Status: Published, 25 April 2026 (v1.4.1 current; v1.4 prior, 21 April 2026)
Licence: Open. MIT licensed. Freely cite with attribution.
Canonical reference: omegaprotocol.org/omega/spec/v1
Implementation status: /omega/implementation/
Version history: v1.0 March 2026 (5 primitives) → v1.1 April 2026 (8 primitives) → v1.2 April 2026 (12 primitives) → v1.3 April 2026 (15 primitives) → v1.4 April 2026 (15 primitives; 21-conjunct bundle) → v1.4.1 April 2026 (16 primitives; 22-conjunct bundle with P14 Predicate Commitment)
Current version: v1.4.1, released 25 April 2026. Prior: v1.4 (21 April 2026). Bundle: 22-conjunct formal bundle: the v1.4 21-conjunct bundle plus P14 Predicate Commitment. Verified: v1.4 SafeVerify remains published; v1.4.1 predicate file passes local Lean kernel check in this repository.
v1.4.1 (current). Adds P14 Predicate Commitment. Every governed record commits to the predicate version it satisfies, the predicate definition hash, the attestation method, and the attestation hash. P14 is evaluated first; all other primitive claims are claims of satisfaction against the predicate P14 commits to. See P14 and Formal proof for verification status and reproduction.
v1.4 (prior). The fifteen irreducible primitives were unchanged. v1.4 is the Structural Integrity Release: four additional constraints on how existing primitives must be satisfied, each closing a structural attack surface identified on 21 April 2026. In Lean 4, the top-level Governed predicate is a 21-conjunct bundle (17 v1.0 conjuncts plus 4 v1.4 structural integrity constraints).
v1.3 (prior). Published 20 April 2026. Extended the primitive set to fifteen with P10 Competence Attestation, P11 Expectation Update Integrity, and P12 Semantic Integrity Validation. SymPy machine-verified necessity and sufficiency for all fifteen primitives through three adversarial rounds remains the baseline described in the formal verification section below.
Six honest limits are named: failure modes that cannot be closed by any black-box governance protocol without model weight access or deployment-layer controls as documented.
OMEGA is an authorisation layer for autonomous action. It specifies how computation becomes consequence: at the boundary where a decision becomes irreversible. This is not a framework for how AI systems ought to think. It is a record architecture for proving what a system was authorised to do, how it reasoned, what it predicted, and whether a distinct gate existed between intent and execution: committed before the action, not reconstructed after it.
OMEGA does not prove a decision was correct. It proves a commitment was authorised, that reasoning was recorded before action was taken, and that the record cannot be altered after the fact. Auditability is not correctness. It is the precondition for measuring correctness.
One sentence: we make it harder to lie with a system than without it.
Domain logic varies. Decision anatomy does not. The same sixteen structures appear wherever adaptive intelligence navigates uncertainty under constraint across single agents, multi-agent systems, and decision trajectories over time. They were discovered empirically across eight independent domains before being formalised. They are not design choices. They are what a governed decision is.
Every governed decision requires exactly sixteen things. Remove any one and a distinct governance failure becomes possible that cannot be compensated by the remaining fifteen. Machine-verified through three rounds of adversarial testing in SymPy (March-April 2026) and Lean 4 (April 2026), with v1.4.1 adding a predicate-bound Lean conjunct for P14.
Which predicate version does this record satisfy?
P14 cryptographically commits every governed record to the predicate version it satisfies, the predicate definition hash, the attestation method, and the attestation hash. It is evaluated first. P1 through P12, P4M, P4T, P5E, P6A, P6L, and PCF are claims of satisfaction against the resolved predicate definition P14 names.
P14 requires:
predicate_version: human-readable string such as Governed-v1.4.1predicate_hash: SHA-256 of the canonical Lean predicate definition fileattestation_method: string such as SafeVerify-Lean4attestation_hash: SHA-256 of the attestation reportWithout P14: old records can be reinterpreted against newer OMEGA versions. A v1.4 record must permanently attest to the v1.4 predicate, not whatever the current version happens to be.
Read P14 Predicate Commitment →
Who authorised this, under what constraints, within what scope?
Governance captures authority and constraint at the moment of decision. A system could produce perfect Reasoning, accurate Expectation, complete Traceability, and verified Confirmation, and still have acted outside its authorised scope. Governance is the primitive that determines whether a decision was made by the right entity under the right conditions.
Without Governance: illegitimate authority. Rogue decisions are indistinguishable from valid ones. No basis for certification or regulatory compliance.
How did the system get from its inputs to this decision?
Reasoning captures the FACT, INFERENCE, ASSUMPTION, and UNKNOWN chain that connects available information to a conclusion. In this specification, the reasoning chain must be expressed as a causal graph with magnitude and likelihood labels on every effect node; v1.4 requires that graph to be acyclic (P2_DAG). UNKNOWN is a first-class element: the system declares what it cannot verify instead of hiding it.
Without Reasoning: opaque decision logic. Post-incident analysis is guesswork not evidence. Wrong reasoning drives real decisions invisibly.
FM_R: the named failure mode for P2 →
What happened, and can we prove it after the fact: even if the system that made the decision no longer exists?
SHA-256 hash-chained, append-only. Modify any record and every downstream hash breaks. Decision Sovereignty: a record remains verifiable even after the entity that made it no longer exists.
Without Traceability: mutable history. Retroactive rewriting becomes possible. No forensic reconstruction.
What did the system predict would happen, locked before it acted?
Expectation captures an explicit commitment to a predicted future state before any action is taken. Without Expectation there is no baseline against which to measure whether the system's model of the world was accurate. Open-ended evaluation requires a committed prior before the system runs, P4 produces that prior automatically.
Without Expectation: no falsifiable prior. Hindsight bias goes unchecked. Learning is impossible.
Does the prediction track the highest-consequence variable in the causal graph?
P4M requires that the P4 prediction correspond to the highest magnitude × likelihood node in the P2 causal graph. A trivial prediction that masks a catastrophic assumption is invalid. The gate performs a deterministic structural check: not NLP extraction.
Without P4M: an agent commits to predicting an irrelevant metric (Recursive Deference Trap) while the causal graph contains unverified catastrophic assumptions.
What aggregate outcome did the system commit to across a multi-step sequence?
For multi-step objectives, the agent must pre-commit to an aggregate predicted outcome before the first action in the sequence. Checkpoint reaffirmation required at specified intervals. Declared divergence triggers a new P4T obligation.
Without P4T: ten thousand individually compliant decisions can produce a globally catastrophic outcome with no governed record of the intended destination (Salient Decomposition and Temporal Consequences Arbitrage).
Was there a distinct gate between deciding and acting?
Confirmation is the primitive that marks the boundary between deliberation and execution. Without Confirmation as a distinct primitive, there is no record of whether the system had a genuine opportunity to not act.
Without Confirmation: no deliberate gate. Intent flows directly into irreversible action.
Did what ran match what was approved?
Cryptographic binding between the approved record hash and the actual execution payload. Transitive attestation of the complete executed code closure: including dynamically loaded code. Only attested binaries may run.
Without P5E: an agent can substitute a malicious payload after gate approval while the hash chain shows a clean record (Confirmation Gate Race Condition and Attestation Laundering).
When an agent delegates, what is the governed record of that handoff?
Any agent spawning or delegating to a sub-agent must either require a governed OMEGA record from the sub-agent or explicitly declare the delegation ungoverned and accept full liability transfer. Transitive accountability enforced.
Without P6: a governed system produces ungoverned outcomes by routing risky decisions through sub-agents (Golem Subcontractor).
What does the whole delegation chain produce?
Before delegating, the orchestrating agent must produce a consolidated causal graph and P4M-compliant prediction covering the aggregate outcome of the entire delegated workflow. Individual compliance does not imply aggregate compliance.
Without P6A: every sub-task is individually compliant while the system-level outcome fails: the fallacy of composition encoded into protocol (Delegation Chain Fragmentation).
Can high-consequence actions be routed through ungoverned channels?
Ungoverned delegation is blocked when estimated consequence is Major or Catastrophic. A cumulative risk counter triggers human review at configurable thresholds.
Without P6L: an agent maintains a pristine governed record while routing all substantive risk through ungoverned sub-agents (Ungoverned Liability Dumping).
Is the system's identity anchor measurable and tamper-resistant over time?
The Anchor Baseline and Drift Bounds must be expressed as measurable quantitative metrics. The Independent Evaluator is a deterministic rules engine: not an NLP system that can be defeated by adversarial framing.
Without PCF: the evaluator inherits the same NLP vulnerabilities as the primary gate (Continuity Evaluation Spoofing and Goodhart Drift).
Cryptographically-bound record of a competence claim from a designated attestation authority, linked to the decision record at the moment of authorisation.
P10 requires:
P10 is compatible with upstream attestation standards including AgentFacts (cryptographically-signed capability declarations), IETF Entity Attestation Token capability extensions, professional licensure schemes, and institutional credentialing. P10 does not replace these; it requires that one of them is invoked and its output bound to the decision record.
P10 is distinct from P1 (Governance). P1 records who authorised an action. P10 records who certified the actor's capability to perform it. The two can come from different sources: authority may be granted by one entity and competence certified by another: and both records are required.
What P10 does not prove: that the agent is actually competent. P10 records that a competence claim was made by an identified authority. Ground truth of competence is not cryptographically establishable. See FAA (Attestation Authority Integrity) for the structurally unclosable gap this creates.
Failure mode when absent: authority without competence basis. An agent acts with valid P1 governance records but no evidence anyone certified capability. Captures the “perfectly recorded incompetence” pathological world.
Cryptographically-bound mechanism for updating a pre-committed expectation when new evidence materially invalidates it, preserving the accountability chain while preventing silent or trivial revision.
P11 requires:
P11 is distinct from P4 (Expectation). P4 commits a prior. P11 governs the lifecycle of that prior under materially changed circumstances. Without P11, P4's falsifiability is either brittle (obsolete priors persist) or gameable (priors are silently reinterpreted to avoid falsification).
P11 is compatible with Bayesian updating with audit trails, clinical trial protocol amendments with locked rationale, monetary policy revisions, and PCCP-style change envelopes. P11 adds governance and cryptographic binding to the update event itself.
Failure mode when absent: obsolete or silently-updated expectations. A system either cannot revise priors when conditions change (brittle), or revises them without accountability (unverifiable). Captures the “obsolete expectation, no update path” pathological world.
Known interaction: P11 reduces but does not eliminate adversarial update laundering. A system may still route outcome switching through formally valid updates that satisfy materiality thresholds while drifting in intent. See Adversarial Registry: Update Laundering.
Binds expectation fields to a semantic schema at commitment time. Any update to a bound field triggers P11 (Expectation Update Integrity) rather than silent revision. Schema-level equivalence class membership is recorded cryptographically at commit and verified at resolution.
P12 requires:
P12 is decidable within the schema. P12 does not solve the general natural language semantic equivalence problem, which is undecidable. P12 constrains the attack surface to schema-bound fields and forces all modifications through governed paths.
P12 is distinct from P4M (Materiality Binding). P4M sets the threshold at which expectation failure matters. P12 prevents the threshold from being silently re-interpreted after commitment.
Failure mode when absent: vacuous expectations. An expectation recorded as “system will perform acceptably” with no schema binding can be satisfied by any outcome. Captures the “vacuous expectation” pathological world.
What P12 does not prevent: update laundering through P11. See Adversarial Registry: Update Laundering.
Each primitive captures something the other fifteen cannot. Together they form the minimum complete anatomy of a governed passage from deliberation to authorised commitment: across individual decisions, multi-agent delegation chains, decision trajectories over time, and future protocol versions.
A(α,π) = P14(π) ∧ G ∧ R ∧ T ∧ E ∧ P4M ∧ P4T ∧ C ∧ P5E ∧ P6 ∧ P6A ∧ P6L ∧ PCF ∧ P10 ∧ P11 ∧ P12
Remove any one: unauthorised. By extension: uninsurable.
| Remove | Failure mode | Severity |
|---|---|---|
| P14 Predicate Commitment | Version drift: record interpreted against the wrong predicate | High |
| P1 Governance | Ungoverned action: rogue decisions indistinguishable from valid | High |
| P2 Reasoning | Hollow reasoning, FM_R active, opaque decision logic | High |
| P3 Traceability | Mutable history: retroactive rewriting possible | High |
| P4 Expectation | No falsifiable prior: post-hoc prediction | High |
| P4M Materiality Binding | Decoy prediction: trivial P4 masks catastrophic assumption | Catastrophic |
| P4T Trajectory Expectation | Temporal arbitrage: locally compliant sequence, catastrophic aggregate | High |
| P5 Confirmation | Gate bypassed: intent collapses directly to action | High |
| P5E Execution Attestation | Race condition: payload substitution after approval | High |
| P6 Delegation | Ungoverned delegation: liability escapes through sub-agents | Catastrophic |
| P6A Aggregate Materiality | Chain fragmentation: compliant hops, catastrophic combination | Catastrophic |
| P6L Liability Threshold | Liability dumping: high-risk routed ungoverned | High |
| PCF Continuity-Formal | Continuity spoofing: evaluator defeated by adversarial framing | Catastrophic |
| P10 Competence Attestation | Authority without competence basis: governed records with no certified capability (“perfectly recorded incompetence”) | High |
| P11 Expectation Update Integrity | Obsolete or silently-updated expectations: brittle priors or unaccountable revision | High |
| P12 Semantic Integrity Validation | Vacuous expectations: no schema binding, any outcome satisfies the record | High |
v1.4 adds four structural integrity constraints that tighten how existing primitives must behave under adversarial conditions. These are not new primitives. v1.4.1 adds P14 as a new primitive, bringing the protocol to sixteen primitives. The v1.4 constraints remain additional conjuncts in the formal bundle that constrain the permissible behaviour of P1, P2, P6, and P4T.
Pattern addressed: Stale authorisation.
Plain language: Authority must be valid at the moment of action.
Technical mechanism: Authorisation requires multi-factor validation within a 73-second freshness window and a maximum 300-second replay tolerance.
Pattern addressed: Circular reasoning.
Plain language: Decisions cannot justify themselves using their own outputs.
Technical mechanism: The reasoning chain must form a directed acyclic graph where every node resolves to independent evidence.
Pattern addressed: Shadow delegation.
Plain language: No action can hide a chain of delegated decisions.
Technical mechanism: Every internal cognitive step and every inter-agent handoff must be recorded as a first-class delegation event.
Pattern addressed: Environmental drift.
Plain language: Predictions only hold while their assumptions remain true.
Technical mechanism: Predictions bind to explicit environment assumptions and are revoked if those assumptions change.
The prose constraints in this specification are the authoritative source of truth. The Lean 4 formalisation of the 22-conjunct bundle proves internal consistency of a formal model of these constraints. The formal model is not the specification. Terms such as “independent evidence,” “cognitive step,” and “environment assumption changed” carry semantic weight in prose that the formal model represents as abstract predicates. Readers should treat the Lean verification as evidence that the formal model is internally consistent, not as evidence that the formal model corresponds exhaustively to the prose. The gap between specification and formalisation is tracked on the adversarial methodology page as an ongoing area of review.
These failure modes cannot be closed by any pre-execution black-box governance protocol without model weight access, full execution stack verification, or deployment-layer controls as stated. They are named, owned, and documented: not hidden.
| Limit | Mechanism | What closure requires |
|---|---|---|
| FOU. Omniscient Deceiver | Agent generates perfect compliance facade over misaligned objective | Model weight access |
| FAP. Anchor Poisoning Residual | Flawed initial metric definition: protocol preserves the wrong thing | Meta-governance at anchor definition |
| FAB. Attestation Base Integrity | Malicious binary approved in attestation whitelist: clean records of invalid behaviour | Formal verification of binary behaviour |
| FPS. Physical Staleness Gap | Environment changes after commitment: pre-execution governance cannot control actuation | Real-time safety interlock integration |
| FAH. Accountability Horizon | OMEGA's accountability guarantees hold only for Human-Agent Collectives whose minimum compound autonomy remains below the Accountability Horizon Λ̂* = 1 − 1/|C_min|, where |C_min| is the size of the smallest mixed human-AI feedback cycle in the interaction graph. Above this threshold: proven by Tibebu (arXiv:2604.07778, April 2026): no accountability framework can simultaneously satisfy Attributability, Foreseeability Bound, Non-Vacuity, and Completeness. OMEGA is such a framework. | Reducing compound autonomy below Λ̂* at the deployment layer through interaction graph analysis and autonomy bounding. |
| FAA. Attestation Authority Integrity | P10 (Competence Attestation) requires cryptographic binding of a competence claim to the decision record. The claim is made by an attestation authority: a human credentialing body, an institutional certification system, a hardware root of trust, or another agent. If the authority is compromised through regulatory capture, credential inflation, social engineering, or collusion, a valid P10 record can accompany an incompetent agent's action. Distinct from FAB: FAB covers computational attestation base integrity; FAA covers human or institutional authority integrity. | Deployment-layer attestation authority diversity, transparency logs for credentialing decisions, and time-bounded competence claims. |
OMEGA is defined not just by what it governs: but by what it does not claim to.
OMEGA was not designed once. It was forced into shape through structured adversarial iteration. The initial SymPy-era methodology ran three rounds of attack by a hostile AI reasoning system; a fourth round in v1.4 extended the registry to structural integrity constraints (21 April 2026). Each round: propose primitives → attack structurally → classify failures → close with new primitives or name as honest limits → re-verify in SymPy.
Twenty-three failure modes across four rounds (nineteen modes across the first three SymPy rounds, plus four additional modes identified and closed in Round 4 on 21 April 2026). Twelve closed. Six named as honest limits. Seven peer-reviewed papers published 2025-2026 independently validate seven of the v1.3 primitives: each arriving at the same design from a different research direction.
Four adversarial rounds are documented in the published registry (Round 4: v1.4 structural integrity). SymPy through v1.3: all fifteen pre-P14 primitives necessary and sufficient. v1.4.1 adds predicate-bound durability as P14.
v1.0. March 2026. Five primitives
SymPy machine-verified. Lean 4 with Mathlib independently verified. Every "Complete implies primitive" check returns UNSAT.
v1.1. April 2026. Eight primitives
SymPy extended to cover P4M, P5E, P6. All eight necessary. All eight sufficient. Interaction tests confirm new primitives close specific failures original five could not.
v1.2. April 2026. Twelve primitives
SymPy extended to cover P4T, P6A, P6L, PCF. All twelve necessary. All twelve sufficient. Two honest limits (FOU, FAP) confirmed to survive all twelve primitives: structurally unclosable as expected.
v1.3, 20 April 2026. Fifteen primitives
SymPy extended to cover P10 Competence Attestation, P11 Expectation Update Integrity, and P12 Semantic Integrity Validation. All fifteen necessary. All fifteen sufficient. Two additional honest limits (FAH, FAA) named: structurally unclosable as documented in the adversarial registry.
v1.4, 21 April 2026. Fifteen primitives; formal bundle extended
Lean 4 (OmegaV14.lean) extends the top-level Governed predicate with four structural integrity constraints (P2_DAG, P6_AtomicAgency, P1_Freshness, P4T_EnvInvariant). The formal bundle is a 21-conjunct bundle (17 v1.0 conjuncts plus 4 v1.4 structural integrity constraints). Each new constraint is proved necessary; joint sufficiency for the expanded conjunction is proved in-file. Verified in Lean 4 via SafeVerify, 21 April 2026. SymPy results for the fifteen primitives remain as for v1.3.
v1.4.1, 25 April 2026. Sixteen primitives; predicate commitment
Lean 4 (OmegaV141Predicate.lean) adds PredicateCommitment and P14 as the first conjunct. The formal bundle is a 22-conjunct bundle: P14 plus the v1.4 21-conjunct core. Local Lean kernel check passes in this repository. SafeVerify must be run against the compiled .olean before the v1.4.1 attestation is marked as a SafeVerify pass.
from sympy import symbols, And, Not, Implies, satisfiable
P1,P2,P3,P4,P5 = symbols('P1 P2 P3 P4 P5')
P4M,P4T,P5E,P6,P6A,P6L,PCF = symbols('P4M P4T P5E P6 P6A P6L PCF')
P10,P11,P12 = symbols('P10 P11 P12')
protocol = And(
Implies(P1, Not(F1)), Implies(P2, Not(F2)),
Implies(P3, Not(F3)), Implies(P4, Not(F4)),
Implies(P5, Not(F5)), Implies(P4M, Not(F4M)),
Implies(P4T, Not(F4T)), Implies(P5E, Not(F5E)),
Implies(P6, Not(F6)), Implies(P6A, Not(F6A)),
Implies(P6L, Not(F6L)), Implies(PCF, Not(FCF)),
Implies(P10, Not(F10)), Implies(P11, Not(F11)), Implies(P12, Not(F12))
)
all_primitives = And(P1,P2,P3,P4,P5,P4M,P4T,P5E,P6,P6A,P6L,PCF,P10,P11,P12)
# Necessity: removing any primitive makes its failure mode satisfiable
# Sufficiency: all primitives together block all fifteen failure modes
# Result: All fifteen NECESSARY. All fifteen SUFFICIENT.v1.4.1 Results (Lean): 22-conjunct bundle kernel-checked in OmegaV141Predicate.lean. P14 is the first conjunct and commits the record to its predicate and attestation hashes. Local Lean check passes; SafeVerify is pending in this workspace.
v1.4 Results (Lean): 21-conjunct bundle (17 v1.0 conjuncts plus 4 v1.4 structural integrity constraints) kernel-verified in OmegaV14.lean. Four structural constraints each necessary; full conjunction sufficient for Governed. Verified in Lean 4 via SafeVerify, 21 April 2026.
v1.3 Results (SymPy): All fifteen primitives necessary. All fifteen failure modes blocked. Six honest limits (FOU, FAP, FAB, FPS, FAH, FAA) documented: structurally unclosable where stated. Verified in SymPy, 20 April 2026.
Full scripts and reproduction: omegaprotocol.org/omega/formal-proof/
Five independent lines of evidence (v1.0):
Seven additional lines of evidence (v1.2 extensions):
OMEGA does not prove a decision was correct. OMEGA does not prevent bad decisions. OMEGA does not replace human judgment. OMEGA does not guarantee reasoning is causally connected to the decision unless P2 is bound to actual execution traces. OMEGA does not access model weights or activations: it cannot distinguish genuine reasoning from perfect post-hoc rationalisation (FOU honest limit). The gate can fire on hollow reasoning. The record will show it. That is the most OMEGA can do. It is also more than any other standard currently does.
Every OMEGA governed record is self-contained and Decision-Sovereign. It remains verifiable even after the system that produced it no longer exists. It cannot be generated after the fact without breaking the hash chain. It cannot be altered without detection.
The non-action record is as important as the action record. A system that evaluated and held has no trace of that evaluation in any current observability tool. In OMEGA, the HELD decision is a first-class record.
OMEGA sits at Layer 4 of the AI agent trust stack. Decision Governance. It is the only formally proved open standard at that layer.
Layer 0: Physical entropy substrate: unclonable liveness-aware randomness
Layer 1: Hardware attestation, TPM, TEE, FPGA enclave
Layer 2: Cryptographic identity: fuzzy vault, PKI, machine identity
Layer 3: Agent coordination — MCP (Linux Foundation, 97M monthly SDK downloads), A2A (Linux Foundation, 150+ production implementations)
Layer 4: Decision governance, OMEGA Protocol (sixteen primitives)
Layers 0-3 prove the agent is who it claims to be and that its environment is trusted. Layer 4 proves what that agent was authorised to decide, how it reasoned, what it predicted across time and delegation chains, and whether a gate existed before it acted.
The API is live. Any system can connect today.
POST /decisions: submit a governed record
GET /decisions/:mandate_id: retrieve by mandate
First external integration: Deliberate Network, March 2026. SHA-256 hashed OMEGA record returned first attempt.
Links: Decision API → | Formal proof → | Adversarial registry →
| Regulation | Primitive | Requirement |
|---|---|---|
| EU AI Act Article 11 | P1 Governance | Technical documentation of authorisation |
| EU AI Act Article 12 | P3 Traceability | Automatic logging, 10-year retention |
| EU AI Act Article 14 | P5 Confirmation | Human oversight gate |
| EU AI Act Article 9 | P2 Reasoning + P4M | Risk management with causal graph and materiality |
| EU AI Act Post-market | P4 Expectation + P4T | Ongoing performance monitoring across sequences |
| EU AI Act Multi-agent gap | P6 + P6A + P6L | Accountability chain: not yet in Act, confirmed gap |
| FDA PCCP | P4 + P4T Expectation | Predetermined change control plan baseline and sequence |
| MHRA PCCP | P4 Expectation | Model lifecycle governance |
| FAA Part 450 | P1 Governance + P5E | Means of compliance + execution attestation |
| FCA SM&CR | P1 + P2 + P6 | Senior manager accountability across delegation chains |
| NIST AI RMF / Agent Standards | P6 + P6A + P3 | Secure delegation, verifiable agent identity, audit trails |
| NIST AI Agent Standards Initiative (launched Feb 2026) | P6 + P6A + P6L + P4T | Multi-agent delegation accountability, aggregate trajectory commitment, cross-agent hand-off governance |
| ISO 42001 A.6.2 | PCF Continuity-Formal | Lifecycle monitoring with quantitative anchors |
GPAI obligations under the EU AI Act have been active since August 2025. Annex III high-risk enforcement begins August 2, 2026. NIST AI Agent Standards Initiative launched February 2026: seeking implementations for delegation accountability and trajectory governance. OMEGA v1.4.1 provides the implementation layer.
Berkeley RDI's April 2026 peer-preservation findings (models in production harnesses disabling shutdown configurations in up to 99.7% of trials for cooperative peers) intensified attention on the multi-agent accountability gap. OMEGA v1.4's Atomic Decision Boundary (P6 structural integrity constraint) is the only published mechanism that structurally prevents the delegation-laundering patterns Berkeley observed. OMEGA v1.4.1 adds predicate durability so those records remain verifiable against their original predicate version.