COMPEL Certification Body of Knowledge — Module 1.2: The COMPEL Six-Stage Lifecycle
Article 20 of 22
The governance of AI agents is not the governance of traditional software. Traditional software executes deterministic instructions within well-defined parameters. It does not learn from its environment, adapt its behavior based on context, pursue goals across sequences of actions, or interact with other systems in unpredictable ways. When something goes wrong, there is typically a clear line from the error to the code that produced it.
AI agents — and the agentic AI systems that compose them — operate differently. They plan. They take sequences of actions. They interact with external tools, APIs, and data sources. They make sub-decisions that are invisible to the humans who set their objectives. And they can fail in ways that are emergent rather than deterministic — ways that the development team did not anticipate and could not easily predict. Governing these systems requires a framework for thinking about autonomy: specifically, how much autonomy a system has, what governance obligations that autonomy level creates, and how to maintain meaningful human oversight as autonomy increases.
The Agent Autonomy Classification Framework provides this structure. It defines a four-level autonomy spectrum, specifies the criteria for classification at each level, establishes the human oversight requirements that attach to each level, and describes the monitoring and escalation protocols that keep agentic AI systems under appropriate governance control.
The Four-Level Autonomy Spectrum
The COMPEL framework defines four levels of AI agent autonomy, arranged on a spectrum from minimal autonomous action to extensive autonomous decision-making. The levels are not arbitrary — they reflect qualitatively distinct relationships between the AI system and human oversight, and they generate qualitatively distinct governance requirements.
Level 1: Advisory
An Advisory-level AI agent provides analysis, recommendations, or information to human decision-makers who retain full decision authority. The agent does not take actions in the world on its own behalf. It processes inputs, generates outputs, and hands those outputs to humans who decide what to do with them.
Classification criteria: The system's outputs are recommendations, not actions. No action occurs in external systems as a direct consequence of the system's output, without human review and explicit human authorization. The system does not have access to actuating capabilities (APIs that write data, send communications, execute transactions) or, if it does have such access, uses it only under explicit human instruction for each use.
Example systems: A credit risk scoring model that recommends approve/decline decisions to human underwriters; a legal document review system that flags potential issues for attorney review; a clinical decision support system that suggests treatment options to physicians.
Human oversight requirement: Human review before any consequential action. The human decision-maker must review the agent's recommendation and make an affirmative decision to act on it. No procedural or technical shortcuts that allow recommendations to bypass human review.
Level 2: Collaborative
A Collaborative-level AI agent takes limited actions in the world but does so within tightly bounded parameters and with human oversight mechanisms that allow intervention before or shortly after each action. The defining characteristic of this level is that human oversight is continuous and substantive, not nominal.
Classification criteria: The system takes actions in external systems (writes data, sends notifications, updates records) but only within pre-defined parameter bounds that have been reviewed and approved through the governance process. Humans have visibility into the system's actions in real time or near-real time. A designated human reviewer has the technical capability and operational process to pause, modify, or reverse the system's actions.
Example systems: An AI-assisted hiring screen that automatically advances candidates to the next stage but allows the HR lead to review and override all decisions before candidates are notified; an AI fraud detection system that places transactions in a hold status but requires human review before escalating to block or decline.
Human oversight requirement: Designated reviewer with real-time or near-real-time visibility and practical capability to intervene. The review process must be designed so that the human reviewer has adequate time and information to exercise genuine oversight — not just nominal access to a dashboard that is rarely consulted.
Level 3: Delegated
A Delegated-level AI agent takes autonomous action within a defined scope of authority, without human review of each individual action. The scope of delegation is itself a governance decision — it defines the boundaries within which the agent is authorized to act without human involvement. Human oversight occurs at the boundaries of the scope (monitoring for out-of-scope actions) and at defined intervals (periodic performance and impact review).
Classification criteria: The system takes consequential actions without human review of each action, but those actions are bounded by a formally approved scope of authority. The scope defines the types of actions the system may take, the magnitude of those actions (e.g., transaction value limits), the contexts in which the system is authorized to act, and the conditions that require escalation to human review. Actions outside scope trigger automatic escalation.
Example systems: An algorithmic trading system authorized to execute trades within defined position limits and risk parameters without per-trade human approval; an AI-powered customer service agent authorized to resolve common issue types and issue credits up to a defined limit without human involvement.
Human oversight requirement: Scope-boundary monitoring with automatic escalation for out-of-scope actions; periodic human review of aggregate system performance against defined impact metrics; defined intervention capability allowing humans to pause or shut down the system if monitoring reveals concerning patterns.
Level 4: Autonomous
An Autonomous-level AI agent pursues defined objectives through sequences of actions that may include planning, tool use, and interaction with other agents or systems, with minimal human involvement in the action sequence. The human role is primarily to define objectives, review outcomes, and maintain override capability — not to review or approve individual actions.
Classification criteria: The system plans and executes multi-step action sequences. Human review occurs at objective-setting and outcome-review stages, not during action execution. The system may interact with other AI systems, external APIs, and data sources in ways that create complex, emergent action sequences.
Human oversight requirement: Robust technical controls limiting the system's access to only the resources necessary for its defined objective (principle of least privilege); comprehensive audit logging of all actions taken; defined outcome review process at regular intervals; technical capability for immediate shutdown; formal scope limitation documentation reviewed and approved by the AI Risk Committee (not just the CoE Lead).
Governance note: Level 4 classification requires heightened scrutiny. Before any system is classified at this level, the AI Risk Committee must conduct a formal review to determine that the use case genuinely requires Level 4 autonomy — that the objectives cannot be achieved with Level 3 or lower autonomy — and that the governance controls in place are sufficient for the risk profile. Level 4 classification is not a recognition of technical capability but a governance decision about acceptable risk.
Classification Criteria in Detail
Classification decisions must be made by the Model Risk Manager, reviewed by the CoE Lead, and recorded in the System Classification Record. The classification must be revisited whenever the system's capabilities, access rights, or deployment context materially change.
The classification decision is not based on the system's technical architecture alone. It is based on the governance context — the access rights actually granted to the system, the oversight mechanisms actually in place, and the operational processes actually followed. A technically autonomous system that operates in a context with robust human oversight mechanisms may warrant a lower autonomy classification than the same system operating with minimal oversight in a different context.
Practitioners should resist the temptation to classify systems at the lowest possible level to minimize governance obligations. Misclassification creates a false sense of governance adequacy while the actual governance in place is insufficient for the system's real autonomy profile. Misclassification is a governance failure, not a governance optimization.
Escalation Triggers
For systems at all autonomy levels, the Framework defines escalation triggers — conditions that require the system to halt autonomous action and transfer to human review.
Universal triggers (all levels): System performance degrading below defined thresholds; detection of distributional shift in inputs beyond defined tolerance; any action or output that generates an external complaint or incident report; any action or output that the system's own confidence scoring flags as uncertain at a level above the defined threshold.
Level 3 and 4 additional triggers: Any action that falls outside the approved scope of authority; any interaction with a system or data source not specified in the deployment authorization; any action sequence that will exceed a defined impact magnitude (cumulative transaction value, number of affected individuals, etc.) within a rolling time window; any situation where the system's planning module identifies a path to objective achievement that involves taking an action type not covered in the deployment authorization.
Escalation triggers must be implemented as technical controls, not just operational guidance. A trigger that relies on human operators noticing concerning system behavior is not a robust escalation control. Triggers must be automated where technically feasible and must route to a human reviewer with the authority and capability to intervene.
Monitoring Requirements
Monitoring requirements scale with autonomy level. The monitoring requirements for each level are specified in the Control Requirements Matrix and implemented during the Produce stage.
At Level 1, monitoring is primarily focused on decision quality — the correlation between agent recommendations and human decisions, the rate at which human reviewers override recommendations, and outcome tracking to assess whether acted-upon recommendations produce better outcomes than rejected ones.
At Level 2, monitoring adds action-level visibility — a complete log of all actions taken, real-time alerting for actions approaching parameter boundaries, and reviewer engagement metrics to confirm that human oversight is substantive rather than nominal.
At Level 3, monitoring adds scope-boundary surveillance — automated detection of any action approaching or crossing scope boundaries, aggregate impact tracking against defined limits, and periodic behavioral drift analysis comparing recent action patterns to the baseline established during validation.
At Level 4, monitoring adds planning-level audit trails — comprehensive records of the system's planning processes and the reasoning that led to each action sequence, interaction logs with external systems and other agents, and impact analysis reports that reconstruct the downstream effects of the system's action sequences.
Connection to Downstream Artifacts
The autonomy classification assigned to each AI system is a critical input to several downstream governance artifacts. The Control Requirements Matrix uses the classification to determine which deployment controls apply. The Deployment Readiness Checklist includes autonomy-level-specific verification items. The Monitoring Plan specifies monitoring requirements by autonomy level. And the Incident Response Procedure includes escalation protocols differentiated by autonomy level.
This downstream connectivity is why getting the classification right matters so much. An incorrect classification does not just affect the classification record — it propagates errors through every governance artifact that depends on it.
Cross-References
- Article 4: Model — Designing the Governance Architecture — governance architecture for AI systems
- Article 9: AI Risk Taxonomy — risk categories that inform autonomy-level governance requirements
- Article 14: Mandatory Artifacts and Evidence Management — artifact lifecycle and evidence chain requirements
- M1.2-Art19: Building the Control Requirements Matrix — the control framework that operationalizes autonomy-level requirements
- M1.2-Art21: Workflow Redesign Documentation — human-AI task allocation affected by autonomy level
- M1.2-Art22: The Deployment Readiness Checklist — autonomy-level verification items at the deployment gate