Quick check
Governance Readiness Matrix
Calculate your Governance Debt Ratio and identify your quadrant.
Frameworks
Operational frameworks for enterprise AI governance.
Free to read and cite with attribution to Sougata Roy and sougataroy.com. Do not republish, rebrand, or claim authorship of any framework, term, or model as your own.
Governance frameworks built from AI deployment inside regulated federal environments. Each framework addresses a gap that became visible during real deployment, not in theory.
Start here
Find your starting point.
Answer two questions. Land on the right place to begin.
The five stages, in order.
Governance works as a sequence. Name the problem, measure what exists, decide before go-live, govern after, keep the record.
- 015 concepts
Name the risk
Learn the problem language.
The concepts that make the governance failure visible.
- 023 frameworks
Diagnose
Measure what you already have before designing anything new.
Find the gap between deployed agents and approved records.
- 034 frameworks
Authorize
Decide and record what an agent may do before it goes live.
Create the decision structure before deployment.
- 042 frameworks
Operate
Govern drift, detection, and coverage after an agent is live.
Keep authorization current as systems change.
- 051 document
Keep the record
Turn the decision into the artifact an examiner reads.
Make the authorization evidence inspectable.
All five stages design one thing the operational governance stack assumes already exists: the authorization layer.
Core concepts
5 conceptsThe language of the governance problem.
Start here. These concepts name the failure patterns that make agent governance visible before the organization tries to control them.
Use this section to diagnose what kind of governance failure you are seeing. Then move to the frameworks section to choose the control that addresses it.
01
ConceptsThe Governance Debt
The accumulated accountability design work deferred while deploying AI at speed. It builds the moment a deployment goes live without authorization, a named owner, or a compliance review. It becomes visible when an examiner asks a question nobody can answer.
Explore concept
02
ConceptsIntent Gap
The unplanned divergence between what an organization genuinely intended an AI system to do and what it actually does in production. Not deliberate misrepresentation, the gap governance failed to detect before deployment.
Explore concept
03
ConceptsThe Accountability Assumption
The implicit belief that accountability for an AI agent's decisions resides with the vendor, the platform, or another team. It doesn't. And regulators have started saying so explicitly, regardless of what contracts say.
Explore concept
04
ConceptsAgent Sprawl
Three tiers of uncontrolled AI proliferation: employee shadow AI, organizational procurement without central visibility, and authorized agents with over-permissive operational scope. Each tier requires a different governance response.
Explore concept
05
ConceptsIntent Architecture
The organizational design layer that defines purpose, boundaries, and accountability before any agent goes live. The difference between a governance posture that holds under examination and one assembled under pressure after something goes wrong.
Explore concept
Operational frameworks
9 frameworksOperational control points for enterprise AI.
Use these when the organization needs a decision structure, an authorization record, or a repeatable governance process.
Use this section to select the control point: pre-deployment authorization, post-deployment response, ownership, reconciliation, or audit evidence.
Diagnose
Measure what already exists before you design anything new.
01
DiagnoseThe Governance Readiness Matrix
Agent count versus authorization coverage. Designed for environments where the agent inventory and the authorization record had never been compared.
Explore framework
02
DiagnoseThe Tenant Agent Reconciliation Framework
Five steps for reconciling what your tenant actually contains against what your organization formally approved. Built from environments where platform visibility and formal approval records did not match.
Explore framework
03
DiagnoseAgent Substrate Readiness Model
A two-tier diagnostic for regulated enterprises deploying AI agents across systems of record. Built from deployments where the substrate became governance infrastructure before it was ready.
Explore framework
Operate
Govern drift, detection, and coverage after an agent is live.
08
OperateThe Disposition Protocol
Six requirements that convert a signal into a formal governance decision. Built from environments where detection infrastructure was mature and decision infrastructure did not exist.
Explore framework
09
OperateThe Authorization Coverage Lifecycle
Three phases every organization moves through as its ratio of governed agents to total agents changes. Built from deployments where authorization coverage lagged behind agent growth.
Explore framework
Quick checks
6 reference cardsWorking-session reference cards.
One-page instruments for board reviews, team workshops, audit preparation, and fast governance triage.
Use this section when the question has moved from understanding to action. These are designed for meetings, workshops, and fast internal reviews.
Download PDF
Quick check
Intent Architecture Stack Checklist
Twelve governance items across three layers before any agent goes live.
Quick check
Governance Debt Calculator
Four steps from deployment count to ratio to remediation priority.
Quick check
Deployment Accountability Map
Three tiers. Map who owns what before the agent goes live.
Quick check
Tenant Agent Reconciliation Sprint
Five steps from M365 inventory to shadow agent count.
Quick check
Intent Gap Monitoring Check
Baseline, comparison, and trigger conditions for every agent in production.
Governance Documents
1 documentKeep the record
Turn the decisions into the artifact that survives audit.
Use this section when the governance decision needs to become evidence: who approved what, what the system may do, and who answers for it.
Agent Authorization Document
A formal record of agent purpose, approval boundaries, and accountable ownership. The governance artifact that frameworks require you to have before an agent goes live.
View documentWhite papers
1 paperLong-form research and argument.
Deeper publications for the accountability architecture behind enterprise AI governance.
Use this section when you need the full argument behind the framework system, not a quick operational artifact.
White Paper
Who Owns the Agent?
The Organizational Accountability Architecture That Existing Governance Frameworks Require But Do Not Implement at the Agent Level
v1.0 · May 2026
The Governance Gap newsletter
New frameworks published as the platform evolves.
Enterprise AI governance on the Microsoft stack. Built from primary sources. Every Tuesday.