Identity and Accountability
- How are AI actors identified within the system?
- Can AI agents be linked to accountable human or organizational principals?
- Are identities cryptographically verifiable across systems and services?
Authority and Delegation
- How is authority delegated to AI systems or agents?
- Can delegated authority be restricted, revoked, or time-bound?
- Can the system evaluate authority at the point of execution before actions occur?
Policy Enforcement and Constraints
- How are policies enforced when AI systems perform actions?
- Can actions be evaluated against policy constraints at the point of execution?
- Can the system allow, constrain, or block actions in real time?
Execution Control
- How does the system determine whether an AI action is authorized before it executes?
- Are identity, authority, intent, and policy evaluated together at runtime?
- Can unauthorized or out-of-scope actions be prevented before execution?
Verification and Evidence
- What evidence exists that AI actions were authorized and executed within defined constraints?
- Can organizations independently verify both the authorization decision and execution outcome?
- Are decisions and actions recorded in a verifiable and tamper-resistant manner?
Runtime Governance
- Do governance controls remain active while AI systems operate autonomously?
- Can organizations intervene, constrain, or revoke actions in real time?
- Are governance controls consistently enforced across systems, APIs, and cloud environments?
These questions form part of the Enterprise AI Governance Framework developed by Nuggets Labs to help organizations safely deploy AI systems that execute actions in production environments, ensuring those actions are authorized, constrained and verifiable at the point of execution.