with AI automation?
Start with a narrow task, limited data, no automatic external action and a human review point before anything reaches a client or a live system. Write down what the tool may access, what it must not access and who approves the final output.
Sources and references
- Reuters — "China orders Meta to unwind $2 billion purchase of AI startup Manus" — April 27, 2026 — reuters.com
- Reuters — "China expands curbs on foreign deals, tech transfer after Meta-Manus block" — June 1, 2026 — reuters.com
- Fortune — "China's decision to block the $2 billion Meta–Manus deal shows how far Washington and Beijing are drifting apart over AI" — April 28, 2026 — fortune.com
- CNBC — "China blocks Meta's $2 billion takeover of AI startup Manus" — April 27, 2026 — cnbc.com
- European Commission — AI Act official page — risk-based approach and AI governance obligations — ec.europa.eu
- NIST — AI Risk Management Framework (AI RMF) — official overview — nist.gov
- OWASP — "Agentic AI: Threats and Mitigations" — February 17, 2025 — genai.owasp.org
