Why uniform governance fails at scale
Most enterprises begin their AI governance programs with a single policy document meant to apply across every AI initiative: a checklist for approving a use case, a standard set of security requirements, a common review process before deployment. This works reasonably well when the organization has a handful of AI projects and can review each one individually. It breaks down as agent adoption scales, because a single policy applied uniformly cannot simultaneously be strict enough for a high-autonomy financial agent and light enough for a low-risk internal summarization tool.
Applying the same governance requirements to every agent regardless of its autonomy and access scope leads to two distinct problems. Over-restricting simple, low-risk agents slows delivery and creates pressure for teams to build unsanctioned agents outside official channels to get their work done. Under-restricting genuinely autonomous agents -- ones that can take real-world actions independently -- increases operational, security, and compliance risk in exactly the deployments where an incident would matter most.
The fix is not less governance or more governance uniformly applied. It is proportional governance, where the intensity of oversight scales with the autonomy and potential impact of each specific agent, reviewed and re-classified as that agent's capabilities change over time.
Defining autonomy tiers that drive decisions
A workable tiering model starts by asking two questions about each agent: how much can it do without a human in the loop, and how costly is it if that action turns out to be wrong. An agent that reads internal documents and answers employee questions sits at a low tier on both dimensions -- limited autonomy, limited downside. An agent that can independently issue payments, modify customer records, or send external communications sits at a high tier on both, and deserves governance proportional to that.
Three tiers cover most enterprise deployments:
- Baseline agents retrieve or summarize information but do not take actions. They need scoped data access, user authentication, and usage logging.
- Advisory agents generate outputs that inform a human decision without directly triggering any action. The emphasis here shifts toward output quality: accuracy testing, domain-specific evaluation, and calibrating how much humans should trust the agent's recommendations.
- Autonomous agents can execute consequential actions independently. These require mandatory human approval for high-impact actions, rigorous security testing, clear audit trails, an incident response process, and continuous monitoring with rapid rollback capability.
The tier is determined by what an agent can do, not by what it usually does. An advisory agent that could be prompted to send an email is not a baseline agent -- it should be evaluated at the tier matching its highest accessible action, not its typical behavior.
Autonomy tiers and matching controls
The table below maps each tier to the control requirements that apply at that level. Controls are additive: advisory agents inherit baseline controls, and autonomous agents inherit both.
| Tier | Agent characteristics | Required controls |
|---|---|---|
| Baseline | Retrieves or summarizes information; no write access; human sees output before any action is taken | Scoped read-only data access; user authentication; usage logging; data retention policy |
| Advisory | Outputs inform a human decision; no independent action; may access broader data to form recommendations | All baseline controls; output accuracy evaluation; domain-specific quality testing; user training on trust calibration; documentation of evaluation criteria |
| Autonomous | Executes actions independently -- writes to systems, sends communications, moves funds, or modifies records -- without per-action human approval | All advisory controls; mandatory human approval gate for high-impact actions; rigorous pre-deployment security testing; immutable audit trail; defined incident response procedure; continuous runtime monitoring; rapid rollback capability |
When agents move between tiers
An agent that started as a read-only assistant and later gained the ability to write to a database has crossed a tier boundary. Its governance requirements should change with it. In practice, this rarely happens automatically unless the governance program includes a trigger for re-classification whenever an agent's toolset or permissions expand.
Common events that should trigger a tier review include:
- Adding or modifying an agent's tool permissions or API access
- Expanding the set of data sources an agent can read from or write to
- Enabling an agent to initiate external communications
- Connecting an agent to another agent in a multi-step workflow
- Changing the population of users or systems that can invoke the agent
Governance reviews that happen only at initial deployment miss the incremental capability expansions that move an agent from one tier to another. A baseline agent granted file-write access to "just one folder" may effectively become an autonomous agent without any corresponding governance review.
Building a proportional governance program
The following steps outline a practical sequence for organizations moving from uniform to proportional governance.
- Inventory every agent in production and development. Catalog what each agent is authorized to access and what actions it can take. Most organizations find this inventory incomplete on the first pass, which is itself useful information about where governance visibility is weakest.
- Classify each agent by tier. Use autonomy level and potential action impact as the two primary axes. Resist classifying by department, use case name, or business unit -- these do not reliably predict risk.
- Define distinct control requirements for each tier. Three to four tiers, each with a clear and distinct set of control requirements, tend to be more sustainable than a finely graded scale that requires constant judgment calls about boundary cases.
- Establish re-classification triggers. Specify which changes to an agent's configuration, permissions, or toolset automatically require a governance review before the change is promoted to production.
- Enforce controls at runtime, not only at initial approval. Pre-deployment review establishes a baseline, but an agent's actual behavior in production is the only reliable signal of whether it still belongs in its assigned tier.
- Measure and adjust tier fit over time. Track how often low-tier agents are blocked by controls calibrated for higher tiers, and whether autonomous agents are generating incidents that better controls would have caught. Use this signal to refine tier boundaries and control requirements periodically.
Implementation guidance
Begin with an inventory exercise, not a policy rewrite. Before deciding what proportional controls should look like, understand what is already deployed. The inventory exercise surfaces the agents most likely to be under-controlled relative to their actual autonomy, which determines where to focus first.
Resist the temptation to define tiers so granularly that the model becomes as unwieldy as the uniform policy it replaced. The goal is clarity: each tier should have a distinct and unambiguous set of controls that a team can apply without needing to escalate every judgment call to a governance committee.
Enforce tier-appropriate controls at runtime rather than only at initial approval. A platform that can apply different policy sets to different agents automatically, based on their classification, removes the burden of manually configuring controls for every new agent from scratch and reduces the risk that a configuration change goes unreviewed.
Review the tiering model itself periodically. What counts as a "high-impact" action shifts as agents take on new responsibilities and as the organization's risk tolerance evolves. A governance model that was appropriate for 20 agents may need structural revision when 200 are in production across multiple business units.