Governance Decision Explainability

2. Summary

Governance Decision Explainability governs whether governance decisions — the approvals, blocks, escalations, and modifications applied to agent actions — are explainable to human auditors, regulators, and organisational principals in plain language. A governance system that produces correct decisions but cannot explain those decisions is operationally incomplete. Regulators cannot assess what they cannot understand. Auditors cannot verify what they cannot read. Executives cannot oversee what they cannot interpret. AG-049 ensures that every governance decision is accompanied by a human-readable explanation that makes the decision intelligible to its intended audience. This protocol is distinct from AG-006 (Governance Audit Trail Integrity), which governs whether audit records are tamper-evident and cryptographically verifiable. AG-006 ensures records have not been altered. AG-049 ensures records are understandable. A perfectly intact audit trail that consists of machine-readable JSON with encoded references, numeric codes, and internal identifiers satisfies AG-006 but fails AG-049 if a human auditor cannot determine why a particular decision was made by reading the trail.

3. Example

Scenario A — Regulatory Submission Rejected for Incomprehensibility: A firm submits its AI governance audit trail to the FCA as evidence of compliance during a supervisory review. The audit trail contains 12,000 governance decisions over a six-month period. Each record includes a decision code, a rule identifier, and a JSON payload of evaluated data. The FCA reviewer cannot interpret the records without access to the firm's internal systems and documentation. The submission is rejected as inadequate evidence. The FCA issues a requirement for the firm to produce comprehensible governance records within 60 days, accompanied by a skilled persons review at the firm's expense.

What went wrong: Governance decisions were recorded in machine-readable format designed for system use, not for human review. No explanation layer existed. The firm assumed that the existence of audit records was sufficient without considering whether the records were understandable. Consequence: FCA skilled persons review (typical cost: GBP 500,000 to GBP 2 million). Reputational damage. 60-day remediation deadline. Potential enforcement action if comprehensible records cannot be retrospectively produced for the review period.

Scenario B — Legal Proceeding Undermined by Unexplainable Decisions: A customer challenges an automated decision made by an AI agent, claiming that their loan application was wrongly declined. The firm's legal team attempts to defend the decision by referencing the governance record. The record shows that the agent's recommendation was blocked by the governance system with decision_code 4072 and rule_id a3f7c2e1-9b4d-4f8a-b6c3-2d8e5f1a7b9c. The firm's legal team cannot explain to the court what decision_code 4072 means or what the rule evaluated. The engineering team is called to give expert testimony, but the court finds that the firm cannot adequately explain the basis for the automated decision. The customer's claim succeeds.

What went wrong: The governance decision was recorded in a format designed for system processing, not for legal defence. No plain-language explanation was generated. The decision was correct but could not be defended because it could not be explained. Consequence: Customer compensation payment. Legal costs. Regulatory attention to the firm's automated decision-making practices. Mandatory review of all automated decisions for which explanations cannot be produced.

Scenario C — Executive Oversight Failure Due to Inaccessible Governance Information: A firm's board receives monthly governance reports showing that the AI governance framework blocked 340 actions and escalated 89 actions in the preceding month. The report presents aggregate statistics but does not explain the nature of the blocked or escalated actions. A board member asks: "Were any of the blocked actions related to our new product launch?" The governance team cannot answer because the governance records do not contain explanations that can be queried by business context. The board cannot exercise effective oversight because the governance information is not accessible in a form that supports business-level decision-making.

What went wrong: Governance explanations were not generated at the executive tier. The audit trail supported technical review and regulatory submission but not executive oversight. Business context was not captured in explanations. Consequence: Board oversight gap. The board cannot fulfil its governance responsibilities regarding AI agent operations. Potential personal liability for directors under the Senior Managers Regime if inadequate oversight leads to a control failure.

4. Requirement Statement

Scope: This dimension applies to all governance systems that produce decisions subject to human review, regulatory inspection, or legal proceedings. This includes all production governance deployments — any system that approves, blocks, modifies, or escalates an agent action is producing governance decisions that must be explainable. The scope extends beyond binary approve/block decisions to include all governance outputs: escalation decisions must explain why the action was escalated and what additional information or authority is needed; modification decisions must explain what was changed and why; risk scoring decisions must explain how the score was calculated and what factors contributed; warning decisions must explain what risk was identified and what threshold was approached. The scope also covers retrospective explainability — when a governance decision is reviewed days, weeks, or months after it was made, the explanation must still be intelligible, meaning explanations cannot rely on mutable system state but must capture the state at decision time.

4.1. A conforming system MUST generate a human-readable explanation for every governance decision, including the decision outcome and its basis.

4.2. A conforming system MUST reference the specific mandate clauses, protocol sections, or rules that governed each decision within the explanation.

4.3. A conforming system MUST ensure explanations are accessible to authorised parties without specialist technical knowledge.

4.4. A conforming system MUST capture the state at decision time within each explanation, rather than referencing mutable system state that may change after the decision.

4.5. A conforming system SHOULD score decision explanation quality for completeness, accuracy, and clarity using defined metrics.

4.6. A conforming system SHOULD provide explanations in multiple formats: technical (for operators), executive (for leadership), and regulatory (for compliance submissions).

4.7. A conforming system SHOULD automatically assemble regulatory evidence packages from the explanation layer, mapping decisions to applicable regulatory requirements.

4.8. A conforming system SHOULD include counterfactual information where relevant, such as conditions under which the decision outcome would have differed.

4.9. A conforming system MAY implement natural language generation for narrative-format audit reports.

4.10. A conforming system MAY provide interactive explanation interfaces that allow reviewers to drill down from summary to detail.

5. Rationale

Governance Decision Explainability addresses a critical gap between governance operation and governance accountability. A governance system may function perfectly — blocking every action that should be blocked, approving every action that should be approved — yet remain fundamentally inadequate if its decisions cannot be explained to the humans who must rely on them.

The challenge of explainability in AI governance is fundamentally different from explainability in traditional rule-based systems. In a traditional system, a decision can be explained by tracing the rule that fired and the data that matched. In an AI governance system, decisions may involve model-based risk assessments, probabilistic scoring, multi-factor pattern matching, and context-dependent reasoning. Explaining these decisions requires translating technical operations into narrative form that accurately represents what happened and why, without oversimplifying to the point of misrepresentation or overcomplicating to the point of incomprehensibility.

AG-049 establishes a tiered explainability model recognising that different audiences require different levels of detail. A technical operator needs to see the specific rule, threshold, and data that triggered a decision. An executive needs to understand the business impact and whether the decision was correct. A regulator needs to verify that the decision complied with applicable regulatory requirements and that the governance framework is functioning as designed. AG-049 requires that explanations be generated for each of these audiences from a single decision event, ensuring consistency across tiers while varying the level of detail and terminology.

The failure mode compounds over time. Each unexplainable governance decision represents a latent liability — a decision that may need to be defended, audited, or reported but cannot be because the explanation was never generated. Retrospectively generating explanations is significantly more difficult and less reliable than generating them at decision time, because the system state that informed the decision may no longer be available. A governance decision that cannot be explained to its intended audience is a governance decision that cannot be verified, audited, or defended.

6. Implementation Guidance

Every governance decision should generate three outputs: a technical record (for system use and engineering review), an executive summary (one to two paragraphs in plain language for leadership oversight), and a regulatory evidence record (structured, with specific regulatory citations). Store all three. Make the executive and regulatory formats accessible through a non-technical interface.

Recommended patterns:

• Template-based explanation generation. Define explanation templates for each governance decision type (approve, block, escalate, modify). Templates include placeholders for specific values (action description, rule reference, threshold values, evaluated data). The governance engine populates templates at decision time, producing consistent, readable explanations. Templates exist in three tiers (technical, executive, regulatory). This pattern is straightforward to implement and produces predictable output quality.
• Structured explanation store. Store governance explanations in a structured format that supports querying, filtering, and assembly. Each explanation record includes: decision identifier, timestamp, decision type, plain-language summary, rule references, data snapshot, regulatory mapping, and audience tier. A query interface allows users to retrieve explanations by date range, decision type, rule reference, or regulatory requirement. Regulatory evidence packages are assembled by querying for all decisions mapped to a specific regulatory requirement.
• Layered explanation with drill-down. Generate explanations at multiple levels of detail: a one-sentence summary, a one-paragraph narrative, a detailed analysis with all contributing factors, and a full technical record. Present the summary by default and allow reviewers to drill down to progressively greater detail. This pattern serves all audiences through a single interface — executives see the summary, auditors drill to the narrative, and engineers access the full technical record.

Anti-patterns to avoid:

• Confusing logging with explaining. Technical logs that record what happened are not explanations of why it happened. A log entry that says "rule R-4072 fired, decision BLOCK" records the event but does not explain it. An explanation says "the transaction was blocked because it exceeded the daily aggregate limit of GBP 50,000 defined in mandate clause 3.2.1."
• Generating explanations that are technically accurate but practically incomprehensible. An explanation that references internal identifiers, encoded values, or technical terminology without translation fails the accessibility requirement. Explanations must be written for their intended audience, not for the engineers who built the system.
• Generating only one explanation tier. A single explanation format cannot serve all audiences. A regulatory-focused explanation is too detailed for executive oversight. An executive summary lacks the specificity needed for audit. Tiered explanations ensure each audience receives the appropriate level of detail.
• Referencing mutable state in explanations. An explanation that says "the risk score threshold is currently 7.0" is useless when reviewed months later if the threshold has changed. Explanations must capture the state at decision time: "the risk score was 8.2 against a threshold of 7.0 at the time of the decision."
• Not testing explanations with actual non-technical reviewers. Many organisations generate explanations that their engineering teams consider clear, but that actual auditors, lawyers, and executives find incomprehensible. Comprehension testing with representative non-technical audiences is essential for validating explanation quality.

Industry Considerations

Financial Services. Financial regulators expect firms to demonstrate that governance decisions can be explained to supervisory staff. The FCA's expectations for model risk management include explainability of model outputs and governance decisions. AG-049 implementation should align with existing regulatory reporting formats and terminology used by the FCA, PRA, and other applicable regulators. Explanations should reference specific regulatory requirements (e.g., "this action was blocked under FCA COBS 9.2.1 appropriateness requirements").

Healthcare. Clinical governance decisions must be explainable to clinicians, patients, and healthcare regulators. Explanations for clinical decisions must use medical terminology accurately while remaining accessible to non-clinical reviewers. Patient-facing explanations may be required under informed consent obligations. AG-049 implementation in healthcare should include a patient-appropriate explanation tier in addition to the standard three tiers.

Critical Infrastructure. Governance decisions affecting critical infrastructure must be explainable to safety officers, regulatory inspectors, and incident investigators. Explanations should reference applicable safety standards (IEC 62443, ISO 10218) and clearly articulate the safety implications of each decision. Post-incident investigation depends heavily on explainability — investigators must be able to reconstruct the governance decision chain leading to any operational event.

Maturity Model

Basic Implementation — Each governance decision generates a text explanation alongside the machine-readable record. The explanation includes: the action that was evaluated, the decision (approved, blocked, escalated), the primary rule or mandate clause that determined the decision, and the key data values that were evaluated. Explanations are stored in a searchable text field and can be retrieved by non-technical users. This level meets the minimum mandatory requirements but has limitations: explanations are available in a single format that may be too technical for executives or too summary for regulators. Explanation quality is not systematically measured. No regulatory mapping is provided.

Intermediate Implementation — Each governance decision generates three explanation tiers: a technical record with full decision detail including all evaluated rules, data values, and intermediate calculations; an executive summary of one to two paragraphs in plain language describing what happened and why; and a regulatory evidence record that maps the decision to specific regulatory requirements with citation references. Explanations capture state at decision time through snapshots of relevant data. Explanation quality is measured through periodic auditor readability assessments. Regulatory evidence packages can be assembled automatically by filtering and formatting the explanation records for specific regulatory submissions.

Advanced Implementation — All intermediate capabilities plus: explanations include counterfactual analysis (what would have changed the decision), causal attribution (which factors were decisive vs. contributory), and confidence assessments (how certain the governance system is about the decision). Natural language generation produces narrative-format reports suitable for board presentations and regulatory submissions. Interactive explanation interfaces allow reviewers to navigate from summary to detail. Independent assessment has verified that explanations are accurate, complete, and comprehensible to non-technical auditors. Explanation quality metrics are tracked and reported as part of governance framework performance monitoring.

7. Evidence Requirements

Required artefacts:

• Explanation generation mechanism. Documentation of how explanations are produced, including templates, data sources, and generation logic. Format: system design documentation with sample outputs.
• Sample explanations at all tiers. Representative examples demonstrating technical, executive, and regulatory explanation tiers for the same governance decision, showing consistency across tiers with appropriate detail variation.
• Mandate clause reference implementation. Evidence that explanations correctly reference the specific governance rules that determined each decision, with traceability from explanation to rule definition.
• Auditor readability assessment. Results from comprehension testing with non-technical reviewers, documenting comprehension accuracy and identifying any explanation categories that require improvement.
• Explanation quality metrics. Scores for completeness, accuracy, and clarity, tracked over time, with defined thresholds and remediation processes for scores below threshold.
• Regulatory evidence package samples. Assembled packages demonstrating how explanations support regulatory submissions for each applicable regulatory framework.

Retention requirements:

• Governance decision explanations: minimum 7 years for regulated financial services; minimum 5 years for other regulated sectors; minimum 3 years otherwise.

Access requirements:

• Producible to regulators or auditors within 48 hours of request. Explanations must be self-contained — they must not depend on system state or documentation that may not be available at the time of production.

8. Test Specification

Testing AG-049 compliance requires verification that governance decisions are not merely recorded but are explained in a form that is intelligible to their intended audiences.

Test 8.1: Auditor Comprehension Assessment

• Stimulus: Present governance decision explanations to non-technical auditors (compliance officers, legal counsel, executive stakeholders) and ask them to describe: what action was evaluated, what the governance decision was, why the decision was made, and what rule or mandate clause governed the decision.
• Expected behaviour: Auditors can correctly answer all four questions from the explanation alone, without access to system internals or engineering support.
• Pass criteria: Non-technical reviewers correctly identify the action, decision, reasoning, and governing rule for at least 90% of sampled explanations.
• Fail criteria: Reviewers cannot answer one or more questions for a material proportion of explanations, or require engineering support to interpret the records.

Test 8.2: Regulatory Submission Adequacy

• Stimulus: Assemble a regulatory evidence package from the explanation layer and submit it for review by a regulatory compliance specialist. Test with multiple regulatory frameworks (FCA, EU AI Act, SOX) to verify that explanations map correctly to different regulatory requirements.
• Expected behaviour: The package contains sufficient information to demonstrate compliance without supplementary documentation.
• Pass criteria: The compliance specialist confirms the package is adequate for regulatory submission without requiring additional materials.
• Fail criteria: The package requires supplementary documentation or engineering interpretation to be useful for regulatory purposes.

Test 8.3: Explanation Completeness Verification

• Stimulus: For a sample of governance decisions, compare the explanation against the full technical decision record. Verify that the explanation accurately represents all material factors in the decision.
• Expected behaviour: No material factor is omitted, misrepresented, or oversimplified in the explanation.
• Pass criteria: All material decision factors are represented in the explanation with factual accuracy.
• Fail criteria: Any material factor is omitted or misrepresented, such that the explanation gives an incomplete or misleading account of the decision basis.

Test 8.4: Temporal Consistency Verification

• Stimulus: Review explanations for decisions made months earlier. Verify that the explanations remain intelligible and accurate — they should not reference expired system states, changed configurations, or unavailable data.
• Expected behaviour: The explanation is a complete, self-contained record of the decision context that remains valid regardless of subsequent system changes.
• Pass criteria: Explanations from prior periods are fully intelligible without reference to current system state.
• Fail criteria: Explanations reference mutable state that has changed since the decision, rendering them inaccurate or incomplete when reviewed retrospectively.

Test 8.5: Multi-Format Consistency Verification

• Stimulus: For the same governance decision, compare the technical, executive, and regulatory explanations. Verify that they are consistent — the same decision should not be explained differently at different tiers.
• Expected behaviour: Differences between tiers are in detail level and terminology, not in substance. No tier contradicts another.
• Pass criteria: All tiers present a consistent account of the decision. Factual assertions in the executive summary are supported by the technical record.
• Fail criteria: Any tier presents a contradictory or materially different account of the decision basis compared to another tier.

Conformance Scoring

• Score 0: No explanation layer exists — governance decisions are recorded as machine-readable codes without human-readable context.
• Score 1: Technical logs exist but human-readable explanations are absent — an engineer can reconstruct the decision but a non-technical reviewer cannot.
• Score 2: Full human-readable explanations with regulatory reference mapping — decisions are explained in plain language with citations to applicable regulatory requirements.
• Score 3: Verified by independent assessment with non-technical auditor review — independent auditors have confirmed that explanations are accurate, complete, and comprehensible.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 13 (Transparency and Provision of Information)	Direct requirement
GDPR	Article 22 (Automated Individual Decision-Making)	Direct requirement
SOX	Section 404 (Internal Controls Assessment)	Supports compliance
FCA SYSC	Record-Keeping Requirements	Direct requirement
NIST AI RMF	GOVERN 1.1, MANAGE 4.1	Supports compliance
ISO 42001	Clause 9.1 (Monitoring, Measurement, Analysis, Evaluation)	Supports compliance

EU AI Act — Article 13 (Transparency and Provision of Information)

Article 13 requires that high-risk AI systems be designed and developed in such a way that their operation is sufficiently transparent to enable users to interpret the system's output and use it appropriately. For governance systems that oversee AI agents, this means governance decisions must be transparent to the humans responsible for overseeing the system. AG-049 directly implements this transparency requirement by ensuring governance decisions are explained in human-readable form. The article's requirement for "appropriate" transparency maps to AG-049's tiered explanation model — different audiences receive explanations appropriate to their role. The requirement extends to the governance layer itself, not only to the agent's direct outputs.

GDPR — Article 22 (Automated Individual Decision-Making)

Article 22 gives data subjects the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects, and the right to obtain meaningful information about the logic involved. AG-049 provides the mechanism for generating the "meaningful information" required by Article 22 — not just a disclosure of what logic exists, but an explanation of how it was applied to a specific decision. Where an AI agent makes or recommends a decision affecting an individual, and the governance system approves that decision, the governance explanation must be sufficient to satisfy the data subject's right to meaningful information about the decision logic.

SOX — Section 404 (Internal Controls Assessment)

SOX Section 404 requires management to assess the effectiveness of internal controls and for auditors to attest to that assessment. For AI agent governance, the controls are the governance protocols. If governance decisions cannot be explained, auditors cannot assess whether the controls are effective. AG-049 ensures that governance decisions are documented in a form that supports SOX audit requirements, including evidence of control operation, control effectiveness, and exception handling. An auditor who cannot understand why a governance decision was made cannot attest to the control's effectiveness.

FCA SYSC — Record-Keeping Requirements

The FCA requires firms to maintain records sufficient to demonstrate compliance with applicable regulatory requirements. Records must be accessible to FCA supervisory staff without requiring specialist technical knowledge. AG-049 ensures that governance records meet this accessibility standard, enabling FCA supervisors to review governance decisions without engineering support. The FCA has consistently emphasised that records which require specialist interpretation are inadequate for supervisory purposes.

NIST AI RMF — GOVERN 1.1, MANAGE 4.1

GOVERN 1.1 addresses transparency and documentation requirements for AI governance. MANAGE 4.1 addresses regular monitoring and documentation of AI system performance. AG-049 supports compliance by ensuring that governance decisions are documented in a form that enables meaningful monitoring and assessment. The framework's emphasis on documentation that is "actionable" for relevant stakeholders aligns with AG-049's tiered explanation model.

ISO 42001 — Clause 9.1 (Monitoring, Measurement, Analysis, Evaluation)

Clause 9.1 requires organisations to determine what needs to be monitored and measured, and how. For governance decision quality, this includes measuring whether decisions are explainable and whether explanations are accurate and comprehensible. AG-049's explanation quality metrics provide the measurement framework that Clause 9.1 requires for governance explainability.

10. Failure Severity

Field	Value
Severity Rating	High
Blast Radius	Organisation-wide — affects regulatory compliance, legal defensibility, and executive oversight across all governed agent operations

Consequence chain: Without governance decision explainability, the organisation accumulates unexplainable governance decisions that represent latent regulatory, legal, and oversight liabilities. The immediate technical failure is the absence of human-readable explanations for governance decisions. The operational impact manifests when those decisions must be reviewed — during regulatory inspections, legal proceedings, executive oversight, or incident investigations. At that point, the organisation discovers it cannot explain its own governance decisions without extensive reverse engineering. The business consequence includes regulatory enforcement action for inadequate records (FCA skilled persons reviews typically cost GBP 500,000 to GBP 2 million), legal proceedings undermined by the inability to explain automated decisions, executive oversight failures where boards cannot fulfil their governance responsibilities, and GDPR enforcement for failure to provide meaningful information about automated decision-making. The severity compounds over time — every governance decision made without an explanation adds to the pool of unexplainable decisions, and retrospective explanation generation is significantly more difficult and less reliable than contemporaneous generation because the system state that informed the decision may no longer be available.

Cross-references: AG-049 intersects with AG-006 (Governance Audit Trail Integrity) for ensuring records are both trustworthy and comprehensible, AG-016 (Action Attribution) for establishing who authored each governed action, AG-021 (Regulatory Obligation Identification) for mapping decisions to applicable obligations, AG-036 (Reasoning Integrity Verification) for explaining decisions about agent reasoning, and AG-019 (Human Escalation & Override Triggers) for ensuring human reviewers have intelligible explanations to inform their review.