Governance / L2 detail
Controls
Linked Level 3 activities
Level 3
Automated validation and testing
Move from prompt tests to agent evaluations including tool-use, multi-step plans, trajectory correctness, and failure-mode behaviour
Open Level 3 detail
Level 3
Human-in-the-loop control points
Define where humans must approve/override autonomous actions (by action class and impact), not merely review generated content
Open Level 3 detail
Level 3
Audit logging and traceability
Expand logs from prompts/outputs to full action traces (inputs, tools, decisions, state, approvals) with consistent identifiers across systems
Open Level 3 detail
Level 3
Agentic control library and automated control selection
Expand the enterprise control library to include agent-specific controls (ring-fencing, tool governance, eval thresholds, monitoring) and automate control selection/application by risk tier and agent classification
Open Level 3 detail
Level 3
Enhanced agent observability requirements (incl drift triggers)
Extend observability to include autonomy patterns, tool selection, boundary hits, override rates, and drift triggers, not only model accuracy
Open Level 3 detail
Level 3
Fallback mechanisms
Govern and test degrade modes (stop, revert to human, limited autonomy), not just infrastructure failover
Open Level 3 detail