Do You Know How Many Accounts You've Handed Your AI Agents?
On June 9, the PIPC published its "Personal Information Full-Lifecycle Protection and Utilization Technology R&D and Standardization Roadmap (2026–2030)." Being an R&D roadmap, it reads like someone else's problem from a practitioner's seat. It doesn't create any obligation you have to meet right now.
But if you look at what technologies the regulator says it will spend the next five years' money on, it reveals what it currently sees as the problem. Read from that angle, there's quite a bit worth seeing.
4 of the 11 are AI
This roadmap merges — and early-revises — the previously separate R&D roadmap ('22–'26) and standardization roadmap ('23–'27) into one. The R&D side was set to expire this year anyway, so it was due for renewal. The standardization roadmap still had a year left, but they pulled it in and consolidated the two.
It's organized into four areas, and within them sit 11 core technologies.
- Data sovereignty guarantee: viewing policy-compliance proof results; deepfake/synthetic-media verification and labeling
- Leakage/exposure risk reduction: edge-device privacy protection; dark-web/surface-web leak detection; re-identification risk assessment and verification
- Trust-based safe utilization: PET-based de-identification such as synthetic data; an integrated automation platform for MyData consent and delegation
- AI response technology development: AI model safety evaluation; agent/tool/robot execution security; real-time privacy control for physical AI; AI-based detection and de-identification of unstructured data
4 of the 11 are AI response. Add PET-based de-identification and re-identification risk verification, and it's more than half. The allocation alone makes it clear where the center of gravity has moved.
How do you grant permissions to an agent
The one that personally nags at me most is "agent/tool/robot execution security." The question of how you're going to control the permissions by which an AI agent accesses personal data and executes something.
This is a field problem before it's a research topic. More and more companies are attaching a copilot internally, having it summarize consultation histories, attaching an agent that queries the DB. But ask what account that agent connects with, and you rarely get a clear answer. Most either reuse the account of the person in charge, or pile generous permissions onto a single service account.
There are two problems. In the access-rights ledger for the personal information processing system, the people are listed but the agent isn't. And in the access logs, the acting subject is stamped as a person. When an incident happens, you can't answer the question "was this query done by a person, or run automatically by an agent?"
Can you identify an AI agent as a separate subject in your access-rights ledger and your access logs? Not many organizations can answer yes to that right now.
The roadmap says it will solve this with technology. That's one thing; what you can actually use right now is account separation. Create a dedicated account for each agent, grant it minimum permissions, and leave the subject in the logs. This isn't a story that needs new technology — it's applying controls that already exist, just widening the scope to a new kind of subject. It's simply not being done.
Why read a roadmap in advance
An R&D roadmap isn't regulation. You can't conclude that a technology listed here will drop straight into certification criteria a few years down the line. That's my own guess.
But there's a flow. Technology research gets organized into standards, standards become guidelines, and guidelines become audit questions. Pseudonymization traveled that path. The fact that they bothered to bind the R&D and standardization roadmaps into one this time also reads as an intent to spin that connection faster.
That's why items like "re-identification risk assessment and verification" or "dark-web/surface-web leak detection" stand out. Right now, most places handling pseudonymized data judge re-identification risk qualitatively. Once the assessment tools are standardized, you'll be asked not for "we judged the risk to be low" but for "this metric came out this way." When that time comes, quite a few places won't be ready.
A workforce-development roadmap came attached
New this time is the "Personal Information Field Specialist Workforce Development Roadmap ('26–'35)." A ten-year plan, attached as an appendix.
The direction is to secure, in stages, specialists equipped with capabilities in personal information protection and utilization and in breach prevention and response; the concrete program design is still to come. If you're building a career in this field, it's worth taking a look at which capabilities they define as "specialist." What the government sees as lacking is likely what the market will pay a premium for.
The full roadmap can be downloaded from the PIPC website and the Privacy portal. Read only the press release and it ends as a list of items; the body has detailed per-technology definitions. Finding which items apply to your own company is worth the effort.
Sources