The governance core
What makes it governed, not just organized
Four mechanisms carry the whole weight: a delegation doctrine, an autonomy ladder, gates engineered against decay, and a ledger. All four come from disciplines that learned them the hard way.
Mechanism one
The Five Rights of AI Delegation
Adapted from the NCSBN/ANA National Guidelines for Nursing Delegation — the legally tested doctrine by which a licensed nurse hands work to assistive personnel without ever handing off judgment or accountability. Before delegating any work to an AI agent, answer all five:
1 · RIGHT TASK
Is this work task-shaped — bounded, specifiable, checkable? Name the judgment braided inside it. Who is keeping that judgment?
Never delegable: assessment, interpretation, evaluation — anything that decides what the work means.
2 · RIGHT CIRCUMSTANCE
What tier is this use — audience, reversibility, current conditions? Would you still delegate it during your version of a code?
The same task may be delegable Tuesday and not during an incident. Tier the task, not the tool.
3 · RIGHT AGENT
Does this specific agent have a demonstrated track record on this class of task? What permissions does it hold that this task does not need?
Capability is task-specific. Scope is least-privilege. Track records live in the ledger.
4 · RIGHT DIRECTION
Does your instruction contain objective, limits, evidence requirement, escalation triggers, and intent? Did you get a read-back before execution?
Fire-and-forget is not delegation. It is abandonment with extra steps.
5 · RIGHT SUPERVISION
What is the active check on what comes back, who performs it, and when did that reviewer last reject something?
A reviewer who never rejects is a rubber stamp, not a gate.
Accountability never moves.
Print it. Pin it by the workstation. Reproduce freely with attribution.
Mechanism two
The autonomy ladder (L0–L5)
Automation levels are assigned per workflow step, not per tool — and autonomy is earned the way a novice nurse earns trust: tight supervision first, promotion only on evidence, demotion automatically on defect or boundary incident. AI is a permanent advanced beginner — fast, tireless, fluent, and without embodied judgment — so expert human judgment always sits above it.
| Level | AI role | Example | Condition |
|---|---|---|---|
| L0 | No AI involvement | Restricted clinical / legal decision | The prohibited zone — judgment is not delegable |
| L1 | Retrieve and summarize | Pull relevant policy or meeting history | Safest stages to automate |
| L2 | Draft and recommend | Draft email, report, brief, or claim review | Agents propose; humans hold decision and action |
| L3 | Route and coordinate | Assign task, create checklist, notify owner | Coordination without judgment |
| L4 | Execute low-risk action | Update dashboard, create task, file note | Two-way-door actions only; halts on anomaly |
| L5 | Autonomous with monitoring | Mature, low-risk, well-governed workflows only | Reversible, logged, interruptible — kill switch mandatory |
Mechanism three
Gates that stay alive
"A human reviews all AI output" is true in most organizations the way a decayed ritual is true: on paper. Human gates rust open by default — vigilance fades, fluency disarms, approval becomes a reflex. Gates must be engineered against decay:
The reviewer performs a task — samples, reconstructs, traces sources — and produces information the output didn't hand her. Review is a performance, not a viewing.
Rejection rate is a standing vital sign. A gate trending toward 100% approval triggers a review of the gate — a filter that passes everything is indistinguishable from a hole.
Review layers must not share blind spots. An AI checking an AI is one defense wearing two name tags. Give reviewers the evidence, not the machine's summary of it.
The reviewer can understand, override, disregard, and halt — and exercising those powers is praised, never penalized. Count the clicks: if rejection costs a form and approval costs a click, the gate has a toll booth on the "no" lane.
Review attention is the scarcest resource in an AI-coordinated team. Gate by tier and reversibility; ungated-on-purpose funds gated-for-real.
Three roles, three questions, three failure modes — separated in person or, at minimum, in time.
The six rules plus the six-question pulse check, with a write-in record block. Pick one gate. Audit it this week.
Mechanism four
The ledger
Every decision logged with rationale. Every claim tied to evidence. Every action attributable to a named identity — human or agent. The record is a form of respect: the people affected by the work deserve better than anyone's memory of what was done.
Each workflow carries a governance profile — risk tier, claim type, evidence requirement, PHI status, review gates, automation ceiling, audit rule, escalation owner. Designed for the person the work touches, it happens to satisfy the world's regulatory frameworks as a byproduct: the EU AI Act's logging and human-oversight articles, ISO/IEC 42001's accountability machinery, and professional human-in-the-loop mandates.
🟢 Low risk — may proceed 🟡 Conditional — human confirms 🔴 High risk — human authorization mandatory
If it isn't documented, it isn't governed.
Ready to apply it?
The Minimum Viable Version takes one team, one month, and nothing you cannot do with documents and resolve.
The aha moment
When it clicks, it sounds like this
"A human reviews everything" — we say that too. I clicked approve four hundred times last quarter and rejected nothing. I wasn't the gate. I was the hole in the filter.
One click to approve, a form to reject. No wonder everything gets approved — we built a toll booth on the "no" lane.
I'm asking "when did this gate last reject something?" in tomorrow's meeting.
The same task can be safe on Tuesday and dangerous during an incident. We've been tiering tools. We should have been tiering uses.
The Five Rights read exactly like my delegation training. That's the point, isn't it — I already know how to do this.
Autonomy earned like a new grad earns trust: promoted on evidence, demoted automatically. Why isn't everything built like this?
The ledger isn't bureaucracy. It's how I'll be able to answer for what my agents did — and sleep.
An AI checking an AI is one slice of cheese wearing two name tags. I'm redrawing our review chain tonight.
If the four-hundred-approvals line landed, start with the gate-health questions on this page — then build gates that stay alive in week three of the MVV →