The External Governance Layer: A reference architecture for AI decision control in regulated enterprises

Most enterprise AI programmes in 2026 operate two parallel governance regimes: a paper one — committee minutes, model registers, policy documents — and a real one — what the model actually did in production at a given moment. The gap between the two is the single largest unaddressed risk on the modern enterprise riskmregister, and regulators are now pricing that gap into diligence.This working paper sets out the **AOS-1 External Governance Layer (EGL)**: a deployable reference architecture for closing the gap between policy and runtime in AI systems. The EGL is an out-of-process control plane that intercepts AI agent actions, applies the operating policy in milliseconds, returns one of four verdicts (allow / deny / escalate / observe), and writes a tamper-evident audit record to a separately governed decision vault. The paper presents (1) the design distinction between in-process and out-of-process AI governance and why the latter is the pattern that has worked in every adjacent regulated technology domain; (2) the reference architecture and its five logical components; (3) three integration patterns — tool-router interception, SDK wrap, network-layer interception — and the operational anti-pattern (post-hoc batch review) that the paper recommends against; (4) the audit-trail contract (append-only, signed, time-anchored, regulator-exportable) and the minimal AOS-1 audit-row schema; (5) a three-layer model for policy authoring (standard-derived, sectoral, customer-specific) with explicit precedence rules; (6) the regulatory cross-walk to eight frameworks — ISO/IEC 42001, the EU AI Act, NIST AI RMF, NIST AI 600-1, ISO/IEC 27001, SOC 2, the Colorado AI Act, and the Korean AI Framework Act; (7) a 90-day implementation roadmap with median-78-day time-to-readiness based on engagements with first-mover regulated enterprises; and (8) a comparison against in-house builds with the conditions under which each is the right choice. The paper is intended as an operational specification rather than a theoretical treatment. It is the operational counterpart to the AOS-1 Operating Assurance Standard (the standard the EGL enforces) and the *AOS-1 Verified* certification (the assurance regime that attests to its operation).