---
lang: en
template: editorial
---

# **Governance** for controlled agentic execution
> Governance

Jadey treats agents as digital role holders in the enterprise process. Every agent works with a defined assignment, limited rights, an approved execution context and auditable evidence.

This means agentic processes are guided in the operating model from the outset, with clear responsibilities, binding approvals, traceable decisions and auditable execution.

[Get Started](action:demo-booking)

## Agents as digital role holders {#agent-roleholders}
> Role model

Every agent acts in a defined function. It must not access systems, data or actions broadly, but only within the approved case. Critical steps follow review, approval or human-oversight paths.

- **Role** Every agent acts in a clearly named function.
- **Assignment** The permitted operating scope is defined in relation to the case and process.
- **Authorization** Rights are limited, checked and bound to the approved context.
- **Approval** Critical actions follow defined review and oversight paths.
- **Evidence** Actions, approvals, exceptions and escalations remain auditable.

## Control starts with the case picture {#control-not-trust}
> Management model

Jadey does not run business-critical enterprise cases as a loose sequence of individual actions, but in a continuous case picture. This case picture combines objective, status, data context, roles, policies, decision rights, next actions, approvals, exceptions and evidence. Governance thereby becomes part of operational execution. Enterprise guardrails define the frame, domain owners specify the business rules and a leading agent keeps case guidance together across systems, waiting times, questions and escalations. Specialized agents check data, document intermediate steps, prepare decisions or execute approved actions. The result is not an uncontrolled automation flow, but a guided case with clear accountability and a traceable history.

## Control layers limit execution {#control-layers}
> Preventive, Detective, Corrective

Agentic execution needs more than an approval click at the end. Jadey structures control in several layers: before an action, during execution and when deviations occur in the running case.

**Preventive Controls** limit scope, rights, data access, model use, approval thresholds and permitted execution contexts before an agent acts.

**Detective Controls** make deviations visible: unclear evidence, missing contributions, timeouts, policy conflicts, unusual system actions or unexpected process paths.

**Corrective Controls** bring the case back, stop an action, request a decision, escalate to the right role or document a correction.

Governance is therefore not checked only after the fact, but built into operational execution as a controllable control model.

## Human oversight is operating logic {#human-oversight-operating-model}
> Human Oversight

Jadey can guide operational cases across systems, data and roles. Critical decisions are not hidden inside automation, but governed along defined approval, stop and escalation logic. Before productive execution, the enterprise defines which actions an agent may prepare independently, which become effective only after approval and which must be returned to a named role when uncertainty occurs. Human control therefore remains not a downstream safety mechanism, but part of running operations: auditable, documented and bound to clear responsibilities.

## Access follows roles, rights and approvals {#roles-rights-approvals}
> Roles and rights

Agentic execution needs clear boundaries. Jadey therefore works with defined roles, minimal rights, policies and controlled execution contexts instead of broad access rights. Responsibilities remain named, rights are limited to the respective case and sensitive interventions follow defined rules. Governance also structures collaboration between business functions, IT, operations and management: who contributes, who reviews, who approves, who may intervene and when an escalation moves to the right level. This creates the basis for operational execution in which many agents and people can act together without responsibility becoming unclear.

## Data and model use remain under governance {#data-model-governance}
> Data and models

Enterprise governance does not begin only when a process is executed. It begins with the question of which data an agent may use, what purpose that use serves and which models are approved for the respective use case. Jadey makes these decisions effective in the running case. Roles, approvals, review paths and evidence ensure that data and model use do not happen invisibly in the process, but remain bound to clear responsibilities and approvals. The technical implementation of data flows, model routing, retention and deletion is represented in the Trust & Security frame. Governance defines the business control frame here: permitted use, responsible roles, human review and visible evidence in the case picture.

## Readiness is created per use case {#use-case-ai-act-readiness}
> Use-case governance

Jadey provides operational governance controls and an evidence logic with which deployed agents can be guided along internal policies, regulatory requirements and AI-Act-relevant risk questions. Jadey does not replace the specific legal classification. That remains use-case specific and depends on purpose, data context, decision effect, affected persons, human oversight and organizational frame. Governance is therefore run per use case: with bounded scope, role model, data and model approval, oversight concept, escalation rules and auditable evidence. Jadey creates an operational basis for this, not a blanket legal classification.

## Audit readiness needs artefacts {#audit-readiness}
> Evidence

Auditability does not come from technical logs alone. What matters is that the organization receives auditable governance artefacts that explain and evidence the approved case operation. These include a use-case profile, a role and rights matrix, policy mapping, model approval, human-oversight concept, escalation evidence and an evidence register. These artefacts show what was approved, who was allowed to decide, where a human had to intervene and how exceptions were handled. This creates a robust basis for audit readiness in management, internal audit, compliance and operations; technical logs, retention and export rules are specified in the Trust & Security frame.

## Production operations need clear accountability {#operational-accountability}
> Operations

Governance does not end with go-live. Reliable enterprise operations need clear operational responsibility in the running case: who holds objective, scope and rules, who reviews exceptions, who approves corrections and who decides in an escalation. Jadey is designed to keep longer-running cases together across weeks, months and, with the right operating frame, beyond, including waiting phases, personnel changes, repeated decisions and escalations. The case therefore remains guidable even when responsibility changes or a decision has to be raised to the next level. Security-adjacent due diligence on technical controls, data flows, shared responsibility, runtime, IAM/RBAC, secrets, retention, SIEM and incident artefacts is covered in the Trust & Security frame.

[View Trust & Security](/en/trust)