Eshaan Jain is a Senior Product Manager for telecomm clients (via Mphasis) focused on AI-driven CRM strategy and enterprise workflows.

​Every CPQ system I’ve worked on has an approval matrix somewhere: a table that says who can approve what discount, up to what dollar amount and who it escalates to above that. It’s one of the most boring parts of the system, and one of the most important.

Most of those matrices were built on the assumption that every approver is a person with a name, a title and a manager. That assumption is starting to break.

Deloitte’s State of AI in the Enterprise report, published in January 2026, surveyed 3,235 IT and business leaders across 24 countries. Among organizations planning to deploy agentic AI within the next two years, only 21% described their agent governance model as mature.

Take an agent that can recommend a renewal discount based on a customer’s usage history and contract terms. Recommending is one thing. Some implementations go further and allow the agent to apply the discount directly, within a threshold, without any person reviewing that specific transaction.

A reasonable starting point I’ve seen work: Agents can recommend at any value, but execution authority is capped well below what a junior human approver could sign off on, with that cap reviewed on a fixed schedule rather than left in place indefinitely. It’s a conservative starting point, and that’s the point. You can loosen it as the agent earns a track record. Tightening it after an expensive mistake is a much harder conversation.

When a discount turns out to be wrong, too generous or applied to the wrong account, who answers for it? In a traditional approval chain, there’s a name attached to every step. In an agentic one, that name might not exist for the step that mattered.

There’s a regulatory dimension here too. The EU AI Act requires that high-risk AI systems be designed so that a human can effectively oversee them: understand the system’s limitations, interpret its output, override its output and stop it if needed. That’s Article 14 of the Act. For systems that fall under its high-risk categories, including those tied to pricing and risk assessment, full compliance requirements apply as of August 2, 2026.

In May 2026, the European Commission published draft guidance clarifying that an agentic system comprising an orchestrator and several subagents should be assessed as a single high-risk system if, together, they materially influence a high-risk decision. For a multi-agent setup within a CPQ or pricing workflow, the oversight requirement covers the entire chain: every agent who contributed to the decision, including the one who executed it.

Most companies have a process for granting a new employee discount authority: what they can approve on their own, what requires a second sign-off, what gets logged and what triggers an escalation. Very few have written down the equivalent for an agent, because until recently, there was no agent in that role.

I’ve seen finance and legal teams ask for the same three things after almost any pricing exception, regardless of who made the call or what it was based on: what was approved, what it was based on and who signed off. An agent needs to produce all three automatically, in a form a human can review later. A log line buried in an application server doesn’t meet that bar.

Before an agent gets any kind of approval authority in a revenue workflow, I’d want answers to a short list of questions. What dollar amount, or what type of decision, can it act on without a person reviewing it? What gets logged for every decision it makes, including the ones it didn’t escalate? And when something goes wrong, whose name is on the audit trail: the agent’s, the team that configured it or the person who approved deploying it in the first place?

That 21% figure from Deloitte doesn’t surprise me. Most organizations are still treating agent governance as a policy document to write later, after the agent is already live. Given what’s coming under the EU AI Act, and given what’s at stake when an agent has discount or pricing authority, agent governance belongs in the agent’s design from day one.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Share.
Exit mobile version