Agentic AI Governance Assessment

Pillar Three: Govern AI

Agentic AI Governance Readiness Assessment

7 questions • 2 minutes • Instant results

EU AI Act
days left
DORA
ACTIVE
since Jan 2025
Colorado AI Act
days left
CRA (Phase 1)
days left
Assessment Progress 0 of 7
Question 1 of 7
Do you maintain a centralized registry of all AI/ML models deployed across your enterprise?
EU AI Act Article 51 requires registration of high-risk AI systems
No centralized tracking
AI deployments are managed by individual teams
Partial inventory
Some systems tracked, but gaps exist
Comprehensive registry
All AI systems cataloged with metadata
Automated discovery + registry
Continuous scanning with risk classification
Question 2 of 7
Are your AI agents classified by autonomy level?
Singapore’s Agentic AI Framework requires autonomy classification (Observe → Recommend → Decide → Act)
No classification system
We don’t distinguish between AI capabilities
Informal understanding
Teams know which systems are more autonomous
Documented levels
Formal L0-L5 or similar classification
Enforced governance by level
Controls scale with autonomy classification
Question 3 of 7
Do you define and enforce action-space boundaries for AI agents?
What systems, APIs, and data can each agent access and modify?
No defined boundaries
Agents have broad or undefined access
Basic access controls
Standard IT permissions apply
Agent-specific boundaries
Documented scope per agent
Enforced blast radius limits
Technical controls prevent scope creep
Question 4 of 7
Have you assessed the reversibility of AI agent actions?
DORA requires ICT risk management including recovery capabilities
Not assessed
We haven’t mapped reversibility
General awareness
Teams know some actions are irreversible
Documented assessment
Actions categorized by reversibility
Rollback mechanisms in place
Technical undo capabilities for high-risk actions
Question 5 of 7
Do you have defined human-in-the-loop checkpoints for AI decisions?
EU AI Act requires human oversight for high-risk AI systems
Fully autonomous
AI operates without required approvals
Ad-hoc review
Humans review when they choose to
Defined approval workflows
Documented checkpoints for critical decisions
Enforced gates with audit trails
Technical enforcement + logged approvals
Question 6 of 7
Can you immediately halt any AI agent’s operations?
“Own the kill switch” — emergency override capability
No kill switch capability
Would require manual intervention
Partial capability
Some systems can be stopped quickly
Centralized kill switch
Can halt all AI operations
Granular + tested controls
Per-agent switches, regularly tested
Question 7 of 7
Have you classified your AI systems under the EU AI Act risk framework?
Unacceptable → High-Risk → Limited → Minimal Risk
Not started
Haven’t assessed EU AI Act applicability
Initial assessment
Aware of requirements, early analysis
Systems classified
All AI mapped to risk tiers
Compliance roadmap active
Classification + remediation underway

Your Governance Readiness Score

0 / 21
Grade: —

Gap Analysis

Priority Actions

Ready to close your governance gaps before 2026 deadlines?

Get the Full Assessment