Agentic AI is shifting AI governance from model oversight toward action oversight. The central governance problem is no longer only whether a model produced an inaccurate, biased, or unsafe output. It is whether an AI-mediated system was authorized to take a consequential protected action, whether evidence of that action can be independently verified, and whether a party with standing can rely on that evidence for a defined purpose. Existing governance artifacts, including policies, approvals, logs, lineage records, observability data, runtime controls, and audit trails, are necessary but not sufficient. They can show that something happened, or that a system permitted it, without showing that the action carried valid, scoped, current authority or that the resulting evidence can survive dispute outside the system that produced it. ProofRail is proposed as a reference architecture and institutional grammar for this problem. It separates protected-action evidence from verification, verification from governed reliance, and governed reliance from broader institutional legitimacy. The paper introduces the ProofRail ladder: Iron controls, Bronze evidences, Silver verifies, Gold relies, and Platinum federates.
Thomas C. Williams (Mon,) studied this question.