Connecting Is Not Aligning: The Governance Gap Your Observability Stack Cannot Close
Why agentic AI fails on meaning instead of plumbing, and the eleven capabilities your organisation must hold to close the gap
About Our Contributing Expert
Frédéric Verhelst, PhD | Chief Data Officer, Non-Executive Director, & Advisor
Frédéric Verhelst, PhD, is a data and AI governance executive and the author of The Ontology Imperative, a series on why trustworthy agentic AI requires formal semantic infrastructure as a preventive governance layer. He holds a PhD in applied physics from TU Delft, awarded cum laude.
His semantic infrastructure work spans more than a decade of production systems. As VP Real-Time Decision Support at Epsis, he co-developed ERA Decide, an ISO 15926-grounded, SPARQL-queryable agent-based decision-support system, presented at the W3C Workshop on Semantic Web in Oil and Gas in Houston in 2008. As programme manager of the Integrated Operations in the High North programme, he led semantic interoperability work across 22 organisations, including Statoil, DNV, ABB, Siemens, and Cisco, to prove standard-first interoperability. He chaired the ISO 15926 Production and Reservoir SIG, served as Head of Data Office at TotalEnergies EP Danmark, and led the Knowledge Graph Alliance as CEO.
Most recently, as Product Owner, Dynamics 365 at Viking Life-Saving Equipment, he has prioritised standard-first architectural approaches while bringing agentic AI into safety-critical maritime operations. He is currently transitioning from that role and is available for Chief Data Officer, board, and advisory appointments.
He advises boards on agentic AI liability and insurability. His long-form work is at theontologyimperative.substack.com, and his reference artefacts, including the Agentic AI Capability Stack™, are openly available at fredericverhelst.com/toi-library. We’re thrilled to feature his insights on Modern Data 101.
We actively collaborate with data experts to bring the best resources to a 20,000+ strong community of data leaders and practitioners. If you have something to share, reach out!
🫴🏻 Share your ideas and work: community@moderndata101.com
*Note: Opinions expressed in contributions are not our own and are only curated by us for broader access and discussion. All submissions are vetted for quality & relevance. We keep it information-first and do not support any promotions, paid or otherwise!
Let’s Dive In
Two AI agents in your enterprise share a data pipeline, an API gateway, and an authentication layer. They are connected. They cannot agree on what “approved supplier” means.
One agent queries the procurement ontology and returns a list of vendors who have passed financial vetting.
The other queries the operations ontology and returns vendors who have passed safety certification.
Both are correct, but neither knows the other definition exists. The agent making the purchasing decision is using one. The agent assessing supply chain risk is using the other.
Your board signs off on a procurement strategy built on numbers that mean different things in different systems, and no one notices until the audit.
This is the breakdown pattern that defines agentic AI today. The architecture connects everything while aligning nothing. And the gap between connection and alignment is where governance has to live, because that is where the agents operate.
I should say plainly: I believe in agentic AI. From 2006 to 2009, I built BDI multi-agent systems grounded in formal ontologies and open standards. This was part of a larger industrial wave, as operators on the Norwegian Continental Shelf, Statoil among them, and their technology partners advanced autonomous systems and semantic technologies to manage the complexity of integrated operations.
These systems combined the distributed data processing capabilities of software agents with variable autonomy approaches to turn data streams into decisions and prevent operator information overload.
I have watched the underlying pattern hold for nearly two decades. The technology works. What fails is the assumption that connectivity plus monitoring equals governance.
This article makes three arguments.
Agents are not employees you onboard but contractors who need an explicit, machine-readable scope of work.
The two dominant ways organisations try to close the gap (watching agents harder and asking a language model to generate the very semantics meant to constrain it) are structurally insufficient.
The answer is a set of capabilities the organisation must own on open standards, and most data platforms cover the bottom and the top of that set while leaving the governance core unbuilt.
Agents are employees contractors
The World Economic Forum advises onboarding AI agents like employees. That is too generous. Employees absorb culture, norms, and institutional memory. They carry skin in the game. Agents absorb none of it. Without explicit boundaries, they invent their own.
The honest analogy is the contractor. You would not let a contractor onto your site without a statement of work, defined authority, and escalation routes. Yet that is precisely how most organisations deploy agents: enormous capability, no contract.
Harvard Business Review reports that 86 per cent of organisations plan to increase agentic AI investment while only 6 per cent fully trust agents with end-to-end processes. The gap is not capability. It is missing contracts.
Cassie Kozyrkov, Google’s first Chief Decision Scientist, put the diagnosis in one line:
“The model isn’t the bottleneck anymore. The plumbing and the people are.” (source)
The question is how you write a contract a machine can follow.
Policy documents fail: agents can read them but cannot reason over them consistently, because natural language is ambiguous and “use good judgement” means nothing to a probability engine.
The contract has to exist in a language machines must abide by. The statement of work is an ontology defining the agent’s domain, what is in and what is out.
Defined authority is rules encoded in a knowledge graph: which decisions the agent may take and which trigger escalation. Escalation clauses are guardrails the agent cannot bypass. The audit trail is provenance tracing every decision to its source.
This reframes where human effort belongs. Instead of reviewing every output after the fact, you move the effort upstream: design the ontologies, constraints, and rules that define correct reasoning before the agent runs.
That is the shift from human-in-the-loop to human-above-the-loop, and it is the single most useful test for any agentic initiative on your roadmap: does a machine-readable scope of work exist for this agent, and who owns it? If no one owns the contract, everyone owns the liability.
🔖 Related read
The Contract-driven Data Platform
What if there was a different way to build a data platform, one that is made up of consistent, interoperable, governed data products?
None of this is hypothetical. In 2024, a tribunal ordered Air Canada to honour a bereavement fare its own chatbot had invented, rejecting the airline’s claim that the chatbot was a separate legal entity responsible for its own actions.
The damages were trivial, a few hundred dollars, because a chatbot can only make a promise. Agentic systems do not promise; they act: they book, pay, commit, and reconfigure. The exposure is no longer a refund, but the action itself, and the institutions that price risk for a living have noticed.
From January 2026, the standard forms behind most of the United States commercial liability market let insurers exclude generative AI outright, and AI vendors routinely cap their own liability at twelve months of fees, so the loss lands on the company that deployed the agent.
The European Systemic Risk Board has gone further, naming AI as a potential amplifier of systemic risk, where model uniformity, concentration, and sheer speed can turn one bad pattern into a correlated failure across institutions.
This has the shape of 2008: institutions running the same models on the same assumptions, so that when one assumption broke, it broke across all of them at once, a correlated collapse no single firm could halt.
Agents drawing on the same handful of foundation models are that monoculture again, now more capable than that chatbot by orders of magnitude and executing in milliseconds, and the governance that would contain them is not yet built.
Watching is not governing
The most common substitute for that contract is observability, and it is the substitution this article’s title is aimed at. Capgemini’s 2026 C-suite research found that two-thirds of CXOs say clearer governance and accountability frameworks would help them better leverage AI in decision-making.

Few have built them, and into that gap vendors sell observability as a stand-in. Dashboards multiply, traces accumulate, and leadership concludes the problem is handled. It is not, and the reason is a distinction every finance team already knows: detective versus preventive controls.
Observability tells you what happened and when. Logs, traces, metrics: activity, not authority. That model was adequate for traditional software, which is deterministic and thoroughly tested: it executes what it was programmed to execute, so watching the execution told you most of what you needed. Agents do not execute what they were programmed to execute.
They interpret instructions through patterns in training data and sampling no one can inspect. When generative AI hallucinates, you fix the generated text. When an agentic system hallucinates, it acts. By the time the observability alert reaches your phone, the agent has already executed with your authority.
Financial controls make the distinction concrete. A monthly audit that catches a fifty thousand dollar unauthorised expense is a detective control. An approval workflow that blocks the transaction before it fires is a preventive control.
Traditional governance relies on three lines of defence: operational management, risk and compliance, and internal audit, all operating at human tempo and reviewing actions after the fact.
Agentic AI requires a fourth line: structural enforcement running at machine speed, firing before the agent acts, held by a Chief Data Officer with the authority to halt it.
You do not want a transcript of the disaster. You want the disaster to be structurally impossible.
The protocol layer does not rescue the detective model either, and this is worth being precise about because the protocols are genuinely good. MCP, and its agent-to-agent counterparts, standardise how agents reach tools and each other. They are connectivity standards.
They enforce only what you have built. If no ontology defines what “approved” means in your business, no protocol can carry that meaning, and no monitor can detect its absence, because the absence looks exactly like normal operation. Recall the opening scenario: both agents performed flawlessly by every observability metric. Latency fine, error rate zero, traces complete. The failure was in what the data meant, and meaning never appears on a dashboard.
So the question to put to any governance proposal is simple. When the regulator asks, observability shows that your agent moved two million at 14:23 UTC. Governance proves the agent acted under a specific rule, triggered by an approved order, within a defined limit, under a named authority. One is forensics. The other is authority itself. If your organisation cannot show preventive controls, you do not have governance. You have a crime scene recorder.

You cannot generate your way out
The second false close is more seductive because it feels modern:
If agents need ontologies and semantic infrastructure, have a language model generate them. It never works, and the reason is architectural rather than a matter of model quality.
Andrej Karpathy describes an LLM as “a lossy compression of the internet.” Compression keeps the frequent and discards the rare. It amplifies the mean and deletes the edges.
Your business lives in the edges: the line between a service contract and a framework agreement, the threshold where maintenance becomes capital expenditure, the exception clause that determines liability.
🔖 Related read
Ontology engineering is the opposite operation, deliberate judgement about what to include and exclude and why. Ask a compression engine for your semantic foundation, and you get the statistical mean of everyone else’s business, syntactically valid and operationally useless.
The deeper issue is strategic: your ontology encodes your competitive advantage. Outsource its creation to a model trained on public data, and you get everyone else’s model.
The same compression that cannot create your semantics is actively eroding the semantics that exist. Training strips metadata; no attribution survives the weights. Jessica Talisman, whose Ontology Pipeline work readers of this publication will recognise, calls the result knowledge network decay.
And the models do not merely strip provenance; they fabricate it. GPTZero’s scan of NeurIPS 2025 papers found more than one hundred hallucinated citations across 51 papers, and a GhostCite study of over 56,000 papers measured an 80.9 per cent increase in the invalid citation rate in 2025.

Every RAG pipeline ingesting the open web ingests that corruption, and synthetic content with fabricated sources becomes training data for the next model. Retrieval without semantic provenance does not fix hallucination. It accelerates it.
I have seen this failure shape before, in a different field. In oil reservoir appraisal, early models produced a single best estimate that looked precise and was quietly overconfident.
The uncertainty was always there; the model hid it, and it hid exactly the features that mattered: the thin productive zone, the fault boundary. Ensemble methods did not add uncertainty. They revealed what the best estimate had suppressed.
LLMs do to knowledge what pre-ensemble models did to geology: they hide the edges and the provenance behind an overconfident mean. Formal ontologies are the enterprise’s ensemble method. They preserve the detail that compression conceals.
The implication for agentic AI is direct. If the substrate destroys provenance, you cannot build accountability on top of it. You build accountability beside it, in a layer the language model does not control. That layer is what most organisations have not built.
What the Stack requires
The standards for that layer are not speculative. The W3C Semantic Web stack, OWL for formal ontologies, SHACL for constraint validation, SPARQL for query, PROV-O for provenance, RDF for the graph substrate, is mature and vendor-neutral.
These are not academic exercises; they are a standard-first architectural approach designed to prevent technical debt and over-customisation.
If you build your semantic layer on proprietary vendor formats, you are renting your own business logic. Open standards keep your organisational definitions as your own intellectual property, fully portable and independent of whichever vendor’s platform you plug them into.
Building this layer does not mean a multi-year overhaul. You start with a Minimum Viable Ontology, and two of the field’s founding figures are pointing the same way.
🔖 Related read
The Ontology Engineering Challenge is Not Building It, but Mirroring the Delta
Every language model has built a map of your business concepts. The real engineering challenge isn’t constructing an ontology, but deciding where your enterprise’s meaning diverges from the one the model already has, and correcting only that.
At the 2026 Knowledge Graph Conference, Jim Hendler and Deborah McGuinness presented jointly on how the phrases they are each known for, his “a little semantics goes a long way” and her “just enough ontology”, are converging into a starting point for enterprises building a semantic layer between their data and their AI systems.
Isolate the single most consequential decision process in your business, the one where an agentic failure creates immediate regulatory or financial liability. Build the semantic contract and the guardrails for that one bounded domain, prove the pattern, then scale it.
I can date the pattern personally. In 2012, I co-authored the exploration use case for the EU Optique project on behalf of Statoil, now Equinor. The project’s purpose was to let domain experts query industrial data using simplified language, hiding database complexity, exactly as today’s agents do.
Optique set out to cut the path from an information need to an answer from days to hours, even minutes, by removing the human intermediary who previously translated questions into database operations.
In data-intensive industries, engineers were losing up to 80 per cent of their time just getting to the data they needed, the daily grind Bo Lora calls digital archaeology: digging through disparate systems for an answer. What made the abstraction work was not the interface.
It was the ontologies and mappings underneath: semantic infrastructure that translated simplified queries into correct operations across heterogeneous sources. Without it, the queries would have returned plausible-looking answers that were wrong.
Today the agent has taken over the intermediary role, and it is failing where the humans did not, for want of the same infrastructure. The pattern has not changed in fourteen years. Only the stakes have.
That pattern is being rebuilt in public right now, far from heavy industry. Netflix’s Content Engineering organisation describes its Unified Data Architecture as “model once, represent everywhere”: one authoritative model of what the business means, built on the open standards RDF and SHACL, then projected outward into the schema every downstream system needs, so “movie” or “actor” resolves to a single definition rather than a different one per service.
The failure it set out to fix (every system pointing at the same concept and disagreeing on what it is) is the opening of this article at streaming scale.
Agentic AI Capability Stack™
The framework I use to name what must be in place is the Agentic AI Capability Stack™, an eleven-capability reference whose governance core is built on open standards.

The standards are open for a strategic reason, not a technical one
Meaning, enforcement, and provenance are the capabilities you must own rather than rent, because a governance core a vendor can reprice or revoke is sovereignty you do not actually hold.
A capability reference instead of a deployment architecture
Each line names a capability the organisation must hold, not a software component to deploy. The bottom two capabilities, data and connectivity, every major vendor covers. Snowflake, Databricks, Microsoft Fabric, Google Cloud, AWS, all of them handle storage, ingestion, and integration competently.
Top three are the agent runtime and the organisational frame around it
Orchestration frameworks crowd the runtime, while the operating model and strategy above it are organisational capabilities no vendor can sell you.
The six capabilities from C3 to C8 are where governance lives, and they are the ones the organisation must own outright.
The ontology capability (C3) in OWL and SKOS fixes shared meaning by federating community-owned reference ontologies rather than inventing vocabulary from scratch.
The knowledge graph capability (C4) in RDF is the organisational graph the agent actually reasons over: competitors can license the same language model, but they cannot buy your graph.
The agent contract capability (C5) in ODRL is the contractor’s statement of work made machine-readable: which agent this is, what it may invoke, what authority it holds, where it must escalate.
The guardrail capability (C6) in SHACL validates structural constraints against the ontology and fires before action, regardless of how the input was phrased.
The provenance capability (C7) in PROV-O is the audit trail recording which data, which rules, and which authority produced each agent action.
The agent connectivity capability (C8) is the protocol surface of MCP, A2A, and NGSI-LD through which agents reach governed tools rather than raw pipelines.
Entry into and exit from this zone pass through two structural gates, an Ingestion Gate below it and a Deployment Gate above it, each requiring a named attestation and a named approval before anything moves.
The eleven capabilities read as a ladder of ownership, but at runtime the governance zone operates as a mesh: the ontology at C3 and the protocol surface at C8 are the two hubs through which every governance capability reaches every other.
Almost no vendor covers these six capabilities on open standards the organisation controls. The platforms sold as semantic layers address access and definitional consistency at C3 and C4, and stop there.
Contracts, constraint enforcement, provenance, and the protocol surface, C5 through C8, remain unbuilt. Some vendors offer proprietary equivalents.
Gartner’s 2026 prediction now treats the semantic layer as critical infrastructure by 2030, alongside data platforms and cybersecurity, a foundation its analyst Rita Sallam calls no longer negotiable. That is trailing confirmation of what practitioners building these systems have known for years.
And what you would own is not a single dataset but the federation of what the business knows, across process, assets, supply chain, and maintenance, in one representation whose value lies in the connections between domains rather than in any domain alone. That is the choice in front of every data platform team: own that institutional knowledge, the meaning your agents act on, or rent it.
Where this work continues
Everything in this article is the practitioner’s edge of a larger argument. The full treatment (why the gap is organisational before it is technical, who must own each capability, how the two gates operate, and the four sovereignties: three links that each return control to the vendor if lost, resting on a jurisdictional ground that can take all three dark at once) runs across The Ontology Imperative, a series of nine long-form articles at theontologyimperative.substack.com.
The working instruments are free under CC BY-ND 4.0 at fredericverhelst.com/toi-library. For a reader ready to take that first bounded step, the most immediately useful are the Vendor Coverage Diagnostic for Q2 2026, which maps which capabilities your current platforms actually cover, and the Agentic AI Readiness Assessment, which locates your organisation against the capabilities described here.
The library also holds the Use Case Risk Classification Framework, the Board Briefing, the CDO Office Mandate, and the Agentic AI Capability Stack™ itself.
Your agents are already connected. The open question, the one no dashboard will answer for you, is whether they are aligned.
MD101 Support ☎️
If you have any queries about the piece, feel free to connect with the author(s). Or connect with the MD101 team directly at community@moderndata101.com 🧡
Author Connect 💬
Got questions? Find Frédéric on LinkedIn or drop a comment below. 💬
More from Frédéric
From the Modern Data 101 Team ❤
If two AI systems deliver identical business outcomes, why does one cost ten times more to run? Worth figuring out before your next budget review, read this to understand it better: Lean AI: Building a Scalable AI Foundation











Crime scene recorder is going straight into my library. One pressure test on the opening scenario though. Give both agents a flawless C5 contract and it still fires, each agent stayed inside its scope of work the whole time. The failure lives on the definitions, neither approved supplier carries any signal that a divergent twin exists in the other scope. So the contract cant only sit on the actor. The asset needs one too, traveling with the definition, with a place for that divergence to register at the moment of selection.