← agentomy.com
Open Specification

Agentomy Agent Governance Protocol

AGP defines what enterprise AI agent governance requires. Three tiers. Each tier maps directly to a specific EU AI Act article obligation. Any execution layer -- any AI agent framework, any on-device model, any cloud agent -- can implement this specification.

Three Tiers

Tier 1: Record
Tamper-evident audit trail
Every AI agent action is logged with attribution, timestamp, and hash-chain integrity. The record survives the agent's own attempts to modify history. Retained for the system's operational lifetime plus the applicable limitation period for legal claims.
EU AI Act Article 12: Record Keeping and Logging
Tier 2: Enforce
Permission enforcement before every action
Every AI agent action is evaluated against a defined permission boundary before execution. Four boundary categories: data access, tool access, external communication, and cross-agent delegation. Every agent action is checked against authorized scope before execution begins.
EU AI Act Article 9: Risk Management System
Tier 3: Override
One human decision stops everything
One authorized human decision halts all autonomous agent action immediately across every deployment surface -- cloud, mobile, and edge. The halt produces a verifiable signed proof record. No graceful shutdown negotiation. Hard stop.
EU AI Act Article 14: Human Oversight

The Operator Obligation

Enterprise AI vendors satisfy their own processor obligations through their product's governance features. The EU AI Act places separate obligations on the operator -- the organization deploying AI agents. AGP defines what the operator's governance infrastructure must include, independent of which vendor's AI agents are deployed.

Implementation

AGP is vendor-neutral. Any execution layer can implement the three tiers. Agentomy provides the reference implementation with persistent hash-linked audit trails, 5-tier identity-based permission enforcement, and fleet-wide emergency halt tested at 500 concurrent agents.

For integration guidance, contact governance@agentomy.com.

Agentomy is a pre-revenue alpha. This specification reflects the current implementation, not an independently certified standard.

AGENTOMY · AGP Specification · © 2026 Agentomy Inc. · governance@agentomy.com