If you read Microsoft's April Copilot Studio update closely, there was a line in there that quietly changes the governance picture for a lot of organisations.
Agent-to-Agent communication, or A2A, is now generally available. So is multi-agent orchestration through Microsoft Fabric, the Microsoft 365 Agents SDK, and the open A2A protocol. Agents can now collaborate as peers across your environment, handing tasks to one another and sharing context as they go.
That is a useful capability. It also makes accountability harder to pin down.
What A2A actually does
Until now, most agents have behaved like specialists working in separate rooms. A Power Platform agent might handle a workflow. A Microsoft 365 agent might draft a response. A Fabric agent might query the data estate. Each one was useful on its own, but stitching them together usually meant custom integration work, brittle handoffs, and someone in the middle doing the orchestration manually.
A2A removes that middle layer. Agents can now call each other directly, pass context across, wait for a result, and act on what comes back. Microsoft describes it as agents operating "together as a coordinated system rather than in isolated silos."
That part is genuinely good news for productivity. The flip side is what happens when something goes wrong.
Where it gets complicated
When a single agent makes a recommendation, the audit story is reasonably simple. You can trace the prompt, the grounding data, the model response, and the action taken. Responsibility sits in one place.
When three agents collaborate on a decision, that picture starts to fragment.
Here is a practical example. An onboarding agent in Copilot Studio receives a new client referral. It hands off to a Fabric agent to check eligibility against historical data. That agent passes its assessment back, and the onboarding agent then asks a Microsoft 365 agent to draft a tailored response. The response goes out. The client is denied service.
Six weeks later, the client lodges a complaint. The organisation needs to explain how the decision was made.
So who decided? The first agent that orchestrated the conversation, or the second agent whose eligibility assessment drove the outcome? Were the prompts and grounding data preserved across all three agents, or only the one that produced the final output? Did anyone consciously approve the chain, or did it just emerge from how the agents were configured?
These are not abstract concerns. Under the Privacy Act amendments coming into effect in December 2026, Australian organisations that use automated decision-making in ways that significantly affect individuals will need to be able to explain those decisions. There is no multi-agent exemption in the new transparency requirements.
What the standards expect
ISO/IEC 42001, the international AI management system standard, takes distributed accountability seriously. It expects organisations to identify the AI systems they operate, document their purpose, assess their risks, and maintain records that explain outcomes when challenged.
Microsoft's Responsible AI Standard takes a similar position. Accountability is the first of the six core principles, and it explicitly requires meaningful human oversight over AI-driven decisions.
Australia's eight AI Ethics Principles line up with both. The first is human, societal and environmental wellbeing. The fifth is transparency and explainability. The seventh is accountability.
None of these frameworks were drafted with multi-agent orchestration specifically in mind, but they all assume that when an AI system makes a consequential decision, an organisation can explain it. A2A makes that harder. Not impossible, but harder.
A few things worth thinking about
A few observations from the work I do.
The agents that need the most governance attention are not always the most visible ones. The orchestrator gets reviewed because it sits at the front. The agents it calls behind the scenes often do not, and yet they may be the ones making the substantive judgments.
Audit trail design needs to be a deliberate decision before agents go into production, not an afterthought when something goes wrong. Microsoft has shipped useful tooling here. The April update added agent status visibility in the authoring experience and clearer surfacing of each agent's security posture. Both helpful. Neither is a substitute for an organisation deciding what it actually needs to record.
The question of who can authorise an A2A chain in your environment is worth answering before, not after, your first complaint. If any maker can build an agent that calls any other agent, you are letting the agent ecosystem grow without controls.
Where this leaves us
Multi-agent systems are a real step forward. They are also the point at which AI governance stops being theoretical for most Australian organisations.
Aureus Govern was built to help organisations assess Copilot Studio agents against Australia's 8 AI Ethics Principles, ISO/IEC 42001, the Microsoft Responsible AI Standard, and the UK AI Regulation White Paper. With A2A now generally available and the December 2026 ADM transparency deadline approaching, the assessment work that felt premature six months ago is starting to look genuinely overdue.
Jan Davids | Principal Consultant | Aureus Solutions | Microsoft AI Cloud Partner | Adelaide, SA
References
Microsoft Copilot Studio Blog, New and improved: Multi-agent orchestration, connected experiences, and faster prompt iteration (1 April 2026). https://www.microsoft.com/en-us/microsoft-copilot/blog/copilot-studio/new-and-improved-multi-agent-orchestration-connected-experiences-and-faster-prompt-iteration/
Microsoft Copilot Studio Blog, New and improved: Agent governance, intelligent workflows, and connected app experiences (11 May 2026). https://www.microsoft.com/en-us/microsoft-copilot/blog/copilot-studio/new-and-improved-agent-governance-intelligent-workflows-and-connected-app-experiences/
Australian Government Department of Industry, Science and Resources, Australia's AI Ethics Principles. https://www.industry.gov.au/publications/australias-ai-ethics-principles
International Organization for Standardization, ISO/IEC 42001:2023 Information technology, Artificial intelligence, Management system. https://www.iso.org/standard/81230.html
Microsoft, Responsible AI Standard, v2. https://www.microsoft.com/en-us/ai/principles-and-approach
Office of the Australian Information Commissioner, Privacy and Other Legislation Amendment Act 2024, automated decision-making transparency requirements. https://www.oaic.gov.au/privacy/privacy-legislation/privacy-act-review-and-reform
