Abstract
Agent Control Protocol (ACP) is a formal technical specification for governance of autonomous agents in B2B institutional environments. ACP acts as an admission control layer between agent intent and system state mutation: before execution, every agent action must pass a cryptographic admission check that validates identity, capability scope, delegation chain, and policy compliance. ACP defines mechanisms for cryptographic identity, capability-based authorization, deterministic risk evaluation, verifiable chained delegation, transitive revocation, and immutable auditing, enabling autonomous agents to operate under explicit institutional control. ACP operates as an additional layer on top of RBAC and Zero Trust, without replacing them. It addresses a gap these models do not solve: governing what autonomous agents can do, under what conditions, with what limits, and with full traceability for external auditing, including across organizational boundaries. The specification includes a multi-organization interoperability model in which independently governed systems validate cross-organizational execution requests through a shared verification pipeline. Divergence between policy evaluations is detected and reported, but not resolved by the protocol, preserving institutional sovereignty. All cryptographic operations use Ed25519 with JCS canonicalization. The specification is language-agnostic, with a reference implementation in Go.