Everything you need to know about the Agentic Commerce Framework®, AI governance, the EU AI Act, and our tools.
ACF® is the European Decision Trust Infrastructure for agentic decision-making. The standard organizations adhere to so that decisions made by their AI agents remain enforceable years later — before a regulator, an auditor, a court, or an insurer. The triplet Govern. Measure. Prove. structures this infrastructure: the doctrine governs, ACF Sovereignty Score™ measures, ACF Compliance proves. ACF® is built on 4 founding principles, 4 operational layers, implementation modules, and a reference set of 17 methodological cards.
ACF® was created by Vincent DORANGE, an AI governance expert. The Decision Trust Infrastructure ACF® is the result of several years of research on autonomous system governance in commercial environments. Agentic Commerce Framework®, ACF® and ACF Sovereignty Score™ are trademarks registered with INPI (French Industrial Property Office).
The four immutable principles are: Decision Sovereignty, Governance by Design, Ultimate Human Control, and Traceable Accountability — ensuring critical decisions remain under human control.
The layers define the governance architecture: Layer 1 (Strategic) — mandate and decision perimeter definition, Layer 2 (Tactical) — gating rules and escalation thresholds, Layer 3 (Operational) — real-time monitoring of KPIs, Layer 4 (Audit) — complete traceability and tamper-proof logs.
The modules cover: M01 Agent Mapping, M02 Risk Classification, M03 Mandate Definition, M04 Gating Protocols, M05 Monitoring Architecture, M06 Emergency Stop Protocol, M07 Audit & Compliance Framework, M08 Training & Simulation. Progressive deployment over 6–18 months.
The KPIs measure decisional sovereignty across 6 governance axes (multiple KPIs per axis): decisional autonomy, algorithmic transparency, operational resilience, regulatory compliance, ethics, and performance. Each KPI has defined thresholds triggering automatic alerts and escalations.
The DDAO — Delegated Decision Agent Officer — is the governance role defined by ACF® that brings GDPR and the EU AI Act together in the organization. Operationally accountable for automated decisions under GDPR Article 22, and lead of agentic governance under ACF®: mandate definition, threshold monitoring, Sovereignty Score™ tracking, kill switch triggering. The DDAO is the named person a regulator or client will turn to with the question "who decides when the agent decides?".
ACF® is a proprietary Decision Trust Infrastructure created and maintained by Vincent DORANGE. The doctrine, tools and trademarks are registered with INPI. The whitepaper and teaching toolkit are freely accessible to encourage adoption, but certified implementation requires the official ACF® tools and processes.
A Decision Trust Infrastructure (DTI) is a shared trust layer organizations adhere to — like TLS for web encryption or SWIFT for interbank transfers. ACF® is not "one more governance framework to deploy": it is the European trust infrastructure organizations adhere to so that decisions made by their AI agents become enforceable against third parties. The difference is structural: a framework describes internal good practice; a DTI produces cryptographic proof opposable to a regulator, an auditor, a court, or an insurer.
Govern. Measure. Prove. is the triplet that structures the ACF® Decision Trust Infrastructure. Govern: the ACF® doctrine (4 principles, 17 methodological cards, DDAO role, non-delegable zones) governs agentic decisions. Measure: ACF Sovereignty Score™ measures the organization's effective decisional sovereignty on a 0-100 scale. Prove: ACF Compliance produces the enforceable Ed25519 cryptographic proof of each decision. The three pillars are inseparable.
ACF Sovereignty Score™ is the 0-100 metric that measures an organization's effective decisional sovereignty over its AI agents. Six weighted dimensions: agent identifiability, human override capacity, decision traceability, threshold control, operational kill switch, and drift visibility. The score is Ed25519-signed for integrity, and mapped onto EU AI Act, ISO/IEC 42001, NIST AI RMF, GDPR and COBIT for direct compliance transposition. This is the "Measure" of the Govern. Measure. Prove. triplet.
ACF Compliance is the SaaS module that produces the enforceable cryptographic trace of every agentic decision. Technical mechanism: SHA-256 hash chain linking decisions tamper-evidently + Ed25519 signature on each decision + RFC 3161 qualified timestamping delivered by Universign (an ANSSI-accredited QTSP). This is the "Prove" of the Govern. Measure. Prove. triplet — the layer that turns an internal good practice into legal evidence opposable to a regulator, an auditor, or a court.
acf-mcp is the official Model Context Protocol server for ACF®, distributed on npm (acf-mcp@1.1.0). It serves the Ed25519-signed ACF® doctrine and exposes 12 tools (7 REASON for governance reasoning, 5 READ for doctrine consultation) directly callable from Claude Desktop, Cursor, Windsurf, Continue and any MCP-compatible client. Documentation and integration guides: acfstandard.io. Goal: let AI agents operate within the doctrine without re-bootstrapping context on every session.
The V2.1 whitepaper is the June 2026 edition of the ACF® reference document. It formalises the Decision Trust Infrastructure positioning, the Govern. Measure. Prove. triplet, the 17×5 mapping matrix (methodological cards × reference frameworks: EU AI Act, GDPR, DORA, NIS2, ISO 42001) and the four-manifestation ecosystem (doctrine, score, compliance, MCP). Full reading on acfstandard.com/whitepaper.
ISO/IEC 42001 and NIST AI RMF say what to do (objectives, controls, risks to cover). ACF® says how to operate (doctrine + DDAO + 17 cards), how to measure effective decisional sovereignty (ACF Sovereignty Score™), and how to prove every decision (ACF Compliance with enforceable cryptographic proof). ACF® is an operational layer above reference-framework compliance, not a competing reference framework. The 17×5 mapping in the V2.1 whitepaper shows direct transposition to ISO 42001, NIST AI RMF, EU AI Act, GDPR and DORA.
Five steps: (1) Read the V2.1 whitepaper on acfstandard.com/whitepaper to understand the Decision Trust Infrastructure and the Govern. Measure. Prove. triplet. (2) Compute your ACF Sovereignty Score™ on acf-score.com (free, 15 minutes) to measure your current decisional sovereignty. (3) Install acf-mcp to expose the signed doctrine to your AI agents. (4) Appoint a DDAO (Delegated Decision Agent Officer) internally. (5) Engage the ACF Compliance module for the enforceable proof layer.