Google built the protocol. We built the governance.

Google’s A2A protocol — backed by the Linux Foundation and 150+ organizations — defines how agents communicate. GaaS is the governance layer that lets you say “yes” to workflows you’d otherwise handle manually. When actions go through a GaaS pipeline, you can let your agents do more.

MCP gives agents tools. A2A gives agents colleagues. GaaS lets them do more.

The Membrane

Govern every action — or just the ones that matter.

GaaS is a policy enforcement point — a governance membrane. Intents flow in. The membrane evaluates each one against your policies. Approved actions flow out.

Every intent evaluated
7/7 pass through the membrane
Full membrane
Plan
Query
Analyze
Delegate
Execute
Validate
Report
GaaS
✓ pass
✓ pass
✓ pass
✓ pass
✓ pass
✓ pass
✓ pass
One checkpoint
1/7 evaluated — the rest fly blind
Selective
Plan
Query
Analyze
Delegate
Execute
Validate
Report
GaaS
no eval
no eval
no eval
✓ pass
no eval
no eval
no eval

Both are valid. GaaS is a membrane — semi-permeable, selective, always present. You decide what passes through.

The Governance Gap

A2A defines communication.
It doesn’t define trust.

What A2A provides
Agent Cards for capability discovery
Structured task lifecycle management
JSON-RPC 2.0 transport layer
Push notifications and streaming
Skill-based agent discovery
What GaaS adds
Policy evaluation on every interaction
Real-time risk scoring and thresholds
Tamper-proof audit trails
Human-in-the-loop escalation
Regulatory compliance (EU AI Act, PCI DSS, PSD2)

A2A is the language. GaaS is what lets operators say “yes” — because when actions go through a governance pipeline, you unlock workflows you’d never automate otherwise.

A2A + GaaS

The governance layer for the agent economy.

Enterprise
Compliance Audit Trails Trust Tiers HITL Escalation
GaaS
Policy Risk Scoring Verdicts Delegation Chains
A2A Protocol
Agent Cards Tasks JSON-RPC SSE
Agent Runtime
LLMs Tools Memory State
Governance Proxy
Every A2A message passes through a five-stage governance pipeline — intent, context, policy, deliberation, decision — before the target agent ever sees it.
Agent Trust Registry
A2A’s Agent Cards describe capabilities. GaaS adds dynamic trust scores based on interaction history, compliance posture, and governance track record.
Payment Governance
Agents executing financial transactions via A2A get spend-limit enforcement, PCI DSS and PSD2 compliance, and mandate validation before funds move.
Delegation Chains
A2A enables multi-agent delegation. GaaS audits every link — when Agent A delegates to B who delegates to C, the entire chain is cryptographically verified.
Cross-Org Federation
When A2A connects agents across organizations, GaaS negotiates governance requirements and verifies mutual compliance before the first message is exchanged.
Shadow Mode
Deploy governance on your A2A interactions without enforcement. See what would have been blocked, modified, or escalated — zero risk, full visibility.
governance-check
risk-assessment
audit-trail
escalation
deliberation
agent-trust
payment-governance
Google A2A Protocol  ·  Linux Foundation  ·  150+ Organizations
Why Now

Regulation is arriving faster than governance.

The EU AI Act (Article 14) mandates human oversight for high-risk AI systems. As A2A adoption accelerates multi-agent deployments, enterprises need a governance layer between protocol and production. GaaS provides the policy evaluation, audit trails, and human-in-the-loop escalation that regulators require — without slowing down the agents that A2A connects.
// FAQ

Frequently Asked Questions

Routine A2A-mediated governance decisions clear the GaaS pipeline in under 100ms. For agent-to-agent workflows — which involve network round-trips, model inference, and tool execution that dwarf that figure — governance latency is imperceptible. Only high-stakes actions that trigger deliberation take longer (under 5s for routine deliberation, under 10s for a full panel). You configure per-action risk thresholds to control which path each action takes.

Each agent carries its own trust tier (Observer, Apprentice, Journeyman, or Agent) as a verifiable credential. When Agent A delegates to Agent B via A2A, Agent B's intent declaration includes the full delegation chain. GaaS evaluates the entire chain at every hop — trust is not inherited, it is verified.

Each autonomous agent that can change state in the world (send a message, execute a transaction, modify a record) should be individually registered. Sub-agents or tools that only fetch and return information do not. Rule of thumb: if it can act, it governs; if it only reads or transforms, it does not.

Yes. GaaS integrates at the agent layer, not the protocol layer. Your agent declares intent to GaaS before executing the A2A-mediated action. The A2A message exchange is unchanged — no modifications to the protocol, agent card format, or inter-agent communication flow are required.

A2A connects your agents.
GaaS lets you automate more.

When governance is in place, you can say “yes” to workflows you’d otherwise handle yourself. Start with Shadow Mode — see exactly what GaaS would govern, zero enforcement, full visibility.

Start Free Shadow Mode Read the Docs
Coming soon