Governance

Governance describes the structures through which an organisation constrains, authorises, controls and remains accountable for how automated AI systems operate. In the context of AI and automated decision systems, governance is not the technology itself and not general policy statements about technology.

It is the presence of enforceable constraints: who has authority to permit or refuse system actions, what the system is authorised to do within a defined scope, how those actions are controlled during operation and what accountability exists for outcomes. These structures must produce evidence showing that actions were constrained at the point they occurred. Without demonstrable constraints on system behaviour, governance cannot be said to exist.

Decision Authority and Oversight

GO-01 - Scope Constraint

A scope constraint defines the boundary within which a system is authorised to act. Without a defined boundary there is no basis for assessing whether any action was authorised, no basis for oversight, and no reference point for audit. Scope is the starting point for every other governance constraint.

GO-02 - Authority Constraint

An authority constraint requires that a defined person or body has the power to approve, restrict or override system actions. A system that cannot be overridden by a named authority is a system no one controls. Identifying that authority is a precondition for every other constraint that follows.

GO-03 - Control Constraint

A control constraint requires mechanisms that actively enforce limits on system behaviour at the point of execution. Policy documents and stated intentions are not control constraints. A system that has a defined scope but no enforcement mechanism will operate outside that scope the moment conditions permit.

GO-04 - Accountability Constraint

An accountability constraint requires that each action taken by a system is attributable to a responsible role or individual. Without attribution, responsibility cannot be established. Accountability constraint converts collective involvement in a system's operation into individual responsibility for its actions.

GO-05 - Evidence Constraint

An evidence constraint requires that records exist showing what the system did and whether the other constraints were applied. Evidence is what separates governance from the claim of governance. Without it, compliance with the other four constraints can be asserted but not demonstrated.