In the spring of 2023, deploying an AI agent in a regulated financial institution required a six-to-twelve month compliance review process, a bespoke legal opinion, extensive coordination with the regulator, and significant ongoing audit expense. The result was that regulated entities — the large banks, asset managers, and insurance companies with the largest AI budgets — were also the slowest to deploy AI agents. The compliance burden was a market entry barrier.
Two years later, the regulatory framework has crystallised. MiCA is in force across the EU. The EU AI Act is in full application. National competent authorities have published supervisory expectations. And the market for AI agent compliance infrastructure — the tools and services that make it possible to deploy compliant AI agents quickly — is about to grow very fast.
The addressable market for AI agent compliance infrastructure is estimated at $2.7 billion by 2028. This piece explains where that number comes from, why it is probably conservative, and what it means for founders and investors thinking about this space.
Where the $2.7B Estimate Comes From
The market sizing for AI agent compliance infrastructure draws on three overlapping demand signals.
The regulated industry AI agent deployment forecast. McKinsey's 2024 global AI survey found that 65% of financial services organisations were deploying or piloting AI in front-office functions, up from 34% in 2023. The same survey found that compliance concerns were the primary barrier to deployment in regulated industries. IDC estimates that global enterprise AI spending will exceed $500 billion by 2028, with financial services as the largest single vertical. Even a modest share of that spend directed toward compliance infrastructure produces a large absolute market.
The per-agent compliance cost baseline. Before infrastructure like Kakunin existed, the compliance cost for a single AI agent deployment in a regulated financial institution — covering legal review, custom audit tooling, regulatory liaison, and ongoing monitoring — was estimated by practitioners at $50,000 to $200,000 per agent, per year. At the lower end of this range, a company with 100 compliance-sensitive AI agents faced $5 million per year in AI compliance overhead. Infrastructure that reduces this to a managed service at a fraction of the cost captures a significant portion of the avoided cost as value.
Regulatory enforcement creating non-optional compliance spending. The EU AI Act, MiCA, and emerging AI governance frameworks in the UK, Singapore, and other jurisdictions are creating legally mandated compliance requirements. Non-optional spending driven by regulatory requirements is the most durable category of enterprise software spend — it does not get cut when budgets tighten. The number of AI agents that will be subject to mandatory compliance requirements by 2028 is large and growing.
$2.7 billion by 2028 is the intersection of these three demand signals, adjusted for realistic market penetration and pricing. It represents roughly 2% of total enterprise AI spend directed specifically toward compliance infrastructure for AI agents.
Why the $2.7B Estimate May Be Conservative
Several factors suggest the market could be significantly larger than $2.7 billion by 2028.
Regulatory expansion. The $2.7B estimate is based primarily on EU regulatory requirements (MiCA, EU AI Act) and does not fully account for the regulatory frameworks developing in parallel in the UK, UAE, Singapore, Japan, and the United States. Each of these jurisdictions is developing AI governance requirements. As these requirements take effect, they extend the addressable market beyond EU-regulated entities to global organisations with EU market exposure.
The UK FCA's AI sandbox programme and the emerging AI Safety Institute's evaluation frameworks suggest that UK-specific compliance requirements for AI agents are in development. Singapore's MAS has published guidelines on the responsible use of AI in financial services that include monitoring and explainability requirements similar to the EU framework. Global companies that operate in multiple jurisdictions will need compliance infrastructure that spans all of them — likely increasing per-company spend rather than allowing for jurisdiction-specific solutions.
Acceleration of AI agent deployment. The rate at which enterprises are deploying AI agents is accelerating faster than most market analysts anticipated in 2022 and 2023. GPT-4's emergence in 2023 and the subsequent proliferation of agentic frameworks (LangChain, AutoGen, CrewAI, and their enterprise equivalents) compressed the timeline for AI agent adoption significantly. If enterprise AI agent deployment continues to accelerate at current rates, the addressable market for compliance infrastructure grows proportionally.
The network effect of compliance infrastructure. As more organisations adopt standardised compliance infrastructure, the compliance burden for regulated entities dealing with AI agents decreases — because verification can happen against a shared infrastructure rather than requiring bespoke assessment for each agent. This network effect creates additional value as the ecosystem grows, which should support premium pricing and accelerated adoption.
Liability exposure creating proactive adoption. Early AI agent incidents — both high-profile failures and enforcement actions — are creating risk awareness among boards and general counsels that translates into proactive compliance investment. The legal liability exposure from deploying unmonitored AI agents in regulated contexts is not theoretical; it is the subject of active regulatory guidance and, increasingly, litigation. Boards that understand this exposure invest in compliance infrastructure before an incident forces their hand.
The Competitive Landscape: Why This Is Not a Winner-Take-All Market
It is tempting to assume that a $2.7 billion addressable market will be dominated by a few large winners. The structure of the market suggests this is unlikely.
Incumbent advantage is limited. The large compliance vendors (Workiva, Diligent, MSCI) are built around human-centric compliance processes. They do not have AI agent-specific infrastructure, and their existing architectures are not well-suited to the real-time, machine-scale monitoring that AI agent compliance requires. Building a competitive AI agent compliance product on top of a legacy GRC platform is harder than building it natively.
Regulatory requirements create specialisation opportunities. Different regulatory frameworks impose different technical requirements. A HIPAA-compliant AI agent compliance solution has different requirements from a MiCA-compliant one. A solution optimised for financial services AI agents may not be appropriate for healthcare AI or legal AI. Specialised compliance infrastructure for specific regulated verticals is a viable business strategy alongside broader horizontal platforms.
Enterprise procurement complexity limits consolidation. Enterprise software procurement in regulated industries is slow and complex. Even if a clear market leader emerges, the procurement cycle for replacing an existing compliance infrastructure vendor is 12–18 months. This inertia creates durable market positions for early movers — first movers in specific regulated verticals can build lasting positions before a larger competitor catches up.
Geographic variation in requirements creates regional specialists. MiCA compliance requirements apply across all EU member states, but the national implementing measures vary. A specialist in German or French regulatory requirements has a competitive advantage in those markets that a generic EU compliance platform may not be able to replicate quickly.
The First Mover Advantage: Why Timing Matters Now
The window for establishing a strong position in AI agent compliance infrastructure is open but not unlimited. The regulatory frameworks are in force. Enterprise awareness of the compliance requirement is growing. But the market has not yet consolidated around dominant vendors.
For FinTech founders building in this space, the timing is analogous to the early days of cloud infrastructure: the technology exists, the demand is clear, the regulatory drivers are in place, and the market is in the process of forming. Early movers who establish technical credibility, regulatory relationships, and customer reference accounts in this window will have a durable advantage.
The specific advantage of moving first in AI agent compliance infrastructure is the data network effect. An early mover accumulates a larger set of agent behavioural data, which improves the quality of the risk scoring model. Better risk scoring produces fewer false positives, which is a direct competitive advantage in enterprise sales. The longer you have been in market, the better your models are calibrated.
This data advantage compounds. A platform that has been in production for three years, monitoring agents across 50 regulated organisations, has calibrated its risk models against thousands of agent-months of behavioural data. A competitor entering the market has to build that calibration from scratch. The incumbent's risk scoring is more accurate, produces fewer false positives, and is more defensible to sophisticated compliance buyers.
For the commercial case in detail, the /for-fintech-founders page covers the go-to-market path from initial integration through regulated market launch, including the 6-month timeline that has become the benchmark for MiCA-compliant AI agent deployment.
Investment Thesis: What the Capital Needs Look Like
Building AI agent compliance infrastructure at scale requires capital in three areas.
Regulatory infrastructure is the foundation. Building and maintaining relationships with national competent authorities, tracking regulatory developments, and ensuring that the technical implementation stays aligned with regulatory interpretation requires ongoing investment in regulatory affairs. This is not a cost that goes away once the product is built — regulatory requirements evolve, and the product must evolve with them.
Technical infrastructure at enterprise scale requires significant investment in database architecture (WORM-backed audit logs at petabyte scale), cryptographic infrastructure (HSM-backed key management, X.509 certificate issuance), and monitoring infrastructure (real-time event streaming at 1,000 events per second per tenant). These are not off-the-shelf components — they require significant engineering investment to build and maintain reliably.
Sales and customer success in regulated industries is expensive. Enterprise compliance software sales cycles are long, require deep regulatory domain expertise from sales teams, and involve extensive security and compliance assessments during procurement. Customer success requires ongoing support for compliance documentation, regulatory inquiry response, and audit preparation. This is high-touch, high-expertise work.
The typical funding trajectory for a regulated fintech building in this space is a pre-seed round of $500K–750K for initial product development and first customers, followed by a seed round of $3–5M on the first $1M ARR milestone, funding the enterprise sales motion and geographic expansion. The gross margins on compliance infrastructure SaaS are high (70–80% at scale) because the variable costs (compute, storage) are low relative to the regulatory and compliance value being delivered.
What Buyers Are Looking For
Enterprise compliance buyers evaluating AI agent compliance infrastructure have a consistent set of evaluation criteria.
Technical credibility. Can the vendor demonstrate that the cryptographic infrastructure is sound? What HSM provider do they use? Have they undergone a security audit? Do they publish their security architecture? For compliance buyers, the "trust but verify" instinct is strong — they want to see the architecture, not just hear about it.
Regulatory alignment. Does the vendor understand MiCA, the EU AI Act, GDPR, and HIPAA as they apply to AI agents? Can they produce a compliance mapping that shows how their system satisfies each requirement? Have they worked with regulated entities through actual regulatory inquiries?
Operational reliability. What is the uptime SLA? What is the latency SLA on the verification endpoint? What happens if the compliance infrastructure goes down — does the agent stop operating? Enterprise buyers need assurance that compliance infrastructure does not become a single point of failure for their operations.
Enterprise integration. How does the compliance infrastructure connect with existing enterprise systems — the SIEM, the GRC platform, the ticketing system? Enterprise buyers expect to integrate compliance tools into their existing operational workflows, not manage them as standalone systems.
Audit support. When the regulator comes calling, what specific support does the vendor provide? Can they produce formatted audit exports in the format the regulator requests? Can they provide expert witness support if required?
The pricing page covers how Kakunin's commercial model is structured to address enterprise procurement requirements, including the SLA guarantees that appear in enterprise contracts.
The Opportunity Is Not Just in Infrastructure
The $2.7B market estimate focuses on infrastructure — the tools that make compliant AI agent deployment possible. But adjacent to the infrastructure market is a services market of comparable or larger size: the consulting, legal advisory, and regulatory liaison services that help regulated entities navigate AI agent compliance.
Infrastructure vendors that can bundle services — compliance consulting, regulatory liaison, audit support — alongside their technical products have a significantly larger revenue opportunity than pure infrastructure plays. The highest-value customer relationship is one where the vendor is involved in the compliance process end-to-end: from initial risk assessment through ongoing monitoring through regulatory inquiry response.
This integrated model — technical infrastructure plus compliance services — is the blueprint for building a durable, high-margin business in regulated AI. The technical infrastructure provides the scalable core; the services provide the revenue density and customer stickiness that makes the business defensible.
The Long View: AI Agents Are Not Going Away
The $2.7B addressable market is a 2028 snapshot. The longer trajectory is more significant. AI agents are not a temporary trend — they represent a fundamental shift in how enterprises automate complex tasks. As AI agent capabilities expand and the cost of deploying them decreases, the number of agents in production across regulated industries will grow by orders of magnitude over the next decade.
Every one of those agents needs compliance infrastructure. The organisations that establish themselves as the trusted infrastructure layer for AI agent compliance now will be positioned to serve a market that is far larger in 2033 than the $2.7B 2028 estimate suggests.
The regulatory frameworks that are creating today's compliance requirements are the foundations of the infrastructure that AI-enabled economies will run on. Being the trusted layer in that infrastructure is a durable, defensible position.
---
Kakunin provides the AI agent compliance infrastructure that MiCA-regulated FinTechs need to launch to EU markets. 15-minute integration, 365-day certificate validity, real-time behavioural monitoring. See pricing and plans or explore the FinTech founder overview.