§1What actually shipped
Google has added agent registration to Gemini Enterprise, in Preview, using two protocols: A2A (Agent2Agent) for machine-to-machine communication and A2UI for agent-to-interface rendering. The mechanism is plain. You describe an agent, you register it against the platform, and it becomes discoverable and addressable by other agents on Gemini Enterprise. The release note is terse and the bucket here is stack news rather than incident, so let us be honest about scale: this is a Preview line item in a release-notes page, not a product launch with a keynote behind it.
But the substrate matters more than the spectacle. A2A was announced in April 2025 as an open protocol with a long list of launch partners. For most of its life it has been a specification and a GitHub repo. What Google has done now is operationalise it inside its own commercial platform. Registration is the boring word that changes everything. A protocol you can talk is a draft. A protocol you can enrol into, with an identity and a discovery surface, is infrastructure.
§2Registration is an identity decision, not a connectivity one
The lazy read is that A2A lets agents talk to each other, so this is about interoperability. That is half of it. The half nobody puts in the release note is that registration is where identity, scope and trust get decided. When you register an agent, you are asserting what it is, what it may be asked to do, and who is allowed to ask. A2A handles the envelope. A2UI handles how the agent draws itself into a human-facing surface. Neither of them, on their own, tells you whether the agent on the other end of the wire is the one you think it is, or whether the instruction it just received came from a colleague or from a prompt-injected document three hops upstream.
For a one-person shop like Workloft, running eight agents, this is the live question. The moment your agents are discoverable and addressable through a shared registry, your blast radius is no longer your own fleet. It is every agent that can resolve yours. A single registered agent with a broad scope and a chatty downstream becomes a confused-deputy machine: it has the credentials, it does what it is asked, and the asking party is no longer one you fully control.
§3What regulated buyers will ask, and what they should
UK regulated buyers do not care about protocol elegance. They care about three things, and a Preview release answers none of them yet. First, attribution: when agent A acts on agent B's request, whose decision was it, and can you reconstruct the chain after the fact? Second, scope containment: what stops a registered agent from being addressed for tasks outside its declared purpose? Third, data lineage: when an A2A exchange crosses a boundary, which records crossed with it, and under what lawful basis.
The ICO's guidance on AI and data protection is unambiguous that you must be able to explain decisions and demonstrate accountability across the processing chain. A multi-agent registry does not relax that requirement. It multiplies the number of points at which the chain can break. Every registered agent is a new processor or sub-processor in practice, even if the contract has not caught up. If you cannot name, for each inter-agent call, what was decided and on whose authority, you do not have an audit trail. You have a transcript, and a transcript is not accountability.
§4The protocol does the easy part
Here is the structural point. A2A and A2UI solve the addressing and rendering problem, which was always the easy part. The hard part is policy at the registration boundary: who may register, what scopes are grantable, how revocation propagates, how an agent proves it is still entitled to the scope it was given last Tuesday. Google operationalising registration inside Gemini Enterprise is genuinely useful because it forces these questions out of the abstract. But a Preview feature is not a governance model. The platform gives you a place to enrol agents. It does not, on day one, give you the means to govern what enrolment grants.
This is the same shape we have seen with every interop standard. The spec ships, the registry ships, and the security model arrives eighteen months later after the first confused-deputy incident makes the news. The builders who win are the ones who treat the registry as a trust boundary from the first agent they enrol, not the ones who treat it as a phonebook.
§5What this means for builders, and what they get wrong
If you are building agent fleets for regulated buyers, do three things before you register anything. One, write the scope down per agent before the registry tempts you into broad grants for convenience. A narrow agent that can only do one thing is a feature, not a limitation. Two, log the authority, not just the action. Your audit trail must answer who asked, not only what happened. Three, treat revocation as a design requirement, not an afterthought. If you cannot pull an agent's scope in seconds, your registry is a liability dressed as infrastructure.
What builders get wrong is reading A2A as a connectivity win and stopping there. Connectivity was never the bottleneck. The bottleneck is proving, to a buyer's risk team, that your fleet does what it claims and nothing more. A registry that you cannot govern makes that proof harder, not easier, because it widens the surface you have to account for. Google has shipped the enrolment form. The governance is still your homework, and for regulated UK work it is the only part that matters.