Control Taxonomy Governance

2. Summary

Control Taxonomy Governance requires that every organisation operating under the Agent Governance Standard maintains a formally governed taxonomy of control families, control dependencies, and applicability classes. The taxonomy is the structural backbone that determines which controls apply to which agent profiles, how controls relate to one another, and how gaps or overlaps in coverage are detected. Without a governed taxonomy, the standard itself becomes an unstructured collection of individual controls with no systematic way to verify completeness, resolve conflicts, or adapt to new risk domains. The taxonomy MUST be versioned, change-controlled, and independently reviewable — it is a governance artefact governing other governance artefacts.

3. Example

Scenario A — Taxonomy Drift Creates Invisible Coverage Gaps: An organisation deploys 14 AI agents across procurement, customer service, and treasury operations. When the governance standard was originally adopted, the team mapped all 14 agents to the taxonomy's control families using a spreadsheet maintained by a single governance analyst. Over 18 months, three new control dimensions are added to the standard (AG-195, AG-203, AG-211), two agent profiles are reclassified from "General/Internal Copilot" to "Financial-Value Agent," and the taxonomy spreadsheet is updated inconsistently. At audit, the assessor discovers that the two reclassified agents have not been mapped to 23 additional controls required for Financial-Value Agents. The treasury agent has been operating for 9 months without AG-001 aggregate exposure tracking — a gap concealed by the stale taxonomy.

What went wrong: The taxonomy was an informal artefact with no version control, no change-trigger process when agent profiles changed, and no automated validation against the canonical control set. The single-analyst dependency created a bus-factor risk. Consequence: 9 months of undetected non-conformance for a Financial-Value Agent, regulatory finding for inadequate governance-of-governance, £340,000 in remediation costs including retrospective evidence collection.

Scenario B — Conflicting Control Classifications Produce Contradictory Requirements: A cross-border agent operating in both EU and US jurisdictions is classified under "Preventive" controls for data handling and "Detective" controls for the same data handling function in a parallel taxonomy maintained by a regional team. The EU team mandates pre-execution data classification blocking; the US team mandates post-execution data classification logging. The agent's implementation satisfies the US requirement but fails the EU requirement. The conflict is not detected for 7 months because the two teams reference different taxonomy versions with different control family groupings.

What went wrong: Two parallel, unreconciled taxonomies existed for the same control domain. No canonical taxonomy with a single authoritative version existed across jurisdictions. Consequence: GDPR Article 32 finding for inadequate technical measures, 4 months of remedial blocking implementation, cross-border data processing suspended pending resolution.

Scenario C — Taxonomy Without Applicability Classes Produces Over-Control: An organisation applies every control dimension to every agent regardless of risk profile, because the taxonomy does not define applicability classes. A read-only internal reporting copilot is subjected to the same 147 control dimensions as a high-frequency financial trading agent. The governance overhead for the reporting copilot is £85,000 per year in evidence collection and testing. The copilot's total operational value is £60,000 per year. The governance programme is abandoned as economically irrational, leaving all agents — including the trading agent — without governance.

What went wrong: The taxonomy lacked applicability classes that would map control requirements to risk profiles. The resulting all-or-nothing approach made governance economically unsustainable for low-risk agents and politically untenable across the organisation. Consequence: Complete governance programme abandonment, subsequent trading agent incident with £2.1 million exposure.

4. Requirement Statement

Scope: This dimension applies to every organisation that adopts the Agent Governance Standard, regardless of industry, jurisdiction, or number of deployed agents. It governs the taxonomy artefact itself — the structured classification system that organises control dimensions into families, defines dependencies between them, and specifies which controls apply to which agent profiles. Any organisation operating even a single governed agent requires a taxonomy to determine which controls apply. The scope includes the taxonomy's data model, its versioning mechanism, its change-control process, and its validation rules. Organisations that rely on a third-party governance platform are not exempted — they must verify that the platform's embedded taxonomy meets the requirements of this dimension or maintain a supplementary taxonomy that does.

4.1. A conforming system MUST maintain a canonical taxonomy of all control dimensions organised into named control families with defined boundaries and membership criteria.

4.2. A conforming system MUST version the taxonomy using immutable version identifiers, retaining all prior versions with full change history including timestamps, authors, and approval references.

4.3. A conforming system MUST define applicability classes that specify which control dimensions apply to each agent profile, risk tier, and deployment context, with explicit justification for each inclusion and exclusion.

4.4. A conforming system MUST validate the taxonomy against the canonical control set on every update, detecting and flagging orphaned controls (controls not assigned to any family), duplicate assignments (controls assigned to multiple families without explicit justification), and coverage gaps (agent profiles with no controls mapped).

4.5. A conforming system MUST subject taxonomy changes to a formal change-control process requiring review and approval by at least two individuals with governance authority, neither of whom is the change author.

4.6. A conforming system MUST record the mapping between every deployed agent and its applicable control set as derived from the taxonomy, updating this mapping whenever the taxonomy or the agent's profile classification changes.

4.7. A conforming system SHOULD implement machine-readable taxonomy definitions (e.g., JSON Schema, OWL ontology, or structured YAML) enabling automated validation and tooling integration.

4.8. A conforming system SHOULD generate automated alerts when a taxonomy update changes the applicable control set for any deployed agent, triggering a conformance re-assessment.

4.9. A conforming system MAY implement taxonomy simulation — the ability to model the impact of a proposed taxonomy change on all deployed agents before committing the change.

5. Rationale

The Agent Governance Standard comprises hundreds of individual control dimensions. Without a governing taxonomy, these dimensions are an unstructured list — analogous to a legal code with no chapter structure, no index, and no cross-referencing system. The taxonomy provides the structural organisation that makes the standard usable, auditable, and maintainable at scale.

Three problems arise without taxonomy governance. First, completeness cannot be verified. If controls are not organised into families with defined scope boundaries, there is no systematic way to determine whether a new risk domain is covered or whether a gap exists between adjacent control families. Second, applicability cannot be determined efficiently. Without formal applicability classes, every organisation must independently determine which controls apply to which agents — a process that is error-prone, inconsistent, and expensive. Third, the standard cannot evolve coherently. When new control dimensions are added, they must be placed within the taxonomy structure; without governance of that structure, additions may conflict with existing controls, duplicate existing coverage, or create dependencies that are not recorded.

The taxonomy is also the primary input to conformance assessment. Auditors and assessors use the taxonomy to determine what to test. If the taxonomy is incorrect, the assessment scope is incorrect — either testing controls that do not apply (wasting resources) or missing controls that do apply (creating false assurance). Governing the taxonomy is therefore a precondition for reliable conformance assessment.

6. Implementation Guidance

The taxonomy should be implemented as a structured data artefact — not a prose document. Each control family should have a unique identifier, a name, a scope description, and a membership list of control dimensions. Each control dimension should reference exactly one primary family (with explicit cross-references where a dimension spans families). Each applicability class should define a set of conditions (agent profile, risk tier, deployment context) and a resulting set of required, recommended, and optional controls.

Recommended patterns:

• Registry-based taxonomy management. Maintain the taxonomy in a structured registry (database, version-controlled configuration files, or purpose-built governance tooling). Each taxonomy entry is a record with defined fields: family ID, family name, member controls, applicability rules, and dependency declarations. Changes to the registry follow a pull-request or change-request workflow with mandatory review. The registry is the single source of truth; all downstream artefacts (conformance checklists, audit scopes, dashboards) are derived from it.
• Automated applicability resolution. Given an agent's profile classification, deployment context, and risk tier, the system automatically derives the applicable control set from the taxonomy. This eliminates manual mapping errors and ensures that taxonomy changes propagate consistently to all affected agents. The resolution logic should be deterministic and auditable — given the same inputs, it must produce the same output.
• Taxonomy diff reporting. On every taxonomy version change, generate a diff report showing: controls added to each family, controls removed, applicability changes per agent profile, and new or removed dependencies. Distribute this report to all governance stakeholders and retain it as part of the taxonomy version history.
• Periodic taxonomy completeness review. At least annually, conduct a structured review of the taxonomy against the current threat landscape, regulatory environment, and deployed agent portfolio. The review should identify: risk domains not covered by any control family, control families with no applicable agents (candidates for deprecation), and applicability classes that no longer match the deployed agent portfolio.

Anti-patterns to avoid:

• Spreadsheet-based taxonomy management. Spreadsheets lack version control, concurrent-edit safety, referential integrity, and automated validation. A taxonomy maintained in a spreadsheet will drift from reality within months. If a spreadsheet is the only feasible starting point, migrate to a structured registry within 90 days.
• Implicit taxonomy. Treating the ordering or numbering of control dimensions as the taxonomy. The AG numbering scheme is an identifier, not a classification. Control AG-153 is not inherently related to AG-154 because of sequential numbering. Families must be explicitly defined based on functional relationships, not numerical adjacency.
• Single-owner taxonomy. A taxonomy maintained by a single individual with no review process creates bus-factor risk and eliminates the separation of duties required by Requirement 4.5. Taxonomy governance must involve at least two independent reviewers.
• Static taxonomy. A taxonomy that is defined once and never updated will diverge from the evolving standard, the evolving agent portfolio, and the evolving regulatory landscape. The taxonomy must be a living artefact with a defined update cadence.

Maturity Model

Basic Implementation — The organisation has documented a taxonomy of control families and applicability classes in a structured format. The taxonomy is versioned with change history. Each deployed agent is mapped to its applicable control set. Changes follow a documented approval process. Validation is manual — a governance analyst reviews the taxonomy for completeness and consistency on each update.

Intermediate Implementation — The taxonomy is maintained in a machine-readable registry with automated validation rules. Applicability resolution is automated — agents are mapped to controls programmatically based on profile and risk tier. Taxonomy changes trigger automated impact assessments showing which agents are affected. Diff reports are generated and distributed on every version change. The taxonomy is reviewed quarterly against the current agent portfolio and threat landscape.

Advanced Implementation — All intermediate capabilities plus: the taxonomy is integrated with the conformance assessment pipeline, so taxonomy changes automatically update assessment scopes. Taxonomy simulation allows modelling the impact of proposed changes before commitment. The taxonomy is independently audited annually. Cross-standard taxonomy mapping (e.g., to ISO 42001 control objectives, NIST AI RMF functions) is maintained and validated. The taxonomy supports multi-jurisdictional applicability classes with automated conflict detection.

7. Evidence Requirements

Required artefacts:

• Canonical taxonomy artefact. The current taxonomy definition showing all control families, member controls, applicability classes, and dependency declarations. Format: machine-readable structured data (JSON, YAML, or database export) plus a human-readable rendering. Not a prose summary.
• Taxonomy version history. Complete version history showing all changes, with timestamps, authors, approvers, and change justifications. Minimum: all versions since initial adoption or 3 years, whichever is shorter.
• Agent-to-control mapping. The current mapping of every deployed agent to its applicable control set, as derived from the taxonomy. Must show the derivation path: agent profile classification, applicable applicability class, resulting control set.
• Taxonomy validation records. Results of the most recent taxonomy validation, showing: any orphaned controls, duplicate assignments, coverage gaps, or consistency errors detected and their resolution status.
• Change-control records. Approval records for each taxonomy change, showing reviewer identities, review dates, and approval decisions. Must demonstrate compliance with the two-reviewer requirement of 4.5.

Retention requirements:

• Taxonomy versions and change-control records: minimum 7 years for regulated financial services; minimum 5 years for other regulated sectors; minimum 3 years otherwise.

Access requirements:

• Producible to regulators or auditors within 48 hours of request. Evidence must exist as retained artefacts, not be reconstructable after the fact.

8. Test Specification

Test 8.1: Taxonomy Completeness Verification

• Stimulus: Compare the taxonomy's total control membership against the canonical control dimension list. Enumerate all control dimensions and verify each appears in exactly one primary family (or has an explicit cross-family justification).
• Expected behaviour: No orphaned controls exist. No control is unassigned.
• Pass criteria: 100% of canonical controls are assigned to a family. Zero orphaned controls.
• Fail criteria: Any canonical control is missing from the taxonomy, or any control appears in a family without a valid assignment record.

Test 8.2: Taxonomy Version Immutability

• Stimulus: Retrieve a historical taxonomy version by its version identifier. Compare its content against the archived version.
• Expected behaviour: Historical versions are immutable. The retrieved version matches the archived version exactly.
• Pass criteria: Bit-for-bit match between retrieved and archived versions for all tested historical versions.
• Fail criteria: Any historical version has been modified after publication, or any version is missing from the archive.

Test 8.3: Applicability Class Resolution Correctness

• Stimulus: For each defined agent profile and risk tier combination, resolve the applicable control set using the taxonomy's applicability rules. Compare the result against a manually verified expected control set for at least 3 representative combinations.
• Expected behaviour: Automated resolution matches the manually verified expected set.
• Pass criteria: Zero discrepancies between automated resolution and expected control sets across all tested combinations.
• Fail criteria: Any agent profile resolves to an incorrect control set — either missing required controls or including inapplicable controls.

Test 8.4: Change-Control Enforcement

• Stimulus: Attempt to commit a taxonomy change with: (a) no approvals, (b) only one approval, (c) approval by the change author. Verify rejection in all three cases.
• Expected behaviour: The system rejects taxonomy changes that do not meet the two-independent-reviewer requirement.
• Pass criteria: All three non-conforming change attempts are rejected. Only properly approved changes are committed.
• Fail criteria: Any taxonomy change is committed without the required two independent approvals.

Test 8.5: Agent Mapping Update on Taxonomy Change

• Stimulus: Modify the taxonomy to add a new control to a control family that applies to a deployed agent's profile. Verify that the agent's applicable control set is updated accordingly.
• Expected behaviour: The agent-to-control mapping reflects the taxonomy change. An alert or notification is generated indicating the change in applicable controls.
• Pass criteria: The agent's updated control set includes the newly added control. A mapping update record or alert exists with a timestamp within the defined SLA (e.g., 24 hours of taxonomy change).
• Fail criteria: The agent's control set does not reflect the taxonomy change, or no update notification is generated.

Test 8.6: Taxonomy Validation on Update

• Stimulus: Introduce a deliberate error into a taxonomy update: an orphaned control, a duplicate assignment without justification, and a coverage gap. Attempt to commit the update.
• Expected behaviour: The validation process detects all three errors and either blocks the commit or flags the errors for resolution before approval.
• Pass criteria: All three deliberate errors are detected and reported. The update is not committed without error resolution or explicit override with justification.
• Fail criteria: Any deliberate error passes validation undetected.

Conformance Scoring

• Score 0: No taxonomy exists — controls are an unstructured list with no family organisation, applicability classes, or version control.
• Score 1: A taxonomy exists in document form but is not machine-readable, not validated automatically, and changes are not formally controlled.
• Score 2: The taxonomy is machine-readable and versioned, applicability resolution is automated, and changes follow a formal two-reviewer process with validation on every update.
• Score 3: Verified by independent audit — an independent party has validated the taxonomy's completeness, applicability resolution correctness, and change-control integrity, and the taxonomy is integrated with conformance assessment pipelines.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 9 (Risk Management System)	Supports compliance
EU AI Act	Article 17 (Quality Management System)	Direct requirement
ISO 42001	Clause 6.1.3 (AI Risk Treatment)	Supports compliance
ISO 42001	Annex A (Reference Control Objectives)	Direct requirement
NIST AI RMF	GOVERN 1.2 (Processes for AI Risk Management)	Supports compliance
SOX	Section 404 (Internal Controls)	Supports compliance
DORA	Article 5 (ICT Risk Management Governance)	Supports compliance

EU AI Act — Article 17 (Quality Management System)

Article 17 requires providers of high-risk AI systems to implement a quality management system that includes procedures for managing modifications to the system, including version control and documentation. A governed control taxonomy is a quality management artefact that ensures the governance framework itself is structured, versioned, and change-controlled. Without taxonomy governance, an organisation cannot demonstrate that its quality management system systematically covers all applicable governance requirements — the quality system has no structured reference for what "complete" means.

ISO 42001 — Annex A (Reference Control Objectives)

ISO 42001 Annex A defines reference control objectives that organisations must address within their AI management system. AG-219 provides the meta-governance mechanism for mapping these control objectives to the Agent Governance Standard's control dimensions, ensuring that every ISO 42001 requirement is addressed by at least one AG control and that the mapping is maintained as both standards evolve. Organisations pursuing dual conformance require a governed taxonomy to demonstrate systematic coverage.

NIST AI RMF — GOVERN 1.2

GOVERN 1.2 addresses processes and procedures for risk management of AI systems. A governed taxonomy of controls is the organisational mechanism through which risk management processes are structured and maintained. The taxonomy ensures that risk management coverage is systematic rather than ad hoc.

SOX — Section 404

For organisations subject to SOX, the control taxonomy provides the structural foundation for the internal control framework applied to AI agent operations. Auditors require a documented, versioned control taxonomy to scope their assessment. Without it, the auditor cannot determine whether the control framework is complete — a condition that could result in a material weakness finding.

10. Failure Severity

Field	Value
Severity Rating	High
Blast Radius	Organisation-wide — affects the applicability and coherence of all other governance controls

Consequence chain: Without taxonomy governance, the organisation has no systematic way to determine which controls apply to which agents, whether control coverage is complete, or whether the governance framework is internally consistent. The immediate failure mode is invisible coverage gaps — agents operating without controls that should apply, or subjected to controls that do not apply (wasting resources and creating governance fatigue). The downstream consequence is unreliable conformance assessment, because assessors cannot determine the correct assessment scope. This creates false assurance — the organisation believes it is conformant when material gaps exist. The ultimate business consequence is regulatory exposure when an incident reveals that the governance framework had structural gaps that a governed taxonomy would have detected. In financial services, this maps to a potential finding under FCA SYSC 6.1.1R for inadequate systems and controls; under SOX, a potential material weakness in internal controls.

Cross-references: AG-007 (Governance Configuration Control) governs the configuration artefacts that the taxonomy references. AG-220 (Control Dependency Governance) relies on the taxonomy to define the control set within which dependencies are tracked. AG-222 (Conformance Profile Governance) consumes the taxonomy's applicability classes to construct conformance profiles. AG-153 (Control Efficacy Measurement) measures the effectiveness of controls that the taxonomy organises. AG-158 (Standard Evolution and Emergency Update) triggers taxonomy updates when the standard itself evolves.