IMDA Model AI Governance Framework for Agentic AI

Applies To

Overview

This framework addresses the distinct governance challenges posed by agentic AI systems, which can plan, execute multi-step tasks, and interact with external services with varying degrees of autonomy. It extends the foundational principles of the IMDA Model AI Governance Framework by specifying controls tailored to autonomous agent architectures, including multi-agent pipelines and tool-using models. Key provisions cover scoped access controls, per-agent authentication mechanisms such as scoped API keys and individual identity tokens, and mandatory logging of tool calls and access histories to support audit and accountability requirements. The framework introduces a risk-calibrated approach to human oversight, requiring human approval checkpoints for actions that are high-stakes, financially significant, or difficult to reverse. Enforcement is voluntary but the framework is intended to align with Singapore's national AI strategy and is expected to inform procurement and regulatory expectations for organizations operating in Singapore. Organizations with existing AI governance programs are expected to incorporate these provisions into their current compliance structures rather than treating this as a standalone obligation.

Key Requirements

• •Restrict each AI agent's access to only the tools, APIs, and external systems necessary for its designated function, enforcing least-privilege principles.
• •Implement strong authentication for agents, including scoped API keys and per-agent identity tokens to enable attribution of actions to specific agents.
• •Maintain comprehensive logs of all tool calls, API interactions, and access histories for each agent to support post-hoc audit and incident investigation.
• •Require explicit human approval before agents execute high-stakes, financially material, or irreversible actions.
• •Ensure traceability across multi-agent pipelines so that each step in an autonomous workflow can be attributed and reviewed.
• •Integrate agentic AI controls into existing organizational AI governance and risk management frameworks rather than managing them as a separate program.

What Your Organization Must Do

• →Audit all deployed agentic AI systems to map which tools, APIs, and external systems each agent can access, and revise permissions to enforce least-privilege.
• →Assign unique identity credentials to each agent instance and update authentication infrastructure to support per-agent tokens and scoped API keys.
• →Configure centralized logging to capture all tool calls, external system interactions, and access events for every agent, and define retention periods consistent with audit requirements.
• →Define and document the categories of actions that require human approval checkpoints, and build those approval gates into agent workflow designs before deployment.
• →Update AI vendor and third-party integration contracts to require conformity with agentic AI traceability and access control provisions where external agents are procured or embedded.
• →Incorporate agentic AI-specific risk criteria into the organization's existing AI risk register and governance committee review cadence.

Playbook Guidance

Step-by-step implementation guidance for compliance teams.

Frequently Asked Questions

Is the IMDA Agentic AI Governance Framework legally binding for companies operating in Singapore?

No, the framework is voluntary. However, IMDA intends it to inform procurement decisions and future regulatory expectations in Singapore, so organizations operating in sectors with existing AI-related regulatory oversight should treat conformance as a practical risk management priority rather than an optional exercise.

When does the IMDA Model AI Governance Framework for Agentic AI take effect?

The framework has a listed effective date of May 28, 2026, and is currently in draft review. Organizations should monitor IMDA communications for finalization, but compliance officers are advised to begin gap assessments now given the lead time required for authentication and logging infrastructure changes.

Does this framework apply to organizations using third-party agentic AI tools or only to those building their own agents?

The framework applies to AI deployers as well as developers, which means organizations embedding third-party agentic AI into their workflows are in scope. Practical guidance explicitly requires updating vendor and integration contracts to ensure procured or embedded agents conform to traceability and access control provisions.

How does the IMDA Agentic AI Framework differ from the original IMDA Model AI Governance Framework?

The original framework establishes broad AI governance principles for Singapore. This extension specifically addresses autonomous agent architectures, adding concrete controls for scoped access, per-agent authentication, tool call logging, and human approval checkpoints that are absent from the foundational document.

What specific authentication requirements does the IMDA Agentic AI Framework impose on deployed agents?

The framework requires per-agent identity tokens and scoped API keys so that actions can be attributed to a specific agent instance. This means organizations cannot rely on shared service accounts or pooled credentials for agentic systems and must update identity and access management infrastructure accordingly.

What types of agent actions require a human approval checkpoint under this framework?

Human approval is required before agents execute actions that are high-stakes, financially material, or difficult to reverse. Organizations must define and document which action categories meet these thresholds and build approval gates into agent workflow designs prior to deployment.