Organizations deploying agentic AI under Microsoft’s Agent Governance Toolkit (AGK) or similar execution-layer frameworks are exposed to a persistent misconception: that documented risk assessments, manually reviewed policies, and runtime rule enforcement together constitute sufficient governance evidence. This paper argues that they do not. Manual documentation produces records of intent. Execution-layer enforcement produces logs of action. Neither produces governance invariants—the deterministic, lineage-anchored, continuously verifiable evidence that regulatory frameworks including the Colorado AI Act, the EU AI Act, and NIST AI RMF actually require at the moment of enforcement scrutiny. APR-Series is the substrate-layer architecture that produces those invariants. This paper explains the distinction, its regulatory consequences, and why the two layers are not interchangeable.
Narnaiezzsshaa Truong (Thu,) studied this question.