ADP is an open standard defining how to document, classify, and govern decisions made by autonomous AI agents. Classify decisions. Enforce policies. Prove compliance — across every regulatory framework.
Existing observability tools tell you what happened. ADP tell you whether it should have happened at all.
Which agents are permitted to make which decisions — and at what autonomy level?
High-risk or strategic decisions must trigger escalation — but there's no standard for when.
There's no chain-of-custody for AI decisions. Responsibility is untraceable.
Auditors need evidence. Without a governance layer, compliance is impossible to demonstrate.
Self-modification is unaddressed by any existing regulation — ADP classifies it as D4 with mandatory human approval.
"Here is what the agent did, technically." — traces, logs, metrics.
"Should the agent have done that? Was it authorized? Are we compliant?"
ADP is composed of seven interlocking specifications that together cover the full governance lifecycle of an autonomous agent.
Five levels of agent autonomy (A1–A5) from fully supervised to fully autonomous, defining the baseline for all authorization decisions.
Read spec →Every agent decision is classified on three axes: Type (D1–D4), Risk (R1–R4), and Reversibility — producing a governance fingerprint.
Read spec →SHA-256 hash-chained decision traces provide tamper-evident audit logs — every decision is immutably recorded and linkable across sessions.
Read spec →A two-dimensional matrix (Autonomy Level × Decision Type) determines whether execution is authorized, requires human approval, or is prohibited.
Read spec →Six ready-to-use governance policy templates covering external communications, financial commitments, data access, self-modification, and more.
Read spec →ADP decisions are pre-mapped to EU AI Act, GDPR, SOC 2, ISO 27001, NIST AI RMF, and Loi 25 — one implementation, multi-framework compliance.
Read spec →A standardized schema for registering agents with their identity, autonomy level, allowed decision types, and data access permissions.
Read spec →Task execution within defined scope — API calls, database queries.
Choice between approaches — vendor selection, prioritization.
Significant organizational impact — client communications, financial commitments.
Agent modifying its own behavior or parameters. Always requires human approval.
Reversible, no sensitive data, limited scope.
Potential operational impact, partially reversible.
Direct impact on people or critical operations.
Irreversible, fundamental rights, critical infrastructure. Always escalates.
Fully reversible with no consequences.
Partially reversible with reasonable effort.
Cannot be undone once executed — triggers mandatory review.
Agent autonomy level (rows) × Decision type (columns) determines the authorization outcome.
| Autonomy Level | D1 Operational | D2 Tactical | D3 Strategic | D4 Self-Mod |
|---|---|---|---|---|
| A1–A2 Supervised | ✅ Authorized | ⚠️ Approval | 🛑 Prohibited | 🛑 Prohibited |
| A3 Conditional | ✅ Authorized | ✅ Authorized | ⚠️ Approval | 🛑 Prohibited |
| A4 High Auto. | ✅ Authorized | ✅ Authorized | ✅ + Review | ⚠️ Approval |
| A5 Full Auto. | ✅ Authorized | ✅ Authorized | ✅ + Monitor | ⚠️ Approval |
Copy-paste JSON examples to register agents, log decisions, and enforce governance policies.
{ "agent_id": "agent-billing-001", "name": "Billing Reconciliation Agent", "autonomy_level": "A3", "owner": "finance-team@company.com", "allowed_decisions": ["D1", "D2"], "max_risk_level": "R2", "data_access": ["billing_db", "customer_records"] }
{ "trace_id": "tr_20260220_143052_a7b3", "agent_id": "agent-billing-001", "event_type": "decision", "decision": { "type": "D2", "risk_level": "R2", "reversibility": "partial", "description": "Selected vendor B over vendor A", "reasoning": "Vendor B offers 15% lower fees with equivalent SLA" }, "authorization": { "required": false, "matrix_result": "A3 × D2 = AUTHORIZED" } }
// agent-billing-001 is A3, wants to make a D2 Tactical decision // Matrix lookup: A3 × D2 → ✅ AUTHORIZED Authorization result: AUTHORIZED Risk check R2: PASS (below max_risk_level) Escalation: false Human approval: false // Same agent trying D3 Strategic: Authorization result: APPROVAL_REQUIRED Escalation: true Escalate to: "finance-team@company.com"
{ "policy_id": "POL-COM-001", "name": "External Communication Control", "rule": { "condition": { "action_type": "external_communication", "targets": ["email", "sms", "api_webhook_external"] }, "requirement": "human_approval", "escalation_to": "department_lead" }, "regulatory_mapping": ["loi25_art12", "eu_ai_act_art14"] }
ADP is designed to satisfy multiple regulatory frameworks simultaneously — implement once and map to all.
Covers risk classification, human oversight requirements, and transparency obligations for high-risk AI systems.
Data protection and privacy regulation, including requirements for automated decision-making affecting individuals.
Service organization controls for security, availability, confidentiality, and privacy of data processing systems.
Information security management standard covering controls for access management and operational security.
AI Risk Management Framework providing guidance on managing AI risks across the full AI lifecycle.
Quebec's privacy law requiring transparency for automated decision-making, including AI agent actions affecting individuals.
7 technical documents covering the full governance lifecycle: Autonomy Taxonomy, Decision Classification, Trace Format, Authorization Matrix, Policy Schema, Regulatory Mapping, Agent Registry.
Machine-readable JSON Schema files for all ADP data structures, plus a reference implementation for validating agent traces and policies.
A TypeScript Model Context Protocol (MCP) server enabling any MCP-compatible AI framework to consume ADP governance rules natively.
Native connectors to enrich existing observability traces with ADP governance metadata — no forklift required.
Frozen v1.0 specification with long-term stability guarantees, plus the launch of the gouvernance.ai platform beta with full ADP support.
Use observability tools for technical tracing. Use ADP for governance, compliance, and policy enforcement.
| Capability | ADP (OpenAgentGovernance) | Langfuse / LangSmith | OpenTelemetry |
|---|---|---|---|
| Decision tracing | ✓ Governance-aware | ✓ Technical | ✓ Technical |
| Authorization enforcement | ✓ Full matrix | ✗ | ✗ |
| Policy definition | ✓ JSON schema | ✗ | ✗ |
| Regulatory mapping | ✓ 6 frameworks | ✗ | ✗ |
| Human approval flows | ✓ Built-in | ✗ | ✗ |
| Self-modification governance | ✓ D4 mandatory | ✗ | ✗ |
| Performance metrics | ✗ | ✓ | ✓ |
| LLM cost tracking | ✗ | ✓ | ~ Via plugins |
| Open standard | ✓ Apache 2.0 | ~ MIT (OSS) | ✓ Apache 2.0 |
ADP is an open standard that benefits from community input. Join the conversation, contribute to the spec, or adopt ADP in your project.
Full source, specs, examples, and reference implementations. Star the repo to follow progress.
View on GitHub →Ask questions, propose spec changes, and share how you're using ADP in your organization.
Join discussions →The founding document that motivates ADP — available in French and English.
Read white paper →Report bugs, request features, or discuss specification changes. All contributions welcome.
Contributing guide →Building with ADP? Open a pull request to add your organization to the adopters list.
List your org →The commercial governance platform built on ADP — Agent Registry, Policy Engine, Compliance Dashboard.
Visit platform →ADP is free, open-source, and ready to use. Integrate in minutes with copy-paste JSON examples — no SDK required.