THE QUESTION I ASK EVERY BOARD NOW
Last month, I sat with a CIO who told me proudly that his company had “27 AI agents in production.” I asked him a simple follow-up: can you name all 27, tell me what each one is authorized to touch, and show me who signs off when one takes an irreversible action? He couldn’t. Neither could his CISO, who was in the room. That’s not a technology gap. That’s a governance gap, and it’s the exact gap Singapore just built a framework to close.
Most boards I sit in front of right now are debating AI governance in the abstract. What should our AI policy say. Should we wait for the EU AI Act to fully land. Do we need a dedicated AI committee. Meanwhile, their organizations are already running agents that book vendors, update records, and execute multi-step workflows with no human in the loop for most of it. I wrote about this exact disconnect in AI Agents Don’t Fail. Governance Does. The technology almost never breaks first. The governance around it does.
So what did Singapore actually publish? Singapore’s Infocomm Media Development Authority (IMDA) published the Model AI Governance Framework for Agentic AI, or the MGF, in January, at the World Economic Forum. It’s the first governance framework in the world built specifically for AI agents: systems that plan, reason, and act on their own, not the generative tools that simply answer a prompt, and I love it. The framework sets expectations across four areas: bounding what an agent is allowed to do, keeping a human meaningfully accountable, building technical controls into the agent’s lifecycle, and preparing the people who work alongside it. From here on, I’ll refer to it as the MGF.
I’ve spent the past several weeks working through it. Here’s my assessment: this is the reference document to build from right now, and most organizations aren’t ready for what it asks of them.
The MGF is voluntary. That shouldn’t comfort you. The MGF carries no legal penalty. Compliance is not mandated. But your regulator, your customers, and your existing legal exposure were never waiting for Singapore’s permission to hold you accountable when an agent does something wrong. A framework doesn’t need teeth to become the benchmark you get measured against after an incident. I made a similar argument in Strategy Without Governance Is Just Expensive Hope. The absence of a mandate has never protected a board from the absence of a plan.
The framework rests on four dimensions, and each one separates load-bearing governance from decorative governance in its own way.
Bounding the risk upfront. Before an agent ships, the MGF wants you to define what it’s allowed to touch: data access, tool access, the scope of any irreversible action. Decorative governance writes a policy that says “agents must operate within approved parameters.” Load-bearing governance writes down the actual parameters, in the platform, before a line of production code runs.
Meaningful human accountability. Autonomy scatters responsibility across developers, deployers, operators, and end users unless someone deliberately reassembles it. The MGF asks you to name checkpoints where a human must approve before the agent proceeds. Decorative governance says “a human is in the loop.” Load-bearing governance can tell you, by name, which human, at which checkpoint, with what authority to override. That’s the same accountability test I couldn’t get an answer to from that CIO.
Technical controls across the lifecycle. Testing before deployment, logging during operation, monitoring for what the framework calls cascading action risk: one bad decision triggering a chain of downstream ones. This is where I see the most theater, and it echoes something ISACA’s Richard Beck argued well in his piece on AI assurance vs. AI governance. Governance sets the rules. Assurance is the continuous evidence that the rules are being followed. A framework without ongoing assurance behind it is a rulebook nobody is checking against.
End-user responsibility. The framework closes the loop by putting some obligation on the people using these agents day to day: transparency about what the agent can do, training on its limits. This dimension gets skipped constantly because it’s the least glamorous. It’s also where a lot of real-world failures originate.
Here’s where I think most organizations will get this wrong. They’ll read the four dimensions, nod, and hand it to a working group to turn into a policy PDF. That’s the same mistake I see with every framework that arrives with this much clarity: the clarity gets mistaken for the finished work. The MGF is closer to an engineering brief than a compliance checklist. If your only output is a signed-off document and no controls sitting inside your agent platform, you have produced a well-organized piece of decoration.
HERE’S THE VERSION OF THIS I WALK CLIENTS THROUGH
A mid-size regional insurer I’ve advised built a claims-approval agent to speed up small, routine payouts: anything under $2,500, auto-approved, no adjuster involved. On paper, the risk-bounding was there. A written policy capped the agent’s authority at that dollar threshold. Six months in, a batch of claims tied to a single weather event pushed volume up sharply. Nobody had told the agent that volume, not just dollar amount, changes the risk profile. It kept approving individual claims under the cap correctly, one at a time, while the aggregate exposure from a single event quietly blew past what any human adjuster would have flagged for review. The policy was never violated. The governance still failed. That’s the distinction the MGF is trying to force: a control that only bounds one variable isn’t bounding the risk. It’s bounding the paperwork.
What makes this framework different from the generative AI guidance that came before it is the acknowledgment that agents behave differently in kind, not just in degree. A generative model gives you an answer you must act on. An agent acts. Singapore built its update around exactly that distinction, adding case studies and multi-agent coordination guidance, which tells you where this is headed. The single-agent dimensions in the original framework are already being extended to cover agents coordinating with other agents, which is where identity, auditability, and cross-agent accountability get genuinely hard.
I don’t think every organization outside Singapore needs to formally adopt the MGF. I do think every board governing agent deployment needs to be able to answer its four questions, in specific terms, for every agent currently in production. Most can’t yet. That’s not a Singapore problem. That’s a governance maturity problem the MGF just made impossible to ignore.
Final Thoughts
Voluntary frameworks become mandatory the moment something goes wrong. Build to the MGF’s standard now, not after an incident forces the comparison. Download the full framework here.
The four dimensions are a build specification, not a policy topic. If your response lives only in a document, you haven’t governed the agent.
Human accountability has to be a name, not a phrase. “A human reviews this” is not an answer. Who, and at which checkpoint, is.
Governance and assurance are not the same thing, and you need both. A framework tells you what to check. Assurance proves you’re checking it.
Test whether you can answer the four questions today, for every agent already in production. If you can’t, that’s your actual starting point, not the framework itself.
A thank you, and an ask.
Thank you for reading this far. If you’re already working through how these four dimensions apply inside your own organization, or you think I’ve gotten something wrong here, I’d genuinely like to hear it. Leave a comment or reach out directly. Conversations like that are what sharpen this thinking the most, and I appreciate every one of you who takes the time to engage.

