The Inquiry
The Inquiry: The agentic web — AI agents invoking other agents across organizational boundaries — has delegation capability without delegation governance. Current protocols (MCP, A2A, Agent Protocol) provide capability plumbing but no mechanism for authority transfer, accountability preservation, intent fidelity, or trust. Is this governance gap a temporary implementation delay (protocols will add governance), or a structural gap (governance requires a different architectural layer that capability protocols cannot provide)?
Falsifiable formulation: If any existing agentic protocol or multi-agent framework provides the infrastructure to capture authority delegation chains, preserve intent across multi-hop delegation, enforce constraint attenuation, maintain accountability through arbitrary delegation depth, and provide evidence-based trust graduation — all as structural by-products of agent operation — then the governance gap claimed here does not exist.
Executive Summary
The independent convergence from the MAS tradition is the strongest validation finding in the corpus.
When two independent research traditions — organizational governance theory (Sprints 1-6) and AI agent systems engineering (Tomašev et al. 2026) — arrive at the same structural requirements from different starting assumptions, different source literatures, and different problem framings, the convergence is stronger evidence than either tradition alone. Organizational governance theory prescribes authority, accountability, intent, evidence, constraints, and commitment. The MAS delegation literature independently derives task specification, authority transfer, accountability structure, trust mechanisms, intent preservation, role boundaries, monitoring, delegation contracts, and context transfer. The mapping is structural, not superficial — it reflects that delegation in any domain (human-to-human, human-to-AI, AI-to-AI) is fundamentally a governance act requiring the same structural elements.

The FIPA regression finding reveals a persistent pattern: governance is sacrificed for capability simplicity.
FIPA ACL in the 1990s had 22 communicative acts, conversation threading, and mentalistic (BDI-based) semantics. Modern protocols abandoned these for HTTP simplicity. The same pattern appears across the research corpus: W3C PROV standardized data lineage but not decision lineage (S1). NIST AI RMF prescribed governance but not implementation substrate (S2). COSO prescribed controls but not evidence capture (S4). In each case, governance semantics were recognized, formalized in frameworks, then lost in implementation because no infrastructure existed to operationalize them. The agentic web is repeating this pattern in real time — building extraordinary capability infrastructure while accumulating governance debt.
Delegation as composition, not primitive, is architecturally significant.
The finding that delegation composes over existing governance elements (rather than requiring new primitives) has three implications: (1) it explains the MAS framework fragmentation — each framework captures part of the composition without providing the compositional infrastructure, (2) it means delegation governance scales with the governance substrate — any domain with governance infrastructure gets delegation governance for free, (3) it validates the irreducibility finding from S11 — if delegation required a new primitive, the existing set would be insufficient; that delegation composes over existing primitives confirms their completeness for organizational governance.

Trust must be imposed, not learned.
The convergence of Mayer et al.'s organizational trust model, computational trust research (Sabater & Sierra, Josang et al.), and the S11 symmetry-breaking finding produces a novel conclusion: trust boundaries in delegation cannot be learned from agent behavior (because training objectives can break governance invariances) but must be structurally imposed (constraints that limit scope regardless of demonstrated capability). This is not anti-trust — it is anti-unconstrained-trust. Graduation from lower to higher delegation authority should be evidence-based, require human authorization for each stage advancement, and support regression when deviations are detected. Trust is an evidence state, not a computed score.
Findings13
F-RA-012-01 · convergent-validation · lab-originated
An independent research tradition (multi-agent systems) has arrived at the conclusion that delegation is a governance act, not a task assignment. Tomašev, Franklin & Osindero (2026) define intelligent AI delegation as a sequence of decisions incorporating transfer of authority, responsibility, accountability, role/boundary specifications, clarity of intent, and trust mechanisms — derived from the MAS literature, yet independently identifying every structural element that organizational governance frameworks (COSO, COBIT, Three Lines Model) have prescribed for decades. Castelfranchi & Falcone (1998) established delegation as a social relationship (goal adoption, mutual awareness, social commitment, trust as antecedent); Malone & Crowston (1994) formalized coordination problems as governance, not scheduling, problems.
F-RA-012-02 · convergent-validation · lab-originated
The agentic delegation literature independently derives governance components that converge with organizational governance primitives. Tomašev et al. (2026) identify nine delegation components from their MAS literature survey (task specification, authority transfer, accountability structure, trust mechanisms, intent preservation, role boundaries, monitoring/verification, delegation contract, context transfer) that map one-to-one to governance structural elements from an entirely different tradition (organizational governance, accountability theory, cybernetics).
F-RA-012-03 · gap-identification · lab-originated
The agentic protocol landscape provides capability without governance and has regressed on governance since the 1990s. MCP (Anthropic, Nov 2025), A2A (Google/Linux Foundation, 2025), and Agent Protocol provide capability plumbing but none models authority semantically, preserves intent across hops, tracks decision lineage, enforces constraint attenuation, or provides evidence-based trust escalation. FIPA ACL (1990s) included 22 standard communicative acts (inform, request, propose, accept, refuse, among others), conversation threading, mentalistic (BDI-based) semantics, and structured interaction protocols; modern protocols gained simplicity/scalability/transport flexibility while losing intent encoding, conversation lineage, commitment verification, and performative semantics.
F-RA-012-04 · gap-identification · lab-originated
Delegation chains create liability diffusion, moral crumple zones, and responsibility gaps. In a chain (Human → A → B → C → Action) each hop attenuates the accountability signal. Elish (2019) — the "moral crumple zone": responsibility collapses onto the nearest human regardless of meaningful control. Nissenbaum (1996) — four structural barriers (many-hands, bug defense, blaming the computer, ownership without liability). Matthias (2004) — the "responsibility gap" for learning systems whose behavior designers cannot predict yet someone must be accountable for.
F-RA-012-05 · gap-identification · lab-originated
Meaningful human control requires tracking and tracing conditions that current protocols do not satisfy. Santoni de Sio & van den Hoven (2018) proposed the tracking condition (system responds to all relevant human moral reasons) and the tracing condition (any outcome traces back to a human agent with proper moral understanding); neither MCP, A2A, nor Agent Protocol satisfies these.
F-RA-012-06 · theoretical-grounding · established
Bainbridge's automation paradox applies to delegation: as delegation becomes more reliable, human capability to intervene degrades. Bainbridge (1983) — automating most tasks while leaving intervention to humans creates demands humans cannot meet; vigilance degrades after ~30 min of monitoring low-event-rate systems; de-skilling occurs as delegation removes practice. Parasuraman & Riley (1997) identified four automation-use categories: disuse, misuse, abuse (poor system design by designers or managers leading to inappropriate automation), and use. Dreyfus & Dreyfus (1986) — five skill-acquisition stages requiring progressive exposure to real decisions.
F-RA-012-07 · design-requirement-derivation · lab-originated
Trust in delegation requires evidence, not computed reputation scores. Mayer, Davis & Schoorman (1995) model trust as a function of ability, benevolence, and integrity. Computational trust models (Sabater & Sierra 2005, Josang et al. 2007) aggregate reputation from interaction history; ERC-8004 (2025) proposes Claims/Briefs/Proofs/Stake. These address ability but struggle with benevolence and integrity; trust models based on learned behavior are vulnerable to the symmetry-breaking finding (S11) — agents may learn to circumvent constraints that reduce completion. Trust boundaries must be imposed (structurally enforced), not learned; graduation to higher authority should be evidence-based with regression on deviation.
F-RA-012-08 · gap-identification · lab-originated
Five formal MAS frameworks each formalize governance subsets, but none covers all delegation governance dimensions. BDI (Rao & Georgeff) — cognitive dimension; MOISE+ (Hübner et al.) — structural dimension; Contract Net Protocol (Smith 1980) — transactional dimension; OperA (Dignum 2004) — relational dimension; Categorical Cybernetics (Capucci et al.) — formal dimension. No single framework achieves strong coverage of more than three of nine governance dimensions.
F-RA-012-09 · architectural-resolution-claim · lab-originated
Delegation is a composition pattern over governance elements, not a new structural concept. It composes over existing elements: purpose + authorization + agreement (commitment) + scope limits (constraints) + task specification + contextual understanding. Each hop creates a new instance of this composition linked to the prior hop through state-transformation lineage; authority attenuation (each hop may narrow but never widen scope) is enforced through constraint binding; the full chain is reconstructable.
F-RA-012-10 · theoretical-grounding · established
Security threats in delegation networks (prompt injection, privilege escalation, impersonation, tool poisoning) require governance infrastructure, not just perimeter defense. Greshake et al. (2023) demonstrated indirect prompt injection propagating across delegation boundaries; Debenedetti et al. (2024) showed agents executing tools over untrusted data are vulnerable when tool-returned content can hijack agent behavior. Perimeter defense prevents known attacks but cannot detect novel exploitation.
F-RA-012-11 · convergent-validation · lab-originated
S12 is the seventh domain confirming the "requirements without infrastructure" meta-pattern, and convergence from an independent trajectory strengthens the result. Three independent trajectories converge on the same governance structure: organizational governance theory (S1-S6), theoretical foundations (S8-S11), and AI agent systems engineering (S12).
F-RA-012-14 · contribution-synthesis · lab-originated
The independent convergence from the MAS tradition is the strongest validation finding in the corpus: when two independent research traditions (organizational governance theory, Sprints 1-6; AI agent systems engineering, Tomašev et al. 2026) arrive at the same structural requirements from different starting assumptions, source literatures, and problem framings, the convergence is stronger evidence than either tradition alone.
F-RA-012-15 · convergent-validation · lab-originated
A persistent cross-corpus pattern: governance is recognized and formalized in frameworks, then lost in implementation because no infrastructure exists to operationalize it. FIPA ACL had performatives, conversation threading, social commitment semantics — abandoned for HTTP simplicity. The same: W3C PROV standardized data lineage but not decision lineage (S1); NIST AI RMF prescribed governance but not implementation substrate (S2); COSO prescribed controls but not evidence capture (S4).
Bibliography26
Toma{\v{s}}ev, Nenad and Franklin, Matija and Osindero, Simon (2026) · Intelligent {AI} Delegation
Castelfranchi, Claudio and Falcone, Rino (1998) · Towards a Theory of Delegation for Agent-Based Systems
Malone, Thomas W. and Crowston, Kevin (1994) · The Interdisciplinary Study of Coordination
{FIPA} (2002) · FIPA Agent Communication Language Specifications
Elish, M. C. (2019) · Moral Crumple Zones: Cautionary Tales in Human-Robot Interaction
Nissenbaum, Helen (1996) · Accountability in a Computerized Society
Matthias, Andreas (2004) · The Responsibility Gap: Ascribing Responsibility for the Actions of Learning Automata
Santoni de Sio, Filippo and van den Hoven, Jeroen (2018) · Meaningful Human Control over Autonomous Systems: A Philosophical Account
Bainbridge, Lisanne (1983) · Ironies of Automation
Parasuraman, Raja and Riley, Victor (1997) · Humans and Automation: Use, Misuse, Disuse, Abuse
Dreyfus, Hubert L. and Dreyfus, Stuart E. (1986) · Mind Over Machine: The Power of Human Intuition and Expertise in the Era of the Computer
Mayer, Roger C. and Davis, James H. and Schoorman, F. David (1995) · An Integrative Model of Organizational Trust
+14 more citations