An AI governance framework you can actually run
NIST AI RMF and ISO 42001 say what good AI governance looks like. Here is how to run it for agents that act — mapped to controls a platform can enforce.
By Dmitrii SelikhovFounderReviewed by Planoda
Key takeaways
- Frameworks like NIST AI RMF and ISO/IEC 42001 define the 'what' of AI governance; the hard part is the 'how' for agents that take real action on production data, not models that only produce text.
- Governance splits into four operational controls: what an agent may do (scope), what it must get approved (gating), what it did (audit), and what it cost (metering) — four questions a platform can actually enforce.
- Per-action approval maps to the frameworks' manage-and-measure functions better than per-agent quotas, because you review the consequential change in context rather than trusting a role decided up front.
- An immutable audit trail is the evidence layer every framework assumes — governance you can't reconstruct after the fact isn't governance, it's a policy you hoped was followed.
- EU AI Act enforcement ramping through 2026 turns these controls from best practice into a procurement requirement that buyers and auditors will ask you to demonstrate.
- Map each control to a concrete platform capability so governance is enforced by the system by default, not by a policy PDF that nobody reads until after the incident.
Ask a room of teams whether they need AI governance and every hand goes up. Ask how they run it and the hands come down. The frameworks — NIST's AI Risk Management Framework, ISO/IEC 42001 — are genuinely good at describing what governance should achieve. Where teams stall is the translation from a framework's functions into buttons, gates, and logs that actually constrain an agent acting on live data. This is a practical mapping from the 'what' to the 'how.'
What the frameworks actually ask for
Strip the frameworks to their spine and they agree. NIST AI RMF organizes governance into functions — govern, map, measure, manage — that boil down to: know your risks, watch them, and be able to act on them. ISO/IEC 42001 wraps the same idea in a management-system shape: documented responsibilities, controls, and evidence you're following them. Neither prescribes a product. Both assume you can answer, at any moment, what your AI is permitted to do and prove what it did. For agents that take action, that assumption is the whole game.
Four controls that operationalize it
The framework functions become four concrete controls once an agent can change data. Scope: what an agent may do at all. Gate: which of its actions require human approval. Audit: an immutable record of what it actually did. Meter: what its actions cost. Those four — scope, gate, audit, meter — are the operational surface of everything the frameworks ask for, and unlike a policy document they're enforceable. This is the same architecture behind propose-and-approve agent governance: governance as runtime properties, not intentions.
Per-action beats per-agent
A common shortcut is to govern by agent — grant a role its permissions once and let it run. That maps poorly to the frameworks' manage-and-measure functions, because it trusts a role in the abstract and never looks again. Per-action approval fits far better: you review the individual consequential change in context, which is exactly the kind of ongoing measurement the frameworks want. It's the difference between vetting an employee once and approving each large wire transfer — the agents-propose, humans-approve model is the enforceable version of 'human oversight.'
The audit trail is the evidence layer
Every framework assumes you can reconstruct what happened, which makes an immutable audit trail the load-bearing control. If an agent's actions — and the approvals behind them — aren't recorded in a tamper-evident log, you can assert good governance but you can't demonstrate it, and 'trust us' is not an audit posture. The trail is what converts a governance policy from a hope into a provable fact, which is why it deserves its own deep treatment in audit trails for AI agents.
Why 2026 makes this non-optional
This stopped being purely voluntary. The EU AI Act is phasing in through 2026, and its transparency and human-oversight obligations push consequential automated actions toward being reviewable and attributable by default. In practice that means buyers and auditors will start asking you to show your controls, not describe your intentions. The regulatory backdrop is covered in agent governance and the EU AI Act; the short version is that the four controls are becoming a procurement checklist.
Enforce it in the system, not a PDF
The failure mode of governance is a beautiful policy document nobody consults until after an incident. Map each control to a platform capability instead — scope to capability limits, gate to a propose-approve broker, audit to an immutable log, meter to a cost ledger — so agent governance is the default behavior of the system rather than a rule people are supposed to remember. Start from the security pillar and wire the framework into the runtime, where it can actually hold.
Sources
- AI Risk Management Framework — NIST
- ISO/IEC 42001:2023 — AI management systems — ISO
- EU AI Act — EU AI Act explorer