Last reviewed: April 29, 2026
On January 22, 2026, at the World Economic Forum in Davos, Singapore became the first country in the world to publish a comprehensive governance framework specifically for agentic AI. Minister for Digital Development and Information Josephine Teo announced the Model AI Governance Framework (MGF) for Agentic AI, developed by the Infocomm Media Development Authority (IMDA). The framework is voluntary, builds on Singapore’s 2020 Model AI Governance Framework, and structures responsible agentic AI deployment around four dimensions: bounding risk upfront, making humans meaningfully accountable, implementing technical controls, and enabling end-user responsibility. This article explains what the framework requires, how it relates to Singapore’s broader AI governance ecosystem, and what companies building or deploying agentic AI should do now.
Key Takeaways
- Singapore’s MGF for Agentic AI is the world’s first comprehensive agentic AI governance framework, published January 22, 2026 by IMDA. It is voluntary but practically authoritative — the only concrete reference document available globally.
- Four dimensions structure the framework: (1) assess and bound risks upfront, (2) make humans meaningfully accountable, (3) implement technical controls across the agent lifecycle, (4) enable end-user responsibility through transparency and training.
- Humans remain accountable. The framework’s most consistent message is that automation does not relocate liability. Even when agents act autonomously, organizations and named individuals carry responsibility under existing laws — Singapore’s PDPA, sectoral statutes, and consumer protection law all continue to apply.
- The framework is a living document. IMDA is actively soliciting feedback and case studies. Updated versions are expected throughout 2026 and 2027.
- A companion CSA addendum addresses agentic AI security. In October 2025, Singapore’s Cyber Security Agency released an addendum to its Securing AI Systems guidelines specifically focused on agentic-AI threat modeling — particularly multi-agent workflows and tool-access vulnerabilities.
Why does agentic AI need its own framework?
Agentic AI systems are categorically different from the AI systems regulators have governed to date. Where traditional and generative AI produce outputs that humans then choose to act on, agentic AI plans, reasons, and takes actions autonomously on a user’s behalf — often invoking external tools, calling APIs, modifying records, or interacting with other agents. The decision-to-action loop closes inside the system. The human becomes a supervisor of outcomes rather than an approver of every step.
This shift breaks several assumptions baked into existing AI governance frameworks. The EU AI Act assumes a deployer who exercises meaningful control over how AI outputs are used. The NIST AI Risk Management Framework assumes risk can be mapped, measured, and managed at the system level — not at the system-of-systems level created by multi-agent architectures. Singapore’s own 2020 Model AI Governance Framework assumes humans approve consequential decisions before AI executes them.
IMDA recognized that none of those assumptions hold for agentic AI. An agent given access to a customer database and a payments API can take actions before any human sees the output. A multi-agent system in which agents call other agents creates accountability chains that no existing framework anticipates. Automation bias — the human tendency to trust automated systems even when they fail — compounds the risk: humans nominally in the loop often rubber-stamp agent decisions without meaningful review.
The MGF for Agentic AI was designed to address these gaps. IMDA framed the launch as a response to growing enterprise interest in deploying agents to “automate repetitive tasks and drive sectoral transformation by freeing employees’ time to undertake higher-value activities” — but only if accompanied by responsible governance. The framework’s premise is that agentic AI’s productivity benefits cannot be realized without governance, because organizations cannot trust outputs they cannot oversee.
What does the IMDA framework cover?
The MGF for Agentic AI is a structured overview of risks and emerging best practices, targeted at organizations deploying agentic AI through either in-house development or third-party agentic solutions. It is a 14-plus-page guidance document organized into four governance dimensions, each with multiple sub-themes and design considerations.
The framework explicitly does not create new legal obligations. Singapore’s approach to AI governance has consistently been voluntary, building practical guidance that organizations can adopt as evidence of due care under existing statutes (PDPA, Online Safety Act, sectoral laws, and consumer protection law). Eversheds Sutherland’s February 2026 analysis of the framework noted that “alignment with the framework can support organisations with managing legal exposure and regulatory risks. This is because organisations deploying AI still ultimately remain accountable for the actions of and impacts caused by their AI use cases under existing laws.”
The framework targets two audiences: developers of agentic AI systems (who design the agent’s autonomy boundaries and tool access) and deployers of agentic AI (who decide use cases, configure deployments, and bear ultimate accountability). Most enterprise deployments today involve third-party agentic platforms, so the deployer-focused guidance is the operationally most consequential portion.
IMDA has positioned the framework as a living document. The agency is actively soliciting feedback from public and private sector contributors, and planning specific implementation guidelines for testing agentic AI applications — building on its existing Starter Kit for Safety Testing of LLM-Based Applications. Updated versions are expected throughout 2026 and 2027 as case studies accumulate.
How does the framework define agentic AI?
The MGF defines agentic AI by capability, not by underlying architecture. The framework’s working definition centers on systems that:
- Plan — break down high-level goals into sequences of sub-tasks
- Reason — make decisions about what action to take next given current context
- Act autonomously on a user’s behalf — invoke tools, call APIs, modify external state without per-step human approval
- Operate over extended workflows — maintain context across multiple interactions and decisions
This definition is intentionally broader than “AI agent” as the term is sometimes narrowly used in technical literature. It captures large-language-model-based agents (the most common 2025-2026 commercial pattern), classical-AI planning systems with autonomy, and hybrid architectures. The framework explicitly addresses multi-agent systems — workflows in which multiple agents coordinate, hand off tasks, or call each other — as a distinct governance challenge with elevated risk.
The framework distinguishes agentic AI from generative AI by the action loop. A generative AI system that produces text or code which a human then chooses to execute is not agentic under the framework. The same model wrapped in an executor that runs the generated code without human approval is agentic. The threshold is whether the system’s reasoning closes into action without per-decision human review.
This definitional choice matters operationally. A retrieval-augmented generation (RAG) system that summarizes documents is generative. A RAG system that summarizes documents and then files compliance reports based on its summary is agentic. The framework applies to the second.
What governance principles does the framework establish?
The four dimensions of the MGF for Agentic AI provide a complete governance lifecycle for agentic deployment. Each dimension has multiple sub-themes; the most consequential are summarized below.
Accountability across the agent lifecycle
The framework’s most-emphasized principle is that accountability cannot delegate to the agent itself. Even when agents act autonomously, named humans and organizations remain accountable under existing laws. The framework operationalizes this through three measures:
-
Define responsibility across multiple actors. When an agentic AI system spans developer (who built the agent), platform provider (who hosts it), deployer (who configured the use case), and end-user (who initiates the task), the framework recommends explicit pre-deployment mapping of which actor is accountable for which class of failure. Multi-agent systems require this mapping at the system level — not just per individual agent.
-
Counter automation bias deliberately. The framework recognizes that humans nominally in the loop often defer to automated outputs even when those outputs are wrong. Mitigations include: training reviewers to look for specific failure modes, building UI affordances that surface uncertainty, and rotating reviewer responsibilities to maintain meaningful oversight over time.
-
Maintain auditability. Every agent action should generate logs sufficient to reconstruct the decision: what prompt, what tools called, what data accessed, what action taken, what outcome. This audit trail is the evidentiary foundation for both regulatory inquiry and incident response.
Human oversight at meaningful checkpoints
The framework rejects two extreme positions. Continuous human approval (a human approves every step) defeats the productivity case for agentic AI and creates oversight fatigue. No human oversight (the agent runs end-to-end without checkpoints) transfers legal and operational risk to the deployer without meaningful safeguards. The framework’s middle path defines significant checkpoints — moments in the agent’s workflow where human approval is required before the agent proceeds.
What counts as a significant checkpoint depends on the use case, but the framework offers a heuristic: if the next action would have material legal, financial, or reputational consequence — or would be hard to reverse — it is a candidate checkpoint. Examples include: agent transferring funds above a threshold, agent sending external communication to customers, agent modifying production data, and agent initiating a workflow that another agent will continue autonomously.
The framework also addresses dynamic checkpoint adjustment. As organizations gain confidence in an agent’s performance through monitored deployment, checkpoint thresholds can be relaxed. As performance degrades or context shifts, thresholds should tighten. This is a continuous-calibration model rather than a one-time configuration.
Multi-agent governance
The framework’s most distinctive section addresses multi-agent systems — workflows in which multiple agents coordinate, delegate, or call each other. Multi-agent systems multiply governance complexity in three ways:
-
Cascading failure modes. An error introduced by one agent propagates through the system as subsequent agents treat the erroneous output as ground truth. Without circuit-breakers, a single malformed output can cascade into systemic failure.
-
Diffuse accountability. When agent A calls agent B which calls agent C, who is responsible for an outcome reached through the chain? The framework recommends that orchestrators (the agent or system invoking other agents) bear primary accountability, but that all participating agents have logging obligations sufficient to apportion responsibility post-hoc.
-
Emergent behaviors. Multi-agent systems can produce behaviors not exhibited by any individual agent — coordination patterns, prompt-injection cascades, or strategy convergences. The framework recommends pre-deployment red-teaming at the multi-agent system level, not just per individual agent.
Singapore’s broader AI Verify ecosystem — particularly Project Moonshot’s red-teaming capabilities — provides tooling support for these multi-agent assessments. The framework anticipates that multi-agent test plans will become a standard requirement for high-risk agentic deployments.
How does this fit with Singapore’s other AI frameworks?
The MGF for Agentic AI is the most recent layer in Singapore’s multi-document AI governance approach. The architecture, simplified:
| Document | Year | Scope | Status |
|---|---|---|---|
| Model AI Governance Framework (MGF) | 2020 | All AI systems — 11 governance principles | Foundation; voluntary |
| GenAI Governance Framework | January 2024 | Generative AI specifically — 9 dimensions | Builds on MGF; voluntary |
| AI Verify Testing Framework | 2023 (released open-source) | Technical testing toolkit + 11 process checklists with 85 testable criteria | Open-source; voluntary |
| Project Moonshot | May 2024 | LLM evaluation — red-teaming + benchmarking + automated evaluation | Open-source; voluntary |
| MGF for Agentic AI | January 2026 | Agentic AI specifically — four governance dimensions | Builds on MGF (2020); voluntary |
| CSA Securing AI Systems Guidelines + Agentic AI Addendum | 2024; addendum October 2025 | Cybersecurity for AI systems including agent-specific threat models | Voluntary |
| Sectoral guidance (MAS, MOH, MOE) | Various | Sector-specific AI rules for finance, healthcare, education | Some mandatory under sector laws |
| PDPA Advisory Guidelines on AI | 2024 (revised) | Data protection requirements for AI systems | Mandatory under PDPA |
For organizations deploying agentic AI in Singapore, compliance does not stop at the MGF for Agentic AI. The agent’s data handling triggers PDPA. Sector-specific deployments trigger MAS, MOH, or other sectoral guidance. The CSA addendum adds cybersecurity expectations. AI Verify provides the testing infrastructure that demonstrates compliance.
The framework is practically interlocking with the broader ecosystem. An organization following only the MGF for Agentic AI without the CSA security addendum would miss multi-agent threat models. An organization following only AI Verify without the MGF for Agentic AI would lack the autonomy-bounding guidance specific to agents. The frameworks were designed to be used together.
What should companies building or deploying agentic AI do?
Organizations operating in Singapore — or planning to — should treat the MGF for Agentic AI as the operating baseline even though it is voluntary. Five concrete steps:
-
Map your agentic AI inventory against the four dimensions. For each agentic system in development or production, document: (a) the agent’s autonomy boundaries (what tools, what data, what action authority), (b) the human checkpoints currently configured, (c) the technical controls in place, and (d) the end-user transparency mechanisms. Gaps against the four dimensions become the remediation backlog.
-
Build the audit trail before you scale deployment. Logging requirements are easier to bake in during pilot than to retrofit after production deployment. Each agent action should generate a log entry capturing: prompt, tools called, data accessed, action taken, outcome, and human approver if any. Use a structured format (JSON) so logs can be queried by regulators or incident responders.
-
Run multi-agent red-teaming before production. If your agentic system involves more than one agent, test the system as a system. Project Moonshot provides open-source tooling for this. Test scenarios should include: prompt injection from an upstream agent, malformed output cascade, coordination with a compromised agent, and tool-access escalation.
-
Designate a named accountable person per agentic system. Singapore’s framework, like most AI governance frameworks, depends on clear human ownership. For each production agentic deployment, name an internal owner who carries operational accountability. This person should review the audit trail periodically, approve checkpoint adjustments, and respond to incidents.
-
Plan for the framework to evolve. IMDA has signaled that the MGF for Agentic AI is a living document. Organizations should subscribe to IMDA updates, review the framework quarterly against their deployments, and contribute case studies where their experience could inform refinement. Early adopters who shape the framework’s evolution gain regulatory positioning advantages.
For cross-jurisdiction context: Singapore’s framework is the most concrete agentic AI guidance globally, but agentic deployments serving EU users still face EU AI Act extraterritoriality requirements; deployments in the US face FTC scrutiny that has begun targeting agentic claims (the Air AI case was the first US enforcement to explicitly address agentic AI marketing). For the broader picture of how agentic AI sits in the global regulatory landscape, see our definitive EU vs US AI regulation comparison.
Sources
- IMDA. “Singapore Launches New Model AI Governance Framework for Agentic AI.” Press release, January 22, 2026. https://www.imda.gov.sg/resources/press-releases-factsheets-and-speeches/press-releases/2026/new-model-ai-governance-framework-for-agentic-ai
- IMDA. “Model AI Governance Framework for Agentic AI.” Version 1.0, January 22, 2026. https://www.imda.gov.sg/-/media/imda/files/about/emerging-tech-and-research/artificial-intelligence/mgf-for-agentic-ai.pdf
- Ministry of Digital Development and Information (MDDI). “Singapore Launches New Model AI Governance Framework for Agentic AI.” January 22, 2026. https://www.mddi.gov.sg/newsroom/singapore-launches-new-model-ai-governance-framework-for-agentic-ai–/
- Eversheds Sutherland. “Singapore: Understanding Singapore’s new Model Framework for Agentic AI Governance.” February 2, 2026. https://www.eversheds-sutherland.com/en/united-kingdom/insights/singapore-understanding-singapores-new-model-framework-for-agentic-ai-governance
- Computer Weekly. “Singapore debuts world’s first governance framework for agentic AI.” January 23, 2026. https://www.computerweekly.com/news/366637674/Singapore-debuts-worlds-first-governance-framework-for-agentic-AI
- The Business Times. “Singapore unveils new framework to rein in risks of autonomous AI agents.” January 22, 2026. https://businesstimes.com.sg/companies-markets/singapore-unveils-new-framework-rein-risks-autonomous-ai-agents
- Lexology. “Launch of a New Model AI Governance Framework for Agentic AI.” March 3, 2026. https://www.lexology.com/library/detail.aspx?g=f59fafea-0d91-41c6-b22d-0f553297ffaf
- Singapore Legal Advice. “What Singapore’s New Agentic AI Governance Framework Means for You.” April 17, 2026. https://singaporelegaladvice.com/singapore-new-agentic-ai-governance-framework/
- AI Verify Foundation. “AI Verify Testing Framework.” https://aiverifyfoundation.sg/
- AI Verify Foundation. “Project Moonshot — LLM Evaluation Toolkit.” https://github.com/aiverify-foundation/moonshot
- Cyber Security Agency of Singapore (CSA). “Securing AI Systems Guidelines + Agentic AI Addendum.” October 2025.
- Personal Data Protection Commission (PDPC). “Advisory Guidelines on Use of Personal Data in AI Recommendation and Decision Systems.” Revised 2024.
Reg Intel is not a law firm and does not provide legal services. This article is for informational purposes only and should not be relied upon as legal advice. Consult qualified counsel for your specific compliance situation.
Related: The Global Picture
For how Singapore’s framework compares with the EU AI Act, NIST AI Agent Standards Initiative, China’s Generative AI Measures, and the US FTC enforcement track, see Agentic AI Regulation: The Closing Gap in AI Law (2026).
Singapore AI Governance: The Full Picture
This deep-dive covers the Agentic AI Framework specifically. For the complete map of Singapore’s AI governance architecture — three generations of the Model AI Governance Framework, AI Verify, MAS FEAT/Veritas/MindForge, the proposed AI Risk Management Guidelines, PDPC guidance, NAIS 2.0, and how they relate — see our pillar: Singapore AI Governance: All Frameworks in One Place.