Hael
Sign inRequest a demo
AI Governance · Building a programme

How to govern AI agents, not just models

Updated 30 June 2026 · 6 min read
Key takeaway
AI agents, systems that take actions rather than just producing predictions or content, raise governance challenges that model-focused governance does not fully address. An agent can call tools, make changes, and pursue goals across multiple steps, which means its potential impact is broader and harder to predict. Governing AI agents requires extending governance from what a model outputs to what an agent is permitted to do, how it is overseen, and how its actions are traced and accounted for.
  • AI agents act rather than just predict, which broadens their potential impact and changes the risk profile.
  • The foundational control is permissions: tightly defining and constraining what an agent can do.
  • Maintain meaningful human oversight and ensure action-level traceability so agents are not black boxes.
  • Assign clear human accountability and keep agents within one coherent governance practice, not a separate track.
  • Current as of June 2026. This is general information, not legal advice.

Why agents are different

A traditional AI model makes a prediction or generates content, and a human or system decides what to do with that output. An AI agent goes further: it can act, taking steps, using tools, and making changes in pursuit of a goal, sometimes across many steps with limited human intervention. This shift from advising to acting changes the risk profile. An agent's mistakes are not just wrong answers; they can be wrong actions with real consequences. Governance has to account for this.

Govern what the agent can do

The foundation of agent governance is permissions: defining and constraining what an agent is allowed to do. Just as you would not give a person unlimited access, an agent should operate within clear boundaries, what systems it can touch, what actions it can take, what limits apply. Governing the agent's permissions, and keeping them as tight as its purpose allows, is the single most important control, because it bounds the potential impact of anything going wrong.

Maintain meaningful human oversight

Agents can act quickly and autonomously, which makes human oversight both harder and more important. Good governance ensures there are meaningful points of human control: approvals for consequential actions, the ability to monitor what an agent is doing, and the ability to intervene or stop it. Oversight that cannot keep pace with the agent, or that exists only nominally, is a serious gap. The design should make real oversight possible.

Ensure traceability

Because an agent takes multiple actions, often across systems, traceability is essential. Governance should ensure an agent's actions are logged in enough detail to reconstruct what it did and why. This matters for detecting problems, for accountability, and for the after-the-fact review that any consequential action deserves. Without traceability, an agent is a black box that acts, which is the opposite of governable.

Assign clear accountability

Agents do not absorb accountability; people do. Governance must assign clear human accountability for each agent: who owns it, who is responsible for its actions, who decides its permissions and reviews its behaviour. The autonomy of an agent makes this more important, not less, because the chain from human decision to agent action must remain clear even when the agent operates with limited supervision.

Connect agents to your wider governance

Agents should sit within your overall AI governance, not in a separate track. They belong in your AI inventory, classified by risk, with controls, oversight, and evidence like any other AI system, plus the agent-specific concerns of permissions and action-level traceability. Keeping agents within one coherent governance practice, with the same connected record per system, is what lets you govern them alongside your models rather than treating agentic AI as an ungoverned exception. As agents become more capable and more common, governing them well becomes a defining test of an organisation's AI governance.

Key terms

AI agent
An AI system that takes actions to pursue goals, often across multiple steps and tools.
Permissions
The defined boundaries of what an agent is allowed to do.
Traceability
Logging of an agent's actions in enough detail to reconstruct what it did and why.
Accountability
Clear human responsibility for an agent and its actions.

References

Related guides

Keep reading on AI Governance.

Free check

See where you stand on AI Governance, free.

Answer a few questions and get an indicative view of what AI Governance expects of your AI systems and where you stand today — no sign-up to see your result.

Indicative, not legal advice.
AI Governance · indicative readiness
HAEL FREE TOOL
Applicability
Applies to your AI use
What's expected
Risk classification · governance · documentation · oversight
Where you stand
Banded result · pointed to the gaps that matter most
Result
On-screen, free · optional PDF
Pre-scoped to AI Governance~ 5 MIN