AI Governance 18 min read

Agentic AI in Enterprise Architecture

How Autonomous AI Agents Change Capabilities, Processes and Operating Models — and Why Enterprise Architecture Must Be the Governance Authority

Agentic AI in Enterprise Architecture

Whitepaper · Dr. Amadou Sienou · 3E Consult

Executive Summary

Agentic AI systems — AI agents that autonomously plan and execute tasks while orchestrating other systems and services — are not an addition to the existing IT landscape. They are a structural intervention.

They change how business processes run, how decisions are made, who bears responsibility and how IT systems interact with one another.

Classical Enterprise Architecture has no ready-made answer to this. The concepts exist — Business Architecture, Information System Architecture, Infrastructure Architecture, governance frameworks — but they must be recalibrated.

This whitepaper shows:

  • Where Agentic AI intervenes in the TOGAF layer model
  • Which new tensions arise in Business and IS Architecture
  • Which governance requirements follow from this
  • How Enterprise Architecture can assume the alignment and governance function for Agentic AI

1. What Distinguishes Agentic AI from Classical AI Systems

1.1 From Prediction to Action

Classical AI systems — classifiers, recommendation engines, predictive models — produce outputs: scores, probabilities, predictions. A human or a downstream system decides what to do with that output.

Agentic AI systems act: they receive objectives, plan steps to achieve them, execute those steps — and adjust the plan in real time when results deviate from expectations.

This is a fundamental difference. No longer merely output, but action. No longer merely prediction, but process.

1.2 Orchestration as the Defining Characteristic

Agentic AI systems orchestrate. They call APIs, control other systems, search knowledge bases, create documents, send messages, book resources. A single agent can activate dozens of systems — often without a human monitoring each step.

This orchestration capability makes Agentic AI an architectural challenge. The question is no longer simply: which model do we use? The question is: which systems does the agent control? Which processes does it change? Who is accountable when something goes wrong?

1.3 Taxonomy: Types of Agentic AI Systems in the Enterprise

A pragmatic taxonomy is helpful for Enterprise Architecture practice:

Copilot Agents: Assist a human user with defined tasks. Human-in-the-Loop is structurally given. Limited orchestration depth.

Process Agents: Execute defined process steps autonomously. Typically embedded in existing workflows. Moderate orchestration depth.

Orchestration Agents (Multi-Agent): Coordinate multiple agents and systems to achieve complex objectives. High autonomy, high orchestration depth, high governance relevance.

Domain Agents: Specialised in a business domain (Finance Agent, HR Agent, Supply Chain Agent). Deeply integrated into domain-specific data systems.

2. Agentic AI in the TOGAF Architecture Framework

2.1 Business Architecture: Changed Capability Logic

TOGAF defines Business Architecture as the description of an organisation’s strategy, governance, structure and key processes. Agentic AI intervenes in all four dimensions.

Strategy: Which strategic capabilities can the organisation build through Agentic AI? Where do new competitive advantages arise? Where do new dependencies on AI platforms emerge?

Governance: Who decides which agents are deployed? Which processes may be executed by agents? How are agent actions traced and audited?

Organisation: Which roles change through agent support? Which new roles emerge (Agent Owner, AI Governance Manager)?

Processes: Which process steps are replaced, augmented or restructured by agents?

Enterprise Architecture does not need to answer these questions itself — but it must provide the framework within which they are answered.

2.2 Information System Architecture: New Integration and Data Patterns

Agentic AI creates three structural tensions in IS Architecture:

Tension 1 — Data Access Without Data Control: Agents require broad data access to fulfil their tasks. Classical access control models (role-based access) are designed for human users, not for autonomous agents that access different data sets contextually.

Tension 2 — System Integration Without Integration Architecture: Agents connect systems ad hoc that were previously unconnected. This creates new dependencies, new failure points and new complexity — often without being captured in architecture documentation.

Tension 3 — Process Automation Without Process Documentation: When agents autonomously execute process steps, a de facto process change occurs that is not reflected in any process model.

2.3 Infrastructure Architecture: Platform Engineering for Agents

Agentic AI systems impose new requirements on infrastructure:

  • Observability: Agent actions must be logged without gaps — not only for debugging, but for governance and compliance.
  • Guardrails: Technical mechanisms that keep agent actions within defined boundaries.
  • Rollback Capability: When an agent executes a faulty action, it must be reversible.
  • Latency and Reliability: Agentic AI workflows embedded in core processes have different SLA requirements than experimental AI applications.

3. Governance Architecture for Agentic AI

3.1 The Governance Problem

The central governance problem with Agentic AI is responsibility diffusion: when an agent acts autonomously, it is unclear who is accountable for the outcome — the process owner, the AI provider, IT operations, the business owner?

This question is not merely ethically relevant; it is regulatorily mandatory. The EU AI Act obliges operators of AI systems to establish clear accountabilities, risk assessments and audit trails.

3.2 Four Governance Layers

A robust governance architecture for Agentic AI requires four layers:

Layer 1 — Strategic Governance: Which Agentic AI initiatives are pursued? What is the organisation’s risk appetite? Who decides on the deployment of high-risk agents?

Layer 2 — Architectural Governance: Which architecture standards apply to agents? Which systems may agents orchestrate? Which data access patterns are permissible?

Layer 3 — Operational Governance: How are agent actions monitored? What escalation processes exist? How are incidents handled?

Layer 4 — Technical Governance: Which guardrails are implemented? How is logging structured? How are model updates managed?

3.3 Human-in-the-Loop as a Governance Mechanism

Human-in-the-Loop (HITL) is not a binary concept. There is a spectrum:

Full Automation: No human intervention. Justifiable only for low-risk processes with high reversibility.

Human-on-the-Loop: Human monitors and can intervene. Appropriate for many operational processes.

Human-in-the-Loop: Human must approve at defined points. Required for high-risk decisions.

Human-as-the-Loop: Agent assists, human decides. For regulatorily critical decisions.

The decision of which HITL model applies to which agent use case is a governance decision — and must be documented and auditable.

3.4 Agent Registry as the Governance Foundation

An Agent Registry — a central, versioned inventory of all agents deployed or planned within the organisation — is the operational foundation of Agentic AI governance.

Each entry contains:

  • Agent ID, version, owner
  • Purpose and scope
  • Orchestrated systems and data sets
  • Risk category (EU AI Act)
  • HITL model
  • Audit log reference
  • Approval status

4. EA as the Alignment and Governance Authority

4.1 Why EA is the Right Authority

Enterprise Architecture is the only function in the organisation that thinks systematically across layers. It connects business logic with IS structure with infrastructure. That is precisely what Agentic AI requires.

Other functions can cover partial aspects — IT Security can implement guardrails, Legal can formulate regulatory requirements, Business can define process requirements — but only EA can adopt the integrative perspective.

4.2 Concrete EA Tasks in the Agentic AI Context

Target Architecture for Agentic AI: What should the organisation’s agent landscape look like in 3–5 years? Which platforms, which integration, which governance infrastructure?

Architecture Standards: Which technical standards apply to agent development, deployment and operations?

Portfolio Management: Which agent initiatives are prioritised? On the basis of which criteria?

Governance Framework: Which governance layers are implemented? How is the Agent Registry maintained?

Integration into Existing Governance Structures: How is Agentic AI governance integrated into existing IT governance, risk management and compliance?

5. Practical Recommendations

5.1 Immediate Actions (0–3 months)

  1. Inventory: Which Agentic AI systems are already in use or under development? Who is the owner?
  2. Risk Classification: Classification according to the EU AI Act and internal risk criteria.
  3. HITL Audit: For which agent use cases is the current HITL model appropriate?

5.2 Medium-Term Actions (3–12 months)

  1. Build Agent Registry: Central inventory of all agents with governance metadata.
  2. Define Governance Framework: Four layers, roles, processes, KPIs.
  3. Adopt Architecture Standards: For development, deployment, operations and monitoring.

5.3 Strategic Actions (12+ months)

  1. Target Architecture for Agentic AI: Integrate into overall EA planning.
  2. Platform Engineering: Observability, guardrails, rollback capability at infrastructure level.
  3. Strengthen the EA Function: Resources, mandate and governance anchoring for EA in the Agentic AI context.

Conclusion

Agentic AI is not an evolution of AI — it is an architectural disruption. Organisations that introduce Agentic AI without EA governance build complexity they cannot govern.

Enterprise Architecture is the right response — not as bureaucracy, but as an alignment and governance function that connects strategy, architecture and operational reality.

The organisations that introduce Agentic AI in a governance-ready way will be those that retain control — over their processes, their data and their strategic agency.

Dr. Amadou Sienou — Senior Advisor for Enterprise Architecture, AI Governance and AI Production Contact: info@abamix.com · sienou.me

AI Governance

From Prompt Engineering to Prompt Leadership

Prompt engineering has been commoditised. What organisations need is a leadership discipline: the ability to define which tasks AI should perform, what a good result looks like — and who is accountable for it. The MOTIVE Framework provides the structure.

Next step

From insight to concrete mandate.

The topics addressed in this article are the subject of my structured workshops and advisory mandates.

View workshops Get in touch