Ajay Pundhir, senior AI leader & founder of AskAjay.ai. Believes AI should amplify human expertise, not replace it.

getty

​On March 30, California Governor Gavin Newsom signed Executive Order N-5-26, directing state agencies to develop new certification requirements for companies selling AI-enabled products to the state. The drafting just started. Agencies have until late July to submit recommendations; rule-making and RFP language follow through Q4. If you sell agentic AI or buy it from someone who does, your next procurement cycle is being rewritten right now, and most enterprises have not noticed.

The rules are not fully written yet. California's order directs agencies to recommend certifications over the next 120 days. The EU's Digital Omnibus proposal, moving through Parliament and Council this spring, could defer Article 6 high-risk obligations by a year or more. But procurement behavior is already running ahead of the regulatory timeline. RFPs in regulated verticals are being rewritten in anticipation. That is the signal enterprise sellers and buyers need to act on now.

For 18 months, almost every serious article about AI governance has been written for the buyer's internal program. Board questions, risk registers, red teams—that was the easy half. The harder half arrives in Q3 2026, when regulated buyers start demanding their vendors prove governance as a precondition of purchase. This is the inversion that is not yet priced in.

The EU AI Act's Article 6 obligations for high-risk systems were originally scheduled to go live on August 2, 2026. California holds the largest state procurement market in the country. Brussels runs the largest single-market regulatory regime in the world. Neither waited for the other. Both are shaping procurement behavior today.

Stanford's 2026 AI Index finds that 62% of organizations cite security and risk, not model capability, as the primary blocker to scaling agentic AI. Harvard Business Review Analytic Services found only 6% of companies fully trust AI agents to autonomously run core processes. Procurement is about to learn. Fast.

In most enterprises I advise, AI vendor conversations still resemble SaaS procurement circa 2018: feature matrix, security questionnaire, SOC 2 Type II, pricing. SIG, CAIQ, ISO/IEC 42001, and the NIST AI Risk Management Framework cover a great deal of the right territory. That is not the problem.

These instruments were built for software that sits still, which agentic systems do not. They take actions, write to systems of record and call other agents, all overnight, while your incident-response rotation is asleep. Existing AI questionnaires under-specify the agent-specific controls that now matter most: action authorization boundaries, tool-use audit trails, kill-switch latency.

A caveat on scope: The regulated verticals—public sector, Tier-1 financial services, healthcare and EU-operational firms—are where this conversation is being priced in today. Commercial mid-market follows the regulated segment by 12-18 months, as it did with SOC 2 and GDPR vendor clauses. If you sell into mid-market on capability, keep shipping capability. If you sell into or operate inside regulated buyers, the work below is revenue.

Here are the four questions I expect serious enterprise buyers to be asking their agentic AI vendors before September:

1. Can you produce your observability layer? Not a dashboard. The instrumentation, the thresholds that actually trigger something and the named human the alert wakes up. If a vendor cannot show you all three on one page, they do not have an observability layer. They have telemetry and hope.

2. Can you name the person who can stop your agent at 11 PM on a Friday? Not a role. A name. A phone. An on-call rotation. The kill-switch question is not whether one exists; every vendor will say, "Yes." The question is who executes it, how fast and whether that person is awake when your production is awake.

3. Can you show us your incident history? This means the times your agent was wrong, not the times it was right. A vendor that cannot produce near-miss logs either does not look or does not log. Both disqualify. The marketing deck and the incident postmortem should not exist in different realities.

4. What is your kill-switch latency, measured in minutes, not hours? "We can disable it" is not an answer. "We rolled back a production agent in under four minutes, three times last quarter" is an answer. Ask for the number. If there is no number, there is no drill.

These are not a checklist. They are a diagnostic. A vendor who answers them crisply is operating a real agentic governance function. A vendor who deflects is selling a product and outsourcing the risk to your procurement team.

The commercial story inside this is the one vendors should be paying the most attention to. In the regulated segment, trust is no longer a cost center. In 2026, it becomes a pricing position. Vendors who answer those four questions on the first call close faster and defend higher ACVs. The ones who cannot get disqualified, by a checklist, in a meeting they are not invited to.

I predict that certifications will become table stakes within a year. The moat is the operational evidence a certification cannot fake.

It's also worth naming what these rules are actually for: California's order and the EU AI Act exist to protect people. That is their first purpose. A consolidation risk is also real: Governance evidence is expensive to produce, and well-resourced labs can assemble compliance packages a Series-A startup cannot. All of us writing about this should be watching it.

For the buyer, the instruction is inverted, but the same. Stop treating agentic AI vendor selection like SaaS vendor selection. Rebuild your diligence around operational evidence, not marketing claims, logo slides or SOC 2 alone.

The question is no longer whether agentic governance is real work. The question is whether your next contract proves it.​

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?