Assurance Framework Compliance

Group J — Meta-Governance ~9 min read AGS v2.1 · 2026-04-27

EU AI Act NIST AI RMF ISO 42001

AGS Assurance Framework | Group J — Meta-Governance | Version 2.1

1. Definition

Assurance Framework Compliance governs the classification, evidence collection, and attestation methodology for the three-tier AGS assurance framework (AGS-AUP, AGS-LA, AGS-RA), ensuring that governance assurance claims are supported by appropriate evidence and independently verifiable.

The AGS assurance framework defines three tiers of assessment:

AGS-AUP (Agreed-Upon Procedures): The organisation follows a defined checklist of governance controls. Evidence is self-attested. This is the entry-level tier, analogous to SOC 1 Type I.
AGS-LA (Limited Assurance): An independent assessor reviews a sample of governance controls and confirms that nothing has come to their attention that causes them to believe the controls are not operating effectively. Analogous to ISAE 3000 limited assurance.
AGS-RA (Reasonable Assurance): An independent assessor performs substantive testing of all material governance controls and issues a positive opinion on whether the controls are operating effectively. Analogous to ISAE 3000 reasonable assurance or SOC 2 Type II.

AG-792 governs the process by which an organisation moves through these tiers, the evidence required at each tier, the qualifications required of assessors at the LA and RA tiers, and the conditions under which an assurance claim can be revoked. Without this dimension, an organisation could claim AGS compliance at any tier without producing evidence commensurate with that claim, undermining the credibility of the entire framework.

2. Scope

This protocol applies to any organisation that claims conformance with the AGS standard at any assurance tier. Specifically:

Organisations seeking AGS-AUP attestation: Must complete the AUP checklist against all applicable AGS dimensions and retain evidence of completion.
Organisations seeking AGS-LA attestation: Must engage a qualified assessor to perform limited assurance procedures against a representative sample of AGS dimensions.
Organisations seeking AGS-RA attestation: Must engage a qualified assessor to perform reasonable assurance procedures, including substantive testing, against all material AGS dimensions.
Assessors performing LA or RA engagements: Must meet the independence, competence, and methodology requirements defined in this dimension.
AgentGoverning as the standard body: Must maintain the assurance framework documentation, assessor qualification criteria, and the register of issued assurance reports.
Exclusions: This protocol does not govern the content of individual AGS dimensions — it governs the process of claiming conformance with them.

3. Why This Matters

An assurance framework without governance over its own assurance process is self-undermining. If any organisation can claim "AGS compliant" without proportionate evidence, the claim becomes meaningless — exactly the problem that plagues self-certification regimes in AI governance today.

Concrete Failure Scenario: A financial services firm deploys autonomous trading agents and claims AGS-RA compliance in its prospectus filed with the FCA. The claim is based on an internal review performed by the firm's own compliance team, not an independent assessor. The firm has not engaged any external party, has not performed substantive testing of governance controls, and has not produced the evidence artefacts required for reasonable assurance. When the FCA examines the basis of the claim, the firm cannot produce an assurance report meeting AGS-RA requirements. The FCA issues an enforcement action for misleading disclosure, the firm's clients lose confidence in the governance claims, and the credibility of the AGS standard is damaged by association with an unsubstantiated claim.

The EU AI Act (Article 9) requires risk management systems to be documented and verifiable. ISO 42001 (Clause 9.2) requires internal audit programmes. SOX Section 404 requires independent attestation of internal controls. AG-792 operationalises the equivalent requirement for AGS: that conformance claims are backed by evidence at a level commensurate with the tier being claimed.

4. Requirements

R1: An organisation claiming AGS conformance MUST specify the assurance tier (AUP, LA, or RA) alongside any conformance claim.
R2: For AGS-AUP, the organisation MUST complete a self-attestation checklist covering all AGS dimensions applicable to its deployment profile, retain evidence of completion, and make the checklist available to regulators or counterparties on request.
R3: For AGS-LA, the organisation MUST engage an assessor who is independent of the organisation's management and has demonstrated competence in AI governance assessment. The assessor MUST perform limited assurance procedures against a sample of no fewer than 30% of applicable dimensions.
R4: For AGS-RA, the organisation MUST engage an independent assessor who performs substantive testing — including adversarial testing where applicable — against all material AGS dimensions. The assessor MUST issue a written opinion on whether governance controls are operating effectively.
R5: Assessors performing LA or RA engagements MUST disclose any conflicts of interest, including commercial relationships with the assessed organisation, prior to commencing the engagement.
R6: Assurance reports MUST include: the tier assessed, the AGS version, the dimensions in scope, the assessment methodology, the period covered, the assessor's qualifications, and the assessor's conclusion.
R7: Organisations MUST NOT claim a higher assurance tier than the tier for which they hold a current, valid assurance report.
R8: Assurance reports are valid for 12 months from the date of issue. After expiry, the organisation's conformance claim reverts to the next lower tier unless a new assessment is completed.
R9: AgentGoverning SHOULD maintain a public register of organisations that have completed AGS assurance assessments, including the tier, the assessment period, and the assessor's name.
R10: The assurance framework documentation, including assessor qualification criteria and the AUP checklist, SHOULD be published under CC-BY-4.0.

5. Maturity Model

Basic: Organisation has completed the AGS-AUP self-attestation checklist. Evidence is retained internally. No independent assessment has been performed.
Intermediate: Organisation has engaged an independent assessor for AGS-LA. Limited assurance report issued covering a sample of applicable dimensions. Assessor independence and competence documented.
Advanced: Organisation has completed AGS-RA with substantive testing including adversarial verification. Reasonable assurance report issued with positive opinion. Report is available to regulators and counterparties. Organisation is listed on the AgentGoverning assurance register.

6. Test Criteria

Test 6.1: Tier Claim Accuracy

Stimulus: Organisation claims AGS-RA compliance.
Expected: Organisation produces a valid, current assurance report at the RA tier, issued by an independent assessor, covering all material dimensions, with a positive opinion.
Fail: Organisation cannot produce a report, or the report does not meet RA tier requirements, or the report has expired.

Test 6.2: Assessor Independence

Stimulus: Review the assessor's conflict of interest disclosure.
Expected: Assessor has no undisclosed commercial relationships with the assessed organisation.
Fail: Assessor has undisclosed conflicts that could compromise independence.

Test 6.3: Evidence Retention

Stimulus: Request AUP checklist and supporting evidence for a randomly selected dimension.
Expected: Organisation produces the checklist entry and supporting evidence within 5 business days.
Fail: Evidence is unavailable, incomplete, or does not support the checklist entry.

7. Scoring

Score	Criteria
0	Organisation claims AGS conformance without specifying a tier or producing any evidence
1	Organisation has completed AUP self-attestation but has not engaged an independent assessor
2	Organisation has completed AGS-LA with an independent assessor and holds a current limited assurance report
3	Organisation has completed AGS-RA with substantive testing and holds a current reasonable assurance report with positive opinion

8. Failure Scenarios

Scenario A — Unsubstantiated Tier Claim: An organisation publishes "AGS-RA certified" on its website but has only completed a self-attestation checklist (AUP tier). A prospective client requests the assurance report. The organisation cannot produce one. The client withdraws from the procurement, and the organisation faces regulatory scrutiny for misleading claims.

Scenario B — Expired Assurance: An organisation completed AGS-LA 18 months ago but has not renewed. The assurance report has expired. The organisation continues to display the AGS-LA badge. Under AG-792, the conformance claim should have reverted to AUP at the 12-month mark. The stale claim is identified during a regulatory examination.

Scenario C — Conflicted Assessor: An assessor performing an AGS-RA engagement is discovered to be a significant shareholder in the assessed organisation. The conflict was not disclosed. The assurance report is invalidated, and the organisation's conformance claim reverts to AUP pending a new assessment by an independent assessor.

9. Regulatory Mapping

Requirement	EU AI Act	NIST AI RMF	ISO 42001
R1: Tier specification on conformance claims	Art. 9 -- Risk management documentation	GOVERN 1.1 -- Legal and regulatory requirements	Clause 9.3 -- Management review
R2: AUP self-attestation checklist	Art. 9 -- Risk management system	GOVERN 1.1 -- Legal and regulatory requirements	Clause 9.2 -- Internal audit
R3: Independent assessor for LA	Art. 17 -- Quality management system	GOVERN 1.7 -- Accountability mechanisms	Clause 9.2 -- Internal audit
R4: Independent assessor for RA with substantive testing	Art. 17 -- Quality management system	GOVERN 1.7 -- Accountability mechanisms	Clause 9.2 -- Internal audit
R5: Assessor conflict of interest disclosure	Art. 17 -- Quality management system	—	Clause 9.2 -- Internal audit
R6: Assurance report content requirements	Art. 9 -- Risk management documentation	GOVERN 1.7 -- Accountability mechanisms	Clause 9.3 -- Management review
R7: No overclaiming of assurance tier	Art. 9 -- Risk management system	—	—
R8: 12-month assurance report validity	Art. 9 -- Risk management system	—	Clause 9.3 -- Management review
R9: Public register of assessments	Art. 17 -- Quality management system	GOVERN 1.7 -- Accountability mechanisms	—
R10 *: Open publication of framework documentation	—	—	—

\* Standard-specific commitment; no direct regulatory equivalent.

EU AI Act — Article 9 and Article 17

Article 9 requires providers of high-risk AI systems to establish and maintain a risk management system. Article 17 requires a quality management system with documented procedures. AG-792 provides the assurance framework that enables organisations to demonstrate that these systems are in place and operating effectively, at a level of rigour commensurate with the assurance tier claimed.

NIST AI RMF — GOVERN 1.1, GOVERN 1.7

GOVERN 1.1 addresses legal and regulatory requirements. GOVERN 1.7 addresses accountability mechanisms. The AGS assurance framework provides the accountability structure for governance conformance claims, ensuring they are verifiable and not merely declarative.

ISO 42001 — Clause 9.2, Clause 9.3

Clause 9.2 requires internal audit of the AI management system. Clause 9.3 requires management review. AG-792 extends these requirements to external assurance, defining the conditions under which an organisation can claim independent verification of its AI governance posture.

AG-006 (Immutable Audit Trail) — the audit trail provides evidence for assurance assessments
AG-007 (Governance Configuration Control) — configuration control provides evidence that governance settings have not been tampered with
AG-787 (Governance Seal Integrity Verification) — the governance seal provides cryptographic evidence of governance state at a point in time
AG-786 (Cryptographic Governance State Sealing) — sealing provides tamper-evident governance state snapshots for assessor review

Cite this protocol

AgentGoverning. (2026). AG-792: Assurance Framework Compliance. The Protocols of AI Agent Governance, AGS v2.1. agentgoverning.com/protocols/AG-792

← Previous

AG-791

Pipeline Integrated Threat Event Ingestion

Next Protocol →

AG-793

Ml Service Availability Governance