Skip to main content
Enterprise AI, decodedJune 2026
GroundingNodes
← Return to the archive

June 14, 2026Opinion

Build, Adopt, or Wait: The Six Graphs Behind an Agent-First Enterprise

Every enterprise deploying agents discovers that a model is only as reliable as the structured context it can reach, and that context lives in graphs. This piece reframes the question from whether you have a knowledge graph to which graphs you build, which you adopt, and which are not yet mature. It names the six graphs an agent-first enterprise needs and sorts them across three ownership tiers: shareable infrastructure, a shared standard with private content, and the irreducibly proprietary graphs that are the moat. It defines the regulatory graph as the most shareable and least built layer, the one that decides whether agents can be trusted in regulated work, and separates the shared law from the proprietary applicability. It closes with a sector read, a decision framework, and a leadership action list, including where deploying broad autonomy today means deploying past the edge of a stack that does not yet exist.

15 minKnowledge Graphs & OntologyGovernance Risk & TrustEnterprise Knowledge SystemsInteroperability & Standards

Every enterprise standing up agents reaches the same realisation: a language model is only as reliable as the structured context it can reach, and that context lives in graphs. The market has spent the past year naming those graphs. It has spent almost no time on the question that actually controls cost and competitive position: which of them you should build yourself, which you should adopt from shared infrastructure, and which are not yet mature enough to build anything on at all.

The strategic question is no longer "do we have a knowledge graph." It is "which of the six graphs an agent-first enterprise needs do we build, which do we adopt, and which do we wait for."

§ 02

The two questions that decide the stack

Two questions sit behind every graph an agent touches.

The first is reliability: what the agent needs in order to act correctly and accountably. It has three parts. Comprehension, does the agent understand the situation before it acts. Accountability, was it allowed to act, did it stay in bounds, and can you answer for what it did. Observability, can you see it operating and contain a fault once one appears.

The second question is the one the market skips, and it is where the budget and the moat are won: ownership, who should build each graph. The graphs an agent-first enterprise needs do not all belong to the enterprise. They fall into three tiers.

  • The shareable tier. The content is identical for every company in a market. Building it privately is duplication. It should be common infrastructure, adopted rather than authored.
  • The standard tier. A shared protocol carries the structure; your own data fills it. You adopt the standard and own the content.
  • The proprietary tier. This graph is your company. No one can sell it to you, and adopting someone else's is meaningless. It is the moat, and it has to be built.

    • Get the tier wrong and you spend a year building something you could have adopted, or you try to borrow the one asset that was meant to be your advantage. The rest of this piece sorts the six graphs across those tiers, then turns each into a build, adopt, or wait decision.

    § 03

    The six graphs in one view

    GraphWhat it carriesOwnership tierMaturity today
    Regulatory graphThe law itself, as structure an agent checks an action againstShareable utilityImmature; no shared version exists
    Semantic graphWhat entities mean and how they relateShareable base, proprietary extensionMature
    Governed entity graphWho and what is who, resolved across systems, and what is permitted on each right nowProprietaryPartially mature
    Context graphWhy past decisions were made: the precedentProprietaryEarly
    Authority graphWhat each actor may do, granted by whom, revocableShared standard, proprietary contentSingle-step mature, chained not
    Activity graphWhat every actor actually did, and what is moving nowShared standard, proprietary contentMature

    Two things feel like graphs but are queries over these, not separate stores. What you have promised outward is a view over the governed entity graph. What an action will touch before it fires is a traversal over the semantic graph. Build them as views, not as substrates.

    § 04

    The regulatory graph: the shareable layer the market has not built

    Of the six, one is both the most shareable and the least built, and it is the one that decides whether agents can be trusted in regulated work at all.

    For an agent to enforce a regulation rather than have its compliance reviewed afterwards, the regulation has to be machine-readable at the moment of action. The agent must be able to ask, before it acts, what the law permits, requires, and prohibits here. None of the other five graphs carry that. The entity graph knows your data flows. The authority graph knows what your agents may do. Neither knows what the EU AI Act actually says.

    The decisive property is that the text of a regulation is identical for every organisation under it. The same article binds a bank in Frankfurt and a retailer in Rotterdam. There is no reason for ten thousand enterprises to each parse it into a private graph. The rules are a commons. Only their mapping to your specific reality is yours, and that mapping is a join between the shared regulatory structure and your private entity and authority graphs.

    The law is shared. The applicability is proprietary. Adopt the rules; build only how they land on you.

    That single distinction resolves the build-versus-buy question for compliance, and it points at the clearest open category in the entire stack. The formal foundations exist and the public-sector "rules as code" movement has proven the approach, but no shared, enterprise-facing regulatory authority covers the regulations enterprises actually operate under in a form agents can enforce against. The category has no mature occupant. For an enterprise leader the implication is concrete: an agent told today to enforce compliance has nothing authoritative to check against, and is in practice enforcing one team's reading of a PDF.

    § 05

    What to build, what to adopt, what to wait on

    TierGraphsThe moveWhy
    Shareable utilityRegulatory; semantic baseAdopt where it exists; wait or build narrowly where it does notDuplicating shared infrastructure is waste, and the regulatory utility is not yet available
    Shared standardAuthority; activityAdopt the standard, own the contentThe protocols are emerging to mature; your chains and your events are yours
    ProprietaryGoverned entity; contextBuild, and start earlyNo one can sell you your reality, and the context graph only compounds with history

    The honest balance sheet by maturity:

  • Deploy on these today. The semantic graph: adopt your industry ontology and extend it. The activity graph: mature provenance and telemetry standards already exist, so give every agent a unique identity and record who did what from day one. Single-step authority: scoped, time-bound credentials work now for one level of delegation.
  • Adoptable with real effort. The governed entity graph: the discipline exists, but resolving the same customer across systems is hard, and consent today is a stored record rather than a live surface an agent checks before acting. The context graph: start capturing precedent now even though the payoff is later, because a late start cannot be recovered.
  • Not yet mature; do not build a broad rollout on them. The regulatory utility does not exist for the regulations you face. Chained authority, where an agent sub-delegates to another agent, is not yet governable by any standard. The context graph as a market category is months old, with claims ahead of substance.

    • § 06

    What this looks like in your sector

  • A bank putting agents into credit and trading decisions needs the regulatory and authority graphs most, and both are where maturity is thinnest. The honest move is narrow deployment inside rules a human still owns, not autonomous action against regulations no shared graph yet encodes.
  • An insurer automating claims lives or dies on the governed entity graph: the same claimant, policy, and incident resolved across systems, with consent and permission attached. This is buildable today and is the highest-leverage first investment.
  • A retailer running thousands of pricing, inventory, and service agents needs the activity graph first: the live view of what every agent is doing and the unbroken link from each action back to the agent that took it. It is mature, the cheapest thing to get right early, and the most expensive to retrofit.
  • A managed-services firm acting on clients' behalf needs the authority graph above all: a revocable, auditable chain of who delegated what to which agent. Single-step works now; the multi-client, multi-hop case is where it must stay supervised.

    • § 07

    The decision logic

  • Is the content identical across your industry, or yours alone? Identical means adopt; yours alone means build. Do not invert this, ever.
  • Where you must adopt but no mature option exists, regulatory above all, is the capability strategic enough to build ahead of the market, or should the agents that depend on it stay narrow until it matures?
  • Does every agent have a unique identity, with every action recorded against it, before anything ships? If not, stop here. Nothing downstream is accountable without it.
  • Are you capturing decision precedent now, while it is cheap? Or will you wish in two years that you had?
  • For each workflow you are about to automate, does the stack reach far enough to govern it? Where the mature graphs stop, either a human stays in the loop or you are deploying past the edge of your own infrastructure.
    • An agent-first enterprise needs six graphs, but it should build only the two that are its moat, adopt three it must never build twice, and refuse to deploy broad autonomy on the one the market has not yet built.

    § 08

    The leadership action list

  • Stand up the activity graph first. Unique agent identity and full action provenance, before a single agent reaches production. It is the anchor every other accountability claim hangs from, and it gets more expensive to retrofit every month you wait.
  • Adopt your industry ontology and extend it. Do not author meaning from scratch. It is the fastest reliability gain available.
  • Begin the governed entity graph now, prioritising resolution quality over coverage. It is your highest-leverage proprietary build.
  • Start capturing decision precedent immediately, even before you can exploit it. The context graph is the one asset competitors cannot copy and you cannot backfill.
  • Treat regulatory and chained-authority coverage as a frontier decision, not an assumption. Either build them deliberately as strategic infrastructure, or keep the agents that need them narrow and supervised.

    • The five wrong moves

  • Building privately what is shareable. Parsing a regulation into your own graph that ten thousand others are also parsing privately.
  • Borrowing what should be proprietary. Treating the context graph as something to license. It is the moat, by definition unbuyable.
  • Deploying before attribution exists. Shared service accounts across agents dissolve accountability at machine speed and are the costliest thing to unwind.
  • Mistaking a mature demo for a mature stack. The context-graph category and the regulatory utility are early. Betting broad autonomy on them is betting on infrastructure that is not there.
  • Deploying past the edge of the stack and calling the gap autonomy. Where the mature graphs stop, an ungoverned agent is not autonomous. It is unsupervised.

    • Deploy agents exactly as far as your mature graphs reach. Where they stop, build the next layer on purpose or keep a human in the loop, but never mistake the edge of your infrastructure for the frontier of what your agents can safely do.