Vesterales Contact
All case studies Enterprise AI Governance

The Agentic Governance Framework: Defining the Missing Layer

By George Vagenas

Client
Open-source research · Public
Challenge
No vendor-neutral, publicly available framework existed to define authorization scope, data boundaries, and transaction commitments for agentic AI systems operating across organizational lines. Enterprises deploying agents had no shared model for answering the structural governance questions that legal, procurement, and compliance teams were starting to ask.
Outcome
A public, living governance framework (AGF) with three defined governance primitives and a two-phase model for pre-execution authorization and post-execution evidence. Adopted as a reference architecture in early enterprise governance engagements and validated against emerging industry protocols.

Last updated:

GovernanceAgentic AIFrameworksAuthorizationOpen SourceVendor Neutral

Why the Framework Was Needed

The agent ecosystem has been investing heavily in infrastructure — protocols, gateways, identity frameworks, tool access. What remained largely undefined was the structural layer above them: the one that determines who captures value from all of it.

Every organization deploying agentic AI systems will face the same three governance questions:

  1. Authorization scope — What is your agent permitted to commit to on your behalf? Where does delegated authority begin and end?
  2. Data boundaries — What data may cross organizational lines in machine-mediated transactions? Who defines those boundaries, and how are they enforced?
  3. Liability and accountability — Where does responsibility reside when an agent exceeds its authority, exposes sensitive data, or produces a harmful outcome?

These are not new questions. They are the same structural questions that shaped the governance of telecom networks, internet routing, and financial clearing systems. In every networked market, value concentrated at the layer that defined the terms of interaction — not the layer that enabled it. Agent ecosystems are entering that same phase.

The Agentic Governance Framework (AGF) was built to answer these questions in a form that practitioners can use.

The Framework

The AGF defines three governance primitives that every enterprise agent deployment needs to address:

Primitive 1: Delegated Authority

The scope of what an agent is authorized to do on behalf of a principal. Covers permission boundaries, escalation conditions, and the conditions under which authority may be re-delegated.

Primitive 2: Data Boundaries

The policies governing what data an agent may access, transmit, or pass to other agents — within agent chains, to external tools, and across organizational boundaries. Covers ingress and egress controls, classification requirements, agent-to-agent data flow rules, and cross-boundary consent mechanisms.

Primitive 3: Transaction Commitments

The rules governing what an agent may commit to in a cross-organizational transaction. Covers reversibility, confirmation requirements, liability assignment, and the conditions under which agent-initiated commitments are binding.

The Two-Phase Model

The AGF operates across two phases:

Pre-execution authorization — Before an agent acts, the governance layer verifies that the action falls within delegated authority, that data access complies with boundary policies, and that any commitment being made meets the confirmation requirements for its risk level.

Post-execution evidence — After an agent acts, the governance layer produces an auditable record: what was authorized, what was executed, and by what chain of authority. This evidence is the foundation for compliance, incident investigation, and enterprise accountability.

Validation

The AGF has been validated against a set of emerging industry protocols and frameworks relevant to agentic AI governance:

  • AP2 (Agent Protocol 2) — Agent communication standards
  • TACP (Trusted Agent Communication Protocol) — Cross-organizational agent interaction
  • agentgateway — Agent authorization gateway patterns
  • AuthZEN — Authorization policy specification
  • GNAP (Grant Negotiation and Authorization Protocol) — Fine-grained access delegation
  • OPA (Open Policy Agent) — Policy-as-code enforcement

The framework is published as a living document on GitHub and evolves as the agent ecosystem matures.

How the Framework Is Used in Practice

The AGF serves as the reference architecture for governance engagements:

  • Governance Architecture Reviews use the three primitives as the assessment lens — mapping a client’s current architecture against each primitive and identifying gaps
  • Framework Gap Analyses use the full AGF model to produce a structured remediation plan
  • Operating Model Design engagements use the AGF’s accountability and liability definitions as the foundation for role design and separation-of-duties policy

The framework is vendor-neutral by design. It does not prescribe specific tools or platforms — it defines the structural requirements that any governance implementation must satisfy.

Related engagements

Framework Gap Analysis Governance Architecture Review Governance Readiness Assessment
Let's talk

Facing a similar
challenge?

These engagements started with a single conversation and no commitment. Reach out and we'll see if it's a fit.

Get in touch