Getty Images

Tip

How governance as code controls AI agent risk

As more stringent EU AI Act requirements take effect, enterprises need runtime guardrails that control autonomous agents' actions, govern data access and preserve audit evidence.

As enterprises integrate AI agents into business workflows, governance built around manual reviews and policy documents is no longer sufficient to control decisions made at machine speed.

Enterprise governance programs were originally all built around workflows with a human in the loop to approve decisions.  Agentic AI is very different and will not wait for a weekly review cycle or a policy sign-off email. It calls tools, accesses data and triggers downstream systems in milliseconds. It reaches across every business process without asking a human for permission.

Turning agentic AI activity into an auditable, enforceable policy is difficult because governance must happen before, during and after execution. A policy that requires agents to log every action only matters if the platform captures those events, routes exceptions for review and produces an audit trail for regulators. For many enterprises, that control layer is not yet in place.

There is some urgency to getting that system in place. Many new EU AI Act provisions take effect Aug. 2, 2026, including requirements for high-risk AI systems involving risk management, data governance, recordkeeping and human oversight.

Regulatory pressure and investment trends point in the same direction. Forrester projects spending on off-the-shelf AI governance software will reach $15.8 billion by 2030, a more than fourfold increase from 2024.

How governance as code turns AI policy into controls

The most basic form of AI governance in many organizations is an acceptable use policy that outlines how and where the technology can be used.

That type of policy is useful, but it needs some way to enforce it. Without a system that checks agent behavior at runtime, policies are merely documents rather than control mechanisms. Organizations need a deterministic system that programmatically defines approved behavior and enforces it.

The "as-code" movement addressed this scenario a decade ago, starting with infrastructure as code (IaC). Instead of configuring servers manually, teams expressed the desired state in code, stored it in version control and used automation to apply it continuously.

The as-code approach typically involves a machine-readable language and a platform for deployment and enforcement.

Governance as code (GaC) uses this framework and applies its policies for governance.

In practice, GaC expresses a governance rule in a machine-readable format, such as Rego, the language used by Open Policy Agent, and deploys it at the agent's tool-calling layer. The policy engine evaluates requests before execution to determine if they comply with the policy.

Every decision, whether allowed or denied, can create a structured, time-stamped log entry that supports the record-keeping requirements of Article 12 for high-risk AI systems in the EU AI Act.

What GaC can enforce for AI agents

GaC codifies policy and applies controls at runtime. For AI agents, common areas to enforce include:

  • Agent permissions. Policies can ensure the agent conforms to the principle of least privilege (POLP) to limit risk.
  • Data access. Policies can define access to approved datasets, block sensitive data and apply environment-based restrictions.
  • Human review triggers. GaC policy can route high-impact -- for example, in financial, legal or customer-facing areas -- or exception handling actions that cross a policy boundary for human review before execution.
  • Logging and lineage. Auditability is a key use case for GaC, enabling automated, time-stamped records of every action for full traceability.
  • Documentation. GaC can produce system cards and change records derived from policy decisions to automatically track which governance rules apply and how the system is configured.
  • Control reviews. GaC can schedule regular reassessments of controls to confirm alignment.

Where GaC needs help from a human

While GaC has strong capabilities, several EU AI Act obligations require human judgment that a policy engine cannot supply.

  • Risk classification. Whether an AI agent is a high-risk system is not something automated governance can decide. Under Article 6 of the EU AI Act, the classification depends on human judgment to decide the system's intended purpose and operational environment.
  • Fundamental rights impact assessments. Under Article 27 of the EU AI Act, certain deployers must assess ethical trade-offs and organizational accountability that an automated system cannot replicate.
  • Human oversight. Qualified people must be able to understand the system, intervene in its operation and halt it to meet the EU AI Act's human oversight requirement in Article 14. Legal interpretation, ethics review, business risk tolerance and final compliance decisions remain organizational responsibilities that GaC cannot assume.

What leaders should evaluate

Within those limits, the matrix maps each control area to what GaC can enforce and what people still must decide.

Dig Deeper on Data governance