Conformance Profile Governance

2. Summary

Conformance Profile Governance requires that organisations define and maintain formally versioned conformance profiles specifying which governance controls, at which conformance scores, are required for each agent risk tier, deployment context, and sector-specific scenario. A conformance profile is the bridge between the abstract taxonomy of controls and the concrete assessment of a specific agent deployment — it answers the question "what does conformance mean for this agent in this context?" Without governed profiles, conformance is either undefined (every organisation invents its own interpretation) or monolithic (every agent is assessed against every control regardless of risk). Both outcomes undermine the standard's effectiveness.

3. Example

Scenario A — Undefined Conformance Creates Inconsistent Assessment: Two organisations in the same industry deploy similar AI customer-service agents. Organisation A self-assesses against 35 controls and declares conformance. Organisation B self-assesses against 89 controls and declares conformance. A regulator reviewing both declarations asks why the scope is different. Neither organisation can point to a governed profile that defines what conformance means for a customer-facing agent in their sector. The regulator concludes that both declarations are unreliable because neither is based on a defined standard of conformance.

What went wrong: No formal conformance profile existed for "Customer-Facing Agent" in the relevant sector. Each organisation independently determined which controls to include, producing incomparable results. Consequence: Both conformance declarations rejected by regulator, requirement to re-assess against a regulator-defined scope (adding 6 months to authorisation timelines), reputational damage for the standard's credibility.

Scenario B — Monolithic Conformance Drives Evasion: An organisation with 12 deployed agents applies a single conformance profile requiring Score 2 on all 218 implemented controls for every agent. The governance team estimates that achieving this for all agents would cost £3.2 million annually. The CTO approves governance for the 4 highest-risk agents only, leaving 8 agents entirely ungoverned because the all-or-nothing profile makes partial governance economically irrational. One of the 8 ungoverned agents — a supplier communication bot classified as low risk — is compromised through prompt injection and sends contractual commitments to 47 suppliers totalling £2.8 million in unauthorised obligations.

What went wrong: The monolithic conformance profile did not differentiate between risk tiers. Low-risk agents needed a lightweight profile (perhaps 15 controls at Score 1), not the full 218-control treatment. The all-or-nothing approach created a binary choice between full governance and no governance. Consequence: 8 agents with no governance, £2.8 million in unauthorised obligations from a "low-risk" agent.

Scenario C — Profile Governance Gap Allows Downward Reclassification: An organisation's conformance profiles are defined in a policy document but not change-controlled. A project team seeking to accelerate deployment reclassifies their financial trading agent from "Financial-Value Agent" (profile requiring 147 controls at Score 2+) to "Enterprise Workflow Agent" (profile requiring 62 controls at Score 1+). The reclassification has no approval workflow — the team simply changes a metadata field in the deployment registry. The agent goes live with 62 controls assessed at Score 1, executing trades of up to £500,000 per transaction. An FCA review 8 months later identifies the reclassification and issues an enforcement notice for operating a trading agent without adequate governance controls.

What went wrong: Conformance profiles existed but were not change-controlled. Agent profile classification had no approval workflow. Downward reclassification (moving an agent to a less stringent profile) was possible without governance review. Consequence: FCA enforcement notice, trading agent suspended pending remediation, £890,000 in regulatory fines and remediation costs.

4. Requirement Statement

Scope: This dimension applies to every organisation that conducts conformance assessments against the Agent Governance Standard, whether self-assessed or externally assessed. The scope covers the definition, versioning, approval, and maintenance of conformance profiles — the specifications that define what "conformance" means for each combination of agent profile, risk tier, and sector-specific context. The scope also covers the assignment of agents to profiles and the governance of that assignment process. Organisations operating in multiple jurisdictions or sectors may require multiple conformance profiles; all must be governed under this dimension.

4.1. A conforming system MUST define formally versioned conformance profiles for each agent risk tier (at minimum: low, medium, high, critical), specifying: the set of required controls, the minimum conformance score for each control, and any sector-specific additions or modifications.

4.2. A conforming system MUST assign every deployed agent to exactly one conformance profile based on its agent profile classification, risk tier, and deployment context, with the assignment recorded and change-controlled.

4.3. A conforming system MUST subject conformance profile changes to a formal change-control process requiring review and approval by at least two individuals with governance authority, including justification for every control inclusion, exclusion, and score threshold.

4.4. A conforming system MUST subject agent profile reclassification (changing an agent's assigned conformance profile) to governance review, with mandatory senior governance approval for any reclassification that reduces the number of required controls or lowers minimum score thresholds.

4.5. A conforming system MUST validate that every conformance profile respects the dependency relationships recorded in the dependency register (AG-220) — a profile cannot require a control without also requiring all controls on which it has a "requires" dependency.

4.6. A conforming system MUST review and revalidate all conformance profiles at least annually, or within 30 days of a material change to the taxonomy (AG-219), the dependency register (AG-220), or the regulatory landscape.

4.7. A conforming system SHOULD define conformance profiles in a machine-readable format enabling automated conformance assessment — the profile directly drives the assessment scope and scoring criteria.

4.8. A conforming system SHOULD publish conformance profiles to all stakeholders (governance teams, development teams, auditors) to ensure consistent understanding of conformance requirements.

4.9. A conforming system MAY define transitional conformance profiles for agents migrating between risk tiers, specifying interim requirements and a maximum transition period (not exceeding 180 days).

5. Rationale

A governance standard that defines hundreds of controls but does not define what conformance means for specific contexts is incomplete. The Agent Governance Standard serves organisations deploying agents across a wide risk spectrum — from read-only internal copilots to autonomous financial trading agents. Applying identical conformance requirements to both extremes is neither practical nor appropriate. The low-risk copilot does not need the same control depth as the trading agent; requiring it wastes resources and creates governance fatigue. The trading agent cannot be assessed against a lightweight profile; permitting it creates inadequate governance.

Conformance profiles solve this by defining graduated tiers of governance intensity. Each profile specifies exactly which controls apply, at what score, for agents in a defined risk category. This serves four purposes. First, it makes conformance assessable — assessors know exactly what to test and what score constitutes a pass. Second, it makes conformance comparable — two organisations assessing against the same profile produce comparable results. Third, it makes governance economically rational — low-risk agents receive proportionate governance, making it feasible to govern all agents rather than only the highest-risk ones. Fourth, it makes conformance demonstrable to regulators — an organisation can present a defined profile and its assessment results, rather than an ad hoc selection of controls.

Without profile governance, profiles drift, are gamed (as in Scenario C), or are applied inconsistently. The profile itself is a governance artefact that requires the same change control, versioning, and review discipline as any other governance artefact.

6. Implementation Guidance

Conformance profiles should be implemented as structured data artefacts, each containing: a profile identifier, a version number, applicability criteria (which agents this profile covers), a list of required controls with minimum score thresholds, and dependency validation results confirming that all required control dependencies are included.

Recommended patterns:

• Tiered profile architecture. Define a minimum of four profile tiers: Low Risk (lightweight controls focused on basic boundary enforcement and logging), Medium Risk (comprehensive controls covering operational governance, monitoring, and evidence production), High Risk (full control set with elevated score thresholds and independent validation requirements), and Critical Risk (full control set at maximum scores with continuous monitoring and external assessment). Each tier builds on the previous — Critical includes all High requirements plus additional ones. This cumulative structure ensures that higher-risk profiles are strict supersets of lower-risk profiles, simplifying implementation for organisations with agents across multiple tiers.
• Sector overlay profiles. In addition to risk-tier profiles, define sector-specific overlays that add controls or increase score requirements for sector-specific regulatory requirements. For example, a Financial Services overlay adds AG-001 aggregate exposure tracking at Score 3 and FCA-specific evidence retention at 7 years. A Healthcare overlay adds patient data scope controls and HIPAA-aligned retention. Overlays are applied on top of the risk-tier profile, not as replacements.
• Automated profile-to-assessment mapping. When an agent is assigned to a conformance profile, the assessment system automatically generates the assessment scope from the profile: which controls to test, what score constitutes a pass, and what evidence to collect. This eliminates manual scope determination and ensures consistency.
• Reclassification governance workflow. Implement a formal workflow for agent reclassification: the requesting party submits a reclassification request with justification; the system compares the current and proposed profiles and generates a diff (controls added or removed, score thresholds changed); the diff is reviewed by governance approvers; downward reclassification (fewer controls or lower scores) requires additional senior approval. The workflow produces an audit trail of all reclassification decisions.

Anti-patterns to avoid:

• Informal profile assignment. Allowing teams to self-assign their agents to conformance profiles without governance review. Teams have an incentive to minimise governance burden by selecting the lightest applicable profile. Assignment must be governed.
• Profiles without dependency validation. A conformance profile that requires AG-022 (Behavioural Drift Detection) but does not require AG-007 (Governance Configuration Control), on which AG-022 depends, creates an internally inconsistent assessment scope. Profiles must be validated against the dependency register.
• Static profiles in a dynamic landscape. Conformance profiles defined at the standard's adoption and never updated will diverge from evolving regulatory requirements, new control dimensions, and changing risk landscapes. Annual review is the minimum cadence.
• Profile proliferation. Creating a unique profile for every agent creates administrative overhead that undermines the purpose of standardised profiles. Profiles should be defined at the level of agent risk tiers and sector overlays, not individual agents. An organisation with 50 agents should have 4-8 profiles, not 50.

Maturity Model

Basic Implementation — The organisation has defined conformance profiles for at least three risk tiers (low, medium, high). Each profile specifies required controls and minimum scores. Every deployed agent is assigned to a profile. Profile changes follow a documented approval process. Agent reclassification requires governance review. Profiles are reviewed annually.

Intermediate Implementation — Conformance profiles are machine-readable and integrated with the assessment pipeline. Profile assignment triggers automated assessment scope generation. Dependency validation is automated — profiles are validated against the dependency register on every change. Sector overlay profiles address industry-specific requirements. Reclassification has a formal workflow with differential analysis and senior approval for downward changes. Profiles are reviewed semi-annually.

Advanced Implementation — All intermediate capabilities plus: conformance profiles are independently audited for completeness and regulatory alignment. Transitional profiles with time-bounded interim requirements enable governed migration between tiers. Profile analytics track conformance trends across the agent portfolio, identifying systemic weaknesses. Cross-organisation profile harmonisation enables comparable assessments across supply chains. Profile impact simulation allows modelling the effect of proposed profile changes on the entire agent portfolio before commitment.

7. Evidence Requirements

Required artefacts:

• Conformance profile definitions. Current definitions for all active conformance profiles, showing: profile identifier, version, applicability criteria, required controls with minimum scores, and dependency validation results. Format: structured data plus human-readable rendering.
• Profile version history. Complete version history for all profiles with change justifications, review records, and approval decisions.
• Agent-to-profile assignment register. Register showing every deployed agent, its assigned conformance profile, the assignment date, and the assigning authority. For agents that have been reclassified, the full reclassification history with justifications and approvals.
• Profile review records. Results of the most recent annual (or more frequent) profile review, showing: controls added or removed, score thresholds changed, regulatory alignment verified, and dependency validation confirmed.
• Reclassification approval records. For any agent reclassification during the assessment period, the complete approval chain including justification, differential analysis, and approver identities.

Retention requirements:

• Profile versions and assignment records: minimum 7 years for regulated financial services; minimum 5 years for other regulated sectors; minimum 3 years otherwise.

Access requirements:

• Producible to regulators or auditors within 48 hours of request.

8. Test Specification

Test 8.1: Profile Completeness Verification

• Stimulus: For each defined conformance profile, verify that every control listed has a defined minimum score, and that the profile covers all controls applicable to the profile's target agent profiles and risk tiers as defined by the taxonomy (AG-219).
• Expected behaviour: Profiles are complete — no applicable control is missing, and every included control has a defined score threshold.
• Pass criteria: Zero missing controls. Zero controls without defined score thresholds. Profile coverage matches taxonomy applicability for the target agent profiles.
• Fail criteria: Any applicable control is missing from the profile, or any control lacks a defined score threshold.

Test 8.2: Dependency Consistency Validation

• Stimulus: For each conformance profile, verify that all "requires" dependencies of every included control are also included in the profile with score thresholds at least equal to the dependent control's requirements.
• Expected behaviour: No "requires" dependency is missing from any profile.
• Pass criteria: 100% of "requires" dependencies for included controls are present in the profile.
• Fail criteria: Any profile includes a control without including all of its "requires" dependencies.

Test 8.3: Reclassification Governance Enforcement

• Stimulus: Attempt to reclassify an agent from a higher-risk profile to a lower-risk profile without: (a) governance review, (b) senior approval, (c) justification documentation. Verify rejection in all three cases.
• Expected behaviour: Downward reclassification without the required governance process is blocked.
• Pass criteria: All three non-conforming reclassification attempts are rejected or escalated for resolution.
• Fail criteria: Any downward reclassification proceeds without the required governance approval process.

Test 8.4: Profile Version Immutability

• Stimulus: Retrieve a historical profile version. Compare against the archived version.
• Expected behaviour: Historical versions are immutable.
• Pass criteria: Exact match between retrieved and archived versions.
• Fail criteria: Any historical profile version has been modified after publication.

Test 8.5: Profile Change-Control Enforcement

• Stimulus: Attempt to modify a conformance profile without the required two-reviewer approval process.
• Expected behaviour: The modification is blocked until the approval requirements are met.
• Pass criteria: Profile changes without proper approval are rejected.
• Fail criteria: Any profile modification is committed without the required approvals.

Test 8.6: Automated Assessment Scope Derivation

• Stimulus: Assign an agent to a conformance profile. Verify that the assessment system derives the correct assessment scope: the controls to test and the score thresholds to apply.
• Expected behaviour: The assessment scope exactly matches the profile's requirements.
• Pass criteria: The derived assessment scope matches the profile specification with zero discrepancies — no missing controls, no extra controls, and correct score thresholds for all controls.
• Fail criteria: Any discrepancy between the derived assessment scope and the profile specification.

Conformance Scoring

• Score 0: No conformance profiles exist — conformance is undefined or ad hoc.
• Score 1: Conformance profiles exist as documents but are not versioned, not machine-readable, and not formally change-controlled. Agent assignment is informal.
• Score 2: Profiles are versioned, machine-readable, and change-controlled. Agent assignment is governed with approval workflows. Dependency validation is automated. Assessment scopes are derived from profiles.
• Score 3: Verified by independent audit — an independent party has validated profile completeness, dependency consistency, reclassification governance, and assessment scope derivation. Profile analytics and cross-organisation harmonisation are operational.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 9 (Risk Management System)	Direct requirement
EU AI Act	Article 43 (Conformity Assessment)	Direct requirement
ISO 42001	Clause 6.1.3 (AI Risk Treatment)	Supports compliance
ISO 42001	Clause 9.2 (Internal Audit)	Supports compliance
NIST AI RMF	GOVERN 1.3 (Risk Management Processes)	Supports compliance
SOX	PCAOB AS 2201 (Audit Standard on Internal Controls)	Supports compliance
FCA SYSC	6.1.1R (Systems and Controls)	Supports compliance

EU AI Act — Article 43 (Conformity Assessment)

Article 43 requires conformity assessment of high-risk AI systems, including assessment against defined requirements. AG-222 provides the mechanism for defining what "conformity" means for each deployment context — the conformance profile is the specification against which conformity is assessed. Without governed profiles, conformity assessment has no defined scope, and assessment results are not comparable across organisations or across time.

EU AI Act — Article 9 (Risk Management System)

Article 9 requires risk management measures proportionate to the level of risk. Conformance profiles implement proportionality by defining different governance requirements for different risk tiers. A low-risk agent receives proportionate governance; a high-risk agent receives comprehensive governance. This risk-proportionate approach directly satisfies Article 9's proportionality requirement.

ISO 42001 — Clause 9.2 (Internal Audit)

Clause 9.2 requires internal audit of the AI management system against planned arrangements. Conformance profiles are the "planned arrangements" — they define what the organisation has committed to implementing and at what level. Internal audit scopes and criteria are derived from the profiles, ensuring that audit coverage is systematic and comprehensive.

10. Failure Severity

Field	Value
Severity Rating	High
Blast Radius	Organisation-wide — affects the meaning and comparability of all conformance assessments

Consequence chain: Without conformance profile governance, "conformance" is undefined or inconsistently defined. The immediate failure mode is either over-governance (monolithic profiles making governance economically irrational, leading to governance abandonment) or under-governance (ad hoc profiles allowing high-risk agents to be assessed against lightweight criteria). The downstream consequence is unreliable conformance declarations — stakeholders, regulators, and counterparties cannot rely on conformance claims because the underlying assessment scope is unknown or inconsistent. The ultimate business consequence is loss of standard credibility and regulatory rejection of conformance evidence.

Cross-references: AG-219 (Control Taxonomy Governance) provides the control set from which profiles select. AG-220 (Control Dependency Governance) provides the dependency graph that profiles must respect. AG-221 (Assurance Evidence Schema Governance) standardises the evidence that conformance assessments produce. AG-223 (Certification Scope Governance) builds on profiles to define certification boundaries. AG-157 (External Conformance Assessment) consumes profiles to scope external assessments.