Four months after Singapore launched the world's first agentic AI governance framework, the Infocomm Media Development Authority (IMDA) has already rewritten it — this time with blueprints drawn from AWS, DBS, Google, OCBC, Tencent, GovTech Singapore, PwC, Workday, and Dayos. Version 1.5 of the Model AI Governance Framework for Agentic AI, published 20 May 2026, runs to 51 pages and incorporates feedback from more than 60 organisations — a shift from the high-level principles of the January 2026 first release to something enterprises can actually put in front of a compliance team.

From Davos to the Data Centre Floor

Version 1.0 was announced by Minister for Digital Development and Information Josephine Teo at the World Economic Forum in Davos on 22 January 2026, positioned as a signal of Singapore's intent to govern autonomous AI systems before, rather than after, the harm materialises. The document was deliberately principles-led at that stage, which gave it broad applicability but limited immediate utility for organisations trying to deploy agent orchestration stacks in production.

Version 1.5 changes that posture. The 51-page update adds more than ten detailed case studies, converting abstract governance commitments into the kind of implementation specifics that legal, risk, and engineering teams can use as shared reference points. IMDA described the approach as part of Singapore's "practical and balanced" philosophy — guardrails that create space for innovation rather than stifle it.

Multi-Agent Systems: The New Risk Surface

The section drawing the most attention is the dedicated treatment of multi-agent systems — arrangements where autonomous agents plan, delegate to, and interact with other agents, often without direct human instruction at each step.

Version 1.5 gives these systems their own risk taxonomy: agent sprawl (unchecked proliferation of agent instances), miscoordination (conflicting goal interpretations across agents), conflict, collusion between agents, cascading failures (a single agent's error propagating downstream through dependent agents), and emergent behaviours that no individual agent was designed to exhibit. The framework does not treat these as theoretical edge cases. Given the speed at which agentic orchestration layers are being added to enterprise workflows across ASEAN's financial services sector, the timing is pointed.

Third-party agent solutions receive explicit attention as a risk assessment factor. Where an organisation deploys another vendor's agent as part of its stack, Version 1.5 specifies what due diligence that organisation must conduct — a direct response to the reality that most enterprise deployments combine first- and third-party agents in ways the original framework did not fully anticipate.

Technical Controls, Categorised and Concrete

Version 1.5 distinguishes between three categories of technical control that the January release did not clearly separate. Structural controls are baked into system architecture — they constrain what an agent can access or modify at the infrastructure level. Rule-based controls encode explicit policy logic. Prompt-layer controls operate at the instruction level, shaping agent behaviour through the design of system prompts and guardrails.

The distinction matters. Structural controls are the hardest to circumvent but also the most expensive to retrofit. Prompt-layer controls are the easiest to deploy but the most susceptible to adversarial manipulation. Organisations that conflate all three end up with governance gaps they cannot easily audit.

Automation Bias Gets a Measurable Test

One of the more operationally useful additions addresses automation bias: the tendency for human reviewers to accept agent outputs uncritically, particularly when the agent's confidence is presented with authority. The framework calls for organisations to monitor human override rates, response times, and outlier reviewer behaviour as proxies for whether meaningful oversight is actually occurring.

This is a meaningful shift from purely procedural requirements. Mandating that a human must approve an agent action is straightforward to document. Requiring evidence that humans are genuinely exercising independent judgement — and that override rates are not trending toward zero — is harder to fake and harder to ignore.

Singapore's Governance Lead, and What Comes Next

The EU AI Act addresses agentic systems only obliquely, primarily through its general-purpose AI provisions. The United States has produced executive guidance but no binding agentic-specific framework. Singapore's willingness to iterate in public, backed by a named cohort of industry contributors, puts it in a position to export governance norms to the region — particularly as ASEAN member states begin their own AI policy drafting processes.

Version 1.5 is not a regulation. Non-compliance carries no direct penalty. Its force comes from adoption velocity: when DBS and GovTech use the same framework as their compliance baseline, it becomes the de facto standard that vendors servicing Singapore must align with. That kind of market convergence can move faster than law.