Key takeaways
- On 22 January 2026, IMDA launched what it calls the world's first Model AI Governance Framework (MGF) for Agentic AI at Davos. Version 1.5 followed on 20 May 2026, shaped by feedback from 60+ organisations and 10+ real-world case studies.
- The framework sets four pillars: bound the risks upfront, keep humans meaningfully accountable, implement technical controls, and enable end-user responsibility.
- Compliance is voluntary, but as of June 2026 your business stays legally accountable for whatever your AI agents do under existing law. Deploy a careless agent and the liability is yours.
- Use the plain-English checklist below to scope agent limits, set human approval gates, and keep audit logs before you go live.
- Outsourced SG builds agentic AI with governance baked in from day one. Founder-led, from S$400/mth per developer, live in under two weeks.
On 22 January 2026, Singapore's Infocomm Media Development Authority (IMDA) used the World Economic Forum in Davos to launch what it calls the world's first Model AI Governance Framework (MGF) for Agentic AI, with an updated Version 1.5 following on 20 May 2026. If you run a Singapore SME and you are already pointing AI agents at customer enquiries, ops or sales follow-up, agentic AI governance in Singapore just stopped being a "later" problem. The framework is voluntary, but your legal accountability for what your agents do is not. This is the plain-English checklist to deploy responsibly without a legal team on retainer.
What did IMDA actually launch?
The MGF for Agentic AI builds on Singapore's earlier Model AI Governance Frameworks and extends them to agents specifically: AI systems that do not just answer, but act. They call tools, query data, send messages and chain steps together with limited human input. Version 1.5, released on 20 May 2026, was shaped by feedback from more than 60 organisations and includes over 10 real-world case studies from names such as DBS, OCBC, AWS, Google and Workday, according to IMDA's announcement. It also expands into thornier territory: multi-agent systems and risks like "agent sprawl" and miscoordination.
The framework sets out four core dimensions. Paraphrased plainly, they are: (1) assess and bound the risks upfront by choosing sensible use cases and limiting an agent's autonomy and its access to tools and data; (2) make humans meaningfully accountable by defining checkpoints where human approval is required; (3) implement technical controls across the agent's lifecycle, such as baseline testing and restricting access to whitelisted services; and (4) enable end-user responsibility through transparency and training.
Why agentic AI governance in Singapore matters for SME founders
Two reasons. First, the MGF is now the reference point. Regulators, enterprise clients and partners will increasingly expect the vendors and tools they work with to follow something that looks like it. If you are pitching a larger company, "how is your AI agent governed?" is becoming a procurement question, not a nice-to-have.
Second, and more pointed: compliance is voluntary, but accountability is not. As of June 2026, multiple legal commentaries on the framework make the same point: organisations remain legally accountable for the actions and impacts of their AI agents under existing law. Law firm Eversheds Sutherland's analysis notes the framework can help courts and regulators assess whether you took reasonable steps — risk assessments, technical controls, clear accountability — when deploying an agent. Translation: if your sales agent fires off a wrong quote, or your support agent mishandles a customer's personal data, the liability sits with you, not the model vendor. Following the framework is, in effect, your evidence that you acted reasonably.
This matters because adoption is running ahead of governance. Singapore SMEs are deploying autonomous agents fast, and many have no governance process at all — which is exactly the gap our coverage of the Deloitte agentic AI governance gap warned about. The checklist below closes that gap in an afternoon.
The SME checklist: four pillars, in plain English
Pillar 1 — Bound the risks before you deploy
- Pick the right use case. Start where a wrong action is recoverable — drafting replies, summarising tickets — not where it is irreversible (issuing refunds, sending contracts) until you trust it.
- Write down exactly what the agent can touch. Which tools, which data, which systems. If it does not need access to your customer database, it should not have it.
- Cap autonomy. Decide what the agent can do alone versus what needs a human "yes" first.
Pillar 2 — Keep a human meaningfully accountable
- Define approval gates. Identify the significant actions — anything touching money, contracts, personal data, or external communications — and require a human to approve before the agent proceeds.
- Name an owner. One person is accountable for each agent. "The AI did it" is not a defence.
- Build a kill switch. You must be able to pause or stop an agent quickly when something looks wrong.
Pillar 3 — Implement technical controls
- Test against a baseline before go-live, and re-test after any change to prompts, tools or data.
- Whitelist services. The agent should only reach approved, named systems — not the open internet by default.
- Log everything. Keep an audit trail of what the agent did, when, with what inputs, and what it touched. This is your evidence later and your debugging tool now.
Pillar 4 — Enable end-user responsibility
- Be transparent. Tell customers and staff when they are dealing with an AI agent.
- Train your team on what the agent does, where its limits are, and how to escalate.
- Watch out for "agent washing." Some vendors sell glorified chatbots as autonomous agents. Our real-vs-fake AI agents buyer's guide helps you tell the difference before you sign.
Who builds the guardrails, and who owns them?
Here is the practical catch for a non-technical founder: every item above — scoping tool access, wiring approval gates, baseline testing, audit logging — is engineering work. It is not something you bolt on after launch. It has to be designed into the agent. That is also why who owns the resulting system matters. If a vendor builds your agent and its guardrails but keeps the IP, you have outsourced your liability without owning the controls. We unpack that trap in do you own the IP when outsourcing software, and the build-versus-buy reasoning sits alongside our look at AI-powered development teams in Singapore.
For the broader picture on how the regulator is positioning this, our companion IMDA agentic AI framework SME guide covers the policy context, while the CSA guidance on securing agentic AI covers the security side. Read them together if you want the full map. And if you have decided to build but are weighing internal hires against an external team, our walkthrough of how to outsource software development in Singapore covers how to structure the engagement.
How Outsourced SG can help
Outsourced SG is a founder-led Singapore software studio. Joshua Lim personally leads a small team of vetted developers, all trained on Cursor, Claude Code and agentic AI workflows, and hands every project over in person. When we build an agentic AI system, governance is baked in from day one, not retrofitted to chase a framework after the fact.
Concretely, mapped to IMDA's four pillars: Joshua scopes each agent's limits — exactly which tools and data it can touch (Pillars 1 and 3); we wire human-in-the-loop approval gates at the significant checkpoints you define (Pillar 2); and we add logging and audit trails so you have a defensible record of what your agent did (Pillar 3). Because every engagement includes an NDA and 100% IP assignment, you own the agent and its guardrails outright — no vendor lock-in on the controls that protect you.
Pricing is in SGD only: Starter Squad at S$400/month per developer (1–2 devs) and Product Team at S$550/month per developer (3–5 devs). No CPF, no foreign-worker levy. Our team works from Indonesia on GMT+7, one hour behind Singapore. We can be live in under two weeks, with a 30-day replacement guarantee. If you are weighing this against hiring internally, our breakdowns on the cost to hire a developer in Singapore and whether outsourcing is worth it put the numbers side by side.
Want an agent that does the work and survives a governance review? Talk to Outsourced SG or see our pricing. WhatsApp Joshua directly at +65 9456 2307.
This article is general information, not legal advice. The MGF for Agentic AI is voluntary guidance as of June 2026; for advice on your specific obligations, consult a qualified Singapore legal professional.
Frequently asked questions
Is the IMDA Model AI Governance Framework for Agentic AI mandatory in Singapore?
No. As of June 2026, the framework is voluntary guidance, not law. However, organisations remain legally accountable for the actions and impacts of their AI agents under existing laws. Following the framework helps demonstrate you took reasonable steps if something goes wrong, so it is best treated as a practical standard rather than optional.
What are the four dimensions of Singapore's agentic AI governance framework?
IMDA sets out four pillars: (1) assessing and bounding risks upfront by limiting an agent's autonomy and its access to tools and data; (2) making humans meaningfully accountable through approval checkpoints; (3) implementing technical controls such as baseline testing and whitelisted services; and (4) enabling end-user responsibility through transparency and training.
Who is liable if my AI agent makes a mistake?
Your organisation. The framework is clear that humans remain ultimately accountable, and legal commentary on it confirms that businesses stay liable for their agents' actions under existing law. If your agent sends a wrong quote or mishandles data, the liability sits with you, not the AI model provider. That is why scoping limits, approval gates and audit logs matter.
What changed in Version 1.5 of the framework, released in May 2026?
IMDA first launched the Model AI Governance Framework for Agentic AI on 22 January 2026 at Davos. Version 1.5, released on 20 May 2026, was shaped by feedback from more than 60 organisations and added over 10 real-world case studies from names such as DBS, OCBC, AWS, Google and Workday, plus expanded guidance on multi-agent systems and risks like agent sprawl.
How quickly can Outsourced SG build a governed AI agent?
We can typically be live in under two weeks. Outsourced SG builds agentic AI with governance baked in — scoped tool and data access, human-in-the-loop approval gates, and audit logging that maps to IMDA's four dimensions. Pricing is S$400/month per developer for a Starter Squad and S$550/month per developer for a Product Team, in SGD, with full IP assignment and a 30-day replacement guarantee.
Does following the framework guarantee my SME is compliant?
No framework guarantees compliance, and this one is voluntary. What it does is give you a recognised reference for acting reasonably: scoping risks, keeping a human accountable, adding technical controls and being transparent with users. For obligations specific to your business, consult a qualified Singapore legal professional. Treat the checklist here as a practical starting point, not legal advice.
Want to build with agentic AI — the right way?
I'm Joshua. I'll personally scope your project and lead a vetted team to build it — from S$400/month per developer, with governance and IP assignment baked in.
WhatsApp me →Sources
- Singapore Launches New Model AI Governance Framework for Agentic AI (IMDA Press Release)
- Understanding Singapore's new Model Framework for Agentic AI Governance (Eversheds Sutherland)