Agentic AI governance: Google and SAP join forces to govern enterprise agents
🔎 Governance is no longer an afterthought, it's a product
Autonomous AI agents have gone from proof of concept to massive deployment in less than eighteen months. According to IDC, AI agent deployments will be 10x larger by 2027 and 40x by 2029 (figures cited by SiliconANGLE, May 2026).
Yet, a major obstacle persists: governance. Most Fortune 500 companies have piloted multi-agent systems, but very few have moved into production because of unmanaged risks.
SAP SAPPHIRE 2026 (May 11-13, 2026) marked a turning point. Google Cloud and SAP unveiled a vision where governance is integrated directly into agent products, not added after the fact. Gemini Enterprise + SAP Joule become the reference model.
A week earlier at Think 2026, IBM positioned governance as a prerequisite for deployment. Two giants, same conclusion: without runtime governance, the agentic enterprise remains a myth.
The key points
- Google Cloud and SAP merge governance and agents in a unified offering (Gemini Enterprise + Joule), announced at SAPPHIRE 2026.
- IDC forecasts a 40x increase in AI agent deployments by 2029, but governance remains the bottleneck.
- IBM Think 2026 adopts the same stance: agentic governance is a prerequisite, not an option. The difference is philosophical and technical.
- SAP repositions Joule as the "front door" of autonomous AI in the enterprise, with 200+ AI agents covering complete industrial workflows.
- The EU AI Act accelerates the movement: runtime governance becomes a legal requirement, not just a technical best practice.
Tools and platforms mentioned
| Tool / Platform | Role in agentic governance | Actor | Context |
|---|---|---|---|
| Gemini Enterprise | Governed agents integrated into SAP cloud | Google Cloud | SAPPHIRE 2026 |
| Joule (SAP) | Front door for autonomous agent workflows | SAP | 200+ AI agents |
| IBM Orchestrate | Orchestration + agentic governance | IBM | Think 2026 |
| Waxell Agentic Governance Framework | Runtime governance framework | Waxell | EU AI Act compliance |
What happened at SAP SAPPHIRE 2026
Google Cloud and SAP announced a deep integration between Gemini Enterprise and the SAP ecosystem, with a specific focus on AI agent governance.
The core idea: governance must not be an external layer that compliance teams add after development. It must be built into the agent product itself.
In practice, this means that every Joule agent running on Gemini Enterprise inherits governance policies defined at the platform level. No separate configuration, no security layer added a posteriori.
Computer Weekly (May 2026) summarizes the strategy: SAP unites its Business AI Platform with an Autonomous Suite to anchor agents in business processes, data, and governance — all producing precise, compliant, and secure outcomes.
This is a paradigm shift from the traditional approach where AI governance was a documentation and post-hoc audit exercise.
Joule repositioned as the gateway to autonomous AI
SAP no longer presents Joule as a simple conversational assistant. SiliconANGLE (May 12, 2026) reports that Joule becomes the "front door" of autonomous AI in the enterprise.
The concept is clear: the user interacts with Joule, Joule orchestrates the specialized agents, and every step is governed. The user doesn't need to know which agent executes which task. Governance is invisible but omnipresent.
SAP Insider details that SAP is advancing its Autonomous Enterprise strategy with more than 200 AI agents, industrial workflows powered by Joule, and an AI-driven cloud migration via RISE with SAP.
The shift is significant: we no longer deploy an ERP and then add AI. Intelligent process execution is native.
Governance as a core value proposition
Marketing Scoop (May 2026) insists on a point that is often underestimated: governance is not a technical detail in the Google-SAP announcement, it is central to the value proposition.
This is a strong signal sent to DSOs and audit committees of large enterprises. The implicit message: "We know your compliance teams are blocking your AI agent projects. Here is a product response."
This approach directly addresses a frustration that Waxell (Feb 2026) documents: traditional AI governance (model cards, bias audits, performance monitoring) is designed for static models, not for agents making real-time decisions.
Classic AI governance vs agentic governance: the break
To understand the stakes of SAPPHIRE 2026, one must grasp the fundamental difference between traditional AI governance and what Waxell calls "agentic governance" (Feb 2026).
Classic AI governance works in batch: a model is evaluated before deployment, its outputs are periodically audited, its biases are documented. It is a static exercise.
Agentic governance is runtime control. An agent decides to call a tool, modify a database, send an email — each action is evaluated in real time against governance policies.
| Dimension | Classic AI governance | Agentic governance |
|---|---|---|
| Timing | Pre-deployment + periodic audit | Runtime, at each agent action |
| Object | Model (performance, bias, toxicity) | Behavior (actions, tools, decisions) |
| Response | Audit report, retraining | Blocking, escalation, automatic override |
| Regulatory framework | Largely covered by the EU AI Act | Gray area, currently being defined |
| Tools | Model cards, benchmarks, logging | Policy engines, runtime guardrails, human-in-the-loop |
Waxell emphasizes that the EU AI Act, in its current version, does not clearly distinguish between the governance of a model and that of an agent. An agent using a "low risk" model can become "high risk" through its autonomous actions.
This is precisely the gap that Google and SAP are filling with their integrated approach: the governance of agentic behavior is as native as the governance of the underlying model.
The Google Cloud approach: governance as a product feature
The Google Cloud blog (May 13, 2026) details the vision: governance is a feature of Gemini Enterprise, on par with reasoning or multimodality.
In practice, Google integrates control mechanisms directly into the agent execution infrastructure. Governance policies are defined at the SAP organization level and inherited by all Joule agents.
This approach has a major tactical advantage: it bypasses the adoption problem. Agent developers do not have to integrate a separate governance tool. Compliance teams do not have to audit each agent individually.
Governance is "on by default," which radically changes the deployment dynamic.
Compute scaling and governance
Google also announced massive compute scaling to support this vision. Governed agents consume more resources — each action requires an evaluation against policies, which adds latency and cost.
The investment in compute is not anecdotal. It indicates that Google takes seriously the idea that governance must not degrade the user experience to the point of making it unusable.
This is a point of differentiation compared to approaches that add an external governance layer, often perceived as a bottleneck by development teams.
Gemini 3 Pro Deep Think in the ecosystem
Although the SAPPHIRE announcements focused on governance infrastructure rather than specific models, the Google-SAP ecosystem naturally relies on models like Gemini 3 Pro Deep Think (agentic score: 95.4) for complex reasoning tasks.
Agents that require nuanced decisions — for example, approving orders above a certain threshold — directly benefit from the advanced reasoning capabilities of this model, all within a governed framework.
For more distributed architectures, some deployments combine these models with multi-agent approaches where multiple AIs collaborate on complex workflows, with each agent being individually governed.
The SAP vision: 200+ agents and the Autonomous Enterprise
SAP isn't just providing a platform. The official guide to SAPPHIRE 2026 innovations presents a vision where AI assistants and agents work alongside humans to meet the demands of global business.
The figure is impressive: more than 200 AI agents covering specific industrial workflows. Each agent is configured for a precise business process — procurement, finance, supply chain, HR — and each inherits the governance defined at the platform level.
This vertical approach is strategic. Instead of offering a generic agent framework, SAP provides pre-configured agents for specific ERP use cases, with governance built in.
For technical teams who want to understand how these agents are structured internally, the principles of configuring agents with SOUL, AGENTS, and Skills systems shed light on the underlying architecture.
From ERP deployment to intelligent execution
The shift in narrative is striking. SAP is no longer talking about "deploying an ERP with AI." The discourse has shifted to "intelligent execution by process."
This means that a purchase-to-pay process, for example, is no longer executed by humans using an ERP with AI suggestions. It is executed by agents using the ERP as infrastructure, with human oversight defined by governance policies.
This evolution makes the question of selecting the best AI agents for the enterprise even more critical, as the choice of platform determines the governance capabilities available.
RISE with SAP and the AI-led cloud migration
An often overlooked element of the announcement: the RISE with SAP cloud migration is now "AI-led." The migration itself is driven by agents, which creates a network effect — more customers on the SAP cloud, more data to train the agents, better results for everyone.
This platform strategy locks customers into the SAP-Google ecosystem, but in exchange offers consistent end-to-end governance.
IBM Think 2026: governance as a prerequisite, not a feature
A week before SAPPHIRE, IBM Think 2026 (May 5, 2026) addressed the same problem with a different posture.
Andy Baldwin's keynote was clear: orchestrate, accelerate, and govern the agentic enterprise. But where Google-SAP integrate governance into the product, IBM positions it as an architectural prerequisite.
The nuance is important. For IBM, you shouldn't even start building agents without first defining your governance framework. It's a "governance-first" approach, as opposed to the "governance-by-default" approach of Google-SAP.
IBM vs Google-SAP: two philosophies of agentic governance
| Dimension | IBM Think 2026 | Google Cloud + SAP SAPPHIRE 2026 |
|---|---|---|
| Positioning | Governance is a prerequisite | Governance is a product |
| Approach | External framework, architecture-first | Natively integrated into agents |
| Target | CIOs, architects, compliance teams | Business users, SAP developers |
| Advantage | Flexibility, ecosystem agnosticism | Minimal adoption friction |
| Risk | Implementation complexity | Google-SAP ecosystem lock-in |
Neither approach is objectively superior. The choice depends on the organization's maturity and its level of investment in the SAP ecosystem.
For companies not on SAP, the IBM approach offers more flexibility. For those already deeply integrated into the SAP ecosystem, the Google-SAP approach significantly reduces deployment friction.
This dynamic recalls recent market movements where AI giants launch multi-billion dollar enterprise joint ventures to lock in large accounts.
Why agentic governance becomes urgent in 2026
Three factors are converging to make agentic governance not just desirable but indispensable this year.
The shift from pilot to production
Multi-agent PoCs flooded enterprises in 2025. The results were promising but impossible to industrialize without runtime governance. 2026 is the year when companies must show concrete ROI or see their agent budgets cut.
The Google-SAP announcement responds exactly to this pressure: "Here is how to move to production without risking your compliance."
The EU AI Act enters the application phase
Waxell (Feb 2026) documents the specific requirements of the EU AI Act for agentic systems. An agent that makes decisions impacting humans (credit, employment, health) falls into the "high risk" category, regardless of the model it uses.
Governance must document not only the model's performance but also the agent's behavior: what actions it took, why, according to which policies, and with what safeguards.
Multi-agent complexity explodes
A single agent is relatively easy to govern. A system of 10 or 50 agents interacting with each other, calling tools and modifying data in real time, creates an exponential attack and risk surface.
This is where the 5 AI agent patterns that work become relevant: each pattern (supervisor, pipeline, debate, hierarchy, blackboard) has different governance requirements. A platform that integrates governance by default significantly simplifies the management of this complexity.
What this means for technical teams
For architects and developers, the May 2026 announcements have concrete implications.
Platform choice becomes a governance choice
Until recently, you chose an agent platform for its reasoning capabilities, its tool integration, its scalability. Governance was a secondary criterion.
In 2026, governance is the primary criterion. A brilliant but ungovernable agent is a legal liability, not an asset.
For teams exploring open-source alternatives, the ecosystem around AI agents with Ollama locally offers more control but demands a significant investment in in-house governance.
Agentic LLMs evolve, governance must follow
The underlying models are evolving rapidly. OpenAI's GPT-5.5 dominates agentic benchmarks with a score of 98.2, followed by Gemini 3 Pro Deep Think at 95.4 and Claude Opus 4.7 (Adaptive) at 94.3.
But a high benchmark score does not guarantee governable behavior in production. A model's ability to precisely follow governance instructions (not to call a certain tool, not to exceed a certain threshold, to escalate a certain decision) is a distinct criterion from its pure reasoning capability.
The choice of the best LLM for agents must integrate this dimension of compliance with governance policies, not just raw performance.
The role of the "agentic governance engineer" emerges
A new function is emerging within teams: the agentic governance engineer. This hybrid profile combines skills in agent orchestration, an understanding of regulatory frameworks, and expertise in policy engineering.
This is not a classic compliance role. It is a technical role that defines governance policies as code — executable, testable, versioned rules.
❌ Common mistakes
Mistake 1: Confusing AI governance and agentic governance
Classic AI governance (evaluating a model before deployment) does not cover an agent's runtime behavior. Applying the same tools to both is like using a fire extinguisher to stop a gas leak. The solution: adopt a runtime governance framework specific to agents, as documented by Waxell.
Mistake 2: Adding governance as an afterthought
This is the error that Google and SAP are explicitly targeting. Integrating an external governance layer onto already deployed agents creates technical debt, latency, and vulnerabilities. The solution: choose platforms where governance is native, or design a governance-first architecture from day one (IBM approach).
Mistake 3: Ignoring the EU AI Act for "low risk" agents
An agent can use a model classified as "low risk" while producing "high risk" behavior through its autonomous actions. The EU AI Act evaluates the complete system, not just the model. The solution: assess risk at the agentic system level, not at the individual model level.
Mistake 4: Underestimating the cost of runtime governance
Every action of an agent evaluated against policies consumes compute. At the scale of 200+ SAP agents, this represents a non-negligible additional cost. The solution: size compute including the cost of governance from the planning phase, not as a surprise in production.
❓ Frequently Asked Questions
Is agentic governance legally mandatory?
The EU AI Act does not explicitly mention "agentic governance", but its requirements regarding human oversight, traceability, and risk management fully apply to agent systems. In practice, runtime governance is the only way to demonstrate compliance for autonomous agents.
IBM or Google-SAP: which approach to choose?
If your company is deeply integrated into the SAP ecosystem, the Google-SAP approach offers the lowest adoption friction. If you have a heterogeneous architecture or high flexibility requirements, IBM's framework approach is more suitable. The two are not mutually exclusive.
Are the 200+ SAP agents all governed in the same way?
No. SAP defines governance policies at the platform level, but each industry agent has domain-specific guardrails. A procurement agent does not have the same constraints as an HR agent, even if they share the same governance foundation.
What is the impact on agent development teams?
Agent development becomes more constrained but also faster. Less time spent building in-house guardrails, more time spent on business logic. The trade-off is a stronger lock-in to the chosen ecosystem.
Does integrated governance mean lower performance?
There is an inevitable compute overhead. But Google explicitly announced massive compute scaling for SAPPHIRE 2026, indicating that the performance of governed agents is an engineering priority, not an accepted trade-off.
✅ Conclusion
SAP SAPPHIRE 2026 marks the moment when agentic governance became a product, not a project. Google and SAP have shown that governance can be invisible to the user, native for the developer, and robust for the compliance officer. IBM laid the philosophical foundations a week earlier. The common message is unequivocal: the era of enterprise AI agents without runtime governance is over. Organizations that do not yet have an agentic governance strategy have a clear frame of reference to get started.