Singapore launches first global Agentic AI governance framework

What is Agentic AI?

Agentic AI refers to systems that can plan, reason, and act across multiple steps to achieve objectives with minimal human intervention. Unlike generative AI, which produces outputs in response to prompts, agentic AI can initiate actions, adapt to new information, and interact with other agents or systems to complete tasks autonomously.

At the core of many agentic systems are language models that act as the central brain of the agent. These models interpret natural language instructions, devise strategies to achieve goals, and then activate connected tools such as calculators, calendars, and application interfaces. These tools enable the agent to perform tasks like updating records, processing payments, or controlling devices.

Agentic systems may be deterministic, producing consistent outputs for identical inputs, or non-deterministic, where results vary even with the same input. The latter introduces unpredictability, requiring stronger oversight and governance. In practice, agentic AI often involves multiple agents working in parallel, each specialising in a task, which increases efficiency but also compounds risks if errors cascade across the system

Risks of deploying Agentic AI

While risks such as hallucination and bias are already associated with AI, they can cause greater harm in an agentic AI context because errors may replicate across multiple outputs and processes.

The autonomous nature of agentic AI introduces several unique risk categories that organisations must address. The MGF identifies five categories:

• Erroneous actions: Agents may perform incorrect tasks, such as scheduling appointments on the wrong date, generating flawed code, or mismanaging inventory, leading to harmful or costly consequences.
• Unauthorised actions: Agents might act outside their permitted scope, for example executing transactions or making changes without the required human approval.
• Biased or unfair actions: Decisions made by agents can result in discriminatory or inequitable outcomes, such as biased hiring practices or unfair vendor selection.
• Data breaches: Sensitive information, including personal data or trade secrets, may be exposed or misused if agents fail to recognise confidentiality or are exploited by attackers.
• Disruption to connected systems: Malfunctions or compromises can destabilise linked systems, such as deleting critical codebases or overwhelming external platforms with excessive requests.

How the MGF addresses risks

1. Dimension 1: Assess and bound risks early

Because agentic AI systems are adaptive and capable of acting directly on their environment, organisations must evaluate whether a proposed use case is appropriate before deployment. Risk assessment should consider both the impact (severity if something goes wrong) and the likelihood (probability of error). Key factors include:

• Tolerance for error in the domain (for example, healthcare has a lower tolerance for error than marketing).
• Whether the agent can access sensitive or confidential data.
• The extent of its access to external systems and APIs.
• Whether the agent can only read data or also modify it.
• Reversibility of actions taken.
• Level of autonomy granted, as higher autonomy increases unpredictability.
• Complexity of the task, as multi-step reasoning raises the chance of mistakes.
• Exposure to external systems, which heightens vulnerability to cyberattacks or malicious prompts.

Once a suitable use case is identified, risks should be bounded through design. This includes limiting agents to the minimum tools and data required, enforcing standard operating procedures for workflows, and creating mechanisms to disable agents if they malfunction. Organisations should also implement agent identity management, assigning unique identities to each agent, linking them to accountable human supervisors, and ensuring permissions cannot exceed those of the human user.

2. Dimension 2: Human accountability

The framework makes clear that responsibility ultimately lies with the organisations and individuals overseeing agentic AI. Accountability should be distributed across teams:

• Leadership: Board members and department heads define goals, permitted use cases, and governance approaches.
• Product teams: Handle design, testing, and user education.
• Cybersecurity teams: Protect systems against threats and manage incident response.
• End-users of outputs: Ensure ethical use and compliance with organisational policies.
• Externally, accountability should be reinforced through contractual provisions with system providers, model developers, and tool vendors.

To ensure meaningful oversight, organisations should establish checkpoints requiring human approval before sensitive or irreversible actions (for example, payments, deletions, or unusual behaviour). Oversight should be audited regularly, with training to help humans recognise common failure modes and avoid automation bias.

3. Dimension 3: Technical controls across the lifecycle

Technical safeguards must be embedded at every stage:

• Development: Agents should be prompted to clarify instructions, restricted to essential tools, and designed with standardised communication protocols. Sandbox environments and whitelisted servers should be used to minimise risk.
• Pre-deployment: Agents must undergo rigorous testing for accuracy, compliance, tool usage, and resilience in edge cases. Testing should cover both individual agents and multi-agent workflows in realistic environments.
• Deployment and beyond: Roll out agents gradually, starting with lower-risk contexts and trained users. Continuous monitoring, logging, and failsafe mechanisms should be in place to detect and respond to unexpected behaviour.

4. Dimension 4: End-user responsibility

Organisations must empower end users to interact responsibly with agentic AI. Transparency is critical, which means users should be informed when they are engaging with an agent, what actions it can perform, what data it can access, and how to escalate issues.

For external users, such as customers, clear communication about limitations and human escalation points is essential; for internal users, such as employees integrating agents into workflows, training should cover best practices, oversight techniques, and common pitfalls. As agents take over routine tasks, organisations should ensure employees continue to develop and maintain core skills through training and exposure.

Conclusion

The MGF sets out clear parameters for the responsible use of agentic AI, offering organisations practical guidance to build trust in the deployment of advanced AI technologies. While the framework is not legally binding, it signals Singapore’s regulatory direction and establishes best practices that companies can adopt today.

Organisations should begin by reviewing their governance structures against the framework’s four dimensions, addressing any gaps, and strengthening policies and oversight mechanisms. As the MGF is designed to evolve, businesses should stay engaged with future updates and industry developments. For support in assessing the impact of this framework, including aligning vendor contracts, governance protocols, or user policies, please contact the authors or your usual Hogan Lovells representative.

Authored by Charmian Aw and Ciara O'Leary.