The frameworks landscape for agentic AI governance is, in mid-2026, simultaneously overcrowded and underbuilt. There are more than forty published frameworks, standards, guidelines, maturity models, and codes of practice claiming relevance to enterprise AI governance. Most of them were written before agentic systems existed at scale. Several are excellent for the problem they were designed for and deeply inadequate for the problem enterprises now face. A handful are genuinely essential. Navigating this landscape efficiently — knowing which frameworks to adopt, in what combination, with what investment — is one of the highest-leverage decisions in an enterprise agentic readiness program.
The Mandatory Baseline
Three frameworks constitute the mandatory baseline for any enterprise operating at scale with agentic AI. They are mandatory not because they are the most technically sophisticated but because they are the ones that regulators, auditors, procurement officers, and boards will ask about — and the ones whose absence will create a defensibility problem in any governance conversation.
The NIST AI Risk Management Framework (AI 100-1, January 2023) is the de facto governance vocabulary for AI risk management in the United States and increasingly globally. Its four functions — Govern, Map, Measure, Manage — provide the structural skeleton around which an enterprise AI governance program should be built. Its companion document, NIST AI 600-1 (the Generative AI Profile, July 2024), maps 200+ suggested actions to LLM-specific risk areas. The NIST AI RMF's limitation — what the Cloud Security Alliance has termed the "agentic fitness gap" — is that neither document was written with autonomous agents in mind. The GOVERN function lacks autonomy tier concepts; the MAP function stops at the model boundary; AI 600-1 is content-generation–centric. NIST has acknowledged these gaps with its February 2026 AI Agent Standards Initiative, with an AI Agent Interoperability Profile planned for Q4 2026. Until that profile arrives, the CSA's proposed Agentic Profile extension provides the most rigorous bridge.
The EU AI Act is, for any enterprise serving EU markets, the highest-stakes mandatory framework. Its phased enforcement creates a false sense of runway; the technical documentation, risk management, and human oversight obligations of Articles 9–14 require organizational readiness that takes twelve to eighteen months to build from scratch. Enterprises that have not begun their AI Act compliance programs should treat August 2026 — the high-risk enforcement date — as a hard deadline for a program that should have started in early 2025. The Act's extraterritorial reach means that headquarters location is irrelevant; what matters is whether the AI system affects EU residents.
ISO/IEC 42001:2023 is the first certifiable AI management system standard, and it is becoming a procurement requirement at the same pace that ISO 27001 became a procurement requirement for cybersecurity. Its Plan-Do-Check-Act structure integrates naturally with existing GRC programs; organizations that have already achieved ISO 27001 certification will find 42001 familiar and incrementally achievable. Like the NIST AI RMF, 42001 provides an organizational governance shell rather than specific technical controls for autonomous agents — the standard does not tell you what to audit in an agentic deployment, only that you should have a management system. The gap must be filled by more technically specific frameworks.
The Operational Layer: Singapore and OWASP
The mandatory baseline frameworks tell organizations how to organize their governance programs. The operational layer frameworks tell them what, specifically, to govern in agentic deployments. Two frameworks stand out as essential for this purpose.
The Singapore Model AI Governance Framework for Agentic AI, published in January 2026, is the world's first governance framework dedicated specifically to autonomous AI agents. Its four governance dimensions — risk assessment and bounding, human oversight checkpoints, technical safeguards, and transparency and user education — map precisely to the operational challenges of enterprise agentic deployment. It requires organizations to inventory deployed agents, define per-agent safety boundaries, implement human-override mechanisms proportional to risk, and maintain end-to-end audit trails for agent decisions and actions. The framework's voluntary status does not diminish its operational value; it is the most directly actionable governance template available for agentic deployments, and it is already influencing regulatory expectations across ASEAN and beyond.
The OWASP Agentic AI Threats and Mitigations document (v1.0, April 2025) provides the threat taxonomy that the Singapore framework's technical safeguard requirements implicitly reference. Its fifteen threat categories — memory poisoning, tool misuse, privilege compromise, cascading hallucinations, rogue agents, agent communication poisoning, human manipulation, goal hijacking, and others — are the specific threat classes that security controls must address. Used in conjunction with the OWASP LLM Top 10 v2025 (which covers the broader LLM application context, including Excessive Agency at LLM06), OWASP ASI provides the most complete security threat model available for enterprise agentic systems. It is free, practitioner-oriented, and continuously updated — the combination of attributes that made OWASP's security work indispensable in web application security applies equally here.
The Gartner AI TRiSM framework — AI Trust, Risk, and Security Management — serves a different function from the technical frameworks above. Its four pillars (AI Governance, Explainability, ModelOps, Application Security) are most useful as an executive communication framework and a vendor evaluation lens. The TRiSM label has driven a generation of AI governance tooling; the Market Guide format helps organizations understand the vendor landscape. The 2025 TRiSM update explicitly addresses agentic AI governance requirements. TRiSM is most valuable not as a primary implementation guide but as the language for communicating AI governance investments to boards and procurement teams who are already familiar with Gartner's framing.
A-Tier: High Value, Specific Applications
Several A-tier frameworks deliver significant value for specific applications within the enterprise agentic governance program. MITRE ATLAS is essential for security teams building threat models and red team exercises; its ATT&CK-style structure is familiar and its case studies ground abstract techniques in reality. The CSA AI Controls Matrix (AICM, July 2025) provides 243 control objectives across eighteen security domains, mapping to NIST AI RMF, ISO 42001, and the EU AI Act — a valuable cross-referencing resource for organizations that need to demonstrate compliance with multiple frameworks simultaneously.
The vendor Responsible Scaling Policies — Anthropic's RSP, Google DeepMind's Frontier Safety Framework, OpenAI's Preparedness Framework — are relevant to enterprise procurement risk assessment. They specify the capability thresholds at which providers will pause deployment, the safety evaluations conducted before model release, and the escalation mechanisms for safety incidents. Reading them before signing an enterprise model contract is, in the current environment, a reasonable due diligence standard. The Model Context Protocol and Agent2Agent protocol are the interoperability standards that enterprise agentic architectures will be built around; understanding their governance implications — tool trust models, agent identity frameworks, audit trail requirements — is an architectural prerequisite, not an optional enrichment.
For organizations that need a maturity-based diagnostic — a way to assess where they are and what good looks like — the analyst maturity models serve well. The MIT CISR four-stage model (Experiment → Build Pilots → Industrialize → Future-Ready), Gartner's five-level Agentic AI Maturity Roadmap, and McKinsey's agentic mesh architecture framework are grounded in research and enterprise data respectively, and their diagnostic questions are useful for identifying gaps and sequencing investments. None of them substitute for the operational frameworks above, but they provide the vocabulary for strategy conversations that the technical frameworks do not.
What Not to Do
The most common mistake in the frameworks landscape is attempting to adopt too many of them simultaneously. An organization that tries to map its governance program to NIST AI RMF, ISO 42001, EU AI Act, Singapore MGF, OWASP ASI, OWASP LLM Top 10, MITRE ATLAS, CSA AICM, and three analyst frameworks at the same time will produce an elaborate mapping document and very little operational governance. Framework fatigue is real, and it is a significant cause of governance programs that look impressive on paper and accomplish nothing in practice.
The practical approach is a structured stack: NIST AI RMF + ISO 42001 + EU AI Act as the mandatory baseline, adopted in that order of operational priority (NIST for program structure, ISO 42001 for certification readiness, EU AI Act for compliance deadlines). Singapore MGF for Agentic AI + OWASP ASI as the operational layer, applied to each specific agentic deployment. MITRE ATLAS for security threat modeling. Analyst maturity models for diagnostic and communication purposes. Additional frameworks added only when a specific gap — a sectoral regulatory requirement, a procurement qualification, a specific technical control need — is identified that the stack does not address.
"A governance program with three frameworks deeply understood and operationally implemented is worth more than one with fifteen frameworks superficially mapped. The frameworks are not the governance. They are the vocabulary in which the governance is written. The governance is the people, the processes, and the decisions."
The Ranking Conclusion
The clearest guidance that emerges from a careful reading of the full frameworks landscape is this: NIST AI RMF plus ISO/IEC 42001 plus the EU AI Act constitute the mandatory compliance and governance baseline — they are the frameworks every enterprise operating at scale must engage with, regardless of geography or sector. The Singapore Model AI Governance Framework for Agentic AI plus OWASP Agentic AI represent the operational layer — the frameworks that tell you what to actually do when deploying an agent, not just how to organize the program. The analyst maturity models — Gartner's Agentic AI Maturity Roadmap, McKinsey's architecture framework, MIT CISR's four-stage model — serve the diagnostic and communication function, helping organizations understand where they are and explaining it to stakeholders. Everything else is supplementary. Start with the first three, operationalize the next two, use the last three for diagnosis and communication, and add further frameworks only when a specific identified gap requires them.