Researchers have proposed a "layered translation method" that converts high-level AI governance standards into enforceable runtime controls for agentic AI systems — the class of AI that plans, uses tools, and takes multi-step actions with real-world consequences.
The paper, published on ArXiv and authored under the CS.AI category, targets a problem that has grown more pressing as AI agents move from research settings into production environments. Standards bodies including ISO/IEC and NIST have produced governance frameworks — among them ISO/IEC 42001, ISO/IEC 23894, ISO/IEC 42005, ISO/IEC 5338, ISO/IEC 38507, and the NIST AI Risk Management Framework — but according to the authors, these do not translate directly into the kind of technical controls that can intervene during execution.
Why Agentic AI Breaks Traditional Governance Models
Most AI governance thinking developed around single-turn systems: a user inputs a prompt, a model returns a response, a human reviews the output. Agentic AI changes that dynamic fundamentally. These systems maintain state across interactions, call external tools, and produce chains of actions that can affect the real world before any human reviews them.
The authors argue this shift means risk no longer concentrates at model development or initial deployment. Instead, critical failure modes emerge during execution — when an agent is mid-task, potentially irreversibly committed to a course of action. Governance frameworks designed for static models are not equipped to catch these in-flight problems.
Standards should guide control placement across architecture, runtime policy, human escalation, and audit — while runtime guardrails are reserved for controls that are observable, determinate, and time-sensitive enough to justify execution-time intervention.
Four Layers, One Translation Method
The paper's proposed method organises controls into four distinct layers: governance objectives, design-time constraints, runtime mediation, and assurance feedback. Each layer serves a different function and operates on a different timescale.
Governance objectives capture the high-level intent derived from standards — for example, that a system must not exceed its authorised scope of action. Design-time constraints embed those objectives into the system's architecture before deployment. Runtime mediation is where live guardrails operate, intercepting agent actions as they happen. Assurance feedback closes the loop by generating evidence that controls are working as intended.
A key contribution is what the authors call a "control tuple and runtime-enforceability rubric" — a structured test for deciding which layer a given control belongs to. The rubric asks whether a control is observable in real time, whether its outcome is determinate (meaning the system can reliably detect a violation), and whether it is time-sensitive enough to require immediate intervention rather than post-hoc review. Only controls that meet all three criteria belong at the runtime layer.
A Procurement Agent Puts the Method to Work
To demonstrate the framework, the authors apply it to a procurement-agent case study — an AI system authorised to search suppliers, compare prices, and potentially commit to purchases on behalf of an organisation. This scenario is realistic and carries tangible financial and legal risk, making it a useful test bed.
The case study illustrates how a governance objective such as "spend authorisation must not exceed delegated limits" moves through the four layers. At the governance layer, it is a policy statement. At the design layer, it becomes a hard-coded ceiling on transaction values. At the runtime layer, it becomes an active check that fires before any purchase commitment is transmitted. At the assurance layer, every triggered check generates a log entry that auditors can review.
This layered decomposition, according to the paper, prevents the common failure mode where a governance requirement exists on paper but has no corresponding technical enforcement mechanism.
Addressing the Gap Between Policy and Engineering
One of the paper's underlying arguments is that AI governance currently suffers from a translation problem. Policy teams and standards bodies produce requirements in natural language. Engineering teams build systems in code. Between those two worlds, requirements frequently get lost, diluted, or misinterpreted.
The layered method is explicitly designed to serve as a bridge across that gap — giving governance professionals a vocabulary for specifying where controls should live, and giving engineers a structural framework for implementing them. The authors describe their central claim as "modest": they are not proposing new safety techniques, but rather a method for ensuring that existing governance intent reaches the right point in a system's architecture.
The paper does not present empirical benchmark results — it is a methods and frameworks contribution, and all claims are the authors' own analysis rather than independently verified performance data.
What This Means
For organisations deploying agentic AI in consequential settings — finance, procurement, healthcare administration — this framework offers a concrete method for closing the gap between governance documentation and the technical controls that actually constrain system behaviour at runtime.