Introducing A2WF: The Missing Governance Layer for the Agentic Web

March 18, 2026 · wolf

The web is changing. Again.

In January 2026, Google launched Chrome Auto Browse — turning the world’s most popular browser into an autonomous AI agent. OpenAI’s ChatGPT Atlas can book appointments, compare prices, and fill forms. Perplexity’s Comet handles multi-step tasks across dozens of tabs simultaneously.

AI agents are no longer experimental. They are browsing the web, interacting with real businesses, and taking real actions.

And website operators have no control over any of it.

The Gap No One Is Filling

The AI industry has built impressive infrastructure for the agent side. Anthropic’s Model Context Protocol (MCP) — now governed by the Linux Foundation — defines how agents connect to tools. Google’s Agent-to-Agent Protocol (A2A) defines how agents coordinate with each other.

But there is a conspicuous absence: no standard exists that gives the website operator any say in the matter.

Today, a website owner’s options are exactly two:

Option A: Allow everything. AI agents can browse, scrape, book, purchase, extract, and reproduce anything on your site.

Option B: Block everything. Deploy aggressive CAPTCHAs, block all bot traffic, and hope for the best. This also blocks helpful AI assistants that could be sending you customers.

There is no Option C. No middle ground. No way to say: “Yes, you can browse my products. No, you cannot scrape my prices. Yes, you can start a booking, but a human must confirm it.”

Until now.

Introducing A2WF

Today, we are publishing the draft specification for the Agent-to-Web Framework (A2WF) — an open standard that gives website operators exactly this control.

The concept is simple. You create a file called siteai.json and place it on your web server. AI agents read this file — just like they read robots.txt — and learn what they are and aren’t permitted to do.

The file provides three permission categories:

• READ permissions — what information agents can access
• ACTION permissions — what agents can do (each can require human verification)
• DATA permissions — what sensitive information is protected

Beyond permissions, the policy declares scraping rules, agent identification requirements, and legal terms.

Why Now?

Three forces are converging:

1. The EU AI Act takes full effect in August 2026. Website operators will need machine-readable mechanisms for AI governance. siteai.json provides exactly that.
2. NIST has launched its AI Agent Standards Initiative and is seeking input on AI agent authorization frameworks. We have submitted A2WF as a formal comment.
3. The legal landscape is heating up. Amazon sued Perplexity over its AI agent’s behavior. Courts are increasingly scrutinizing how AI systems interact with websites. A clearly declared policy is the strongest defense.

New: A2WF at W3C

Update, March 2026: A2WF is now listed as a proposal on the W3C Community Groups page. That matters because the discussion is moving from a standalone draft into a broader standards conversation about how websites define permissions, policies, and interaction rules for AI agents.

If this direction resonates with you, please support the proposal at W3C and join the discussion with us on GitHub.

The Path Forward

A2WF v1.0 is a draft — intentionally minimal. A static JSON file that any web server can host. No APIs, no infrastructure, no programming required.

But it’s designed to grow. Future versions will support dynamic policy APIs, streaming protocols, and discovery registries.

We need your help. Review the specification. Deploy a siteai.json on your site. Tell us what’s missing. Support the W3C proposal. Join the conversation on GitHub Discussions.

The agentic web is being built right now. It’s time to build the governance layer.

Your website. Your rules. Even for AI agents.

• Read the specification
• See examples
• Support the W3C proposal
• Join GitHub Discussions
• Contribute on GitHub