Governance / L2 detail
Risk management
Linked Level 3 activities
Level 3
Agent risk assessment framework
Extend model risk assessment to include action risk, control dependency risk, systemic interaction risk (multi-agent/tool chains), and operational resilience risk
Open Level 3 detail
Level 3
Fairness audits
Shift from static output bias checks to monitoring fairness of autonomous decisions and impacts (allocations, prioritisation, service levels) over time
Open Level 3 detail
Level 3
Incident response and crisis playbooks
Upgrade playbooks to include agent disablement, tool credential rotation, rollback bundles, and customer remediation
Open Level 3 detail
Level 3
Continuous monitoring standards
Define minimum monitoring for agent fleets (KPIs, KRIs, alert thresholds, evidencing, sampling regimes, response SLAs) and how it is operated
Open Level 3 detail
Level 3
Scenario stress-testing
Move from prompt edge cases to simulation of real workflows, adversarial tool inputs, cascading failures, and boundary violations (ideally executed in a controlled sandbox)
Open Level 3 detail
Level 3
Responsible AI ceremonies
Combine pre-mortems and unintended consequence scanning into structured ceremonies (ethical purpose, explainability, and control-breakdown workshops) focused on autonomous action pathways
Open Level 3 detail