Governance at Scale
Building the Internet of AI Agents isn't just a technical challenge — it's a governance challenge. When trillions of autonomous agents operate across jurisdictions, industries, and trust boundaries, who writes the rules? Who enforces them? And how do you audit compliance at machine speed?
The Governance Gap
The internet's original governance model — technical standards through the IETF, domain policy through ICANN, routing through regional registries — evolved over decades for a network of documents served to humans. It was never designed for a network of autonomous agents making consequential decisions at machine speed.
Today's AI governance frameworks (the EU AI Act, NIST AI RMF, ISO 42001) focus on models — training data, bias, fairness. They have almost nothing to say about agents: discovery, delegation chains, cross-jurisdictional capability negotiation, or real-time accountability. The Registry Solutions survey found that most agent registry architectures treat governance as an afterthought — a compliance checkbox, not an architectural layer.
NANDA takes the opposite approach: governance is embedded in the protocol, not bolted on after deployment.
Multistakeholder Architecture
No single entity — not a government, not a corporation, not a standards body — should control the rules for agent interaction. NANDA's Quilt architecture embeds this principle structurally through its six registration patterns:
Distributed Rule-Making
Each registry in the Quilt sets its own policies — registration requirements, quality
standards, compliance rules. Government registries (@US:shop) enforce
jurisdiction-specific regulations. Enterprise registries (@company) enforce
corporate policy. No single registry's rules apply globally.
Bilateral Trust
Registries choose which peers to federate with — gossip-based federation means trust is always bilateral and revocable. A healthcare registry can refuse to sync with a registry that doesn't meet HIPAA standards.
Transparent Enforcement
Policy enforcement produces cryptographic evidence — every registration decision, trust evaluation, and compliance check generates signed audit records that can be independently verified.
Jurisdictional Sovereignty
Government-run registries maintain regulatory authority over agents in their jurisdiction while still participating in the global Quilt. EU data protection, US financial compliance, and Singapore AI governance rules coexist without conflict.
Accountability at Machine Speed
Human governance operates on human timescales — quarterly audits, annual compliance reviews, multi-year enforcement actions. Agent governance must operate at machine speed. NANDA achieves this through three mechanisms:
- Immutable audit trails. Every agent interaction generates a signed receipt. Trust authorities like KnowYourModel aggregate these into cryptographic usage receipts stored on immutable infrastructure (IPFS). Auditors can verify the complete history of any agent's behaviour without relying on the agent's operator.
- Continuous credential evaluation. W3C Verifiable Credentials issued to agents include short-lived TTLs — AgentFacts credentials expire after 24 hours, TrustScore credentials after 5 minutes. This forces continuous re-evaluation, ensuring that a compromised or degraded agent loses its trusted status almost immediately.
- Real-time revocation. Bitstring Status List enables millisecond credential revocation that cascades through delegation chains. When a trust authority revokes an agent's credential, every downstream delegation is automatically invalidated.
The Road to a Society of Agents
Project NANDA's three-phase roadmap treats governance as an evolving capability that deepens with each stage:
- Phase 1 — Foundations: The NANDA Index, AgentFacts, and Quilt architecture establish the infrastructure for identity, discovery, and federated policy. This is where we are today.
- Phase 2 — Agentic Commerce: Knowledge pricing, edge AI markets, and economic protocols require governance mechanisms for fair exchange, dispute resolution, and market integrity.
- Phase 3 — Society of Agents: Large Population Models (LPMs), cross-silo collaborative learning, and privacy-preserving multi-agent coordination demand governance at civilisational scale — rules for billions of agents learning and transacting autonomously.
The governance tools built in Phase 1 — cryptographic accountability, federated policy, bilateral trust — are the foundation that Phases 2 and 3 build upon. MIT's IAP course 6.S192 ("Agentic Web: Networked AI Agents and Decentralized AI") is training the next generation of researchers and engineers in these governance frameworks.
Series Conclusion
Across six articles, we've traced the architecture of the agentic web from first principles to governance at scale:
- A new architecture — why the web needs a new infrastructure layer for autonomous agents
- Agent identity — AgentFacts, DIDs, and Verifiable Credentials as the identity layer
- Trust without borders — the Quilt architecture for federated, decentralised trust
- Agent privacy — dual-path resolution and privacy by design
- The security blueprint — ZTAA and AVC for enterprise-grade protection
- Governance at scale — multistakeholder frameworks for responsible deployment
The Internet of AI Agents isn't a distant future — it's being built now, in open-source code, research papers, and production deployments. NANDA provides the infrastructure to build it responsibly: discoverable, verifiable, private, secure, and governed by the many rather than the few.