Agentic AI Wiki
Operations / Governance & Compliance

Governance & Compliance

Accountability, audit, policy enforcement and the regulatory landscape — making agent decisions defensible.

  1. Audit Trails & Provenance
    What to capture to reconstruct any decision, hash-chained tamper-evidence, retention vs erasure, and the four-strand provenance of model, prompt, tools and data.
  2. Policy Enforcement & Controls
    Policy-as-code outside the model, enforcing pre/in/post loop, allowlist-by-default, and separation of duties so a compromised agent cannot close the loop alone.
  3. The Regulatory Landscape
    A qualitative map (not legal advice): risk-tiered regulation, documentation and human-oversight duties, the provider/deployer split, and how NIST AI RMF and ISO/IEC 42001 operationalize it.
  4. Accountability & Ownership
    Accountability never transfers to the agent: the named operator role, RACI on the autonomous action, sign-off that means something, and an accountability ladder set in advance.
  5. Data Governance for Agents
    An agent is a data-flow machine: lineage through the loop, purpose/consent enforced at point of use, boundary minimization for PII, governed training data, and invisible cross-border flow.
  6. Governance Without Gridlock
    Make governance an enabler: risk-proportionate tiers, the safe default as the easy path, automated evidence with humans on judgment, and counting gridlock as a real cost.