Singapore's Agentic AI Framework: The Most Forward-Looking AI Governance Document in Force
Most AI governance frameworks were written with predictive AI in mind: a model that takes inputs and produces outputs, with humans reviewing outputs before acting. The Singapore framework published in January 2026 is different. MAS and IMDA wrote it specifically for agentic AI — autonomous systems that plan, take multi-step actions, and interact with external systems without step-by-step human oversight.
It's the most direct regulatory guidance for the type of AI agents that organizations are actually deploying in 2026. And its four concepts apply universally — not just in Singapore.
The Four Concepts
Principal Hierarchy Who can instruct the agent, in what priority order, and with what authority? The framework establishes that agents must have a defined hierarchy of principals — the humans and systems authorized to give the agent instructions — and must be able to resolve conflicts between instructions from different levels.
In practice: the manifest defines the agent's authorized capabilities (what the deployment principal has authorized). The capability token defines what the calling system is authorized to request (the runtime principal). The human approver defines what escalations can be approved (the oversight principal). These three layers form the principal hierarchy.
Task Boundary The agent must have a clearly defined scope of what it is authorized to do — and it must not exceed that scope, even if an instruction tells it to.
This is directly the manifest's capabilities.requested list and policy.tool_allowlist. The task boundary is enforced at the gateway: any action outside the declared capabilities is denied, regardless of what the upstream application requests.
Minimal Footprint The agent should request only the permissions it needs to complete its current task. It should not accumulate permissions or resources beyond immediate need, should not maintain persistent state beyond what's necessary, and should prefer reversible actions over irreversible ones.
This maps to the minimum necessary principle in HIPAA, GDPR's data minimization, and PCI-DSS's scoping requirements. For the manifest: declare the minimum capabilities needed, use the narrowest tool allowlist, and use require_human_approval for irreversible actions.
Explainability The agent's decisions and actions must be reconstructible after the fact. If something goes wrong, a human must be able to understand what the agent decided and why.
This is the audit log requirement. Every interaction record captures the full decision chain: what request came in, what policy was evaluated, what the outcome was. The hash chain ensures the records can't be retroactively modified.
Why This Framework Is Distinctive
Most AI governance frameworks focus on AI outputs — the model's predictions, classifications, or generated content. Singapore's framework focuses on AI actions — the steps the agent takes in the world.
That's the right framing for autonomous agents. An agent that browses the web, executes code, transfers files, sends emails, and makes API calls is not primarily an output generator. It's an actor. The relevant governance question is not "is the output accurate?" but "is the action authorized?"
The four concepts answer the authorization question: who authorized this? (principal hierarchy), what is the agent authorized to do? (task boundary), is it requesting minimum necessary permissions? (minimal footprint), and can we reconstruct what happened? (explainability).
The UAPK Architecture Alignment
UAPK Gateway was designed for the same problem the Singapore framework addresses. The alignment is direct:
| Singapore Framework Concept | UAPK Implementation |
|---|---|
| Principal hierarchy | Manifest owner + capability token issuer + human approver |
| Task boundary | capabilities.requested + policy.tool_allowlist |
| Minimal footprint | require_human_approval for irreversible actions, data minimization in capability declarations |
| Explainability | Hash-chained interaction records with full decision trace |
The manifest builder's framework questions for Singapore Agentic AI walk through all four concepts explicitly.
Beyond Singapore
The concepts are universal. An EU AI Act conformity assessment, a NIST AI RMF implementation, a HIPAA HITL workflow — all of them are implementations of the same four ideas in different regulatory vocabularies.
Principal hierarchy is ISO 27001's access control. Task boundary is CMMC's least privilege. Minimal footprint is GDPR's data minimization. Explainability is SOX's audit trail.
Singapore articulates them cleanly for autonomous agents. Using the framework as a design checklist — regardless of whether you operate in Singapore — produces AI agent architectures that are well-governed by any standard.
MAS and Regulated Financial Services in Singapore
For financial institutions regulated by MAS (banks, payment service providers, capital market intermediaries), the Agentic AI framework is not advisory — it's the regulatory expectation. MAS has incorporated AI governance requirements into its broader Technology Risk Management Guidelines, and its examination focus has moved from "does AI exist in the firm" to "how is AI governed."
AI agents executing financial transactions, providing investment advice, or processing customer personal data in Singapore face MAS expectations that directly mirror the four framework concepts.
The UAPK qualification funnel recommends Singapore Agentic AI for any deployment with Singapore geography. If the sector is financial services, it appears alongside MAS-relevant frameworks (MiFID II is not Singapore-specific, but the underlying best execution and conduct rules apply through MAS Notice SFO-N16 and similar instruments).
The Minimal Footprint Principle in Practice
The minimal footprint principle has an underappreciated operational implication: agents should prefer reversible actions over irreversible ones.
A payment transfer is irreversible. An email send is irreversible. A file deletion is irreversible. These are exactly the action types that should be in require_human_approval — not just because regulations require oversight, but because irreversibility means mistakes are costly.
The manifest's require_human_approval list, designed well, is a list of irreversible or high-consequence actions. The qualification funnel's activity answers — particularly financial_transactions, personal_data, automated_decisions — are signals about which action types should be in that list.