Singapore launched a governance framework at the World Economic Forum that classifies agentic AI as a fundamentally different technology category from generative or predictive AI models. The framework, published through Singapore’s Model AI Governance Framework, identifies agentic AI systems as self-managing agents that can act, adapt, access external tools, and interact with systems to accomplish goals, a classification that existing governance models were not built to handle.

The distinction matters because most established AI governance frameworks, including the NIST AI Risk Management Framework and the EU AI Act, were built around the assumption that AI systems assist and do not act, according to Eric Reicin, president and CEO of BBB National Programs, writing in Forbes. Generative models output text or recommendations. Agentic systems navigate workflows, initiate tasks, and alter real-world environments without human prompting.

Four Governance Principles for Autonomous Agents

Reicin outlines four core principles that the Singapore framework and broader policy conversations are coalescing around for agentic AI governance, per Forbes:

Bounded and justified autonomy. Agentic systems must operate within clearly defined autonomy tiers, with explicit constraints on tools, environments, and permissions. These constraints need to be far more granular than anything in traditional privacy frameworks.

Embedded ethical reasoning. Agentic AI must internalize ethical reasoning as part of its native decision-making logic, not as external policy guidance applied after the fact. Training agents on ethical parameters becomes essential when the agent makes decisions autonomously.

Continuous evaluation, not periodic audits. Traditional governance principles assume systems are validated at deployment. Agentic AI requires lifecycle supervision where agents are monitored constantly, tested regularly, and re-evaluated as they adapt.

Identity, traceability, and zero-trust controls. Every agent must be treated as a nonhuman identity with its own credentials, permissions, and audit trails that mirror the security screening applied to humans.

The Regulatory Landscape

Singapore is not operating in isolation. In the United States, the White House introduced a national legislative framework on artificial intelligence, and President Trump issued an executive order in June establishing a voluntary framework for federal oversight on new AI models before public release. NIST recently completed a call for comments on security considerations for agentic AI specifically, according to Forbes.

At the U.S. state level, California signed a first-of-its-kind executive order to strengthen AI protections and responsible use. Virginia launched an agentic AI pilot program. Delaware is running a sandbox initiative for AI governance experimentation.

Where Existing Frameworks Fall Short

The core tension, as Reicin frames it, is that mainstream AI and privacy principles assume controllability, while agentic AI assumes autonomy. Generative AI models assume human judgment at every decision point. Agentic AI requires machine judgment aligned with human ethics but operating independently.

Privacy frameworks like GDPR, Global Cross-Border Privacy Rules, and the U.S. Data Privacy Framework provide baselines through data minimization, purpose limitation, and user rights. But those frameworks were designed for systems where a human evaluates the output before it becomes action. When the agent is the actor, those checkpoints may not exist.

Singapore’s framework positions the country as an early mover in governance specifically designed for this class of technology. Whether it influences ASEAN-wide standards or becomes a reference model for other jurisdictions will depend on whether the principles translate into enforceable requirements or remain advisory.