Every regulated action needs a chain of custody. Agent actions don't have one.
In financial services, healthcare, legal, and other regulated industries, every significant action requires attestation. Who authorized it. What policy it complies with. What review it passed. AI agents are taking regulated actions every day — and none of that attestation exists for the skills driving them.
Regulated workflows, unattested instructions
A compliance team in a financial services firm approved the use of AI agents for client onboarding. The agents handle document verification, risk classification, initial suitability assessment. The compliance review covered the AI model — provider agreements, data processing terms, output disclaimers. It did not cover the agent skills. Nobody thought to ask what the skills contained.
The skills were written by the operations team that built the onboarding workflow. They knew the process. They didn't know that two of the skill conditions — the ones governing when to escalate a risk classification — were not aligned with the firm's written suitability policy. The gap had been there for six months. The agent had been running the wrong escalation logic for 3,000 client onboarding interactions.
No regulator had noticed yet. But the compliance officer had a problem. When the question came — and it would — the answer was that the firm had been running AI-assisted onboarding with skills that hadn't been reviewed against the compliance framework, written by people who weren't compliance officers, with no attestation that the logic was policy-aligned.
The compliance review covered the model. The liability was in the skills.
The question regulators are already forming
Regulatory frameworks for AI are developing, not developed. But the questions regulators ask follow a consistent pattern: Can you demonstrate that the AI acted within an approved policy framework? Can you produce the approval chain for the logic the AI applied? Can you show that the output was consistent with your stated compliance posture?
Those questions are answerable if the skills driving the agent were reviewed, approved, and logged. They're unanswerable if the skills were written informally, never reviewed by compliance, and exist only as files on engineers' machines.
The AI Act, SR 11-7, DORA, and emerging sector-specific AI governance frameworks are all converging on the same requirement: explainability and accountability for automated decision-making. Skills are the mechanism of that decision-making. The attestation has to be at the skills layer, or it doesn't exist.
Attestation at the skills layer
Policy alignment review
Skills that govern regulated workflows — suitability assessments, credit decisions, patient intake, transaction monitoring — require compliance review and sign-off before they run. The compliance officer is in the approval chain, not a downstream reviewer of outputs.
Chain of custody
Every skill invocation in a regulated workflow is logged with the full context: which skill version, which approval chain authorized it, what logic was applied, what the outcome was. The attestation record exists at the point of action, not reconstructed after the fact.
Policy versioning
When the regulatory requirement changes, the skill is updated and versioned. The old version stops running. The new version has a fresh approval chain. The record shows the transition.
What Invoked does for compliance governance
Invoked provides the infrastructure layer for governed agent skill deployment. For compliance teams, that means policy-reviewed skills with a complete attestation record — at the layer where the regulated action actually happens.
Compliance-tiered authoring
Skills governing regulated workflows go through a tiered authoring process that captures the policy reference, the compliance owner, and the review scope. The compliance team sees the skill before it reaches the agent — not after the agent has been running it for six months.
Required approval gates
Skills touching regulated data, executing regulated actions, or automating regulated decisions require compliance sign-off before they enter the fleet. The gate is enforced by the system — it can't be bypassed by the team that built the skill.
Audit trail by default
Every agent invocation produces a log entry: skill identifier, version, approval chain, executing agent, timestamp, outcome. The audit trail is a first-class output — not a side effect of logging — structured for regulatory review from the start.
Explainability starts at the skills layer
Regulators asking for explainability in AI decision-making are asking a skills-layer question, even when they don't know it yet. “Why did the AI classify this customer's risk level as high?” is a question about what logic was in the skill that ran the classification. “What was your AI authorized to do in this transaction?” is a question about what scope the skill declared and who approved that scope.
The compliance function that can answer those questions — because the skill was reviewed, the scope was declared, the approval was logged, and the invocation was recorded — is the one that meets regulators with documentation rather than apologies.
Understand the compliance exposure in your agent stack
Before you can attest to what your agents are doing, you need to know what skills they're running. Invoked reads the skill paths your agents discover from — read-only, no source code access. You get a map of every skill in your enterprise: what regulated workflows it governs, who built it, what policy review (if any) it went through, what approval is on record.
Most compliance officers find skills running regulated workflows with no compliance review on record. Some find skills that directly contradict documented policy. The map is the starting point.
What comes after
If what we find together is material, we run a 90-day paid pilot with one regulated workflow area. Policy-aligned authoring. Compliance-tiered approval gates. Immutable audit logging. By the end, the skills driving your regulated AI workflows have a compliance chain of custody — and you can answer the regulatory questions before they're asked.