Deontic Policies for Runtime Governance of Agentic AI Systems

2026-06-12 · Source: cs.MA updates on arXiv.org · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Expert, extended

Summary

AgenticRei is a novel policy engine designed for runtime governance of autonomous agentic AI systems driven by Large Language Models (LLMs). It addresses limitations of existing policy engines like XACML, Rego, and Cedar by implementing a deontic policy language based on the Rei framework, expressed in OWL (Web Ontology Language). AgenticRei supports permissions, prohibitions, obligations, dispensations, meta-policy conflict resolution, and ontological reasoning over domain class hierarchies. The system evaluates policies at the point of action execution, entirely outside the LLM, achieving sub-millisecond decision latency for RDFox queries and under 10 ms end-to-end latency. It governs both tool invocations and agent-to-agent messages, composing naturally with industry-standard frameworks like A2AS, and provides a deterministic enforcement layer against policy-violating actions.

Key takeaway

For AI Architects and Security Engineers deploying LLM-driven agentic systems, traditional access control policies are insufficient for comprehensive governance. You should consider adopting deontic policy frameworks like AgenticRei to enforce complex rules involving obligations, dispensations, and semantic reasoning. This approach ensures deterministic, auditable enforcement at the action boundary, mitigating risks like authority creep and diffuse accountability, and aligning with emerging standards for agent oversight.

Key insights

AgenticRei extends AI governance beyond permit/prohibit rules with deontic logic for obligations, dispensations, and semantic reasoning.

Principles

• Policy enforcement must be deterministic, outside the LLM.
• Policy languages need obligations, dispensations, meta-policies.
• Semantic grounding enables policy evolution without rewrites.

Method

AgenticRei uses a three-step extract–evaluate–apply contract: intercepting agent actions as <subject, action, resource> triples, evaluating them against Rei-encoded OWL policies via an RDFox-based logic engine, and applying the verdict with any obligations.

In practice

• Implement CISO notification obligations for software installs.
• Use meta-policies for auditable conflict resolution.
• Define prohibitions over top-level ontology classes.

Topics

• Agentic AI Governance
• Deontic Logic
• Policy Engines
• OWL Ontology
• Runtime Enforcement
• LLM Security

Code references

• cosai-oasis/ws4-secure-design-agentic-systems

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Architect, AI Security Engineer, AI Scientist

Related on AIssential

• Deontic Policies for Runtime Governance of Agentic AI Systems — AgenticRei extends AI governance beyond permit/prohibit rules to include obligations, dispensations, and conflict resolution for LLM agents.
• Governance Is Not a Prompt — Existing model risk management frameworks are inadequate for agentic AI, necessitating a new governance paradigm focused on external, enforceable controls.
• Governance by Construction for Generalist Agents — The CUGA policy system embeds continuous, multi-stage governance into generalist LLM agent execution without fine-tuning, ensuring auditable and compliant behavior.
• Algorithmic Constitutionalism — Algorithmic constitutionalism offers a layered, self-monitoring framework for AI governance, moving beyond ethical engineering to protect core principles.
• Proof-Carrying Agent Actions: Model-Agnostic Runtime Governance for Heterogeneous Agent Systems — PCAA provides runtime-neutral governance for agent actions via a portable, auditable action certificate.
• Securing AI agents with agent governance — Applying operating system and distributed systems security principles is crucial for governing autonomous AI agents.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by cs.MA updates on arXiv.org.