Product / Agent Governance Pack

Agent Governance Pack

Pre-configured EP deployment for AI agent execution control.

Request Agent Governance Pilot

Action risk classes

Every agent action is classified by risk. Policy defines signoff requirements per class.

Low

Actions: Read-only queries, status checks, data retrieval

Signoff: No signoff required. Policy logged, action proceeds.

Medium

Actions: Data modifications, configuration changes, non-financial writes

Signoff: Single named human signoff. Agent pauses, presents action context, waits for attestation.

High

Actions: Financial transactions, access grants, external communications

Signoff: Named human signoff with action-bound attestation. Signoff is cryptographically bound to exact action parameters.

Critical

Actions: Irreversible actions, bulk operations, privilege escalation

Signoff: Dual named human signoff. Two independent principals must attest to the exact action before the agent can proceed.

Included controls

The Agent Governance Pack includes pre-configured policies, signoff workflows, and evidence formats designed for AI agent execution control.

Action risk classes

Every agent action is classified into a risk level: low, medium, high, or critical. Risk classification is policy-defined and can be customized per agent, per tool, or per action type.

Signoff thresholds per risk class

Each risk class has a configurable signoff requirement. Low-risk actions proceed without signoff. Higher risk classes require progressively stronger attestation from named human principals.

Tool-use control

Policy defines which tools an agent can invoke, under what conditions, and with what signoff requirements. Tool invocations outside policy are blocked before execution, not logged after the fact.

Principal-to-agent attribution

Every agent action is attributed to the human principal who authorized it. The attribution chain is cryptographically bound: principal authorized agent, agent requested action, named human signed off on exact parameters.

EU AI Act / NIST AI RMF mapping

Pre-mapped controls for EU AI Act high-risk system requirements and NIST AI Risk Management Framework. EP trust enforcement satisfies human oversight, transparency, and accountability requirements across both frameworks.

Best first workflow

Start with the highest-impact agent trust surface. For most deployments, that is agent-initiated high-value transactions.

Agent-initiated high-value transaction

An AI agent determines that a financial transaction, access grant, or irreversible operation should be executed. EP classifies the action by risk, pauses the agent, and presents the exact action context to a named human principal. The principal reviews the parameters and explicitly assumes responsibility through accountable signoff. The signoff is cryptographically bound to the exact action. Only then does the agent proceed. The full attribution chain is preserved: which human authorized the agent, what the agent requested, and who signed off on the exact execution.

+Agent pauses at policy-defined risk threshold

+Exact action context presented to named human principal

+Named human signoff bound to exact action parameters

+Full attribution chain: principal, agent, signoff, execution

+Immutable evidence record for regulatory and audit requirements

Request Agent Governance Pilot

Name

Organization

Title

Trust surface of interest

Problem description

Notes