Hael
Sign inRequest a demo
PRODUCT · AGENT GOVERNANCE

Govern AI agents, not just models.

Each agent is a first-class registry record — purpose, owner, foundation model, the tools it can use and the actions it must not take. Risk is classified against the same frameworks as your systems, and behaviour is reviewed against the audit trail.

hael.app / agents / AG-0027
Agent record — Disputes triage agent
Registered alongside systems. Allowed-behaviour scope is explicit.
Agent ID
AG-0027
Purpose
Triage inbound disputes; draft response; route to human.
Owner
Lara Mendes — Head of Disputes
Foundation
Acme AI v4.2 (provider)
Allowed tools
case_lookup · policy_search · draft_response
Out of scope
issue refund · close case · contact customer directly
Risk tier
Limited-risk (EU AI Act) · in scope ISO/IEC 42001
Lifecycle
Live · v1.4 · last review 02 Jun 2026
Audit trail — last 24h
· 412 cases triaged · 0 out-of-scope tool calls
· 37 drafts routed to human review (low-confidence)
· 1 review flag raised by owner · investigation open
THE PROBLEM

Agents act. Static governance does not.

An agent is not a model. It takes actions, calls tools, reads and writes systems of record, and produces outcomes that affect customers — often under the impression that the underlying model risk assessment 'covers' it. It does not.

Governing agents starts with treating each one as a registered entity in its own right: purpose, owner, allowed scope, and a behaviour record that owners and auditors can review.

HOW IT WORKS

Register, scope, classify, review.

Hael registers agents alongside systems, captures the allowed-behaviour scope explicitly, classifies them against the frameworks they touch, and gives owners the audit trail needed to attest to behaviour.

01
Register the agent
Each agent is a registry record: purpose, owner, foundation model and provider, deployment context, lifecycle stage.
02
Declare the allowed-behaviour scope
Tools the agent may use, actions it may take, data it may read or write, and the explicit out-of-scope actions — captured on the record, versioned, owner-attested.
03
Classify against the frameworks
Agents are classified the same way systems are — EU AI Act tier, ISO/IEC 42001 scope, GDPR Article 22 applicability, US state laws where relevant.
04
Review behaviour against the trail
The agent's behaviour record — actions taken, tools called, outcomes — is reviewed against the registered scope; deviations surface for owner investigation and resolution.
THE SYSTEM-OF-RECORD SPINE

Agents are registry records. Everything else derives from there.

The registry is the source. Agents sit in it alongside systems — and the classifications, documents, questionnaire answers and trust-page entries that describe them all derive from the same record.

Registry
Each agent is a first-class record — same lifecycle, ownership and review cadence as systems.
Classification
Agents are classified against EU AI Act, ISO/IEC 42001, GDPR Article 22 and applicable US laws, using the same engine that classifies systems.
Documentation
Agent-specific artefacts — behaviour specification, scope declaration, model card — are generated from the registry record.
Questionnaire answers
Buyer questions about agentic AI are answered from the agent record — purpose, scope, owner, audit-trail availability.
Trust page
Registered agents appear on the trust page with their tier and named owner, NDA-gated evidence behind them.
Monitoring
Scope changes — new tools, new actions — are flagged and routed to the owner for review and re-attestation.
REGISTER AND GOVERN

Scope is declared. Behaviour is reviewed against the trail.

Hael governs agents the way it governs systems — by making them registered, scoped and accountable. Owners attest to the declared scope; behaviour is reviewed against the audit trail; deviations are investigated. Agentic AI becomes governable because it is, on the record.

Registered
Each agent is a first-class registry record — purpose, owner, foundation model, tools, scope.
Scoped
The allowed-behaviour set is declared on the record — what the agent may and may not do.
Classified
Agents are classified against the same frameworks as systems — EU AI Act, ISO/IEC 42001, GDPR.
Reviewed
Behaviour is reviewed against the audit trail; owners attest, deviations surface for investigation.
Register and govern · scope is declared, behaviour is reviewed
AGENT GOVERNANCE

Bring an agent. Register it, scope it, classify it.

Bring one of your live agents to the call. We'll register it, capture its allowed-behaviour scope, classify it against the frameworks it touches, and show how its behaviour record is reviewed.