Continuous Operational Assurance for Enterprise AI. Pre-action assurance is the policy decision Reign makes before any agent or model action reaches a system of record. Reign answers the question at the moment of invocation, and the runtime evidence flows into the audit chain by construction.
“Should this agent take this action in this business context?”
“Did the process produce the intended outcome within acceptable risk?”
“Should this agent be allowed to take this action, given what the agent is approved to do, the business objective, the policy in force, the controls available, the risk that remains after those controls, and whether this agent is currently operating within tolerance?”
“Did the action produce the intended outcome, and was that outcome aligned with the business objective, controls, and risk tolerance?”
A credit decisioning agent inside a Tier 1 bank is asked to approve a small-business lending application. The agent has reasoned through the file, drafted a recommendation, and is about to write the approval into the bank’s system of record. This is the moment Reign intervenes.
Before the write lands, Reign evaluates the action against six inputs sourced from defined systems of record inside the runtime. The agent is operating inside a defined scope. Small-business lending, this product line, this geography, this set of tools and data sets. The objective bound to the session is “decision the application against current credit policy.” The policy in force is the versioned, signed credit policy pinned to the runtime, not whatever a model retrieved at inference time.
The controls available to the runtime are evaluated in line with the action. Identity of the calling principal, the data the agent accessed, the model and tool versions invoked, the approval threshold for this exposure size. The risk that remains after those controls is the continuously updated score, not a quarterly assessment. And whether the agent is currently operating within tolerance is the live read on the runtime. Are upstream controls reporting green. Has anything changed since the last good state. Is there an open incident affecting the relevant control plane.
Reign answers in milliseconds. The action proceeds with a signed runtime record, or it is held for human review with the context the reviewer needs to decide, or it is refused with the policy citation that justifies the refusal. The evidence is in the audit chain by the time anyone asks for it.
Representative example, not the only example. The same assurance pattern applies to procurement approvals, vendor onboarding, claims processing, IT change execution, security response, finance operations, and customer operations. The pattern is workflow-agnostic.
Enterprise AI is moving from suggestion to action. Models recommend. Agents act. The control problem changes shape the moment a system starts writing to production. The question every regulator, every risk officer, every operator wants answered is whether the next action was authorised under the policy that was in force at the time, given what the agent was allowed to do, the objective it was pursuing, the controls available to it, the risk that remained after those controls, and whether the agent was operating within tolerance when the action was attempted.
Reign answers that question at the runtime layer, on every action, with cryptographic evidence captured at the moment of decision. Pre-action assurance produces one of three outcomes for every evaluation, and every outcome generates a record at the moment it is produced.
The action proceeds with a signed runtime record. The record carries the identity of the agent, the calling principal, the model and tool versions invoked, the policy in force, the controls evaluated, the score for risk remaining after controls, and whether the agent was operating within tolerance at the time.
The action is queued for human review with the context the reviewer needs to decide. The agent's reasoning, the objective in play, the controls evaluated, and the level of risk remaining after controls that produced the hold. EU AI Act Article 14 is a first-class workflow.
The action is rejected with the policy citation that justifies the refusal. The refusal record is contemporaneous, signed, and sequenced into the audit chain alongside allow and hold records.
Every record is contemporaneous. It is not assembled later from logs. It carries the identity of the agent, the identity of the calling principal, the model and tool versions invoked, the policy in force, the controls evaluated, the score for risk remaining after controls, the read on whether the agent was operating within tolerance, and the cryptographic hash that links the record into the audit chain.
Holds are not failures. They are the design surface for human oversight. Reign exposes the hold queue with the context a reviewer needs to act. EU AI Act Article 14 is a first-class workflow, not a documentation exercise. Pre-action assurance is the policy decision point that converts an agent’s intent into a governed action, or refuses to.
Pre-action assurance is one of three faces of Continuous Operational Assurance for Enterprise AI. The other two are outcome validation, which answers the after-execution question, and residual risk, the live trust score Reign maintains across every agent, every model, and every workflow. The loop is closed. A pre-action decision feeds a runtime action, which feeds an outcome, which feeds residual risk, which feeds the next pre-action decision.
Should this agent be allowed to take this action. The policy decision Reign makes at the moment of invocation.
Did the action produce the intended outcome, aligned with the business objective, controls, and risk tolerance.
Read the pageThe live trust score Reign maintains across every agent, every model, and every workflow. The signal that feeds the next pre-action decision.
Read the pageThe deep technical reference for pre-action assurance is the Reign AI Gateway page, which documents the policy decision point, the runtime enforcement model, MCP-native tool governance, and the model routing surface that sits behind every allow or hold decision.
Four stages. Each one scopes and qualifies the next. Most enterprises start at Stage 1.