One of the biggest concerns holding businesses back from deploying AI agents at scale is a simple question: who controls what the agent actually does? Right now, the answer is usually “it depends on the framework” — which is not an answer any compliance or security team can work with.

Microsoft addressed that directly at Build 2026 with the release of the Agent Control Specification (ACS), an open-source governance layer that gives developers, compliance teams, and security leaders a consistent way to define exactly what an AI agent can and cannot do, regardless of which framework is running it.

What Microsoft Built

ACS is not a model or an agent framework. It is a governance layer that sits on top of whatever agent stack you are already using. Teams write portable policy files — rules that travel with the agent wherever it is deployed.

Those policies can define:

• What actions the agent is permitted to take
• What it must never do
• When a human must approve an action before it proceeds
• What evidence should be logged for audit and review

The spec checks compliance at multiple points in an agent’s workflow: before it receives input, before it calls a tool, after a tool returns a result, and before it sends the final response to the user. That last checkpoint matters because it means a policy can catch a problematic output before it ever reaches anyone.

It Works Across the Frameworks Already in Use

The SDK ships with plug-ins for LangChain, the OpenAI Agents SDK, the Anthropic Agents SDK, AutoGen, CrewAI, Semantic Kernel, Microsoft.Extensions.AI, and MCP tools. That covers the frameworks most enterprise development teams are already running.

The portability is the key design decision. Instead of writing separate governance logic for each framework, a team writes one policy file and bundles it with the agent. That policy follows the agent across different environments and deployments without needing to be rewritten. Microsoft has committed to keeping ACS open source, which should push adoption well beyond the Microsoft ecosystem.

Why the Timing Is Right

Enterprise AI deployments have grown fast this year, but governance tooling has not kept pace. Security teams are regularly being asked to sign off on agent deployments without the tools to properly assess or audit what those agents can do after go-live.

The problem is compounded by the fact that most enterprises are running agents across multiple frameworks simultaneously. A compliance policy that only works inside one framework is a partial control with large blind spots. ACS tries to close that gap by operating at the policy level rather than the framework level.

It does not solve every problem. A poorly designed agent can still do something harmful within its permitted scope. But it provides a consistent, auditable layer that did not exist before, and it does so in a way that does not lock teams into a Microsoft-only stack.

What This Means for Business

Reduced deployment risk. A formal policy layer reduces the chance of an agent taking an unexpected action in production. Uncontrolled agent behavior has already caused real incidents at early enterprise deployments. ACS gives teams a way to set hard limits before anything goes live.

Cleaner compliance posture. Auditable logs showing what an agent did, when, and under what policy make it easier to satisfy compliance requirements. As AI-specific regulation continues to develop — Colorado’s revised AI Act takes effect in January 2027, EU AI Act requirements are expanding, and the White House released a national AI policy framework in March — documented governance will matter more, not less.

Framework flexibility. Because ACS works across major frameworks, adopting it does not force a choice of vendor or platform. That is a real advantage for enterprise teams that are mixing tools across different workloads.

An industry shift. The broader signal here is that AI agent governance is maturing from an afterthought into infrastructure. When Microsoft releases an open standard for something, it often becomes the baseline expectation for enterprise deployments within 12 to 18 months. Teams that build governance practices now will not be scrambling to retrofit them later.

The question for most businesses has already shifted from “are AI agents capable enough?” to “can we control them well enough to actually deploy them?” Tools like ACS make that second question easier to answer with confidence.

---

If you are evaluating or planning an AI agent deployment, the Omni by Enterprise DNA team builds agent workforces with governance and auditability built in from day one.