Singapore’s Infocomm Media Development Authority (IMDA) has released an updated version of its Model AI Governance Framework for Agentic AI. The update comes after feedback from over 60 organizations and includes more than ten real-world case studies from companies such as AWS, DBS, Google, Workday, OCBC, Tencent, and GovTech Singapore.
This framework builds on IMDA’s original 2020 Model AI Governance Framework and the initial Agentic AI version launched in January 2026. The latest revision aims to help organizations move from theory to practical implementation by showing how leading companies are operationalizing governance for autonomous AI systems.
The updated framework places strong emphasis on human accountability, tiered risk approaches, and managing the unique challenges of multi-agent systems and third-party agents. It also addresses emerging issues such as automation bias and how to maintain meaningful human oversight as agents become more capable.
“This is in line with Singapore’s practical and balanced approach to AI Governance, where guardrails are put in place, while providing space for innovation,”
The document provides organizations with concrete examples across different dimensions of governance, from risk assessment to technical controls and end-user responsibility. For enterprises actively deploying agentic AI, this update offers valuable benchmarks and implementation guidance.
Key Changes in the Updated Framework
IMDA’s Version 1.5 of the Model AI Governance Framework for Agentic AI marks a substantial evolution from previous iterations. Released on 20 May 2026, the 51-page document incorporates extensive feedback from over 60 organizations and features more than 10 detailed real-world case studies from major players including AWS, DBS, Google, Workday, OCBC, Tencent, PwC, Dayos, GovTech, and others.
The update significantly expands coverage of multi-agent systems, introducing dedicated discussion on systemic risks such as agent sprawl, miscoordination, conflict, collusion, and emergent behaviors. It also provides deeper guidance on technical controls, clearly distinguishing between structural, rule-based, and prompt-layer approaches, while adding recommendations for change management in complex agentic environments.
A major focus is placed on human accountability and combating automation bias. The framework now includes practical methods such as monitoring human override rates, response times, and outlier reviewer behavior. It also stresses the importance of preserving human tradecraft and business continuity as agents take over larger portions of workflows.
New risk assessment factors were added, including system complexity, usage of third-party solutions, and reversibility of agent actions. The document further refines the agentic value chain, separating roles between platform providers, system providers, and deployers.
This version transforms the framework from high-level principles into a far more operational tool, with concrete examples showing how leading organizations are actually implementing governance across development, deployment, and end-user phases.
Key Findings
Agentic AI is defined by independent planning, decision-making, and action-taking capabilities, often using LLMs as the core reasoning engine combined with tools, memory, and protocols.
Core components of an agent now explicitly include safety and reliability elements such as controls, logging, and monitoring.
Multi-agent systems introduce qualitatively different risks including agent sprawl, collaborative failures (miscoordination, conflict, and collusion), and unpredictable emergent behaviors.
Agents can cause real-world harm through erroneous actions, unauthorised actions, biased outcomes, data breaches, and disruption to connected systems.
The framework outlines four key governance dimensions: Assess and bound the risks upfront, Make humans meaningfully accountable, Implement technical controls and processes, and Enable end-user responsibility.
Risk assessment must now consider new factors such as system complexity, reversibility of actions, third-party solutions, and level of agent autonomy.
Human accountability remains central, with specific guidance on combating automation bias through monitoring override rates and response times.
Technical controls should prioritize structural and rule-based approaches over prompt-layer guardrails, which are easier to bypass.
End-user responsibility is emphasized as critical, including training to maintain tradecraft and awareness of agent limitations.
The framework is explicitly a living document that will continue to evolve, with IMDA actively inviting more case studies and feedback from industry.
Conditions Driving This Update
Explosive real-world adoption of agentic AI systems created urgent demand for more practical governance guidance beyond the initial high-level framework.
Feedback from over 60 organizations revealed that companies needed concrete case studies and operational examples rather than abstract principles.
The rapid rise of multi-agent deployments and complex agent-to-agent interactions introduced new systemic risks that required dedicated coverage.
Enterprises reported increasing difficulties maintaining meaningful human oversight as agents became more autonomous and capable.
Emergence of new protocols (MCP, A2A, agentic commerce protocols) and computer-use agents created fresh attack surfaces and governance challenges.
Growing concerns around automation bias, loss of human tradecraft, and business continuity risks as agents take over significant workflows.
Singapore’s ambition to remain a leading, innovation-friendly jurisdiction in Asia while providing responsible guardrails drove the timely revision.
International regulatory momentum and industry demand for benchmark practices created an opportunity for IMDA to strengthen its Model Framework with real implementation lessons.
What the Report Covers
The IMDA Model AI Governance Framework for Agentic AI (Version 1.5, published 20 May 2026) is a comprehensive 51-page practical guide that moves well beyond high-level principles. It provides organizations with a structured, actionable approach to governing autonomous AI systems.
The document is organized into clear sections. It begins with a detailed Introduction to Agentic AI, explaining what agents are, their core components (model, instructions, memory, planning & reasoning, tools, protocols, controls, and logging/monitoring), and different multi-agent architectures (sequential, supervisor, and swarm). It carefully distinguishes between action-space (what an agent can do) and autonomy (how freely it can decide), and discusses how design choices dramatically affect risk levels.
A major section is dedicated to Risks of Agentic AI. It covers traditional inherited risks (hallucination, bias, prompt injection) but focuses on how they manifest differently in agents. It details five main types of risk: erroneous actions, unauthorised actions, biased or unfair actions, data breaches, and disruption to connected systems. The framework also explores systemic and multi-agent risks such as agent sprawl, miscoordination, conflict, collusion, cascading failures, and emergent unpredictable behaviors.
The heart of the document is the Model AI Governance Framework for Agentic AI, built around four practical dimensions:
Assess and bound the risks upfront — Detailed risk assessment factors (domain criticality, data sensitivity, reversibility of actions, system complexity, third-party involvement, etc.), threat modelling recommendations, and design strategies to limit agent scope through least-privilege access, SOPs, and sandboxing.
Make humans meaningfully accountable — Clear allocation of responsibilities across the agent value chain (model developers, platform providers, system providers, deployers, end users), strategies to combat automation bias, and design for effective human oversight with significant checkpoints.
Implement technical controls and processes — Guidance across the full lifecycle (development, pre-deployment testing, post-deployment monitoring), types of controls (structural, rule-based, prompt-layer), and change management for complex systems.
Enable end-user responsibility — Training requirements, information users need, and preserving human tradecraft and business continuity.
Throughout the framework, IMDA includes rich real-world case studies (Dayos, OCBC, PwC Singapore, Tencent, GovTech, etc.) that show exactly how leading organizations are applying these principles in practice. The document ends by positioning itself as a living resource and invites further case studies and feedback.
What It Means for Organizations
The updated IMDA Model AI Governance Framework for Agentic AI sends a clear signal to enterprises operating in Singapore and across the Asia-Pacific region: agentic AI governance is no longer optional or experimental — it is becoming a core business requirement.
Organizations should treat this update as a practical roadmap. Companies already deploying or planning to deploy autonomous agents now have access to real-world case studies showing how leading organizations structure accountability, classify risk, and implement technical controls. This is particularly valuable for financial institutions, government agencies, and large enterprises where agentic systems are being integrated into high-impact processes.
The framework encourages organizations to move beyond high-level policies toward operational implementation. This includes establishing clear ownership for agent behavior, implementing agent registries, defining escalation paths for high-risk decisions, and maintaining meaningful human oversight even as systems become more autonomous.
For multinational companies, the IMDA framework also serves as a strong reference point that aligns well with international developments while maintaining Singapore’s pragmatic, innovation-friendly tone. Companies can use these guidelines to benchmark their current programs, identify gaps, and strengthen internal governance structures before regulatory pressure increases.
Early movers who align with this updated framework will likely gain advantages in risk management, stakeholder trust, and operational resilience. Conversely, organizations that continue treating agentic AI governance as a secondary concern may face growing internal control issues and future compliance challenges.
Our Take
AI Compliance Take
IMDA’s updated Model AI Governance Framework for Agentic AI is one of the most practical and actionable government-backed resources released so far in 2026. By incorporating real feedback from over 60 organizations and including concrete case studies, Singapore has delivered guidance that goes beyond principles and focuses on actual implementation.
The emphasis on human accountability, tiered risk for agentic systems, and proper governance of multi-agent environments shows a deep understanding of how these technologies actually operate in production. This framework reinforces that effective agentic AI governance requires clear responsibility structures, technical controls, and continuous oversight rather than relying solely on model-level safeguards.
For compliance, risk, and governance leaders, this update provides a valuable benchmark to assess and strengthen their programs. It highlights that organizations need to treat agentic systems differently from traditional AI models and invest in the right architectural and organizational foundations.
Singapore continues to position itself as a forward-thinking yet balanced jurisdiction in AI regulation. This updated framework gives enterprises a clear path forward that supports innovation while addressing real risks.
