The terms AI governance gets wrong, and what they should mean.

The set of technical controls that make governance commitments real, independent of human diligence.

Every governance programme has a policy layer: documented commitments, oversight committees, framework references. The enforcement layer sits underneath it: the technical controls and deterministic override mechanisms that would still function if nobody followed the procedures. A governance programme with a policy layer but no enforcement layer may satisfy a compliance audit. Under a real incident, it will not hold.

The documented governance commitments, framework references, and procedural controls that describe what should happen when AI systems operate.

Policy is necessary. Regulators require it; ISO 42001 is built around it; MAS's proposed AIRG Guidelines express their governance expectations through it. But policy describes what humans should do. A technical control enforces what the system can do. Treating one as a substitute for the other is the most common governance failure Aivance encounters.

The condition in which an AI agent is halted at a critical risk threshold, execution is suspended, and a named human ratifier must explicitly approve or reject continuation before the system proceeds.

Most oversight frameworks require human review as a general principle. The Suspended Handoff State makes that technically deterministic: the system cannot proceed until ratification is received. It specifies what triggers the halt, who receives the ratification request, the time window allowed, and what the system does if the window lapses. Without it, human oversight is a process aspiration, not an architectural guarantee.

The complete design of who holds override authority over an AI system, under what conditions they must exercise it, and what happens technically when they do.

A kill switch is a mechanism. Override architecture is the complete system of authority, triggers, escalation paths, and technical enforcement that makes the kill switch function as governance rather than emergency recovery. It answers who holds override authority for each system in production, under what conditions they must exercise it, the escalation path if they are unavailable, and what the system does while it waits.

A technically enforced checkpoint at which an AI system requires explicit human approval before execution clears. The approval is prior: the system cannot proceed until an identified person has explicitly granted authority for that specific action.

A ratification gate is distinct from a monitoring dashboard. Monitoring shows you what an AI system did. A ratification gate is a prior constraint: the system cannot proceed to execution without receiving a specific, identifiable signal from a named human authority. The gate may be permanent for certain decision categories, or triggered when a risk threshold is crossed.

The defined limit of autonomous operation for an AI agent: the set of conditions, action types, or resource thresholds beyond which the agent cannot proceed without human ratification.

Autonomous AI agents present a governance challenge conventional frameworks were not designed to address. An agent that takes sequences of actions, modifies state, and interacts with external systems creates compounding risk at each step. An agentic risk boundary defines where that autonomy ends: what actions require prior human approval, what resource ceilings apply, and what triggers a Suspended Handoff State. IMDA's 2026 Agentic AI Governance Framework treats task complexity, multi-agent interaction, and action irreversibility as inputs to the upfront risk assessment that sets these thresholds.