A common pattern is emerging across enterprise AI deployments in 2026: companies are excited about AI agents but terrified of them at the same time. They want autonomous systems that can handle complex workflows without human intervention — and they want a guarantee those systems will not go rogue, hallucinate at a critical moment, or violate a compliance requirement.

Hyland, the content management platform used by healthcare systems, banks, insurers, and government agencies, revealed a set of governance-first AI features at its CommunityLIVE 2026 conference that illustrate how serious vendors are taking this problem. The approach gives a useful window into where enterprise AI is heading.

The Agent Passport Concept

The standout feature in Hyland’s announcement is the Agent Passport — a standardised certification that every AI agent must hold before it can run in a production environment. The Passport defines the agent’s identity, its permitted capabilities, its guardrails, and its compliance status. It is both human-readable and machine-enforceable.

The concept is not unlike a professional licence. You would not let a contractor work on a building without checking their credentials. The argument here is the same: before an AI agent touches customer records, processes a loan application, or triages a patient document, it should have a documented track record of what it is authorised to do.

Governance applied before deployment is fundamentally different from trying to monitor and correct agent behaviour after the fact. Most current approaches to AI safety focus on the latter — detect problems after they occur. The Passport approach shifts the logic upstream.

Enterprise Agent Mesh

Hyland also launched what it calls the Enterprise Agent Mesh, a multi-agent network where individual agents collaborate on domain-specific workflows. Think of it as a workforce of AI agents, each specialised for a specific task, that can be assembled into a workflow without needing a human to manage each handoff.

Supporting the mesh is an Agent Lifecycle Management framework, which governs each agent from design through retirement, and a Control Tower that provides observability into agent performance, decision pathways, and governance status in real time.

The industries Hyland targets — healthcare, banking, insurance, government, higher education — are precisely the sectors with the most sensitive data and the most stringent compliance requirements. That these industries are now running production agentic AI is a clear sign of how far the technology has come from the sandbox stage.

Why Governance Is the Real Bottleneck

It has become a cliche to say that AI adoption is being held back by fear. But the fear is mostly specific and legitimate: organisations do not know how to make an AI agent accountable.

When a human employee makes a bad decision, there is a process for tracing what happened, who approved it, and what the corrective action should be. When an AI agent makes a bad decision, most organisations currently have no equivalent infrastructure. The audit trail is incomplete, the approval chain is unclear, and the liability is ambiguous.

Frameworks like the Agent Passport and Agent Lifecycle Management are early attempts to close that gap. They do not eliminate AI risk — nothing does — but they create the documentation and observability layer that regulators, auditors, and risk teams need to feel comfortable with autonomous AI systems operating at scale.

This matters beyond Hyland’s specific product. The concepts emerging here — agent certification, lifecycle governance, observability dashboards — are likely to become standard expectations for any enterprise deploying agents in regulated workflows.

What This Means for Business

AI agent deployment is becoming an infrastructure problem, not just a technology problem. The question is no longer “can we build an agent that does X?” It is “can we build the governance layer that lets the business trust an agent to do X unsupervised at scale?”

Regulated industries are moving faster than expected. The common assumption was that healthcare, banking, and government would be last adopters of autonomous AI because of compliance constraints. The opposite appears to be happening: because they have invested heavily in data governance and compliance infrastructure, they are better positioned to extend that infrastructure to AI agents.

Your AI strategy needs a governance chapter. If your organisation is deploying AI agents — or planning to — the questions your board, auditors, and compliance team will ask are not about which model you used. They are about how agents are tested before deployment, what they are authorised to do, and how failures are detected and investigated.

These are not hypothetical future concerns. They are the questions enterprise buyers are asking vendors right now.

---

Enterprise DNA’s Omni Ops service builds AI agent workforces for businesses with governance and auditability built in from day one. Book a discovery session to discuss what responsible AI agent deployment looks like for your organisation.