4. Reference Architecture
Applying the ASCP framework to Saudi Arabia's national-scale AI infrastructure.
KSA decision chapter
Vision, execution, and evidence
5. Intent Governance
Vision 2030 & Sovereignty
Maps the Autonomous State Control Plane reference architecture directly onto Saudi Arabia's national digital infrastructure, including government clouds.
Reference Architecture
The Autonomous Systems Control Plane extends cloud control-plane discipline into the agentic AI era. It treats AI-generated actions as proposals requiring admission, not as trusted API calls. For Saudi Arabia, this pattern provides a complementary execution layer between sovereign AI infrastructure and high-impact autonomous operations.
The previous chapter established the principle; ASCP turns it into architecture. Cloud control planes already govern resource creation, identity, configuration, and state transition. Agentic AI benefits from the same discipline for AI-initiated actions.
ASCP is not a model or dashboard. It is a runtime governance path that treats AI-generated actions as proposals requiring admission, not trusted API calls.
Architecture Overview
ASCP treats AI systems as sources of proposals, not holders of standing authority [1]. The architecture has four layers.
Reasoning and agent layer. Domestic models, hyperscaler agents, and software copilots analyze, plan, and propose. They do not touch production.
Intent boundary. Models and agents submit structured intent. The intent describes the requested action, target, expected effect, constraints, risk class, and required authority. This boundary is where model output becomes a control-plane input.
ASCP core. The core binds intent to live context, evaluates policy, routes approvals, generates execution contracts, issues short-lived identity, enforces execution, and records evidence.
National production fabrics. ASCP can govern the path into HUMAIN-style AI cloud operations, SDAIA-style data workflows, DGA-style digital government systems, NEOM-style digital-twin environments, regulated-sector platforms, and AI software factories.
ASCP Core Components
ASCP components can be deployed centrally, federated by domain, or embedded into platform teams. The key is the same control path: intent, context, policy, contract, identity, execution, evidence, replay.
| Component | Role in ASCP | KSA institutional value |
|---|---|---|
| Intent intake | Receives structured proposals from models, agents, copilots, and pipelines. | Standard entry point across ministries, clouds, and vendors. |
| Context engine | Binds intent to system state, policy context, data class, and risk signals. | Decisions reflect live infrastructure, agency rules, and sector conditions. |
| Policy engine | Evaluates admissibility under national, sectoral, organizational, and workflow rules. | Makes policy enforceable at runtime. |
| Risk and operational-impact evaluator | Estimates potential impact before execution. | Routes high-impact changes to escalation. |
| Approval router | Sends sensitive actions to operators or supervisory workflows. | Preserves accountable human authority. |
| Execution contract generator | Converts approved intent into a bounded contract. | Limits execution to the approved action and constraints. |
| Ephemeral identity issuer | Issues short-lived credentials tied to the contract. | Reduces standing privilege and credential exposure. |
| Execution gateway | Enforces the contract against APIs, infrastructure, workflows, or pipelines. | Creates a controlled path from proposal to mutation. |
| Evidence recorder | Captures intent, context, decision, approval, contract, identity, execution, and result. | Provides audit and regulator-grade evidence. |
| Replay and audit console | Reconstructs the action path for review and incidents. | Enables dispute handling and continuous improvement. |
| Emergency stop / override | Suspends or blocks execution paths as conditions change. | Supports institutional control over autonomous workflows. |
The Agentic Action Lifecycle
ASCP converts an AI proposal into governed execution through a repeatable lifecycle:
- Model or agent proposes an action as structured intent.
- ASCP binds the intent to live context.
- Policy and risk evaluation determine admissibility.
- Approval routing escalates sensitive actions.
- Approved intent becomes an execution contract.
- Ephemeral identity is issued for that contract.
- The execution gateway performs the bounded action.
- Evidence and replay records close the loop.
- Governance feedback updates policy, schemas, and runbooks.
What Makes ASCP Different from Traditional AI Governance
Traditional AI governance focuses on model behavior: content safety, prompt filtering, benchmark scores, and responsible AI review. ASCP adds runtime execution governance. The question shifts from whether a response is acceptable to whether a proposed action is admissible under policy, identity, contract, and evidence constraints.
| Model governance | Execution governance |
|---|---|
| Reviews model outputs. | Governs system actions. |
| Focuses on prompts, content, and benchmarks. | Focuses on intent, policy, identity, contracts, and evidence. |
| Often occurs before deployment or at interaction time. | Occurs at runtime before execution. |
| Uses logs and monitoring after the fact. | Produces evidence before, during, and after execution. |
| Helps make models safer. | Makes autonomous actions governable. |
| Model-centric. | Control-plane-centric. |
KSA Deployment Pattern
ASCP maps to HUMAIN-style AI cloud operations, SDAIA-style data workflows, DGA-style digital government, NEOM-style digital twins, regulated-sector platforms, and AI software factories. The same pattern governs cloud scaling, model-serving changes, data workflows, citizen-service routing, simulation-to-action paths, sector workflows, and generated deployment artifacts.
KSA relevance: ASCP and Workforce
ASCP offers a repeatable execution-governance architecture across AI cloud, national data systems, digital government, smart cities, and regulated sectors. It also points to a workforce path: from manual operation toward AI governance, protocol engineering, evidence review, and autonomous-operations oversight.
Design Principles
| Principle | Meaning |
|---|---|
| Intent before execution | Autonomous systems submit proposed actions before any system mutation occurs. |
| Policy before privilege | Permission is evaluated before credentials are issued. |
| Context before authorization | Decisions are bound to live system state, data classification, workflow rules, and risk signals. |
| Contracts before credentials | Approved actions become bounded execution contracts before identity is created. |
| Evidence before trust | Evidence chains are the audit primitive for autonomous AI. |
| Replay before finality | Operators and auditors can reconstruct why the action was allowed and what happened. |
| Human authority for high-impact actions | Sensitive actions route to accountable people or supervisory workflows. |
| Model and vendor agnosticism | The control plane governs actions from domestic, open-source, hyperscaler, and frontier models. |
| Emergency override by design | Institutions retain the ability to suspend or block autonomous pathways. |
| Open protocol boundaries | Integration can occur through clear intent, policy, contract, identity, and evidence interfaces. |
Boundary of the Architecture
ASCP does not replace cybersecurity programs, model safety, responsible AI processes, or platform ownership. It is a reference architecture for governing high-impact AI-initiated actions across heterogeneous systems.
ASCP defines the macro-architecture. The next chapter defines the protocol surface that can make this architecture operational: OpenKedge, the intent-governance protocol for converting AI proposals into policy-bound execution.
References
- [1]Jun He. The Autonomous State Control Plane: A Reference Architecture for Sovereign AI Systems. 2026. Whitepaper