Question 1

What is the Agentic Commerce Framework® (ACF)?

Accepted Answer

The ACF is the global governance standard for organizations deploying autonomous AI agents in commercial environments. It defines 4 founding principles, 4 operational layers, 8 implementation modules, and 18 sovereignty KPIs to ensure humans retain strategic control over agentic systems.

Question 2

Who created the ACF Standard?

Accepted Answer

The ACF was created by Vincent DORANGE, an AI governance expert. The framework addresses the growing need for structured governance as autonomous agents increasingly make decisions in commerce, finance, and operations.

Question 3

What are the 4 Founding Principles of ACF?

Accepted Answer

The four principles are: (1) Decision Sovereignty — critical decisions are never delegated to agents, (2) Governance by Design — governance is defined before deployment, (3) Ultimate Human Control — every system preserves human intervention, (4) Traceable Accountability — every action is auditable.

Question 4

What is the ACF Sovereignty Score?

Accepted Answer

The ACF Score is a proprietary metric measuring organizational decisional independence across 6 governance dimensions, providing a composite sovereignty score, 6-axis radar visualization, and personalized action plan.

Question 5

What are the ACF maturity levels?

Accepted Answer

ACF defines 4 levels: Level 0 (Classical Automation), Level 1 (Assisted Agents), Level 2 (Governed Agents — recommended target), Level 3 (Supervised Autonomous — for mature organizations only).

Question 6

How does ACF relate to the EU AI Act?

Accepted Answer

ACF is designed to be fully compatible with the EU AI Act. Its risk-based governance approach maps directly to the Act's requirements for high-risk AI systems.

Question 7

What is the DDAO (Delegated Decision Agent) role?

Accepted Answer

The DDAO is a governance role defined by ACF. The Delegated Decision Agent Officer serves as the legal guardian of autonomous agents — defining mandates, monitoring compliance, and ensuring agents stay within authorized decision perimeters.

Question 8

How do I get ACF certified?

Accepted Answer

ACF Certification is an independent attestation with three paths (Level 1, 2, and 3), each requiring an audit. Certified organizations receive a publicly verifiable badge with annual renewal and continuous monitoring.

Question 9

What is the ACF Emergency Stop Protocol?

Accepted Answer

A multi-level interrupt mechanism with graduated response levels, from pausing non-critical operations to full system shutdown. Each level has defined response times and escalation procedures.

Question 10

Is ACF only for large enterprises?

Accepted Answer

No. ACF scales from startups to large enterprises. The 8 implementation modules can be deployed progressively over 6-18 months, allowing organizations of any size to build governance at their own pace.

Bedarf	Dominante bestehende Antwort	Was ACF ergänzt
AI compliance	EU AI Act	AI Act + operationalisation at the decision layer
AI management	ISO/IEC 42001	ISO 42001 + agentic decision control
AI risk management	NIST AI RMF	Risk + agentic autonomy & criticality
Data protection	GDPR	GDPR + signed automated arbitrations

ACF-Karte	EU AI Act	ISO/IEC 42001	NIST AI RMF	DSGVO	COBIT 2019
ACF-00 Sovereignty Score Measures the decisional sovereignty retained when deploying autonomous systems.	Art. 9Risk management system	Clause 6.1.2AI risk assessment	MAP-3AI risks and benefits	Art. 35DPIA	EDM-01Governance framework
ACF-01 Decision Map Maps the agent's decisions and the human approval chain that governs them.	Art. 14Human oversight	Clause 8.4 / A.6AI system operation	GOVERN-1.1Defined roles	Art. 22Automated decision-making	EDM-03Risk optimisation
ACF-02 Criticality Matrix Classifies each agent by criticality, impact and irreversibility.	Art. 6 + Annex IIIHigh-risk classification	Clause 6.1.2Risk categorisation	MAP-2Categorisation	Art. 35DPIA threshold	APO-12Managed risk
ACF-03 Agentic Constitution Internal charter defining who decides what, how and within which limits.	Art. 5 + Art. 26Prohibited practices + deployer duties	Clause 5.2AI policy	GOVERN-2Cultivate culture	Art. 25Privacy by design	EDM-01Governance setting
ACF-04 Agent Card Operational identity of each agent: scope, data, tools, autonomy level.	Art. 11 + Art. 26(6)Technical documentation + logs retention	Clause 7.5 + 8.1Documented information / operational planning	MAP-1System context	Art. 30Records of processing	BAI-09Managed assets
ACF-05 Supervision & Governance Continuous supervision mechanisms with the DDAO role as the human pivot.	Art. 14 + Art. 26(5)Human oversight + deployer monitoring	Clause 5.3 + 9.1Roles + monitoring	GOVERN-3 / MANAGE-2.3Workforce / ongoing monitoring	Art. 22 + Art. 37-39Automated decisions + DPO	MEA-02Internal control
ACF-06 Kill Switch Emergency stop procedure for a drifting agent.	Art. 14(4) + Art. 26(5)Stop button + suspend obligation	Clause 8.3Operational controls	MANAGE-4Decommissioning	Art. 22(3)Right to contest / withdraw	DSS-02Service requests & incidents
ACF-07 First Agent Briefing Qualification dossier before the first production deployment.	Art. 11–13 + Art. 17Documentation + QMS	Clause 8.1 + 6.2Operational planning + objectives	MAP-2 + GOVERN-4Categorisation + pre-deploy testing	Art. 30 + Art. 35Records + DPIA	BAI-01Managed programmes
ACF-08 Agentic Decision Register Cryptographic ledger of every decision the agent has taken.	Art. 12 + 19 + 26(6)Logging + retention (6 months min.)	Clause 9.1 + 7.5.3Monitoring + control of records	MEASURE-2Performance & trustworthiness	Art. 30Records of processing	MEA-01Performance monitoring
ACF-09 Action & Improvement Plan Post-deployment continual improvement plan, driven by the DDAO.	Art. 9(4) + Art. 17Continuous risk mgmt + QMS	Clause 10.1 + 10.2Nonconformity + continual improvement	MANAGE-2Risk treatment	Art. 24 + Art. 32Responsibility + security	BAI-08Managed knowledge
ACF-10 30-day Governance Audit Periodic internal audit demonstrating operational mastery.	Art. 17 + Art. 71QMS audit + post-market monitoring	Clause 9.2 + 9.3Internal audit + management review	GOVERN-5 + MANAGE-3.1Engagement + risk treatment review	Art. 32Security audit	MEA-02 + MEA-03Internal control + compliance
ACF-11 Agentic Risk Assessment Risk analysis specific to agents: drift, hallucination, escalation.	Art. 9Risk management system	Clause 6.1.2AI-specific risks	MAP-3 + MAP-4Risks & benefits + trustworthiness	Art. 35DPIA	APO-12Managed risk
ACF-12 Agent Mandate Formal, enforceable delegation of decision-making power granted to the agent.	Art. 16 + 17 + 26Provider & deployer duties	Clause 5.3Roles & authorities	GOVERN-3 + GOVERN-6Workforce + external communications	Art. 28 + 24Processor + controller responsibility	APO-05Managed portfolio
ACF-13 Guided Case Study Worked case study, step by step, for training and mock audits.	Art. 6 + 13 + Annex IIISector examples + transparency	Clause 7.2 + 7.3Competence + awareness	MAP-2Categorisation	Art. 22Worked profiling examples	BAI-05Organisational change
ACF-14 Teacher Guide For instructors: lesson plans, answer keys, sample exams.	Art. 4AI literacy	Clause 7.2 + 7.3Competence + awareness	GOVERN-1.6 + GOVERN-6Workforce literacy	Art. 39DPO training duty	APO-07Managed human resources
ACF-15 Governance Simulation Sandbox exercise: replay a crisis to measure governance resilience.	Art. 9 + Art. 57-63Risk mgmt + regulatory sandboxes	Clause 9.1 + 6.2Monitoring + planned objectives	MANAGE-3 + MEASURE-3Risk treatment evaluation	Art. 32Security testing	BAI-06Managed IT changes
ACF-16 Responsibility by Design Cross-cutting principle: accountability is wired in from design onwards.	Art. 5 + 13 + 16(b)Accountability + transparency	Clause 5.2AI policy & accountability	GOVERN-1 + MANAGE-1Accountability + risk management	Art. 5(2) + 24 + 25Accountability + by design	EDM-01Governance setting

Bereich	Dominantes Referenzrahmenwerk
Cybersecurity	ISO/IEC 27001
Privacy	GDPR
Artificial Intelligence	ISO/IEC 42001
Regulated AI	EU AI Act
Agentic governance	ACF®

ACF ersetzt bestehende KI-Standards nicht.

ACF im Vergleich – in einem Absatz.

Jede ACF-Karte zugeordnet zu AI Act, ISO 42001, NIST AI RMF, DSGVO und COBIT.

Bestehende Rahmenwerke regeln KI. ACF regelt die Entscheidungen autonomer Systeme.

Warum agentische Governance ein eigenes Rahmenwerk verdient.

Von der Positionierung zur Umsetzung?