WHITE PAPER · FRAMEWORK RESEARCH
The Organizational Accountability Architecture That Existing Governance Frameworks Require But Do Not Implement at the Agent Level
Who it is for
CISO AND CTO
You need to answer the board's accountability question before the next agentic AI deployment. This paper gives you the three-layer governance architecture that makes that answer possible, built before the incident, not assembled under pressure during it.
SECURITY ARCHITECT
You need an organizational design framework to work against, not a policy checklist. This paper gives you a diagnostic, a risk proportionality model, and a pre-deployment gate you can enforce.
BOARD MEMBER
You need to understand what governance evidence you should be asking for. This paper shows you the three documents any board should be able to request for any deployed AI agent, and what it means when they cannot be produced.
The governance question
The meeting had been going for forty minutes when the board chair held up a printout and asked a simple question. Three weeks earlier, the organization's AI agent had sent a draft contract amendment to an external counterparty. The agent had been configured to draft, not to send. The version it sent was not the current version.
The compliance team had logs. The security team had the audit record. The IT team had the agent configuration file. What none of them had was a document written before the incident that answered the chair's question: who in this organization authorized that agent to act, and how is that authorization documented?
Logging tells you what happened. It does not tell you who was responsible. Those are two different questions, and only one of them survives a board meeting.
Board question
Before any AI agent is deployed in your environment, does your organization have a formal record of what it was authorized to do, who made that authorization, and under what conditions that authorization must be reviewed?
White paper structure
Eight named incidents. The gap between auditability and accountability.
NIST AI RMF, EU AI Act, ISO 42001, CSA Agentic Profile, Microsoft. What each requires. What none of them specify.
Three layers. Context, Intent, and Governance. Each layer produces a document. Together they answer the board question.
Fifteen quick-scan questions. A full practitioner diagnostic for each layer. Designed for a 90-minute working session with the business unit that owns the agent.
Not every agent needs the same documentation depth. Three risk tiers. A complete Tier 2 Intent Document template.
OCC, FINRA, Federal Reserve, FINMA. Includes Revised Guidance on Model Risk Management, SR 26-2, where Footnote 3 excludes agentic AI from scope while directing institutions to apply existing governance practices to tools and systems outside the guidance's scope.
Three stages. Accumulation, Recognition, Resolution. IBM's $670K shadow AI breach cost figure (IBM Cost of a Data Breach Report 2025, ibm.com/reports/data-breach). The Agent Sprawl three-tier structure.
Microsoft Entra Agent ID, Purview, Agent 365, Copilot Studio. EchoLeak (CVE-2025-32711, CVSS 9.3, patched June 2025) and RoguePilot mapped to the Intent Architecture Stack. The specific vulnerabilities are resolved. The structural attack surface they revealed — agents with access broader than their authorized scope — is not.
The three-layer documentation set. What each document must contain. The governance test each must pass.
A Stage 3 organization in operational terms. The one test a mature governance program passes without preparation.
FAQ
The Intent Architecture Stack is a three-layer organizational design framework that specifies how to build accountability into an AI agent's governance record before it goes live. Layer 1, Context, maps the regulatory environment, affected stakeholders, and system integrations before intent is defined. Layer 2, Intent, documents the agent's authorized purpose, explicit prohibitions, and expected outputs. Layer 3, Governance, names the Consequence Owner, defines the review cadence, and establishes the escalation path. Together, the three layers produce the documentation set that answers the board's accountability question from a record that predates any incident.
Auditability means the organization can reconstruct what happened, including which agent took which action, when, and on what data. Accountability means the organization can identify, from a document written before the incident, who authorized the agent's action scope, who owns the consequence, and what organizational structure connects those two things. An organization can have complete auditability and zero accountability simultaneously. The logs show every action the agent took. The board asks who authorized those actions. Those are different questions, and only one survives a board meeting.
NIST AI RMF, the EU AI Act, ISO 42001, CSA Agentic Trust Framework, and SR 26-2 all point back to organizational governance. SR 26-2 Footnote 3 explicitly excludes generative AI and agentic AI from its model risk management scope as novel and rapidly evolving, while directing institutions to apply existing governance practices to tools and systems outside the guidance's scope. None of these frameworks specify the organizational design that makes accountability operational at the individual agent level. The Intent Architecture Stack is offered as one implementation pattern for that gap.
A Consequence Owner is the named individual who has formally accepted accountability for an AI agent's behavior before the agent enters production. They are not the developer who built the agent or the IT team that approved the integration. They are the business owner, the person who can answer "yes, this agent should exist and here is why" if a regulator or board member calls. Their name is in the authorization record. That record predates the agent's first live action. A populated sponsor field in a platform registry is not this designation. It is the platform record that points to the governance documentation. The documentation is what gives the platform record its organizational meaning.
Vocabulary
CONCEPTS
The organizational design layer that defines what an AI agent is authorized to do, who authorized it, and what happens when it acts outside those boundaries. Built before deployment. The Intent Architecture Stack is the operational framework that implements this concept.
Explore the frameworkCONCEPTS
The unplanned divergence between what an organization genuinely intended an AI system to do and what it actually does in production. It is not a deployment failure. It is a monitoring failure.
Explore the conceptCONCEPTS
The accumulated accountability design work deferred while deploying AI at speed. It builds the moment a deployment goes live without authorization, a named owner, or a compliance review.
Explore the conceptCONCEPTS
The implicit belief that accountability for an AI agent's decisions resides with the vendor, the platform, or another team. Regulators have started saying explicitly that vendor terms of service are not a defense.
Explore the conceptCONCEPTS
The proliferation of AI agents without corresponding governance architecture. It operates across three tiers, each requiring a different governance response.
Explore the conceptGET THE PAPER
Free to read and cite with attribution to Sougata Roy and sougataroy.com. No gate. No form.
The Intent Architecture Stack · Framework White Paper v1.0 · May 2026
Ten sections. A complete diagnostic for all three governance layers. A Tier 2 Intent Document template. Named incident analysis across Air Canada, Meta, Upstart Holdings, Microsoft, AWS, and six others. Every statistic cited to a named primary source with a publication date.
PDF · Framework white paper · 10 sections · Full diagnostic · Intent Document template
Not legal advice. Views are my own.
Roy, S. (2026). Who Owns the Agent? The Intent Architecture Stack (Framework White Paper v1.0). sougataroy.com. https://doi.org/10.5281/zenodo.20481551
Related frameworks
Three organizational layers every enterprise must design before any agent goes live. The framework that implements the concepts in this paper.
Open frameworkAgent count versus authorization coverage. The matrix that places your organization in one of four quadrants and makes the governance gap calculable.
Open frameworkThree tiers. One deployment. A map of who owns what across the provider, the platform, and the deploying organization.
Open frameworkThree stages every organization moves through as its Governance Debt ratio changes. The lifecycle the paper's Stage 1/2/3 model describes.
Open frameworkFive steps for establishing the actual count of AI agents operating in your environment. The first step toward closing the governance gap.
Open framework