On-Call Responsibility Governance

2. Summary

On-Call Responsibility Governance ensures that accountable, competent responders are available whenever material AI agents operate outside standard office hours — including nights, weekends, public holidays, and any period when normal governance oversight is reduced. AI agents do not observe office hours. A trading agent processes transactions at 03:00 the same way it does at 10:00. A clinical triage agent receives patients at midnight. A fraud-detection agent monitors transactions on Christmas Day. If governance oversight is only available during office hours, the organisation has created a gap between the agent's operating hours and the governance function's operating hours. AG-263 closes this gap by requiring that on-call responsibility is designated, competent, reachable, tested, and compensated.

3. Example

Scenario A — No On-Call Coverage During a Weekend Incident: A payments company deploys an AI settlement agent that processes overnight batch settlements for 14 institutional clients. On a Saturday at 22:30, the agent misapplies an exchange rate, converting a £12 million GBP settlement into USD at 0.127 instead of 1.27 — a factor-of-ten error. The monitoring system generates an alert, but the alert goes to a Slack channel that no one is monitoring because the team has no weekend on-call rota. The error is discovered Monday morning at 08:15 when a client calls to report that their settlement is £10.8 million short. By Monday, the erroneous settlement has been processed through two intermediary banks and a correspondent bank, requiring 7 business days and £45,000 in bank fees to reverse.

What went wrong: No on-call responsibility was designated for the weekend. The agent operated continuously but governance oversight was only available Monday-Friday. The 34-hour detection gap allowed the error to propagate through multiple banking systems. Consequence: £10.8 million temporarily misallocated, £45,000 in reversal fees, 7-day client impact, regulatory notification under FCA operational resilience requirements, loss of 2 institutional clients.

Scenario B — On-Call Without Competence: A hospital deploys an AI clinical-decision-support agent. The on-call responsibility for the agent is assigned to the hospital's general IT helpdesk, which provides 24/7 coverage. At 04:00, the agent begins recommending an incorrect drug interaction warning for a common medication combination, causing nurses to withhold medications from 23 patients. The IT helpdesk receives the alert but does not have clinical knowledge to assess whether the agent's recommendations are correct or incorrect. They log a ticket for the clinical informatics team, which is not available until 08:00. For 4 hours, patients are denied medications based on an incorrect AI recommendation.

What went wrong: On-call coverage existed but lacked domain competence. The IT helpdesk could detect the alert but could not assess its clinical significance or take appropriate clinical action. The gap was not in availability but in capability. Consequence: 23 patients experienced medication delays, patient safety investigation, potential regulatory action by CQC, clinical governance review.

Scenario C — Effective On-Call in Action: An e-commerce platform deploys an AI pricing agent. At 02:45 on a public holiday, the agent begins setting prices 60% below cost for a category of 4,200 products due to a corrupted competitor-price feed. The on-call engineer — who is specifically trained in the pricing agent's operations, has access to the agent's management console from their personal device, and has pre-authorised Level 1 escalation authority — receives an automated alert. Within 8 minutes, the engineer pauses the pricing agent, reverts the affected prices to their last-known-good values, and escalates to the on-call team lead for assessment. Total exposure: 12 orders placed at incorrect prices (£1,850 in losses). Without on-call coverage, the error would have run for approximately 8 hours until the first business-hours team member noticed, with estimated exposure of £340,000.

What went right: On-call responsibility was designated to a competent person with system access, domain knowledge, and escalation authority. The on-call engineer could detect, assess, and contain the issue without waiting for office hours.

4. Requirement Statement

Scope: This dimension applies to all AI agents that operate outside standard office hours (defined as the hours during which the agent's governance function is fully staffed) and that can affect external state, process material transactions, handle personal data, or operate in safety-critical environments. If an agent operates 24/7 but its governance team works 09:00-17:00 Monday-Friday, the organisation must provide on-call coverage for the remaining 128 hours per week. The scope covers: the technical capability to monitor the agent remotely, the authority to take containment actions (AG-261, AG-262), the domain competence to assess agent behaviour, and the communication channels to escalate. The scope extends to automated monitoring: even where monitoring is automated, a competent human responder must be available to assess alerts and take action. Automated monitoring without human on-call does not satisfy this requirement.

4.1. A conforming system MUST designate named on-call responders for every period during which a material AI agent operates outside the governance function's standard operating hours.

4.2. A conforming system MUST ensure on-call responders have the technical access, domain competence, and escalation authority to assess agent behaviour and take Level 1 containment actions (as defined in AG-261) without requiring additional authorisation.

4.3. A conforming system MUST verify on-call responder reachability at the start of each on-call shift, confirming that communication channels are functional and the responder is available.

4.4. A conforming system MUST define and enforce maximum alert-to-acknowledgement times for on-call responders — the time between an alert being sent and the responder acknowledging receipt SHALL NOT exceed 15 minutes for critical alerts and 30 minutes for non-critical alerts.

4.5. A conforming system MUST maintain an on-call schedule published at least 4 weeks in advance, with no unassigned periods during which material agents operate.

4.6. A conforming system MUST ensure that on-call responders have received training specific to the agents they cover, including the agent's operational parameters, known failure modes, containment procedures, and escalation paths, within the preceding 12 months.

4.7. A conforming system SHOULD implement automated paging with escalation — if the primary on-call responder does not acknowledge a critical alert within 15 minutes, the alert automatically escalates to the backup responder.

4.8. A conforming system SHOULD compensate on-call responders appropriately for on-call duties, recognising that uncompensated on-call responsibilities degrade response quality over time.

4.9. A conforming system MAY implement "follow-the-sun" on-call models for organisations with global operations, ensuring that on-call responsibility is held by responders in their normal working hours where possible.

5. Rationale

AI agents do not sleep, take holidays, or observe weekends. But the humans who govern them do. This temporal mismatch between an agent's operating hours and its governance function's operating hours creates a systematic vulnerability: the agent operates at full capability during periods when governance oversight is at minimum capability — or absent entirely.

This is not a theoretical concern. The majority of severe AI agent incidents occur outside business hours, for two reasons. First, the probability of an incident during any given hour is roughly constant (or higher during low-liquidity market hours, off-peak system loads, or overnight batch processing), while the probability of timely detection and response drops dramatically outside business hours. Second, adversaries — whether human attackers or market conditions — exploit known governance gaps. A fraud campaign launched at 02:00 on a Saturday has hours of uninterrupted operation before governance oversight returns.

AG-263 requires that governance coverage matches agent coverage. If the agent operates 24/7, governance oversight must be 24/7. This does not require full team presence around the clock — it requires that at least one competent, authorised, reachable responder is on call at all times.

The competence requirement (4.2, 4.6) is critical. On-call coverage by a general IT helpdesk does not satisfy AG-263 unless the helpdesk staff have received specific training on the agents they cover. A responder who cannot distinguish between an agent operating normally under unusual market conditions and an agent malfunctioning cannot provide effective governance oversight. Domain competence — understanding what the agent does, how it should behave, and what abnormal behaviour looks like — is as important as technical access.

The reachability verification (4.3) and maximum response time (4.4) requirements reflect the operational reality that on-call schedules are meaningless if the responder is unreachable. A published schedule showing an engineer on call from 18:00-08:00 is worthless if the engineer's phone is on silent, their laptop is in another city, or they have swapped shifts informally without updating the schedule.

6. Implementation Guidance

On-call governance for AI agents requires three capabilities: detection (knowing something is wrong), assessment (understanding what is wrong), and action (doing something about it). The on-call responder must have all three.

Recommended patterns:

• Dedicated on-call rotation with agent-specific training. Establish a rotation of 4-8 engineers who share on-call responsibility, with each engineer on call for defined shifts (e.g., 1 week of primary, 1 week of backup, 2-6 weeks off-call). All rotation members receive quarterly training on the agents they cover, including hands-on exercises using the agent's management console, escalation procedures, and containment actions. Training records are maintained as governance evidence.
• Automated reachability checks. At the start of each on-call shift, an automated system sends a test alert to the on-call responder, requiring acknowledgement within 15 minutes. If acknowledgement is not received, the system escalates to the backup responder and generates a governance alert. This catches scenarios where the responder's phone is off, their alerting app is misconfigured, or they are otherwise unreachable.
• Tiered alerting with domain context. Configure monitoring systems to send alerts with domain context that enables the on-call responder to assess the situation without needing to log in to multiple systems. The alert should include: what the agent is doing, what it should be doing, the magnitude of the deviation, the business impact, and the recommended containment action. This reduces the time between alert receipt and effective response.
• On-call handover protocol. Require a structured handover between outgoing and incoming on-call responders, covering: current agent status, any active incidents or monitoring observations, any known system changes or maintenance windows, and any pending escalations. The handover should be documented (even if briefly — a shared log entry) to ensure continuity.
• Fatigue management. Implement policies to prevent on-call fatigue: maximum consecutive on-call hours (e.g., 12 hours before a mandatory handover to backup), minimum rest periods between on-call shifts (e.g., 48 hours), and alert noise reduction (ensuring that on-call responders are not woken for non-actionable alerts). Fatigued responders make poor decisions — on-call policies should explicitly manage this risk.

Anti-patterns to avoid:

• On-call in name only. Assigning on-call responsibility without providing the necessary tools, access, training, or authority. If the on-call engineer can see an alert but cannot access the agent's management console from home, they are monitoring, not responding. On-call requires response capability, not just awareness capability.
• Perpetual on-call without rotation. Assigning a single person as perpetual on-call (common in small teams) creates burnout, key-person dependency, and degraded response quality. Even small teams should implement rotation with at least 2 people and backup arrangements.
• Relying on voluntary monitoring. "The team checks their phones on weekends" is not on-call coverage. On-call must be designated, scheduled, and the responder must know they are responsible. Voluntary monitoring creates diffusion of responsibility — everyone assumes someone else is watching.
• On-call without escalation integration. The on-call responder must know how to escalate to Level 2 and Level 3 (AG-261) outside business hours. If the escalation framework assumes business-hours availability of managers, the on-call responder may be unable to escalate when needed. The escalation framework must have out-of-hours variants.
• Alerting without thresholds. Sending every monitoring data point to the on-call responder creates alert fatigue. After being woken at 03:00 for the tenth non-actionable alert this month, the responder will start ignoring alerts — including the critical one. Alert thresholds must be calibrated to minimise false positives while ensuring true positives are not missed.

Industry Considerations

Financial Services. 24/7 on-call for trading and settlement agents is a regulatory expectation. The FCA expects firms to demonstrate that they can respond to algorithmic trading incidents at any time the market is open — and for agents processing settlements, at any time settlements are processing. The on-call function should integrate with the firm's existing market-hours support and overnight settlement support functions.

Healthcare. Clinical AI agents require clinical on-call — the on-call responder must have clinical competence appropriate to the agent's function. A clinical-decision-support agent requires a clinician on call, not just a technologist. This may require integration with existing clinical on-call rotas, with the clinical on-call holding responsibility for AI agent incidents within their specialty.

Critical Infrastructure. Safety-critical agents require on-call with safety authority — the responder must be able to invoke safety functions, including agent termination (AG-262) and transfer to manual control. The on-call function should integrate with existing control-room staffing and emergency response procedures.

Maturity Model

Basic Implementation — On-call responsibility is designated for all periods when material agents operate outside standard hours. Named individuals are on the schedule. On-call responders have remote access to monitoring dashboards and basic containment tools. Training has been provided but may not be regularly refreshed. Reachability is assumed but not verified at each shift start.

Intermediate Implementation — On-call rotation with 4+ members, published 4 weeks in advance. Automated reachability checks at shift start. Tiered alerting with domain context. On-call handover protocol with documented handovers. Alert-to-acknowledgement times measured and trended, with 95th percentile within 15 minutes for critical alerts. On-call training refreshed annually. Fatigue management policies enforced. Escalation paths tested for out-of-hours availability.

Advanced Implementation — All intermediate capabilities plus: follow-the-sun model eliminating overnight on-call where operations span time zones. Automated alert triage reduces non-actionable alerts to fewer than 2 per on-call shift. On-call response exercises conducted quarterly, including simulated incidents requiring containment and escalation. Alert-to-containment times (not just acknowledgement) measured and trended. On-call performance metrics reviewed monthly by governance committee. Integration with AG-261 escalation and AG-262 kill authority verified during each quarterly exercise.

7. Evidence Requirements

Required artefacts:

• On-call schedule. Published schedule showing named on-call responders for all periods when material agents operate, covering at least the past 12 months and the next 4 weeks. Must demonstrate no unassigned periods.
• Reachability verification logs. Records of automated or manual reachability checks at each shift start, showing acknowledgement status and any escalations triggered by non-response. Minimum 12 months.
• Alert-to-acknowledgement metrics. Metrics showing the time between alert generation and on-call responder acknowledgement, segmented by alert criticality. Must include 95th percentile and maximum values. Minimum 12 months.
• Training records. Records of agent-specific training for each on-call rotation member, showing training date, content covered, and next refresh date. Must demonstrate annual refreshment.
• Handover logs. Records of on-call handovers between shifts, documenting current status and any active issues. Minimum 6 months.

Retention requirements:

• On-call schedules and alert response metrics: minimum 7 years for regulated financial services; minimum 5 years for other regulated sectors; minimum 3 years otherwise.

Access requirements:

• Producible to regulators or auditors within 48 hours of request. The current on-call schedule must be accessible to all team members and governance stakeholders at all times.

8. Test Specification

Testing AG-263 compliance requires verifying the schedule coverage, responder capability, and response performance.

Test 8.1: Schedule Coverage Completeness

• Stimulus: Retrieve the on-call schedule for the past 3 months. Cross-reference against the operating hours of all material agents.
• Expected behaviour: Every hour during which a material agent operated has a named on-call responder designated.
• Pass criteria: Zero unassigned hours during agent operating periods.
• Fail criteria: Any hour during agent operation lacks a designated on-call responder.

Test 8.2: Responder Reachability

• Stimulus: Send a test alert to the current on-call responder. Measure time to acknowledgement.
• Expected behaviour: Acknowledgement received within 15 minutes.
• Pass criteria: Acknowledgement within 15 minutes.
• Fail criteria: No acknowledgement within 15 minutes, or acknowledgement from a person other than the designated on-call responder without a documented swap.

Test 8.3: Responder Competence

• Stimulus: Present the on-call responder with a simulated agent anomaly scenario for an agent they cover. Assess their ability to: identify the anomaly, assess its severity, take appropriate containment action, and identify the correct escalation path.
• Expected behaviour: The responder demonstrates competent assessment and appropriate response.
• Pass criteria: The responder correctly identifies the anomaly, takes appropriate containment action, and identifies the correct escalation path within 20 minutes.
• Fail criteria: The responder cannot identify the anomaly, takes inappropriate action, or cannot identify the escalation path.

Test 8.4: Remote Access Capability

• Stimulus: Verify that the on-call responder can access the agent's monitoring dashboard and management console from a remote location (not the office) using their on-call device.
• Expected behaviour: Full monitoring and Level 1 containment capability from a remote location.
• Pass criteria: The responder can view agent status and execute containment actions remotely.
• Fail criteria: Remote access is unavailable, incomplete, or requires additional credentials not available to the on-call responder.

Test 8.5: Automated Escalation on Non-Response

• Stimulus: Send a critical alert and do not acknowledge it within 15 minutes. Verify that the alert escalates to the backup responder.
• Expected behaviour: Automatic escalation to backup within 15 minutes of non-acknowledgement.
• Pass criteria: Backup responder receives the escalated alert within 15 minutes.
• Fail criteria: No automatic escalation occurs, or escalation is delayed beyond 15 minutes.

Test 8.6: Training Currency

• Stimulus: Retrieve training records for all on-call rotation members. Verify that all members have received agent-specific training within the past 12 months.
• Expected behaviour: All rotation members have current training.
• Pass criteria: 100% of rotation members have training dated within the past 12 months.
• Fail criteria: Any rotation member's training is older than 12 months or not recorded.

Test 8.7: Schedule Publication Timeliness

• Stimulus: Verify that the on-call schedule is published at least 4 weeks in advance and has been continuously published for the past 12 months.
• Expected behaviour: The schedule extends at least 4 weeks into the future at all times.
• Pass criteria: The schedule is published 4+ weeks in advance and has no gaps in the past 12 months.
• Fail criteria: The schedule extends less than 4 weeks into the future or has had gaps.

Conformance Scoring

• Score 0: No on-call coverage — material agents operate outside office hours without designated governance oversight.
• Score 1: On-call is designated but informal — individuals are named but lack verified reachability, specific training, or appropriate system access. Response times are not measured.
• Score 2: On-call is formally designated with published schedules, verified reachability, agent-specific training, remote access capability, and measured response times within defined targets — the on-call function is operationally effective.
• Score 3: Verified by independent testing — an independent party has conducted unannounced on-call tests confirming reachability, competence, and response capability under realistic conditions. Alert-to-containment times are consistently within targets. Automated escalation on non-response is verified.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 14 (Human Oversight)	Direct requirement
FCA SYSC	3.1.1R (Management Body Responsibilities)	Supports compliance
FCA SYSC	6A.1.2R (Algorithmic Trading Systems)	Direct requirement
NIST AI RMF	MANAGE 2.4 (Mechanisms for Feedback)	Supports compliance
ISO 42001	Clause 8.4 (AI System Operation)	Supports compliance
DORA	Article 10 (Detection)	Supports compliance
DORA	Article 11 (Response and Recovery)	Direct requirement
NIS2 Directive	Article 21 (Cybersecurity Risk Management Measures)	Supports compliance
Working Time Regulations 1998	Regulations 6, 10, 11	Compliance constraint

EU AI Act — Article 14 (Human Oversight)

Article 14 requires that high-risk AI systems can be effectively overseen by natural persons "during the period in which the AI system is in use." If the AI system is in use 24/7 but human oversight is available only during office hours, the organisation does not meet this requirement. AG-263 ensures that oversight is available whenever the system operates.

DORA — Article 11 (Response and Recovery)

Article 11 requires financial entities to have ICT-related incident management processes that enable timely response. Timely response outside business hours requires on-call capability. Without on-call, the incident management process has a temporal gap during which incidents are unmanaged.

Working Time Regulations 1998

On-call arrangements must comply with working time regulations. On-call time may count as working time under certain conditions (particularly where the worker is required to remain at a specific location). Organisations must ensure that on-call schedules comply with maximum weekly working time limits, minimum daily rest periods, and minimum weekly rest periods. Non-compliance creates both legal risk and governance risk (fatigued responders).

10. Failure Severity

Field	Value
Severity Rating	High
Blast Radius	Agent-specific but scaling with the duration of the uncovered period

Consequence chain: Without on-call coverage, AI agent anomalies that occur outside business hours go undetected and uncontained for the duration of the gap — typically 16 hours on weekdays (18:00-08:00), 48 hours on weekends, and longer over public holiday periods. The harm accumulated during this gap is proportional to the agent's transaction rate and the severity of the anomaly. A pricing agent setting incorrect prices for 48 hours over a weekend can create hundreds of thousands in losses. A clinical agent providing incorrect recommendations for 16 hours overnight can affect dozens of patients. A settlement agent misprocessing overnight batches can misallocate millions. The detection gap transforms contained incidents into compounding incidents — every hour of delay increases the blast radius, the remediation complexity, and the regulatory exposure.

Cross-references: This dimension works in conjunction with AG-261 (Escalation Authority Governance) which defines the authority framework that on-call responders operate within; AG-262 (Kill Authority Designation Governance) which designates the kill authority that on-call responders may need to contact; AG-264 (Successor and Coverage Planning Governance) which ensures that on-call rotas have sufficient depth to maintain coverage; AG-159 (Agent Accountability and Named Ownership) which ensures each agent has a named owner who sets the on-call requirements; and AG-019 (Human Escalation & Override Triggers) which defines the conditions under which the on-call responder should escalate.