GenAI & Agentic AI Frameworks
Nine trust dimensions for generative AI. Four governance dimensions for autonomous agents. The agentic framework is the world’s first of its kind.
Framework Evolution
Each framework builds on the one before it. Traditional AI governance became the foundation for generative AI governance, which extended to cover autonomous agents.
GenAI Framework: Nine Dimensions of Trust
Finalized May 2024 by the Infocomm Media Development Authority (IMDA) and the AI Verify Foundation (AIVF) with over 50 contributing organizations. Click any dimension to expand.
Data
Data quality and contentious training data handled pragmatically.
Address the quality of training data and the challenges posed by personal data and copyrighted material in training datasets. Take a pragmatic approach: enable innovation while establishing clear norms for data handling, consent mechanisms, and opt-out processes for content creators.
Trusted Development and Deployment
“Food label” transparency and industry best practices.
Promote transparency through model documentation similar to a “food label” for AI systems. Establish industry best practices for development, evaluation, and disclosure. Deployers should understand what they are deploying and communicate capabilities and limitations clearly to end users.
Incident Reporting
No AI system is foolproof. Plan for timely notification and remediation.
Establish clear processes for reporting AI-related incidents, including timely notification to affected parties, root cause analysis, and continuous improvement. No system is infallible. Organizations should build incident response capabilities that match the scale and risk profile of their GenAI deployments.
Testing and Assurance
External validation through third-party testing and common standards.
Build trust through external validation. Third-party testing against common global standards ensures that GenAI systems perform as claimed. Develop interoperable testing methodologies so results are comparable across jurisdictions and use cases. Singapore’s AI Verify toolkit supports this dimension directly.
Security
New threat vectors targeting generative AI models.
GenAI introduces new attack surfaces: prompt injection, training data poisoning, model theft, and adversarial manipulation. Adapt existing cybersecurity frameworks for AI-specific threats while developing new testing tools and red-teaming methodologies. The Cyber Security Agency of Singapore’s (CSA) 2024 AI security guidelines complement this dimension.
Content Provenance
Where content comes from. Digital watermarking and cryptographic provenance.
As GenAI produces increasingly convincing text, images, audio, and video, determining the origin of content becomes critical. Implement digital watermarking, cryptographic provenance standards (like C2PA), and labeling mechanisms so users and systems can distinguish AI-generated content from human-created content.
Safety and Alignment R&D
Accelerate research through AI Safety Institutes. Improve model alignment.
Invest in foundational research on AI safety and alignment. Support AI Safety Institutes and multilateral research collaborations that work to ensure models behave as intended, resist misuse, and can be reliably controlled. Safety research should inform governance standards, not follow them.
AI for Public Good
Democratize access, upskill workers, and address environmental impact.
Ensure AI benefits are broadly distributed. Democratize access to GenAI tools for small businesses and developing economies. Improve public sector adoption to deliver better government services. Invest in workforce upskilling to prepare workers for AI-augmented roles. Address the environmental sustainability of large-scale model training and inference.
Agentic AI Framework: Four Core Dimensions
Launched January 22, 2026 at WEF Davos. The world’s first governance framework for autonomous AI agents.
Agentic AI systems are capable of autonomous reasoning, planning, and independent action. They break tasks into subtasks, select and use tools, adapt dynamically to new information, and interact with other agents or external systems without continuous human direction.
Unauthorized actions beyond intended scope. Data breaches from real-time sensitive data access. Biased decision-making amplified through autonomous execution. Cascading failures across multi-agent systems. Automation bias where humans over-trust agent outputs.
Assess and Bound the Risks Upfront
Before deploying an AI agent, organizations must evaluate domain sensitivity, autonomy level, task complexity, and whether actions are reversible. Apply least-privilege access from day one. Define standard operating procedures for every agentic workflow. Use sandboxing to contain agent actions during testing. Implement identity management for non-human identities. Run threat modeling that accounts for agent-specific attack vectors, including prompt injection, tool misuse, and goal misalignment.
Make Humans Meaningfully Accountable
Clearly allocate responsibility across the value chain: developers, operators, cybersecurity teams, and third-party vendors. Adapt human-in-the-loop patterns for agent workflows. Define checkpoints where human approval is required before high-stakes or irreversible actions execute. Conduct regular audits of agent behavior. Counter automation bias through training and process design so that human overseers maintain critical judgment rather than deferring to agent recommendations.
Implement Technical Controls and Processes
Log every reasoning step so agent decisions are auditable. Restrict database write access to only what is required. Whitelist trusted servers and APIs rather than allowing open network access. Conduct baseline safety testing before any agent reaches production. Roll out gradually with continuous monitoring. Start with narrow, well-defined tasks. Expand scope only after validation. Monitor for drift, unexpected tool selection, and anomalous behavior patterns throughout the agent lifecycle.
Enable End-User Responsibility
Users must know when they are interacting with an AI agent rather than a human or a traditional system. Declare what the agent is authorized to do and how it handles data. Provide clear escalation points where a human can intervene. Train staff on human-agent interaction patterns so they can recognize when an agent is operating outside expected parameters. Retain foundational skills within the organization as agents automate entry-level tasks, or risk creating dangerous skill gaps.
GenAI vs. Agentic AI: Key Differences
Two frameworks, two eras of AI risk. Here is how they compare across six dimensions.
| Dimension | GenAI Framework (2024) | Agentic AI Framework (2026) |
|---|---|---|
| Focus | Content generation | Autonomous action |
| Key Risk | Hallucination, copyright infringement | Unauthorized actions, cascading failures |
| Human Role | Consumer of output | Accountable overseer |
| Testing | Benchmarking + red teaming | Execution accuracy + policy adherence |
| Deployment | Evaluate before release | Gradual rollout with monitoring |
| Data Concern | Training data quality | Real-time sensitive data access |
Who Contributed
Both frameworks were co-developed with global industry, research institutions, and government agencies through the AI Verify Foundation.
Both frameworks are living documents. IMDA and the AI Verify Foundation welcome ongoing feedback, case studies, and implementation lessons from organizations of all sizes. Revisions are expected as the technology and its risks evolve.
Related Tools
Practical tools to help your organization implement GenAI and Agentic AI governance.
GenAI & Agentic AI Governance Setup Guide
Step-by-step implementation covering all 9 GenAI trust dimensions and 4 agentic governance areas. Includes policy templates, RACI assignments, and a 90-day rollout plan.
AI Verify Readiness Assessment
Pre-test your AI system against AI Verify’s 11 testable principles before running the official toolkit. Gap analysis with action items.