Deontic Policies for Runtime Governance of Agentic AI Systems

📅 2026-06-17
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses the lack of comprehensive governance mechanisms—such as permissions, prohibitions, obligations, exemptions, and policy conflict resolution—in existing autonomous agent systems for cross-organizational collaboration. To bridge this gap, the authors propose AgenticRei, a novel framework that, for the first time, integrates obligation lifecycle management, context-aware exemptions, and policy conflict resolution within a unified runtime governance architecture. The framework formalizes deontic policies using an OWL ontology and leverages the Rei policy language coupled with a high-performance logical reasoning engine to enable dynamic policy inference. AgenticRei seamlessly aligns with industry standards like A2AS and successfully enforces security and privacy constraints that current production-grade policy engines struggle to handle, thereby significantly enhancing both the expressiveness and practical feasibility of agent governance in complex, real-world scenarios.
📝 Abstract
Autonomous agentic AI systems driven by Large Language Models (LLMs) introduce a new class of security, privacy, and compliance challenges: an agent that can invoke tools, manipulate data, install software, and coordinate with peer agents across organizational boundaries must be constrained not just by authentication and access control, but by the full structure of enterprise governance. This includes specifying what agents are permitted and prohibited from doing, what they areobliged to do after certain actions (e.g., notify the CISO), under what conditions a standing obligation may be waived, and which rules take precedence when policies conflict. This governance problem exceeds what current policy engines provide. Systems such as XACML, Rego, and Cedar address only the permit/prohibit subset of this governance structure. They do not provide obligation lifecycle management, meta-policy conflict resolution, dispensations that waive obligations in specific circumstances, and ontological reasoning over domain class hierarchies commonly found in applications such as healthcare, cybersecurity, or data privacy. We propose AgenticRei, which realizes key governance requirements such as obligations, dispensations, policy conflict resolutions, and reasoning over policies, as well as the basic permit/prohibit constraints. We use a deontic policy language built on the Rei framework, expressed as OWL (Web Ontology Language) and evaluated at runtime by a high-performance logic engine entirely outside the LLM. The same pipeline governs both tool invocations by the agent and agent-to-agent messages. We show through examples that deontic policies capture governance constraints around security and privacy that mostly cannot be expressed in current production engines. Our approach composes naturally with industry-standard frameworks like A2AS.
Problem

Research questions and friction points this paper is trying to address.

deontic policies
agentic AI systems
runtime governance
obligation management
policy conflict resolution
Innovation

Methods, ideas, or system contributions that make the work stand out.

deontic policies
obligation lifecycle
policy conflict resolution
ontological reasoning
runtime governance