The Open Governance Layer for Autonomous AI Agents
ADP is an open standard defining how to document, classify, and govern decisions made by autonomous AI agents. Classify decisions. Enforce policies. Prove compliance — across every regulatory framework.
Agents are making critical decisions.
Nobody is governing them.
Existing observability tools tell you what happened. ADP tell you whether it should have happened at all.
Who's authorized for what?
Which agents are permitted to make which decisions — and at what autonomy level?
When is human approval required?
High-risk or strategic decisions must trigger escalation — but there's no standard for when.
Who's responsible when something goes wrong?
There's no chain-of-custody for AI decisions. Responsibility is untraceable.
How do you prove compliance?
Auditors need evidence. Without a governance layer, compliance is impossible to demonstrate.
Can agents modify themselves?
Self-modification is unaddressed by any existing regulation — ADP classifies it as D4 with mandatory human approval.
Observability
"Here is what the agent did, technically." — traces, logs, metrics.
Governance
"Should the agent have done that? Was it authorized? Are we compliant?"
7 Technical Documents
ADP is composed of seven interlocking specifications that together cover the full governance lifecycle of an autonomous agent.
Autonomy Taxonomy
Five levels of agent autonomy (A1–A5) from fully supervised to fully autonomous, defining the baseline for all authorization decisions.
Read spec →Decision Classification
Every agent decision is classified on three axes: Type (D1–D4), Risk (R1–R4), and Reversibility — producing a governance fingerprint.
Read spec →Trace Format
SHA-256 hash-chained decision traces provide tamper-evident audit logs — every decision is immutably recorded and linkable across sessions.
Read spec →Authorization Matrix
A two-dimensional matrix (Autonomy Level × Decision Type) determines whether execution is authorized, requires human approval, or is prohibited.
Read spec →Policy Schema
Six ready-to-use governance policy templates covering external communications, financial commitments, data access, self-modification, and more.
Read spec →Regulatory Mapping
ADP decisions are pre-mapped to EU AI Act, GDPR, SOC 2, ISO 27001, NIST AI RMF, and Loi 25 — one implementation, multi-framework compliance.
Read spec →Agent Registry
A standardized schema for registering agents with their identity, autonomy level, allowed decision types, and data access permissions.
Read spec →Every decision classified on 3 axes
Type — What kind of decision?
Operational
Task execution within defined scope — API calls, database queries.
Tactical
Choice between approaches — vendor selection, prioritization.
Strategic
Significant organizational impact — client communications, financial commitments.
Self-Modification
Agent modifying its own behavior or parameters. Always requires human approval.
Risk — What's the potential impact?
Negligible
Reversible, no sensitive data, limited scope.
Moderate
Potential operational impact, partially reversible.
Elevated
Direct impact on people or critical operations.
Critical
Irreversible, fundamental rights, critical infrastructure. Always escalates.
Reversibility — Can it be undone?
Total
Fully reversible with no consequences.
Partial
Partially reversible with reasonable effort.
Irreversible
Cannot be undone once executed — triggers mandatory review.
Authorization Matrix
Agent autonomy level (rows) × Decision type (columns) determines the authorization outcome.
| Autonomy Level | D1 Operational | D2 Tactical | D3 Strategic | D4 Self-Mod |
|---|---|---|---|---|
| A1–A2 Supervised | ✅ Authorized | ⚠️ Approval | 🛑 Prohibited | 🛑 Prohibited |
| A3 Conditional | ✅ Authorized | ✅ Authorized | ⚠️ Approval | 🛑 Prohibited |
| A4 High Auto. | ✅ Authorized | ✅ Authorized | ✅ + Review | ⚠️ Approval |
| A5 Full Auto. | ✅ Authorized | ✅ Authorized | ✅ + Monitor | ⚠️ Approval |
Integrate in 4 steps
Copy-paste JSON examples to register agents, log decisions, and enforce governance policies.
{ "agent_id": "agent-billing-001", "name": "Billing Reconciliation Agent", "autonomy_level": "A3", "owner": "finance-team@company.com", "allowed_decisions": ["D1", "D2"], "max_risk_level": "R2", "data_access": ["billing_db", "customer_records"] }
{ "trace_id": "tr_20260220_143052_a7b3", "agent_id": "agent-billing-001", "event_type": "decision", "decision": { "type": "D2", "risk_level": "R2", "reversibility": "partial", "description": "Selected vendor B over vendor A", "reasoning": "Vendor B offers 15% lower fees with equivalent SLA" }, "authorization": { "required": false, "matrix_result": "A3 × D2 = AUTHORIZED" } }
// agent-billing-001 is A3, wants to make a D2 Tactical decision // Matrix lookup: A3 × D2 → ✅ AUTHORIZED Authorization result: AUTHORIZED Risk check R2: PASS (below max_risk_level) Escalation: false Human approval: false // Same agent trying D3 Strategic: Authorization result: APPROVAL_REQUIRED Escalation: true Escalate to: "finance-team@company.com"
{ "policy_id": "POL-COM-001", "name": "External Communication Control", "rule": { "condition": { "action_type": "external_communication", "targets": ["email", "sms", "api_webhook_external"] }, "requirement": "human_approval", "escalation_to": "department_lead" }, "regulatory_mapping": ["loi25_art12", "eu_ai_act_art14"] }
One implementation, six frameworks
ADP is designed to satisfy multiple regulatory frameworks simultaneously — implement once and map to all.
Covers risk classification, human oversight requirements, and transparency obligations for high-risk AI systems.
Data protection and privacy regulation, including requirements for automated decision-making affecting individuals.
Service organization controls for security, availability, confidentiality, and privacy of data processing systems.
Information security management standard covering controls for access management and operational security.
AI Risk Management Framework providing guidance on managing AI risks across the full AI lifecycle.
Quebec's privacy law requiring transparency for automated decision-making, including AI agent actions affecting individuals.
From specification to platform
Core Specification
7 technical documents covering the full governance lifecycle: Autonomy Taxonomy, Decision Classification, Trace Format, Authorization Matrix, Policy Schema, Regulatory Mapping, Agent Registry.
JSON Schema Validation + Reference Implementation
Machine-readable JSON Schema files for all ADP data structures, plus a reference implementation for validating agent traces and policies.
MCP Server Reference Implementation
A TypeScript Model Context Protocol (MCP) server enabling any MCP-compatible AI framework to consume ADP governance rules natively.
Langfuse / OpenTelemetry Connectors
Native connectors to enrich existing observability traces with ADP governance metadata — no forklift required.
Stable Specification + Governance Platform Beta
Frozen v1.0 specification with long-term stability guarantees, plus the launch of the gouvernance.ai platform beta with full ADP support.
ADP complements, not replaces
Use observability tools for technical tracing. Use ADP for governance, compliance, and policy enforcement.
| Capability | ADP (OpenAgentGovernance) | Langfuse / LangSmith | OpenTelemetry |
|---|---|---|---|
| Decision tracing | ✓ Governance-aware | ✓ Technical | ✓ Technical |
| Authorization enforcement | ✓ Full matrix | ✗ | ✗ |
| Policy definition | ✓ JSON schema | ✗ | ✗ |
| Regulatory mapping | ✓ 6 frameworks | ✗ | ✗ |
| Human approval flows | ✓ Built-in | ✗ | ✗ |
| Self-modification governance | ✓ D4 mandatory | ✗ | ✗ |
| Performance metrics | ✗ | ✓ | ✓ |
| LLM cost tracking | ✗ | ✓ | ~ Via plugins |
| Open standard | ✓ Apache 2.0 | ~ MIT (OSS) | ✓ Apache 2.0 |
Open by design
ADP is an open standard that benefits from community input. Join the conversation, contribute to the spec, or adopt ADP in your project.
GitHub Repository
Full source, specs, examples, and reference implementations. Star the repo to follow progress.
View on GitHub →Discussions
Ask questions, propose spec changes, and share how you're using ADP in your organization.
Join discussions →White Paper (FR/EN)
The founding document that motivates ADP — available in French and English.
Read white paper →Contribute
Report bugs, request features, or discuss specification changes. All contributions welcome.
Contributing guide →Adopt ADP
Building with ADP? Open a pull request to add your organization to the adopters list.
List your org →gouvernance.ai
The commercial governance platform built on ADP — Agent Registry, Policy Engine, Compliance Dashboard.
Visit platform →Start governing your agents today
ADP is free, open-source, and ready to use. Integrate in minutes with copy-paste JSON examples — no SDK required.