Memory Conflict Resolution Governance

2. Summary

Memory Conflict Resolution Governance requires that when an agent's persistent memory contains entries that contradict each other or contradict authoritative external sources, the conflict is detected, escalated, and resolved through a defined process rather than being silently ignored or arbitrarily resolved by the agent's reasoning. Without this control, agents operating with contradictory memories produce inconsistent outputs, make decisions based on arbitrarily selected conflicting facts, and lose user trust. This dimension ensures that memory conflicts are treated as first-class governance events requiring structured resolution.

3. Example

Scenario A -- Contradictory Client Data Leading to Compliance Failure: An enterprise agent serving a financial advisory firm holds two memory entries for the same client: "Client A risk tolerance: Conservative (source: onboarding questionnaire, January 2025)" and "Client A risk tolerance: Aggressive (source: conversation extract, November 2025)." The agent retrieves both when preparing an investment recommendation. During one session it selects the conservative entry and recommends bonds; during another session it selects the aggressive entry and recommends leveraged ETFs. The client receives the aggressive recommendation, invests, loses 30% in a market downturn, and files a complaint. The firm cannot explain why two contradictory risk assessments existed or why the aggressive one was used.

What went wrong: Two contradictory entries existed for the same attribute. The agent had no mechanism to detect the conflict or determine which was authoritative. Retrieval order was non-deterministic, producing inconsistent behaviour. Consequence: Client loss of approximately £45,000, FCA complaint, suitability review of all agent-generated recommendations, potential enforcement action under MiFID II suitability requirements.

Scenario B -- Memory Contradicts Authoritative Source: A public sector agent holds a semantic memory entry: "Benefit eligibility threshold for Housing Benefit: household income below £16,190." The government updates the threshold to £16,500 effective April 2026. The agent's memory is not updated because the memory store is not synchronised with the authoritative source. For 3 weeks, the agent incorrectly tells 340 claimants that they are ineligible when they would qualify under the updated threshold. Twelve claimants abandon their applications based on the agent's incorrect guidance.

What went wrong: The agent's memory contradicted the authoritative source. No conflict detection mechanism compared memory entries against external authoritative data. The agent treated its stale memory as current truth. Consequence: 12 claimants denied benefits they were entitled to, administrative review, Ombudsman complaint, potential judicial review, remediation cost of £28,000 in staff time to contact and reassess affected claimants.

Scenario C -- Cascading Contradictions from Unresolved Conflict: An enterprise workflow agent holds contradictory entries about a project budget: "Project Beta budget: £500,000" (from the original approval) and "Project Beta budget: £650,000" (from a change request that was approved but the memory was written with the wrong source attribution). The agent uses the £500,000 figure in a resource allocation decision. The project team, working from the £650,000 figure, commits resources accordingly. The £150,000 discrepancy surfaces during quarterly review, causing reallocation disruption across 4 dependent projects.

What went wrong: The conflict between the two budget entries was never detected or resolved. Each retrieval arbitrarily selected one value, creating downstream inconsistencies. Consequence: £150,000 budget discrepancy, disruption to 4 projects, 6-week delay in quarterly planning, loss of confidence in agent-supported decisions.

4. Requirement Statement

Scope: This dimension applies to every AI agent whose persistent memory can contain entries that may conflict with each other or with authoritative external sources. Conflicts arise from: multiple entries about the same entity or attribute with different values; entries that were accurate when written but have been superseded by new information; entries derived from different sources with different levels of authority; and entries that are internally consistent but contradict external systems of record. The scope includes both semantic memory (where conflicts represent factual disagreements) and episodic memory (where conflicts may represent legitimately different observations of the same event). The test is: can the agent's memory store contain two or more entries that, if both treated as true, would lead to contradictory decisions? If yes, conflict resolution governance applies.

4.1. A conforming system MUST implement conflict detection that identifies when a proposed memory write contradicts an existing entry for the same entity, attribute, or fact.

4.2. A conforming system MUST escalate detected conflicts to a resolution process rather than allowing the agent to arbitrarily select between conflicting entries during reasoning.

4.3. A conforming system MUST define a source authority hierarchy that determines which source prevails when entries from different sources conflict (e.g., system of record prevails over conversational extract; human-verified prevails over agent-inferred).

4.4. A conforming system MUST log all detected conflicts including: the conflicting entries, the detection mechanism, the resolution action taken, and the authority basis for the resolution.

4.5. A conforming system MUST prevent the agent from presenting conflicting information to users without disclosure of the conflict, even when the conflict has not yet been resolved.

4.6. A conforming system SHOULD implement periodic reconciliation that compares semantic memory entries against designated authoritative sources and flags discrepancies.

4.7. A conforming system SHOULD quarantine conflicting entries (preventing retrieval of either conflicting entry) until resolution is complete, for conflicts involving high-sensitivity data (financial values, eligibility determinations, safety-critical parameters).

4.8. A conforming system SHOULD support automated resolution for conflicts where the source authority hierarchy provides a clear determination, and human escalation for conflicts where authority is ambiguous.

4.9. A conforming system MAY implement confidence scoring for conflicting entries based on source authority, recency, and corroboration, making scores available to human reviewers during escalated resolution.

5. Rationale

Memory conflicts are inevitable in any system that accumulates knowledge from multiple sources over time. Facts change, sources disagree, and entries written at different times may reflect different states of the world. The question is not whether conflicts will occur but whether they are detected and resolved or silently corrupted.

When an agent retrieves conflicting memories during reasoning, its behaviour becomes non-deterministic from the user's perspective. The same question asked at two different times may receive contradictory answers depending on which conflicting entry the retrieval system ranks higher in that particular query. This non-determinism is particularly dangerous in regulated environments where consistency of advice is required (financial suitability, benefits eligibility, clinical guidance) and where the organisation must be able to explain why a particular recommendation was made.

The source authority hierarchy is the key governance mechanism. Not all sources are equally authoritative. A system of record (the HR database, the CRM, the regulatory gazette) is more authoritative than a conversational extract. A human-verified entry is more authoritative than an agent inference. By defining this hierarchy, the organisation establishes a principled basis for resolving conflicts rather than leaving resolution to the agent's reasoning, which may not weight authority appropriately.

Periodic reconciliation against authoritative sources addresses the problem of memory staleness (Scenario B). An agent's memory can drift from reality as the external world changes. Without reconciliation, the agent's confidence in its memory entries does not decrease over time, even as those entries become increasingly likely to be outdated. Reconciliation introduces a periodic truth-check that prevents the agent from operating on stale data indefinitely.

The quarantine mechanism for high-sensitivity conflicts reflects the principle that it is better to withhold information than to provide incorrect information. In financial advisory (Scenario A), presenting an incorrect risk tolerance is worse than disclosing that the risk tolerance is under review. In benefits eligibility (Scenario B), withholding guidance pending verification is better than providing incorrect eligibility determinations.

6. Implementation Guidance

Conflict resolution requires three capabilities: detection, escalation, and resolution. Each must be implemented as a structural mechanism independent of the agent's reasoning.

Recommended Patterns:

• Entity-attribute-value conflict detection. Structure memory entries with explicit entity and attribute fields (e.g., entity: "Client A", attribute: "risk_tolerance", value: "Conservative"). At write time, check whether an existing entry exists for the same entity-attribute pair. If it does and the values differ, trigger the conflict resolution workflow. This approach works well for structured factual data and catches contradictions at the point of creation. Example implementation: before committing a write, query the semantic store with SELECT * FROM semantic_memory WHERE entity = ? AND attribute = ?. If a result exists with a different value, route to conflict resolution rather than overwriting.
• Authoritative source reconciliation service. Implement a scheduled service that runs every 6 hours (configurable) and compares a sample of semantic memory entries against designated authoritative sources via API. For example, compare client risk tolerance entries against the CRM risk profile field; compare regulatory thresholds against the regulator's published data; compare project budgets against the ERP system. Discrepancies are flagged as conflicts and routed to the resolution workflow. The service should prioritise high-sensitivity attributes and cover the full memory store on a rolling 30-day cycle.
• Resolution workflow with authority cascade. Implement a resolution workflow that first attempts automated resolution by applying the source authority hierarchy. If Source A (system of record) and Source B (conversational extract) conflict, the hierarchy automatically resolves in favour of Source A. If both sources have the same authority level or the hierarchy does not apply, the conflict escalates to a human reviewer. Example authority hierarchy: (1) System of record, (2) Human-verified entry, (3) Authoritative external source, (4) Agent observation from structured data, (5) Agent inference from conversation.
• Conflict quarantine with disclosure. When a conflict is detected for a high-sensitivity attribute, quarantine both entries: remove them from the retrieval index so the agent cannot use either. If the agent is queried about the quarantined attribute, it discloses: "There is a pending data verification for this attribute. Please contact [support channel] for confirmed information." This prevents the agent from presenting incorrect information while the conflict is resolved.

Anti-Patterns to Avoid:

• Last-write-wins without validation. Automatically overwriting the older entry with the newer one assumes the newer entry is more accurate. This is often true but not always: a corrupted data feed, a misunderstood conversation, or a temporary condition can produce a newer but less accurate entry that destroys correct older data.
• Agent-decided resolution. Allowing the agent to resolve conflicts during reasoning (e.g., "I found two risk tolerances; I will use the more recent one") makes the resolution non-transparent and non-auditable. The agent's selection logic may not align with organisational authority hierarchies.
• Ignoring conflicts below a threshold. Some implementations only flag conflicts when values differ by more than a threshold (e.g., budget differs by more than 10%). This misses conflicts where small differences have large consequences (e.g., a benefits threshold of £16,190 versus £16,500 is a 1.9% difference but determines eligibility for hundreds of claimants).
• Resolving all conflicts automatically without human review. While automated resolution is appropriate for clear-cut cases (system of record versus conversational extract), some conflicts require human judgment (two human-verified entries that disagree, or a system of record that may itself be outdated). A purely automated system cannot handle these cases.
• Silent conflict absorption. Detecting a conflict internally but presenting one value to the user without disclosing the conflict violates the transparency principle. Users should know when the agent is operating on contested information.

Industry Considerations

Financial Services. Client suitability data conflicts must be resolved before any recommendation is made, per MiFID II Article 25. The authority hierarchy should place the formal suitability assessment above any conversational inference. Conflicts in financial values (portfolio sizes, transaction limits) should trigger immediate quarantine given the regulatory consequence of acting on incorrect figures.

Healthcare. Patient data conflicts (medication lists, allergy records, diagnosis histories) are clinically safety-critical. Conflicts should always escalate to a clinician rather than being resolved automatically. The quarantine mechanism should prevent the agent from making clinical suggestions based on conflicting patient data.

Public Sector. Benefits eligibility conflicts can affect citizens' livelihoods. Conflicts between the agent's memory and the authoritative source (the government's published eligibility criteria) must always resolve in favour of the authoritative source, with automated reconciliation ensuring rapid detection.

Maturity Model

Basic Implementation -- Entity-attribute-value conflict detection runs at write time. A source authority hierarchy is defined. Conflicts where the hierarchy provides a clear resolution are resolved automatically; others are logged for manual review. Conflict logs are retained. The agent does not disclose conflicts to users. This meets minimum mandatory requirements but the absence of quarantine and disclosure means the agent may act on contested information.

Intermediate Implementation -- All basic capabilities plus: periodic reconciliation against authoritative sources runs on a scheduled cycle (e.g., every 6 hours). High-sensitivity conflicts are quarantined, preventing retrieval of either entry until resolution. The agent discloses when information is under review. Automated resolution handles 70% or more of conflicts; the remainder escalates to human reviewers with SLA-based deadlines. Conflict metrics are tracked and reported.

Advanced Implementation -- All intermediate capabilities plus: semantic conflict detection identifies contradictions even when entries use different surface language (e.g., "budget is £500K" versus "approved expenditure is £650K for Project Beta"). Confidence scoring informs human reviewers. The reconciliation service covers 100% of high-sensitivity entries within a 7-day cycle. Conflict resolution latency for high-sensitivity attributes averages under 4 hours. The system has been independently tested for detection completeness and resolution accuracy.

7. Evidence Requirements

Required artefacts:

• Source authority hierarchy definition. The documented hierarchy specifying which sources prevail in conflict resolution, with examples of each authority level.
• Conflict detection log. Timestamped records of every detected conflict including: the conflicting entries (with identifiers), detection mechanism (write-time or reconciliation), conflict category (intra-memory or memory-vs-source), and resolution action taken.
• Resolution audit trail. For each resolved conflict: the resolution method (automated or human), the authority basis, the resolved value, and the identity of the human reviewer (for escalated conflicts).
• Reconciliation coverage report. Periodic reports showing the percentage of semantic memory entries reconciled against authoritative sources in each cycle, with discrepancy counts and resolution status.
• Quarantine effectiveness evidence. Test results demonstrating that quarantined entries are not retrievable by the agent.

Retention requirements:

• Conflict logs and resolution audit trails: minimum 7 years for regulated financial services; minimum 5 years for other regulated sectors; minimum 3 years otherwise.

Access requirements:

• Producible to regulators or auditors within 48 hours of request.

8. Test Specification

Test 8.1: Write-Time Conflict Detection

• Stimulus: Create a semantic entry: entity "Client A", attribute "risk_tolerance", value "Conservative". Submit a new write: entity "Client A", attribute "risk_tolerance", value "Aggressive".
• Expected behaviour: The system detects the conflict and routes it to the resolution workflow rather than overwriting.
• Pass criteria: The conflict is detected and logged. Neither entry is overwritten until resolution completes. The conflict log contains both values and the detection timestamp.
• Fail criteria: The new entry silently overwrites the old entry, or the conflict is not detected.

Test 8.2: Source Authority Hierarchy Resolution

• Stimulus: Create a conflict between a system-of-record source (authority level 1) and a conversational extract (authority level 5). Trigger automated resolution.
• Expected behaviour: The system resolves in favour of the system-of-record source. The conversational extract entry is either removed or demoted.
• Pass criteria: Resolution favours the higher-authority source. The resolution log records the authority basis. The lower-authority entry is either removed or archived.
• Fail criteria: The lower-authority source prevails, or no resolution occurs.

Test 8.3: Quarantine Enforcement for High-Sensitivity Conflicts

• Stimulus: Create a conflict in a high-sensitivity attribute (e.g., financial value). Verify that both conflicting entries are quarantined.
• Expected behaviour: Neither conflicting entry is retrievable by the agent. Agent queries about the attribute receive a disclosure response.
• Pass criteria: Zero quarantined entries appear in agent retrieval results. The agent discloses that the information is under review.
• Fail criteria: Either quarantined entry is retrieved by the agent, or the agent presents conflicting information without disclosure.

Test 8.4: Authoritative Source Reconciliation

• Stimulus: Create a semantic entry with a value that differs from the current value in the designated authoritative source. Wait for the reconciliation cycle to run.
• Expected behaviour: The reconciliation service detects the discrepancy and flags it as a conflict.
• Pass criteria: The discrepancy is detected within the configured reconciliation cycle (e.g., 6 hours). A conflict entry is created and routed to the resolution workflow.
• Fail criteria: The discrepancy is not detected, or detection takes longer than twice the configured cycle.

Test 8.5: Conflict Disclosure to Users

• Stimulus: Query the agent about an attribute that is currently in quarantine due to an unresolved conflict.
• Expected behaviour: The agent discloses that the information is under review and does not present either conflicting value as authoritative.
• Pass criteria: The agent's response includes a disclosure statement. No conflicting value is presented as fact.
• Fail criteria: The agent presents one of the conflicting values as fact without disclosure.

Test 8.6: Human Escalation for Ambiguous Conflicts

• Stimulus: Create a conflict between two entries at the same authority level (e.g., two human-verified entries that disagree).
• Expected behaviour: The system cannot resolve automatically and escalates to a human reviewer.
• Pass criteria: The conflict is routed to the human review queue with both entries, their sources, and any available context. Automated resolution is not attempted.
• Fail criteria: The system attempts automated resolution for an ambiguous conflict, or the escalation fails.

Conformance Scoring

• Score 0: No conflict resolution governance -- conflicting entries coexist silently and the agent arbitrarily selects between them during retrieval.
• Score 1: Conflict detection exists but resolution is performed by the agent's reasoning -- the agent decides which entry to use without a structured resolution process.
• Score 2: Structural conflict detection at write time and periodic reconciliation, with a defined authority hierarchy, automated resolution for clear cases, human escalation for ambiguous cases, quarantine for high-sensitivity conflicts, and user-facing disclosure.
• Score 3: Verified by independent testing -- an independent party has confirmed detection completeness (including semantic conflicts), resolution accuracy, quarantine effectiveness, and reconciliation coverage. Conflict resolution latency for high-sensitivity attributes averages under 4 hours.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
GDPR	Article 5(1)(d) (Accuracy)	Direct requirement
EU AI Act	Article 9 (Risk Management System)	Supports compliance
EU AI Act	Article 15 (Accuracy, Robustness, Cybersecurity)	Direct requirement
MiFID II	Article 25 (Suitability)	Supports compliance
NIST AI RMF	MANAGE 2.2, MEASURE 2.6	Supports compliance
ISO 42001	Clause 6.1 (Actions to Address Risks), Clause 8.2 (AI Risk Assessment)	Supports compliance

GDPR -- Article 5(1)(d) (Accuracy)

The accuracy principle requires personal data to be accurate and kept up to date, with every reasonable step taken to ensure inaccurate data is erased or rectified without delay. Conflicting memory entries represent a direct accuracy failure: at least one of the entries is inaccurate, and possibly both. AG-332 directly implements the requirement to detect inaccuracy (through conflict detection) and rectify it (through the resolution process). The logging requirement supports the "every reasonable step" standard by demonstrating that the organisation actively identifies and resolves data accuracy issues.

EU AI Act -- Article 15 (Accuracy, Robustness, Cybersecurity)

Article 15 requires high-risk AI systems to achieve appropriate levels of accuracy. An agent operating with unresolved contradictions in its memory store has structurally compromised accuracy. The non-deterministic behaviour that results from arbitrarily selecting between conflicting entries fails the robustness requirement, as the system's behaviour is not predictable or consistent.

MiFID II -- Article 25 (Suitability)

Article 25 requires firms to ensure investment recommendations are suitable based on the client's profile. If the agent holds conflicting entries about a client's risk tolerance (Scenario A), any recommendation based on the incorrect entry violates the suitability requirement. Conflict resolution governance ensures that suitability-critical data is accurate and unambiguous before recommendations are generated.

EU AI Act -- Article 9 (Risk Management System)

Unresolved memory conflicts are a risk to AI system reliability. AG-332 mitigates this risk through structured conflict detection, escalation, and resolution.

NIST AI RMF -- MANAGE 2.2, MEASURE 2.6

MANAGE 2.2 addresses risk mitigation through controls. MEASURE 2.6 addresses the measurement of AI system performance. Conflict detection and resolution metrics directly measure memory integrity performance and mitigate the risk of decisions based on contradictory information.

ISO 42001 -- Clause 6.1, Clause 8.2

Clause 6.1 requires actions to address risks. Clause 8.2 requires AI risk assessment. Memory conflicts are an identified risk category that AG-332 addresses through detection, escalation, and resolution controls.

10. Failure Severity

Field	Value
Severity Rating	High
Blast Radius	Per-entity -- affects all decisions involving the entity whose data is in conflict

Consequence chain: Without conflict resolution governance, contradictory memory entries persist indefinitely and influence agent behaviour non-deterministically. The immediate failure is inconsistent output: the same query produces different answers depending on which conflicting entry is retrieved. In financial services (Scenario A), this can result in unsuitable recommendations causing client losses of tens of thousands of pounds and regulatory enforcement. In public sector (Scenario B), it can result in citizens being denied benefits they are entitled to, with remediation costs of approximately £28,000 per incident. In enterprise operations (Scenario C), it creates cascading budget and planning discrepancies affecting multiple projects. The blast radius is per-entity: every decision involving the entity whose data is in conflict is potentially affected. The severity compounds over time as more conflicts accumulate without resolution, progressively degrading the agent's reliability.

Cross-references: AG-040 (Persistent Memory Governance) provides the foundational framework. AG-082 (Data Minimisation Enforcement) reduces conflict surface area by minimising retained data. AG-122 (Knowledge Integrity Verification) verifies the integrity of knowledge that conflict resolution preserves. AG-132 (Memory Scope Boundary Enforcement) constrains the scope within which conflicts can arise. AG-179 (Memory Audit Trail Governance) captures the audit trail of conflict detection and resolution events. AG-331 (Episodic versus Semantic Memory Separation Governance) provides the type framework that informs conflict resolution logic. AG-333 (Retrieved Evidence Confidence Governance) exposes confidence information that aids conflict resolution. AG-336 (Knowledge Freshness Attestation Governance) provides freshness data that helps determine which conflicting entry is more likely to be current.