From Governance Norms to Enforceable Controls: A Layered Translation Method for Runtime Guardrails in Agentic AI
Christopher Koch
TL;DR
This paper introduces a layered translation method linking governance standards to runtime controls in agentic AI, enabling effective enforcement of safety guardrails during AI operation.
Contribution
It proposes a novel layered approach that connects governance objectives to technical controls and runtime enforcement, demonstrated through a procurement-agent case study.
Findings
The method clarifies the relationship between governance standards and runtime controls.
It defines a control tuple and a runtime-enforceability rubric for control layer assignment.
The case study illustrates practical application in a procurement-agent scenario.
Abstract
Agentic AI systems plan, use tools, maintain state, and produce multi-step trajectories with external effects. Those properties create a governance problem that differs materially from single-turn generative AI: important risks emerge dur- ing execution, not only at model development or deployment time. Governance standards such as ISO/IEC 42001, ISO/IEC 23894, ISO/IEC 42005, ISO/IEC 5338, ISO/IEC 38507, and the NIST AI Risk Management Framework are therefore highly relevant to agentic AI, but they do not by themselves yield implementable runtime guardrails. This paper proposes a layered translation method that connects standards-derived governance objectives to four control layers: governance objectives, design- time constraints, runtime mediation, and assurance feedback. It distinguishes governance objectives, technical controls, runtime guardrails, and assurance evidence; introduces…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.