Existing AI governance frameworks govern individual AI systems. An AI system is authorised, assessed, and registered as a discrete governance object. Its delegated authority is quantified at the system level. Its oversight obligations are assigned at the system level. Its incident management obligations are discharged at the system level. This system-level architecture is coherent for standalone systems. It is structurally insufficient for multi-agent architectures in which an orchestrating system directs one or more sub-agents, which may themselves direct further sub-agents, in a chain of delegated machine authority that no single governance register captures and no single governance control monitors. This paper identifies and formalises the delegation chain governance problem: the structural gap in enterprise AI governance that arises when a chain of delegated machine authority operates across multiple systems, each individually governed, but whose combined authority footprint, accountability lineage, and failure propagation properties are not governed as a chain. The paper makes three core arguments. First, the governance of delegated machine authority is not transitive; a system that is individually compliant with all governance obligations does not thereby make compliant the chain of authority it heads. Second, that each additional delegation layer introduces an authority gap: the downstream agent acts on instructions from the preceding layer, not directly from the original governance authorisation, and the governance basis for its actions cannot be reconstructed from the system-level register alone. Third, that chain-level governance failures are a categorically distinct failure type, not reducible to enforcement or specification failures in individual system controls. The paper introduces the Delegation Chain Governance Framework: three interlocking, operationally specified governance obligations that together close the chain-level gap. The Chain Authority Quantification (CAQ) obligation requires that a chain authority ceiling be calculated from the sub-agents’ individual authority limits and concurrency architecture, registered as a chain-level governance parameter, and monitored at runtime against the combined authority footprint of all active sub-agents. The Delegation Provenance (DP) obligation requires that every inter-agent instruction carry a structured, immutable provenance record containing five mandatory fields: orchestrator identity, instruction reference, authorisation reference, authority utilisation at transmission, and chain depth indicator, enabling full reconstruction of the accountability lineage from the originating Board delegation to the individual sub-agent action. The Chain Integrity Assessment (CIA) obligation requires periodic confirmation of chain governance integrity, calibrated to the chain’s depth and governance sensitivity, following a five-step assessment process with defined CRO endorsement obligations. The paper also introduces the delegation chain failure as a fourth root cause category for incident analysis and demonstrates, through an examination of five major governance frameworks, that none imposes chain-level governance obligations.
M Maruf Hossain (Sat,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: