The Six Dimensions

The foundational dimension. It establishes the governance burden every other dimension must address: a system at low autonomy with weak contract infrastructure faces a different risk profile than a system at high autonomy with the same weakness.

• Operational autonomy level. Which decisions and actions the system takes without per-decision human authorisation.
• Commitment authority. The maximum financial or operational commitment the system can make autonomously.
• Exception handling. What happens when a decision falls outside trained parameters, which reveals whether autonomy boundaries are enforced in practice or only in specification.
• Scope boundary enforcement. How operational scope boundaries are enforced technically and contractually, to detect scope drift.
• Human oversight adequacy. Whether the oversight structure is adequate for the autonomy level. A supervisory structure applied to a high-autonomy deployment is the appearance of oversight without the substance.

Boards and insurers face materially different obligations and risk for a high-autonomy system than for a supervised process. D1 establishes that difference in quantified form, and maps to the inference boundary, where accountability for model interaction is established. A governance structure designed for supervised systems, applied to autonomous ones, is not a defence. It is an exhibit.

Two distinct risk categories, both assessed. Operational data sensitivity creates immediate exposure. Training data provenance creates latent exposure: risks embedded at training that surface through litigation, regulatory inquiry and investor diligence, often years later.

• Operational data sensitivity. The categories of data processed in production: personal, health, financial, commercially sensitive, and data subject to cross-border transfer restrictions.
• Training data provenance. Assessed across the foundation model layer (developer representations, warranties, indemnification), the fine-tuning layer (legal basis, IP rights, consent, documentation), and the retrieval layer (copyright, accuracy and data-protection exposure created at inference time).

Training-data provenance risk is backward-compounding: created at the moment of training, it accumulates across the system's entire operational history. Contemporaneous provenance documentation answers the liability question with evidence rather than reconstruction, and cannot be produced retrospectively. D2 maps to the data boundary.

The governance layer closest to commercial consequence. Gaps become visible at the worst possible time: when an adverse outcome has occurred and the parties are determining who bears the loss.

• Master services agreement maturity. Whether customer agreements contain AI-specific provisions.
• Vendor agreement adequacy. Whether agreements with infrastructure providers, model developers and data suppliers address the governance obligations those relationships create.
• Data processing agreements. Whether they are in place and adequate for the categories of data processed, including training data.
• Liability adequacy. Whether liability provisions reflect autonomous-operation exposure rather than the exposure of conventional software.
• Negotiation governance. Whether there is a defined process for reviewing and approving deviations from standard positions.
• Political force majeure provisions. Whether commercial agreements address government supply-chain risk designation events as a distinct trigger, separate from technical failure or standard force majeure. Standard SaaS force majeure clauses do not cover provider designation events.
• Provider substitution rights with designation trigger. Whether substitution rights in customer and vendor agreements are limited to technical failure, or explicitly extend to government supply-chain risk designation events affecting the primary AI provider.

Contract gaps are invisible until they matter. A system can run for years under an agreement lacking AI-specific liability provisions; when an adverse outcome occurs, that absence becomes the central issue. D3 is the legal expression of the rules governing what the system is permitted to do, and interacts with the action boundary.

A government supply-chain risk designation of an AI provider can operate within hours, without judicial review, and cascade through enterprise customer supply chains contractually rather than technically. Enterprises whose provider is designated do not lose technical access; their customers become non-compliant if they continue using the product. This cascade is a D3 assessment item because the gap is contractual: standard SaaS contract templates do not address it.

The dimension that most directly addresses the accountability question autonomous systems create. Its central concept is autonomous action consequences (AE3): the outcomes produced by the system's decisions without per-step human authorisation, a category existing frameworks were not built for. Professional indemnity was designed for the negligence of a person, product liability for defective goods, and technology errors and omissions for system failures, not for decisions the system made correctly by design that nonetheless produced adverse outcomes.

• Recognition. Whether the organisation has explicitly identified and documented the autonomous action consequences category for each material system.
• Liability cap adequacy. Whether caps in commercial agreements are adequate for the actual exposure.
• Carve-out structure. Whether carve-outs leave material exposure ungoverned.
• Insurance coverage. Whether coverage addresses the consequences of autonomous decisions.

D4 maps directly to the underwriting intake question: who had authority to commit the organisation to the decision that created the exposure, and what evidence existed at the time. Without D4 governance, autonomous-action exposure is unbounded, and unbounded exposure cannot be underwritten.

The degree to which the organisation has become operationally dependent on the system in ways that create governance vulnerability. The leverage dynamic emerges when a system is so embedded in commercial relationships that the disruption required to remediate governance creates pressure to defer it. Gaps that would otherwise be closed stay open because the cost of closing them has become commercially visible.

• Revenue concentration.
• Customer relationship embedding.
• Remediation commercial resistance.
• Technology lock-in.
• Government-adjacent customer exposure. Whether the customer base includes entities holding government, defence or regulated-procurement relationships that create cascade risk if the primary AI provider is subject to a government designation. This is the mechanism through which a government action against the provider converts customer concentration into existential revenue loss. The assessment identifies which customers hold government-procurement obligations and what proportion of revenue they represent.

For investors, D5 is a structural risk signal. A high D5 score means remediation, even where technically straightforward, will meet commercial resistance, so timeline and cost are set by the disruption required, not the governance deficit alone. A high D5 alongside a high D3 or D4 is a deficit the organisation's commercial structure is working against correcting.

The organisation's capacity to maintain adequate governance as the system evolves. A deployment with adequate governance at launch may have inadequate governance six months later if the governance architecture does not evolve with the system.

• Governance maintenance processes.
• Reassessment triggers.
• Change governance.
• Monitoring architecture. A system that generates extensive performance metrics but no governance records has monitoring without accountability.
• Provider designation monitoring. Whether the organisation monitors for government actions, including supply-chain risk designations, affecting its primary AI provider stack. A government designation event is a reassessment trigger under D6 because it can invalidate the governance architecture within hours.

For insurers, D6 is the ongoing maintenance signal across the coverage period. An assessment captures posture at a point in time; D6 assesses whether the organisation can maintain that posture between assessments. A high D6 score means the posture priced at inception may not be the posture operating at the time of a claim.