The governance conversation in AI has been heavily focused on agent identity. Who is the agent? Is it verified? Who owns it? What authority has it been issued under? This is the right starting point, and it is still largely missing from most deployments.

But agent identity is one identifier in a governance system that requires several. And the absence of the others is producing audit trails that can answer some accountability questions while leaving others completely unanswered.

A complete governance record is a chain of linked identifiers, each one capturing accountability at a different point in the lifecycle of an agent action. When any identifier in the chain is missing, the accountability chain has a gap. And gaps in the accountability chain are exactly where liability lives when something goes wrong.

The Identifier Stack

Think of each identifier as a layer of accountability, specific to the moment it captures.

Agent ID is the foundational identity. Permanent, cryptographically derived from the agent genesis document, bound to a human owner, verifiable by any system that encounters the agent. The Agent ID identifies who the actor is throughout the agent’s operational lifetime. It links every subsequent identifier to a specific governed entity with a named human responsible for it.

The Agent ID connects to an Owner ID, the identifier of the human or organizational principal accountable for this agent. When an incident occurs, and the question is who is responsible, the Owner ID is the answer. Every Agent ID should resolve to an Owner ID. An agent without an Owner ID lacks an accountability terminus. That is an anonymous actor in your infrastructure, regardless of how well the agent itself is identified.

Request ID captures the initiation of a specific interaction. When an agent issues a request to a tool, an API, another agent, or a service, the request receives a unique identifier when it is sent. The Request ID enables tracing an action back to its origin. Without it, the audit trail records that something happened, but not what initiated it.

Response ID links the response to the request that generated it. Without a Response ID, the audit trail can show that a request was made and that an action followed, but it cannot prove that the specific response to the specific request was what drove the action. The linkage between what the agent received and what it did next requires both identifiers to be present.

The Evaluation ID is the identifier for the governance evaluation applied before the action proceeded. This is the record of the governance decision. It links to the agent’s behavioral contract in effect at the time, the inputs evaluated, the dimensional scores, the confidence level, and the verdict. An audit trail without Evaluation IDs records what happened but cannot prove that a governance evaluation occurred. That trail cannot survive regulatory examination under the EU AI Act.

Action ID captures the specific action taken. An agent may take multiple actions within a session. Each one needs its own identifier to be separately traceable. The Action ID links the action to the Evaluation ID that authorized it, the Request ID that initiated it, and the Response ID that informed it. Without individual Action IDs, the audit trail cannot distinguish between actions that were evaluated individually and those that were grouped or assumed.

Decision ID captures the governance verdict specifically. The Evaluation ID covers the full evaluation process. The Decision ID is the output of that process: the specific verdict, the reasoning that produced it, and the timestamp at which it was produced. The Decision ID is what makes the verdict independently auditable. A regulator or an attorney requesting to see the governance decision for a specific action must be able to retrieve the Decision ID and read the full reasoning record that produced it.

Audit ID is the identifier for the final record that links all of the above. The Audit ID is the tamper-evident, hash-chained record that connects Agent ID, Owner ID, Request ID, Response ID, Evaluation ID, Action ID, and Decision ID into a single verifiable artifact. The Audit ID completes the chain. It is also the document produced when a regulator requests the governance record for a specific incident.

What Happens When Identifiers Are Missing

Every missing identifier is a gap in the accountability chain. And accountability gaps have specific consequences depending on which identifier is absent.

Without an Agent ID, the actor has no persistent identity. Every action is anonymous. The audit trail records events with no subject. When something goes wrong, the investigation starts from scratch.

Without an Owner ID, there is no human accountability terminus. The agent is identified, but nobody owns it. The liability floats without attaching to a responsible party.

Without a Request ID, the origin of each action is untraceable. The audit trail shows that an action occurred, but it cannot be reconstructed what triggered it. This is the difference between an audit trail that supports an incident investigation and one that only confirms that something happened.

Without an Evaluation ID, there is no proof that a governance evaluation occurred. An audit trail that shows actions without governance evaluation records is a record of ungoverned behavior, regardless of whether governance infrastructure was in place. The evidence has to show that the evaluation happened, what it evaluated, and what it decided.

Without a Decision ID, the verdict is recorded, but the reasoning is missing. This is the difference between a log entry that says “ALLOW” and a governance record that explains why the action was appropriate given the behavioral contract, context, and dimensional evaluation. The second is what Article 12 of the EU AI Act requires. The first is what most audit trails currently produce.

Without an Audit ID, the chain has no integrity. The records may all exist independently. Without the cryptographic hash chain that the Audit ID anchors, any record could have been modified, deleted, or inserted without detection. The audit trail is a collection of records rather than evidence.

The Chain Is the Governance

The individual identifiers are each valuable. The chain they form is what governance actually requires.

When a regulator asks for the governance record of a specific agent action, the answer should be a single Audit ID that resolves to a complete, cryptographically verifiable chain connecting the agent identity, the human owner, the request, the response, the governance evaluation, the specific action, and the governance decision that authorized it.

That chain is what distinguishes an operational governance record from a post-hoc reconstruction. Post-hoc reconstruction, assembling the chain from separate systems after an incident, is archaeology. It is slow, incomplete, and produces evidence that opposing counsel will challenge. A chain that was maintained in real time, with each identifier linking to the previous, produces the kind of evidence that withstands examination.

Most AI governance implementations today have some of these identifiers. Very few have all of them, linked at the time each event occurs, in a format that is independently verifiable and self-consistent.

Building the complete identifier stack is the engineering work that separates genuine AI governance from governance documentation. The identifiers are specific, achievable, and deterministic. Each one answers a specific accountability question. Together, they answer all of them.

That is what a complete governance record looks like. Build toward it deliberately rather than retrofitting when the examination arrives.

---

If you find this content valuable, please share it with your network.

Follow me for daily insights.

Book me to speak at your next event.

Start managing your agents for free.

Chris Hood is an AI strategist and author of the #1 Amazon Best Seller Infailible and Customer Transformation, and has been recognized as one of the Top 30 Global Gurus for Customer Experience. His latest book, Unmapping Customer Journeys, is available now!