OPERATIONAL FRAMEWORKS

The Intent Architecture Stack

The three organizational layers every enterprise must design before any agent goes live. Containment is Layer 1. Almost no enterprise builds Layer 3.

Intent documented at deployment is not the same as intent maintained over time. The stack was built around that distinction because most governance failures are not authorization failures at launch. They are drift failures six months later when the original decision-makers are gone.

v1.0 · April 2026Sougata Roy, sougataroy.com

Free to read and cite with attribution to Sougata Roy and sougataroy.com. Do not republish, rebrand, or claim authorship of any framework, term, or model as your own.

Explore all frameworks

Intent Architecture Stack

v1.0

Three-layer governance model3 items

Layer 1

Context: The Environment

Layer 1 establishes the organizational context within which the a...

Layer 2

Intent: The Purpose

Layer 2 is the organizational record of what the agent was built...

Layer 3

Governance: The Accountability

Layer 3 establishes the organizational accountability structure t...

Version 1.0 - Published April 2026

The problem

Technical permissions do not prove organizational authorization.

Intent Architecture exists because most agent deployments can show what the platform allowed, but cannot show what the organization formally decided.

Use this section to locate the failure: the missing record that says what the agent was supposed to do before anyone reads the audit log.

Why this framework exists

Most organizations that deploy AI agents spend significant effort on what the agent can do technically and almost no effort on what the organization has formally decided it should do. Those are different questions. The first is answered by the platform. The second is answered by the organization, or not answered at all.

The gap between those two questions is where governance failures live. The Intent Gap is a governance design gap, not a behavioral detection gap. It opens before deployment, not after. It is the absence of a documented organizational decision about what the agent was authorized to do. When an AI agent produces a harmful output, the audit log shows what happened. It does not show what was supposed to happen. Without an authorization record, the log cannot be evaluated against any standard. The Intent Architecture Stack is the organizational design that creates that standard before deployment, not after something goes wrong.

Governance question

Before an AI agent is deployed in your environment, does your organization have a formal record of what it was authorized to do, who made that authorization, and under what conditions that authorization must be reviewed?

Editorial governance illustration showing technical permission, organizational authorization, and the intent gap between platform access and formal approval. — Intent gap
Access is capability. Authorization is intent.
The framework starts by separating what the platform allowed from what the organization formally approved before deployment.

The stack

Three layers. Three different accountability questions.

The Intent Architecture Stack has three organizational layers. Each one is a governance decision, not a technical configuration. All three must exist before an agent is considered authorized to operate. Most organizations build Layer 1 informally, build Layer 2 partially, and skip Layer 3 entirely until something forces the question.

Read from Layer 1 to Layer 3. Context defines what is permissible, intent defines what is authorized, and governance defines who answers for it.

Editorial governance illustration showing the three layers of the Intent Architecture Stack: context, intent, and governance. — Three-layer stack
Context informs intent. Governance makes it accountable.
The stack becomes complete only when the context document, intent document, and governance record form one traceable authorization record.

01Layer 1

Layer 1: Context: The Environment

Layer 1 establishes the organizational context within which the agent will operate. This layer must be completed before Layer 2 is written. The context determines what the intent can permissibly be.

Accountability test

Layer 1 is complete when the Context Document exists as a pre-deployment artifact, not as a post-hoc description.

02Layer 2

Layer 2: Intent: The Purpose

Layer 2 is the organizational record of what the agent was built to do, expressed in plain language that a compliance officer, a regulator, or a board member can evaluate without technical context. It is derived from the Context Document produced in Layer 1.

Accountability test

The test for Layer 2: can any stakeholder in your organization answer 'what is this agent authorized to do and who approved it' without consulting the original developers? If no, Layer 2 does not exist for that agent.

03Layer 3

Layer 3: Governance: The Accountability

Layer 3 establishes the organizational accountability structure that governs the agent throughout its operational life. This is where the Intent Architecture Stack operationalizes what NIST AI RMF's GOVERN function, EU AI Act Article 26, and the CSA Agentic Profile require at the agent level.

Accountability test

Layer 3 is complete only when all three sub-components are documented as pre-deployment artifacts and the Consequence Owner has confirmed their role in writing.

Layer breakdown

What each layer must contain before deployment.

The stack is not a metaphor. Each layer has named artifacts, required fields, and a test for whether the organization has actually built it.

Use the breakdown as a pre-deployment review sequence. A missing field is a governance finding, not a formatting issue.

Layer 1

Layer 1: Context: The Environment

Layer 1 establishes the organizational context within which the agent will operate. This layer must be completed before Layer 2 is written. The context determines what the intent can permissibly be.

Use this layer as a document test: if the organization cannot produce the artifact named here before deployment, the layer is not complete.

REGULATORY ENVIRONMENT

Define regulatory obligations before defining intent. Map the regulatory frameworks applicable to your industry, identify specific obligations triggered by the agent's data access and decision scope, and document which regulatory bodies have examination authority over the deployment context.

STAKEHOLDERS AND DATA

Identify every stakeholder group affected by the agent's outputs and every data touchpoint the agent can reach. This includes upstream data sources the agent reads, downstream systems the agent can trigger, and individuals or groups whose data the agent processes.

SYSTEM INTEGRATIONS

Map all downstream system triggers and integration points to define the full technical scope. An agent that appears limited by its interface may still have significant reach through the systems it can invoke. The scope of system integration determines the outer boundary that Layer 2 must address.

Present when

Organization can produce a Context Document, prepared before the Intent Document was written, naming applicable regulatory obligations, affected stakeholder groups, and every downstream system the agent can trigger or access.

Absent when

Regulatory environment, stakeholder impact, and system scope were assumed rather than documented before intent was defined.

Control point

Layer 1 is complete when the Context Document exists as a pre-deployment artifact, not as a post-hoc description.

Layer 2

Layer 2: Intent: The Purpose

Use this layer as a document test: if the organization cannot produce the artifact named here before deployment, the layer is not complete.

PURPOSE STATEMENT

Write the agent's purpose in one plain-language sentence that states what problem the agent solves and what workflow it supports. Not a technical description. Not a feature list. A statement of organizationally authorized intent: 'This agent reviews contract documents for non-standard clauses and flags them for legal review before signature.'

AUTHORIZED SCOPE

Define explicitly what the agent is permitted to do and what it is explicitly prohibited from doing. The prohibitions field is not optional. An authorization record without explicit prohibitions is incomplete. The scope must be expressed in terms of actions, data access, and system boundaries - not in terms of model capabilities.

EXPECTED OUTPUTS

Specify what correct agent behavior looks like and define the triggers for human review. Expected output format, expected output frequency, and the conditions under which the output must be reviewed by a human before being acted upon.

Present when

A written Intent Document exists with all three components - Purpose Statement, Authorized Scope with explicit prohibitions, and Expected Outputs - prepared before production deployment.

Absent when

The agent's intent is implied by its configuration with no pre-deployment written statement.

Control point

Layer 3

Layer 3: Governance: The Accountability

Use this layer as a document test: if the organization cannot produce the artifact named here before deployment, the layer is not complete.

Editorial governance illustration showing a Layer 3 governance record with consequence owner, review cadence, event triggers, escalation path, and production boundary. — Layer 3 visual
Governance names who answers when the agent operates
Layer 3 is complete only when ownership, review cadence, escalation path, and owner confirmation exist before production use.

ACCOUNTABLE OWNER

Assign a named Consequence Owner responsible for board-level accountability and incident escalation decisions. The Consequence Owner is nested within the organization's existing formal accountability structure - three-lines-of-defense, senior management function, risk committee, or equivalent. This person is accountable for governance decisions, not necessarily first-line incident response. The role maps to the Sponsor field in Microsoft Entra Agent ID but is not satisfied by populating that field alone. The organizational accountability structure must be documented separately.

REVIEW CADENCE

Define a recurring review schedule and a set of event-based triggers that require re-authorization. The calendar cadence must be defined before deployment. Event triggers include: change in the agent's data access scope, change in applicable regulatory requirements, change in the named Consequence Owner, and any security incident involving the agent. An authorization record without a review date is an artifact, not governance.

ESCALATION PATH

Write the escalation path before the first incident. The path must name specific contacts and sequences, specify the conditions that trigger escalation at each level, and be executable by someone other than the original developer. If the Consequence Owner cannot describe how to stop the agent and who to call without consulting the builder, the Escalation Path does not exist.

Present when

A named Consequence Owner with board-level accountability nested in formal accountability structure, a defined Review Cadence with calendar date and event triggers, and a written Escalation Path with named contacts - all documented before production deployment.

Absent when

Sponsor fields are populated in the platform but no written organizational accountability structure exists outside the platform configuration.

Control point

Layer 3 is complete only when all three sub-components are documented as pre-deployment artifacts and the Consequence Owner has confirmed their role in writing.

Template download

Documentation Template

The full three-layer documentation template covering Context, Intent, and Governance. Complete one per agent before deployment.

Intent Architecture Stack Documentation Template · v1.0 · May 2026 · Sougata Roy, sougataroy.com

Download DOCX Download PDF

Primary sources

The research basis for the stack.

The framework is grounded in the current shift from platform capability to organizational accountability for agent behavior.

Use these references to support the governance case internally and to connect the framework to external authority.

nccoe.nist.gov

Source: NIST National Cybersecurity Center of Excellence, "Accelerating the Adoption of Software and AI Agent Identity and Authorization," February 5, 2026.

View source

paloaltonetworks.com/cyberpedia/what-is-agentic-ai-governance

Source: Palo Alto Networks, "A Complete Guide to Agentic AI Governance," February 24, 2026.

View source

techcommunity.microsoft.com

Source: Microsoft Tech Community, "Governing AI Agent Behavior: Aligning User, Developer, Role, and Organizational Intent," March 2026.

View source

Connected frameworks

Where the stack connects to operating controls.

Intent Architecture gives the authorization record its structure. These adjacent frameworks extend that record into ownership, lifecycle coverage, and orchestration.

Use these cards when the question moves from a single agent's authorization record to ownership, change over time, or multi-agent delegation.

Connected framework