Researchers propose deontic policy framework for runtime governance of agentic AI systems

Autonomous agentic AI systems driven by large language models (LLMs) introduce governance challenges that extend beyond authentication and access control. These systems can invoke tools, manipulate data, install software, and coordinate with peer agents across organizational boundaries, requiring constraints aligned with enterprise governance structures.

Existing policy engines such as XACML, Rego, and Cedar address only permit/prohibit constraints and lack support for obligation lifecycle management, meta-policy conflict resolution, dispensations that waive obligations under specific conditions, and ontological reasoning over domain class hierarchies.

The proposed AgenticRei framework introduces a deontic policy language built on the Rei framework, expressed as OWL (Web Ontology Language) and evaluated at runtime by a high-performance logic engine operating entirely outside the LLM. This design ensures that governance constraints are enforced independently of the agent's reasoning process.

AgenticRei realizes key governance requirements, including obligations, dispensations, policy conflict resolution, and reasoning over policies, while also supporting basic permit/prohibit constraints. The framework governs both tool invocations by the agent and agent-to-agent messages, ensuring consistent enforcement across different interaction types.

The authors demonstrate through examples that deontic policies capture governance constraints around security and privacy that are largely inexpressible in current production policy engines. The approach is designed to compose naturally with industry-standard frameworks such as A2AS, facilitating integration into existing systems.