OLRF
Part 2 The Architecture

Chapter 11

Agent Coordination — Multi-Agent Legal Processes and the Preservation of Accountability

Last updated: 2026-04-10 Open for review

“The problem is not building systems that work. The problem is building systems that remain answerable --- to us, and to the values we hold --- no matter how complex they become.” --- Mustafa Suleyman, The Coming Wave, Crown 2023

From Single Agent to Agent Networks: The Coordination Problem

The preceding chapters described how a single AI agent accesses the OLRF normative layer through the interface described in Chapter 8: querying norms, assembling facts, submitting them for evaluation, and receiving a signed Decision Package. That architecture is complete and sufficient for a significant class of administrative processes. It works well where a single specialised agent operates in sequence, draws on a defined set of data sources, evaluates against a single norm, and produces a single outcome.

Real administrative processes are rarely this simple. A complex social welfare determination may require facts drawn from a dozen registers across three authorities, verification of identity through the EUDI Wallet infrastructure, cross-border norm evaluation under both national and EU law, calculation of interdependent benefit amounts under multiple Decision Trees, and the assembly of a final determination that synthesises all of these partial outcomes into a legally coherent result. Each of these steps may require a different specialised agent, operating on different data, with different authorisations, and subject to different regulatory constraints.

A business licensing procedure illustrates the problem from a different angle. It may require sequential verification steps in which each step’s output is a precondition for the next. Different agents are responsible for different regulatory domains. The overall process is subject to a legally prescribed sequence and timeline that must be enforced across the entire chain. If one agent fails or produces an invalid intermediate result, the consequences propagate forward through every subsequent step.

These are not edge cases. They are the normal structure of complex administrative action in a modern regulatory state. They introduce a coordination problem that the single-agent interface alone cannot solve: how do multiple AI agents, operating with different specialisations and different authorities, collaborate to complete a multi-step legal process while preserving the accountability, auditability, and constitutional integrity of each individual step and of the process as a whole?

The problem has three dimensions. First, task delegation: which agent is responsible for which part of the process, and how does the delegating agent verify that the receiving agent is authorised and capable? Second, state management: how is the intermediate state of a multi-step process maintained, passed between agents, and protected against inconsistency or loss? Third, accountability preservation: how does the final Decision Package trace every fact, every evaluation, and every discretionary judgment back to the specific agent (or human official) that produced it, even when the process involved a dozen agents operating in parallel across multiple jurisdictions?

The OLRF draft does not prescribe a single coordination protocol. It defines the constitutional requirements that any coordination mechanism must satisfy, and it identifies the emerging industry standard for multi-agent communication as the reference implementation for meeting those requirements.1 That standard provides the protocol-level foundation for addressing all three dimensions: how AI agents discover each other’s capabilities, delegate tasks between themselves, communicate results, and manage the state of multi-step workflows in a structured, interoperable, and auditable manner.

For the OLRF, agent coordination is not merely a convenience. It is the architectural instrument through which the separation principle (Chapter 3: The Principle of Separation --- Why AI Must Not Decide the Law) is preserved and enforced across the full complexity of multi-agent legal processes. In a single-agent scenario, the interface layer alone guarantees that the agent cannot cross the constitutional boundary. In a multi-agent scenario, the risk that this boundary is eroded through uncoordinated agent behaviour is substantially greater. An agent that receives an intermediate result from another agent may not know whether that result was produced through legitimate evaluation or through the upstream agent’s own probabilistic reasoning. The coordination protocol, integrated with the OLRF’s cryptographic signing and provenance model, makes this distinction verifiable at every handoff point in the chain.

How the Three Models Shape Agent Coordination

The coordination problem takes a different form in each of the three models. The constitutional requirements are constant. The coordination architecture adapts to the variable role of the Decision Tree and of the Legal Agent.

In Model A, agent coordination is strictly procedural. Multiple agents collaborate to assemble facts and submit them for deterministic evaluation. No agent in the chain performs normative reasoning. Every agent operates as a specialised fact-finder: one retrieves identity data, another extracts document content, a third queries a tax register, a fourth validates the assembled fact set against the DataPoint Schema. The orchestrating agent assembles the results and submits them to the evaluation engine. The coordination protocol enforces a clean separation: every intermediate result is a factual contribution, and the only normative step in the entire chain is the deterministic evaluation performed by the server-side engine. The coordination problem in Model A is therefore a problem of factual integrity and procedural sequencing, not of normative authority.

In Model B, agent coordination acquires a normative dimension. A Legal Agent may subsume facts under legal concepts before submitting them for validation against the Decision Tree. In a multi-agent workflow, this means that the orchestrating agent must distinguish between agents that contribute facts (Model A behaviour) and agents that contribute normative subsumptions (Model B behaviour). The distinction matters because the validation requirements differ. A factual contribution is verified against the DataPoint Schema. A normative subsumption is verified against the Decision Tree’s validation framework, and any deviation from the tree’s expected path is classified and documented according to the deviation taxonomy described in Chapter 5. The coordination protocol must therefore carry metadata that identifies, for each intermediate result, whether it constitutes a factual input or a normative subsumption, so that the receiving agent can apply the appropriate verification standard.2

In Model C, agent coordination becomes the primary accountability mechanism. Autonomous Legal Agents reason directly from statutory text. They do not submit their reasoning for real-time validation against a Decision Tree. Instead, the Decision Tree functions as an audit protocol against which the agent’s output is assessed retrospectively. In a multi-agent workflow under Model C, the orchestrating agent assembles outputs from multiple autonomous agents, each of which has produced its own normative reasoning. The coordination protocol must preserve the complete reasoning chain of each contributing agent, so that the retrospective audit can assess each contribution independently. The composite audit trail described later in this chapter is not merely useful under Model C. It is the only mechanism through which accountability is maintained at all. Without it, the diffusion of autonomous reasoning across multiple agents would make retrospective assessment practically impossible.

The coordination protocol’s requirements therefore escalate across the three models. In Model A: attribution and sequencing. In Model B: attribution, sequencing, and classification of normative contributions. In Model C: attribution, sequencing, full reasoning preservation, and retrospective audit support. The protocol infrastructure is the same. The metadata it carries and the verification it enables grow in proportion to the constitutional risk.

The reference coordination protocol establishes a peer-to-peer communication model between AI agents3. Each agent publishes a formally specified capability declaration (an Agent Card) that describes what tasks it can perform, what inputs it requires, what outputs it produces, and what credentials it holds. When an orchestrating agent needs to delegate a task, it queries the available Agent Cards, identifies the agent whose capabilities match the task requirements, and initiates a structured task delegation through the protocol. The delegating agent tracks the task’s status, receives the result when the delegated agent completes it, and incorporates that result into its own processing. All of this happens through a formally specified message format that is typed, logged, and attributable.

The protocol supports both synchronous and asynchronous task execution, streaming of partial results for long-running tasks, and structured error handling that distinguishes between technical failures and substantive outcomes requiring escalation or human review. It maintains a persistent task state across the lifetime of a multi-step process. This ensures that each step’s completion is formally recorded before the next step begins, and that the overall process state is reconstructable at any point, including after interruptions, failures, or disputes.

For the OLRF architecture, three aspects of the protocol design carry particular legal significance. They correspond directly to the three dimensions of the coordination problem.

Task attribution

addresses the delegation dimension. Every task in a multi-agent workflow is formally attributed to the agent that performed it, through cryptographic credentials that establish the agent’s identity, its authorisation for the specific task, and the moment at which it acted. In a multi-agent legal process, this means that every partial outcome (every register query, every fact extraction, every norm evaluation request) is attributed to a specific agent with a specific authorisation. The result is a complete chain of attribution from the initial trigger of the process to the final Decision Package. This chain is the multi-agent equivalent of the audit trail that the single-agent interface maintains: a permanent, cryptographically verifiable record of who did what, when, and under what authority.

Task attribution also connects to the agent certification system (Chapter 10). When an orchestrating agent delegates a task through the coordination protocol, it verifies not only that the receiving agent holds valid credentials, but also its current certification status for the specific normative domain and model. An agent certified for Model B subsumtion under German income tax law cannot be delegated a Model C asylum law task, regardless of its technical capabilities. The delegation check is the multi-agent equivalent of Control 5 in the single-agent interface: it ensures that every agent in the chain is qualified for the specific normative function it performs. A delegation that fails the certification check is rejected before the task begins, the rejection is documented in the workflow record, and the orchestrating agent must either identify a differently certified agent or escalate the task for human assignment. The composite audit trail therefore records not only which agent performed which task, but also which certification each agent held at the moment of performance. A court reviewing the composite trail can verify, for every step in the chain, that the acting agent was qualified for that step.4

Result immutability

addresses the state management dimension. Once an agent in a workflow has produced a result and transmitted it to the orchestrating agent, that result is cryptographically bound. It cannot be modified in transit. The receiving agent can verify its integrity before incorporating it into subsequent processing. This ensures that the factual record assembled across multiple agents is as tamper-evident as the factual record assembled by a single agent. No intermediate agent can alter the outputs of another. The final Decision Package reflects, verifiably, the actual results of each step in the chain.

Result immutability is particularly important for cross-jurisdictional processes, where partial results may traverse network boundaries between different Registry instances. A fact established by a French register query agent and transmitted to a German orchestrating agent must arrive with its integrity intact and its provenance verifiable. The cryptographic binding that the coordination protocol provides at the transport level, combined with the OLRF’s signing model at the normative level, creates a double layer of integrity protection that holds across jurisdictional boundaries.

Structured escalation

addresses the accountability preservation dimension. The protocol provides a formally specified mechanism for an agent to signal that it cannot complete a task autonomously and that human intervention is required. This escalation mechanism is architecturally essential for the OLRF’s Discretion Point model (Chapter 9). When an evaluation encounters a Discretion Point (a node at which the Decision Tree requires human judgment rather than a deterministic outcome) the escalation pathway is the channel through which the process is formally suspended, the responsible human official is notified, and the workflow is placed in a documented waiting state until the discretionary judgment is provided.

Escalation is not a failure mode in the OLRF architecture. It is a constitutionally required outcome at specific, formally identified points in the process. The coordination protocol provides the infrastructure to make it happen reliably, visibly, and with complete accountability. The escalation record documents precisely when the process was suspended, which Discretion Point triggered the suspension, which official was notified, and how long the process remained in the waiting state before the discretionary judgment was provided. This record becomes part of the composite audit trail and is available to courts and auditors reviewing the decision.

Under Model B, escalation acquires an additional trigger. The validation framework may identify a deviation that exceeds the permissible range, requiring the Legal Agent’s reasoning to be reviewed by a human official before the evaluation can continue. This is not a Discretion Point in the classical sense. It is a validation-triggered pause, architecturally equivalent in its coordination requirements but distinct in its legal character: the pause results not from a normatively specified point of human judgment, but from an architectural safeguard that prevents unchecked normative reasoning.5

The three properties taken together (attribution, immutability, escalation) ensure that the constitutional guarantees established at the single-agent level extend, without degradation, to the full complexity of multi-agent legal processes. The separation principle is preserved not because the agents are trusted to respect it, but because the protocol infrastructure makes violation structurally detectable at every handoff point in the chain.

The combination of the interface layer and the coordination protocol enables a family of orchestration patterns for multi-agent legal workflows. Three patterns are particularly important. Each addresses a different type of procedural dependency. Each preserves the accountability properties that the OLRF requires in a different way.

Sequential pipeline orchestration

is the foundational pattern for processes in which each step must be completed before the next can begin, and in which the output of each step is the input for the next.

A complex benefit determination illustrates the pattern. An identity verification agent first establishes the applicant’s identity and residency through EUDI Wallet and population register queries. A document extraction agent then processes submitted documents to extract relevant facts. A register query agent retrieves the remaining required facts from social security, tax, and employment registers. A validation agent confirms that the assembled fact set meets the schema requirements of the applicable Decision Tree. Finally, an evaluation agent submits the validated facts for norm evaluation. Each step is delegated through the coordination protocol, with the output of each step formally attributed and cryptographically bound before the next step begins.

The sequential pipeline preserves a property of legal accountability that is easily lost in multi-agent systems: the ability to reconstruct, for any step in the process, exactly what information was available at the moment that step was taken. Because each step’s output is formally recorded and immutably bound before the next step begins, the state of the process at every moment is permanently reconstructable, even years later in the context of a legal challenge or audit. This property is not merely useful for oversight. In many administrative law systems, it is a legal requirement: the lawfulness of a procedural step is assessed on the basis of the information available at the time it was taken, not on the basis of information that became available later.6

Parallel fact assembly

is the pattern for processes in which multiple independent fact-gathering tasks can proceed simultaneously, with results assembled into a unified fact set once all are complete. Where the sequential pipeline is appropriate for processes with strict procedural dependencies, parallel fact assembly is appropriate for processes in which multiple independent facts are required and can be gathered concurrently without affecting each other’s validity.

A cross-border business registration illustrates this pattern. It might involve simultaneous queries to tax registers, company registers, and regulatory authority databases across multiple jurisdictions, with the results assembled into a single fact set once all queries have returned. Parallel execution reduces overall process latency significantly, while the coordination protocol’s result tracking and assembly mechanisms ensure that no fact is used in the final evaluation until all required facts have been gathered and validated.

Parallel fact assembly introduces a specific accountability requirement that the OLRF architecture addresses explicitly: temporal consistency. When facts are gathered in parallel from multiple sources, the temporal relationship between them matters legally. A fact established at 09:00 and a fact established at 11:00 reflect the state of two different registers at two different moments. If the applicable norm requires that all facts be current as of a single reference moment, the temporal dispersion of parallel fact assembly is a potential source of legal invalidity.

The OLRF draft addresses this through the valid_at parameter in the evaluate_norm interface call. The orchestrating agent specifies the reference moment for the evaluation, and the evaluation engine assesses each fact’s validity at that moment rather than at the moment of its collection. The workflow record provides the evidence that all facts were gathered within an acceptable temporal window relative to the reference moment. Where a fact was gathered too long before the reference moment to remain valid, the validation agent flags it for refreshed collection before evaluation proceeds.

Escalation and reintegration

is the pattern that handles the transition between automated processing and human judgment at Discretion Points. It is the most architecturally significant of the three patterns, because it is the point at which the separation principle is tested most directly in a multi-agent context.

When the evaluation agent receives a Decision Package in which one or more Discretion Points are flagged as requiring human judgment, it cannot proceed to a final determination. Instead, it initiates an escalation to a human interface agent. The human interface agent notifies the responsible official, provides the partial Decision Package with full context (including, where applicable, the AI-Assistance-Package described in Chapter 9), and places the workflow in a formally documented waiting state. The official reviews the partial outcome, exercises the required judgment, and records their determination together with the reasons for it. The human interface agent then reintegrates the discretionary determination into the workflow, and the evaluation agent resumes processing with the discretionary judgment formally incorporated as a fact of record.

The final Decision Package reflects both the deterministic outcomes of the automated evaluation and the documented human judgment at the Discretion Point. Each is attributable to its proper source. Each is verifiable independently. Neither substitutes for the other.

This pattern is the technical realisation of the constitutional principle established in Chapter 3: that automation and human judgment are not alternatives but complements, each assigned to the domain for which it is constitutionally appropriate. The orchestration architecture does not merely permit human judgment at Discretion Points. It enforces it. A workflow that attempts to skip the escalation and reintegration step for a flagged Discretion Point cannot produce a valid, signed Decision Package, because the evaluation engine will not sign a package in which a Discretion Point is flagged but unresolved. The architectural guarantee of Chapter 8 extends, through the coordination layer, to the full complexity of multi-agent processes.

Pattern selection and combination.

The three patterns are not mutually exclusive. A real administrative process will typically combine all three. A complex social welfare determination might begin with parallel fact assembly (gathering income, residency, and employment data concurrently), proceed through a sequential pipeline (validation, then evaluation), encounter a Discretion Point that triggers escalation and reintegration, and then continue through a further sequential pipeline (calculating the benefit amount based on the discretionary determination). The workflow record captures this entire composite structure as a single, coherent, cryptographically linked process record. The orchestrating agent does not need to know in advance which pattern will apply at which stage. The workflow adapts to the structure of the Decision Tree it encounters, escalating where the tree requires human judgment, parallelising where the tree permits concurrent fact-gathering, and sequencing where procedural dependencies demand it.

Cross-Jurisdictional Orchestration: Norms, Agents, and Federated Authority

The coordination protocol’s interoperability design (any conformant agent can communicate with any other, regardless of who built them or where they operate) makes it the natural infrastructure for cross-jurisdictional legal processes. These are processes that require norm evaluation under the laws of multiple jurisdictions, fact-gathering from registers across national boundaries, and the assembly of outcomes that reflect the applicable law of each jurisdiction involved. They are routine in the European administrative landscape: social security coordination, cross-border tax compliance, mutual recognition of professional qualifications, and intra-EU regulatory proceedings all require this kind of multi-jurisdictional processing.7

Cross-jurisdictional orchestration introduces a coordination challenge that domestic orchestration does not face. The applicable law for different elements of the same process may come from different Registry instances, in different jurisdictions, under different governance frameworks, with different signing authorities and different temporal validity rules. An EU social security coordination process, for example, might require evaluation under both the German Social Code and the French Social Insurance Code, with facts drawn from registers in both countries and a final determination that reflects the applicable coordination regulation. Each of these normative elements is published in its respective national Registry, signed by its respective national authority, and governed by its respective national legal framework.

The OLRF’s response to this challenge rests on three rules.

1: each norm is evaluated in its own jurisdiction. An agent authorised in the jurisdiction of a given norm evaluates that norm using the interface of that jurisdiction’s Registry instance. It produces a partial Decision Package attributed to that jurisdiction’s authority. A German norm is evaluated by an agent with German authorisation, against the German Registry, producing a partial package signed by the German evaluation service. A French norm is evaluated correspondingly. Neither jurisdiction’s evaluation engine processes the other jurisdiction’s norms. This preserves normative sovereignty at the technical level: each state’s law is evaluated by that state’s infrastructure, under that state’s governance, with that state’s cryptographic signature.

2: partial packages are assembled, not merged. The orchestrating agent assembles the partial Decision Packages into a composite record. It does not merge them into a single undifferentiated output. The composite record preserves the jurisdictional attribution of each partial outcome. A court reviewing the final determination can identify, for each element, which jurisdiction’s law produced it, which Registry version was in force, and which authority’s signature authenticates it. The composite structure ensures that each partial outcome remains independently challengeable under the law of the jurisdiction that produced it.

3: conflict resolution follows law, not architecture. Where the partial outcomes from different jurisdictions produce different or conflicting results for the same facts, the orchestrating agent does not resolve the conflict. Norm conflict resolution is a question of private international law, of bilateral and multilateral treaty arrangements, and ultimately of the courts. What the OLRF provides is the infrastructure for making conflicts explicit. Where the applicable conflict-of-laws rule is itself specified as a Decision Tree (as is the case for EU social security coordination under Regulation (EC) No 883/2004), the orchestrating agent submits the composite fact set to the relevant cross-jurisdictional norm evaluation. Where the conflict-of-laws rule is not formalised as a Decision Tree, the conflict is documented in the composite record and escalated for human resolution. In either case, the architecture does not decide which law prevails. It ensures that both laws are visible, that the conflict is documented, and that the resolution (whether automated or human) is traceable.8

The result is a multi-jurisdictional Decision Package that is internally structured as a set of jurisdictionally attributed partial outcomes, assembled into a composite determination by a formally specified coordination rule. This architecture preserves, in the cross-border context, the same accountability properties that characterise domestic multi-agent processing.

Accountability Across the Agent Chain: The Composite Audit Trail

The use of multi-agent workflows in processes that carry legal consequences creates risk through the diffusion of accountability. In a single-agent process, accountability is concentrated. A single system acted, under a single authorisation, and produced a single outcome. In a multi-agent process, the action that produced the outcome is distributed across multiple agents, multiple authorisations, and multiple steps. The risk is that accountability for the overall outcome simply gets lost, because each agent was responsible only for its own step, and no single agent is responsible for the chain as a whole.9

This is the multi-agent version of a problem that administrative law has addressed for decades: the diffusion of responsibility across organisational units within a single authority, where each unit contributes to a decision but none is formally accountable for the result. Multi-agent AI workflows replicate this problem at machine speed and across organisational boundaries, making it both more acute and harder to detect through conventional oversight10.

The OLRF draft addresses this risk through the composite audit trail: a structured assembly of the individual audit records produced by each agent in the workflow, cryptographically linked to form a complete, verifiable account of the entire process from initiation to final Decision Package. The composite audit trail is not a concatenation of individual logs. It is a formally structured record in which each step’s output is linked to the next step’s input through cryptographic hashes. This ensures that the trail is tamper-evident as a whole, not merely in its individual elements. Any modification to any step in the chain breaks the hash links of all subsequent steps, making the modification immediately detectable.

The composite audit trail serves three distinct functions.

Judicial review

For courts reviewing a challenge to a complex multi-agent decision, the composite audit trail provides complete visibility of every agent that acted, every fact it established, every norm it queried, every escalation it triggered, and every judgment that was exercised. The diffusion of action across multiple agents does not produce a diffusion of accountability. It produces a richer, more granular accountability record, in which each element of the overall determination is attributable to a specific actor with a specific authorisation and can be challenged or defended on its own terms. A citizen challenging a benefit determination does not need to understand the internal coordination of the agent network. They can identify, from the composite audit trail, the specific step that produced the outcome they dispute, and direct their challenge at that step and its legal basis.

Systemic audit

For auditors examining a series of complex decisions made over an extended period, the composite audit trail enables a form of review that goes beyond individual cases. Through the trails of many cases, auditors can observe the pattern of agent behaviour across the population: which agents consistently triggered escalations, which fact sources were consistently unavailable, which norm evaluations consistently produced unexpected results, which Discretion Points were consistently resolved in a particular direction. This systemic visibility is the infrastructure for continuous, evidence-based oversight of automated administration. It enables auditors to identify structural problems (a misconfigured agent, an unreliable register interface, a systematically misapplied norm) that would be invisible in any individual case but become apparent across a large number of cases.

Temporal reconstruction

The composite audit trail preserves the ability to reconstruct the exact state of a multi-agent process at any historical moment. Because every step is timestamped, every intermediate result is cryptographically bound, and every Registry version used in the evaluation is recorded, an audit conducted five years after a series of decisions can reconstruct exactly which agents were involved, which versions of which Decision Trees were in force, what facts were available at each step, and how each Discretion Point was resolved. This temporal precision is equivalent, in governance terms, to a court’s access to the Official Gazette: every decision can be located in its exact normative and procedural context.11

Relationship to the single-agent Decision Package

The composite audit trail serves, for multi-agent legal processes, the same function that the Decision Package serves for single-norm evaluations. The two are not separate systems. They are nested: each single-agent interaction within a multi-agent workflow produces its own Decision Package (or equivalent audit record), and the composite audit trail assembles these individual records into a coherent whole. The Decision Package is the unit of accountability for a single evaluation. The composite audit trail is the unit of accountability for the process that produced the evaluation. Together, they ensure that accountability in automated administration scales with complexity rather than dissolving into it.

The Complete Interface Architecture

The interface layer (Chapter 8: The Interface Layer --- How AI Systems Access the Normative Infrastructure) and the coordination layer together constitute the complete interface architecture of the OLRF’s Agent Layer. They are complementary rather than competing. The interface layer governs the relationship between AI agents and the normative infrastructure: how agents access the law. The coordination layer governs the relationships between AI agents themselves: how they cooperate to serve the law. Neither is sufficient without the other for the full complexity of real administrative processes.

The division of responsibility between the two mirrors the division of labour that the OLRF establishes between its architectural layers. The interface layer enforces the constitutional boundary between probabilistic AI reasoning and deterministic legal evaluation. The coordination layer ensures that this boundary is preserved when multiple agents collaborate across organisational, technical, and jurisdictional boundaries. The interface layer provides the vertical guarantee (no agent can cross from fact-finding into norm evaluation without passing through the evaluation engine). The coordination layer provides the horizontal guarantee (no chain of agents can collectively achieve what each individually cannot).

The capability side of this architecture is genuine and substantial. Multi-agent workflows operating under this combined architecture can handle administrative processes of enormous complexity. They can assemble facts from dozens of sources across multiple jurisdictions, evaluate against multiple interdependent norms, manage the sequential and parallel dependencies of complex procedural requirements, and produce composite outcomes of legal quality with full accountability. They can do this at scale, at speed, and with a consistency that human administration alone cannot achieve.

The constraint side is equally genuine and equally substantial. No combination of agents, however sophisticated, however numerous, however well-coordinated, can produce a valid OLRF outcome through any pathway other than evaluation of a Registry-published Decision Tree via the authorised interface. No agent can modify the normative layer. No agent can skip a Discretion Point. No agent can produce a signed Decision Package without a genuine server-side evaluation. No agent can delegate a task to another agent without that delegation being formally recorded, attributed, and verifiable. And the composite audit trail ensures that every step of every process is permanently visible, permanently attributable, and permanently challengeable: not merely to the immediate parties, but to courts, auditors, and democratic oversight bodies exercising their constitutional functions in the years and decades after a determination was made.

The relationship between capability and constraint is not a trade-off. It is the architectural expression of a constitutional insight: that the legitimacy of automated governance depends not on limiting what AI systems can do, but on ensuring that what they do is governed by law, traceable to its legal basis, and subject to the same accountability mechanisms that apply to human administrative action. A system that is powerful but ungoverned is a risk. A system that is governed but incapable is irrelevant. The OLRF’s interface architecture is designed to be both powerful and governed, with the governance enforced by the architecture itself rather than by the good intentions of the systems that operate within it.12

Footnotes

  1. The reference coordination protocol is the Agent-to-Agent Protocol (A2A), published by Google in April 2025 and adopted across the AI industry as the emerging standard for multi-agent communication: Google, “Agent2Agent Protocol Specification”, 2025, https://developers.google.com/agent2agent. The OLRF does not require A2A specifically. It requires a coordination protocol that satisfies the attribution, immutability, and escalation requirements described in this chapter. At the time of writing, A2A is the only protocol that meets these requirements at the necessary level of maturity and industry adoption.

  2. The distinction between factual contributions and normative subsumptions in multi-agent workflows extends the doctrinal distinction between Tatsachenfeststellung (fact-finding) and Rechtsanwendung (legal application) that German administrative law has maintained since the nineteenth century. See: Maurer, H. and Waldhoff, C., Allgemeines Verwaltungsrecht, 20. Aufl., C. H. Beck 2020, §7 Rn. 1 ff. The novelty is not the distinction itself but the requirement that it be enforced at the protocol level across agent boundaries

  3. The architectural description in this section follows the A2A specification (Google 2025, op. cit.) but is formulated in protocol-neutral terms. The OLRF’s requirements are structural (attribution, immutability, escalation) and can in principle be satisfied by any protocol that provides these properties.

  4. The principle that delegation authority cannot exceed the delegator’s own authority is well established in administrative law. See: BVerwGE 18, 333 (337); Kopp, F. O. and Ramsauer, U., VwVfG, 24. Aufl., C. H. Beck 2023, §35 Rn. 45 ff. The capability attestation mechanism translates this principle into technical form: an agent cannot delegate a normative task to another agent unless both are attested for the required capability level.

  5. The validation-triggered pause under Model B is architecturally analogous to the Remonstrationsrecht (duty to object) recognised in German administrative law, under which a subordinate official who believes an instruction to be unlawful is obliged to raise the objection before executing it. See: §63 BBG (Bundesbeamtengesetz); BVerwGE 69, 208. The coordination protocol makes this duty architecturally enforceable: the validation framework, not the agent, determines when a deviation requires human review.

  6. The principle that the lawfulness of administrative action is assessed on the basis of the factual and legal situation at the time the action was taken (maßgeblicher Zeitpunkt) is established in BVerwGE 82, 260 (262 f.); see also Kopp/Schenke, VwGO, 29. Aufl., C. H. Beck 2023, §113 Rn. 31 ff. The sequential pipeline’s cryptographic binding of each step’s output before the next step begins creates a permanent, verifiable record of the information state at each moment of the process.

  7. For the complexity of cross-border administrative coordination in the European context: Fuchs, M. (Hrsg.), Europäisches Sozialrecht, 8. Aufl., Nomos 2022; Regulation (EC) No 883/2004 on the coordination of social security systems, OJ L 166/1.

  8. The principle that the architecture documents norm conflicts rather than resolving them reflects the established doctrine that conflict-of-laws questions are justiciable and cannot be prejudged by technical systems. See: Jayme, E., “Identité culturelle et intégration: Le droit international privé postmoderne”, Recueil des Cours, Vol. 251, 1995, pp. 9 ff.; Regulation (EC) No 593/2008 (Rome I); Regulation (EC) No 864/2007 (Rome II).

  9. The problem of accountability diffusion in multi-agent systems has been analysed in the computer ethics literature since the 1990s: Nissenbaum, H., “Accountability in a Computerized Society”, Science and Engineering Ethics, Vol. 2, No. 1, 1996, pp. 25 ff. For the administrative law dimension: Bovens, M., “Analysing and Assessing Accountability: A Conceptual Framework”, European Law Journal, Vol. 13, No. 4, 2007, pp. 447 ff. For the specific challenge of multi-agent AI accountability: Dafoe, A. et al., “Open Problems in Cooperative AI”, NeurIPS 2020; Rahwan, I. et al., “Machine Behaviour”, Nature, Vol. 568, 2019, pp. 477 ff.

  10. The diffusion of responsibility across organisational units in administrative decision-making is a well-documented structural problem in German administrative law. The doctrine of Zuständigkeitsordnung (competence allocation) is designed precisely to prevent it: every administrative act must be attributable to a specific authority with specific competence, and defects in competence render the act voidable or void (§44 Abs. 2 Nr. 3, §46 VwVfG). Yet the reality of modern administration, in which a single decision may involve contributions from a tax office, a social security agency, a population register, and a regulatory body, routinely strains this doctrine. The Bundesverwaltungsgericht has addressed this tension in a series of decisions establishing that where multiple authorities contribute to a single administrative outcome, each remains responsible for its own contribution, but the authority that issues the final act bears overall responsibility for the composite result (BVerwGE 72, 300 (303 f.); BVerwGE 98, 18 (24 f.)). In the European context, the problem is amplified by the composite administrative procedure (zusammengesetztes Verwaltungsverfahren), in which authorities from different Member States contribute to a single decision. The Court of Justice has confirmed that effective judicial protection requires traceability of each national contribution within the composite procedure (CJEU C-219/17, Berlusconi, 2018, paras. 44 ff.; see also: Hofmann, H. C. H., Rowe, G. C., and Türk, A. H., Administrative Law and Policy of the European Union, Oxford University Press 2011, pp. 399 ff., on composite procedures and the accountability gap they create). In the organisational theory literature, the problem is analysed under the heading of “many hands”: Thompson, D. F., “Moral Responsibility of Public Officials: The Problem of Many Hands”, American Political Science Review, Vol. 74, No. 4, 1980, pp. 905 ff., arguing that democratic accountability requires that responsibility for collective outcomes be distributable to individual contributors. The OLRF’s composite audit trail is the architectural translation of Thompson’s principle: it ensures that the “many hands” of a multi-agent workflow remain individually identifiable and individually accountable, even as the number of contributing agents and the speed of their interaction exceed anything that Thompson’s original analysis contemplated.

  11. The temporal reconstruction requirement is a digital equivalent of the Rückwirkungsverbot (prohibition of retroactive law) applied to administrative procedure: the state may not retrospectively alter the normative or factual basis of a completed determination. See: BVerfGE 13, 261 (Rn. 16 ff.); BVerfGE 72, 200 (242 ff.).

  12. The architectural enforcement of governance constraints (as opposed to reliance on voluntary compliance) follows the tradition of “Legal Protection by Design” described by Hildebrandt, M., “Legal Protection by Design: Objections and Refutations”, Legisprudence, Vol. 5, No. 2, 2011, pp. 223 ff.; and the broader argument of Lessig, L., Code: Version 2.0, Basic Books 2006, that technical architecture is a modality of regulation. See also: Reidenberg, J., “Lex Informatica: The Formulation of Information Policy Rules Through Technology”, Texas Law Review, Vol. 76, 1998, pp. 553 ff.