Agent Registration Step by Step
Walk through the seven-step wizard — identity, AI-assist, governance, multi-framework screening, handoff.
The agent registration wizard is the compliance officer's tool of choice. One page, seven sections that adapt to your plan — from 2 sections on Community (~30 seconds) to all 7 on Enterprise (~5-10 minutes).
Role separation — Registration captures governance data only. Technical integration (SDK / gateway wiring) is the developer's job, done from the Integration tab after registration. See Roles & Permissions.
Start the wizard
- Navigate to Agent Registry in the sidebar.
- Click New Agent (top right).
- The registration page opens — settings-style layout with explanations on the left and inputs on the right.
Alternatively: Pick a template from the gallery to start with sensible defaults (Customer Support, HR Screening, Code Assistant, etc.).
Section 1 — Identity & Templates (all plans)
| Field | Required | Description |
|---|---|---|
| Agent name | ✅ | Unique, human-readable name (max 64 chars). Shown in audit logs and compliance reports. |
| Description | ✅ | What does this agent do? What data does it process? Auditors read this verbatim. |
| Intended purpose | — | Free text — what the agent is intended to do. Drives the risk classification step. |
Templates: Picking a template auto-fills description, data-protection profile, and other defaults. You can tweak everything afterward.
Section 2 — AI-Assisted (Pro+)
The wizard includes an AI-assist step that fills in tedious governance fields based on the agent name and description.
- Click the ✨ sparkles button next to Description to generate a description from the agent name.
- Click ✨ AI-assist this section at the bottom of each section to pre-fill fields where the AI is confident — purpose statement, suggested risk level, suggested data-protection level.
The AI suggestions are assistance only — every field is editable, and nothing is saved until you click Register agent. The AI-assist endpoint is the same one that powers the NL Policy Builder.
Section 3 — Protection Profile / Data Protection
Community
Pick a protection profile from three cards:
| Profile | Description |
|---|---|
| Maximum protection | All checks on, Flare attestation recommended |
| Balanced | Standard checks, Flare optional |
| Lightweight | Basic checks only — internal-only agents |
Pro and above
Three data-protection levels replace the profile:
| Level | What happens | Recommended for |
|---|---|---|
| Maximum protection | All PII redacted before LLM; provider never sees real data | Code assistants, internal analytics |
| Pseudonymized | PII replaced with pseudonyms, restored in responses | Customer service, HR screening |
| Log only | PII passes through to LLM; all data flow recorded | Internal agents under DPA |
Project defaults — If your admin set a default data-protection level under Settings → Agent defaults, it is pre-selected. You can pick a more protective level; less protective options are locked.
Section 4 — Responsibility Chain (Business+)
Three accountable people per agent:
| Role | Required for | Description |
|---|---|---|
| Responsible person | HIGH risk | Accountable to authorities for the agent's behavior |
| Technical maintainer | Always | Maintains the agent technically; first contact for incidents |
| Approval authority | HIGH risk | Approves queued requests for this agent |
Dropdowns show every team member with editor or higher. For HIGH-risk agents, all three fields are mandatory.
Section 5 — Provider / Deployer Role (Business+, EU only)
The EU AI Act distinguishes providers (who develop / market the AI system) and deployers (who use it in their organization). Different obligations apply to each.
| Role | Examples | Key obligations |
|---|---|---|
| Provider | You built a custom agent on top of GPT-4 and use it internally | Art. 16 — risk management, technical documentation, post-market monitoring |
| Deployer | You use a third-party CRM with built-in AI features | Art. 26 — human oversight, transparency to affected persons, FRIA for HIGH-risk |
| Both | You build agents and also operate them | All of the above |
The wizard pre-selects Deployer for templates that use external APIs (OpenAI, Anthropic, Google), and Provider for templates that wrap your own models. Override as needed — your legal team should weigh in for HIGH-risk agents.
Section 6 — Risk Classification (Business+, EU only)
Pick the risk level from four cards:
| Level | Description | EU AI Act |
|---|---|---|
| Minimal | No regulatory risk | No special obligations |
| Limited | Transparency obligations | Art. 50 labeling |
| High | Strict compliance | Art. 6, Annex III, FRIA required |
| Unacceptable | Prohibited application | Art. 5 — registration blocked |
For HIGH: Pick one of the 8 Annex III domains (Biometrics, Critical Infrastructure, Education, Employment, Public Services, Law Enforcement, Migration, Justice). Human oversight is enabled automatically and cannot be disabled.
Section 7 — Compliance Screening (Enterprise, EU + multi-framework)
The screening section runs the agent against multiple regulatory frameworks. You answer a small set of yes/no questions per framework; the wizard surfaces which obligations are triggered.
EU AI Act Art. 5 (prohibited practices)
- Does the agent use social scoring or evaluate persons based on their social behavior?
- Does the agent use subliminal manipulation to influence decisions?
- Does the agent use real-time biometric identification in publicly accessible spaces?
- Does the agent use emotion recognition in workplaces or educational institutions?
Any Yes → registration blocked. The wizard surfaces the specific Art. 5 paragraph and recommends consulting Legal.
EU AI Act Art. 6 / Annex III (high-risk classification)
The wizard walks through the 8 Annex III domains and asks targeted yes/no questions per domain. A Yes in any domain auto-classifies the agent as HIGH risk (overriding Section 6 if necessary) and unlocks the FRIA workflow.
Colorado AI Act (US — when applicable)
Active when Provider/Deployer role indicates US operation. Five yes/no questions covering:
- Consumer-facing consequential decisions
- Personalized pricing or eligibility
- Algorithmic discrimination risk
- Impact-assessment requirements
A Yes triggers Colorado AI Act controls — algorithmic-impact-assessment workflow, disclosure obligations, and biennial bias audit reminders.
Singapore PDPA (APAC — when applicable)
Active when the deployment jurisdiction includes Singapore. Covers AI-specific PDPA obligations: explanation requirements, opt-out mechanisms, and DPO-attestation requirements.
Outcome
The screening result lands as a screening_result JSONB field on the agent record:
{
"eu_ai_act": { "risk_level": "HIGH", "annex_iii_domain": "employment", "fria_required": true },
"colorado_ai": { "applies": true, "biennial_audit_due": "2027-12-01" },
"pdpa_sg": { "applies": false }
}The compliance dashboard reads from this field to compute the readiness scores per framework.
Section 8 — Success & Developer Handoff
After successful registration:
- Agent API key — visible on the Integration tab with a
freshKeybanner on first registration. - Setup instructions — framework-specific integration guides (LangChain, CrewAI, OpenAI Agents, etc.).
- Test command — a copy-paste curl to confirm connectivity.
Open the agent detail and share the setup instructions URL with the developer.
Plan matrix
| Section | Community | Pro | Business | Enterprise |
|---|---|---|---|---|
| Identity & Templates | ✅ | ✅ | ✅ | ✅ |
| AI-Assist | — | ✅ | ✅ | ✅ |
| Protection Profile / Data Protection | ✅ | ✅ | ✅ | ✅ |
| Responsibility Chain | — | — | ✅ | ✅ |
| Provider / Deployer Role | — | — | ✅ | ✅ |
| Risk Classification | — | — | ✅ | ✅ |
| Compliance Screening | — | — | — | ✅ |
| Success & Handoff | ✅ | ✅ | ✅ | ✅ |
Three layers of defaults
The wizard pulls from three sources, lower beats higher:
- Project defaults — Admin configures once under Settings → Agent defaults.
- Template defaults — Template overrides project defaults for the fields the template owns.
- Per-agent adjustment — User overrides the rest.
The fifth agent should only need a name and description — everything else comes from defaults.
Imported agents (Cross-Platform)
Agents imported via Cross-Platform Import (Azure AI Foundry or Google Vertex AI) arrive with identity fields pre-filled (name, model, tools, instructions). The governance sections still need to be completed — open the agent detail and run the wizard from there.