# Platform Agentic > Compliance, governance, and accountability for teams building agentic AI systems. Author: Sri Rang ## Book - [Platform Agentic — Table of Contents](https://platformagentic.com/book/): Full chapter listing with summaries ## Chapters - [Ch. 1 — Why Compliance Changes When Agents Act](https://platformagentic.com/book/01-why-compliance-changes-when-agents-act/): What makes autonomous agents different — and why existing compliance frameworks were not designed for them. - [Ch. 2 — Know Your Risk Level](https://platformagentic.com/book/02-know-your-risk-level/): How to classify your agents by risk — and why that classification determines everything else about your compliance obligations. - [Ch. 3 — Vendor and Model Governance](https://platformagentic.com/book/03-vendor-and-model-governance/): Your compliance obligations extend to every vendor in the agent's chain — including your model provider. What BAAs, DPAs, and vendor assessments look like when the vendor is an LLM. - [Ch. 4 — Transparency and the Right to Know](https://platformagentic.com/book/04-transparency-and-the-right-to-know/): What users, regulators, and auditors must be able to see — and why no framework tolerates a black box acting on real data with real consequences. - [Ch. 5 — Data Rights and Minimisation](https://platformagentic.com/book/05-data-rights-and-minimisation/): Why agents that fetch broad context "because it might be useful" are a liability — and what GDPR, HIPAA, and PCI-DSS all say about it. - [Ch. 6 — Audit, Evidence, and Accountability](https://platformagentic.com/book/06-audit-evidence-and-accountability/): The log is the evidence — what every framework requires you to record, who must own it, and why "the model decided" is never a sufficient answer. - [Ch. 7 — The Five Principles](https://platformagentic.com/book/07-the-five-principles/): Across every framework, five obligations keep reappearing. Get these right and you are most of the way there — regardless of which regulations apply to you. - [Ch. 8 — Your Governance Roadmap](https://platformagentic.com/book/08-your-governance-roadmap/): A practical five-step starting point for business teams who need to move from understanding to action — and know exactly what to do on Monday morning. - [Ch. 9 — The Architecture of a Compliant Agent](https://platformagentic.com/book/09-the-architecture-of-a-compliant-agent/): A shared blueprint — components, data flows, and trust boundaries every compliant agent system must define. - [Ch. 10 — Risk Classification and System Boundaries](https://platformagentic.com/book/10-risk-classification-and-system-boundaries/): How to define and enforce the boundaries of what your agent system is — and what it is not allowed to become. - [Ch. 11 — Identity, Access, and Authorization](https://platformagentic.com/book/11-identity-access-and-authorization/): How to design agent identity, scope permissions, and enforce access control across systems and users. - [Ch. 12 — What Agents Are Allowed to Do — Permission Models and Action Boundaries](https://platformagentic.com/book/12-what-agents-are-allowed-to-do/): Designing the action layer — what agents can call, write, send, and execute, and how to enforce those limits. - [Ch. 13 — Securing the Model Layer](https://platformagentic.com/book/13-securing-the-model-layer/): Prompt injection, hallucination, and non-determinism — compliance risks unique to LLM-based agents and how to mitigate them. - [Ch. 14 — Audit Trails and Explainability](https://platformagentic.com/book/14-audit-trails-and-explainability/): Building logs that satisfy auditors — what to capture, how to structure it, and how to make agent decisions explainable. - [Ch. 15 — Data Handling — Retention, Minimization, Encryption](https://platformagentic.com/book/15-data-handling/): How agents must handle data in motion and at rest — what to keep, what to drop, and how to protect it. - [Ch. 16 — Human-in-the-Loop — When Agents Must Stop and Ask](https://platformagentic.com/book/16-human-in-the-loop/): Designing escalation and approval flows — the engineering patterns that keep humans appropriately in control. - [Ch. 17 — Testing, Validation, and Ongoing Monitoring](https://platformagentic.com/book/17-testing-validation-and-ongoing-monitoring/): Evals, regression testing, and production monitoring — building the discipline that compliance requires over time. - [Ch. 18 — Incident Response for Agentic Systems](https://platformagentic.com/book/18-incident-response-for-agentic-systems/): What to do when an agent does something wrong — detection, containment, root cause, and regulatory notification. - [Ch. 19 — The Compliant Agent is the Better Agent](https://platformagentic.com/book/19-the-compliant-agent-is-the-better-agent/): Why the practices this book describes don't just satisfy regulators — they produce more reliable, more trustworthy, and more debuggable systems.