The terms AI governance gets wrong, and what they should mean.

The set of technical controls that make governance commitments real, independent of human diligence.

Every AI governance programme has a policy layer: documented commitments, framework references, oversight committees. The enforcement layer is what sits underneath it: the technical controls, execution boundaries, and deterministic override mechanisms that would still function if nobody followed the procedures. A governance programme with a policy layer but no enforcement layer may satisfy a compliance audit. Under a real incident, it will not hold.

The documented governance commitments, framework references, and procedural controls that describe what should happen when AI systems operate.

The policy layer is necessary. Regulators require it; ISO 42001 is built around it; MAS AIRG governance expectations are expressed through it. Documentation describes what humans should do. A technical control enforces what the system can do. These operate at different layers, and treating one as a substitute for the other is the most common governance failure Aivance encounters in enterprise AI deployments.

The condition in which an AI agent is halted at a critical risk threshold, execution is suspended, and a named human ratifier must explicitly approve or reject continuation before the system proceeds.

Most AI oversight structures require human review as a general principle. The Suspended Handoff State makes that requirement technically deterministic: the system cannot proceed until ratification is received. It specifies the trigger conditions that force a halt, the information the ratifier must receive, the time window for ratification, and what the system does if ratification is not provided within that window. Without a defined Suspended Handoff State, human oversight remains a process aspiration rather than an architectural guarantee.

The complete design of who holds override authority over an AI system, under what conditions they must exercise it, and what happens technically when they do.

Having a kill switch and having override architecture are different things. A kill switch is a mechanism. Override architecture is the system of authority, triggers, escalation paths, and technical enforcement that makes the kill switch function as governance rather than emergency recovery. It answers: who holds override authority for each AI system in production? Under what conditions must they exercise it? What is the escalation path if they are unavailable? What does the system do while it waits? These are design questions, with specific, auditable answers.

A technically enforced checkpoint at which an AI system requires explicit human approval before execution clears. The approval is prior: the system cannot proceed until an identified person has explicitly granted authority for that specific action.

A ratification gate is distinct from a monitoring dashboard or a review process. Monitoring shows you what an AI system did. A ratification gate is a prior constraint: the system cannot proceed to execution without receiving a specific, identifiable signal from a named human authority. This is the technical expression of meaningful human oversight as described in IMDA's governance frameworks and the EU AI Act's high-risk AI requirements. The gate may be permanent for certain decision categories, or it may be triggered by a risk threshold crossing.

The defined limit of autonomous operation for an AI agent: the set of conditions, action types, or resource thresholds beyond which the agent cannot proceed without human ratification.

Autonomous AI agents present a governance challenge that conventional frameworks were not designed to address. An agent that can take sequences of actions, modify state, and interact with external systems creates compounding risk at each decision step. An agentic risk boundary is the explicit design of where that autonomy ends: what actions the agent may never take without human approval, what resource ceilings apply, and what triggers force a Suspended Handoff State. IMDA's 2026 Agentic AI Governance Framework sets out four dimensions of risk (task complexity, context switching, multi-agent interaction, and irreversibility) that inform how these boundaries should be drawn.