Joint-Venture and Shared-Control Governance

2. Summary

Joint-Venture and Shared-Control Governance allocates clear governance responsibilities where AI agent control spans multiple entities — joint ventures, consortia, partnerships, multi-party platforms, or any arrangement where more than one organisation has operational influence over an AI agent's behaviour, data, or outcomes. When two or more organisations share control of an AI agent, the default outcome is ambiguity: each organisation assumes the other is responsible for governance, and neither performs it. AG-266 requires that shared-control arrangements explicitly allocate every governance responsibility to a specific entity, that the allocation is documented and enforceable, that escalation and kill authority are unambiguous even across organisational boundaries, and that regulatory accountability is traceable to named individuals within each entity.

3. Example

Scenario A — Accountability Gap in a Banking Consortium: Three banks form a consortium to deploy a shared AI agent for anti-money-laundering (AML) transaction monitoring across their combined transaction flows. Each bank contributes transaction data, and the shared agent monitors all three streams. When the agent fails to flag a suspicious pattern involving transactions across two of the three banks, the regulator asks: "Which bank is responsible for this AML failure?" Bank A says: "The shared agent missed it — that is the consortium's responsibility." Bank B says: "The transactions originated in Bank A's systems." The consortium entity says: "We operate the platform; AML compliance is each bank's individual responsibility." The regulator fines all three banks, concluding that the governance allocation was ambiguous and none of the three banks maintained adequate AML controls over the shared agent.

What went wrong: No explicit allocation of governance responsibility existed. Each bank assumed a different model of accountability. The consortium entity had operational responsibility but no regulatory accountability. The AML compliance obligation — which cannot be delegated — was not clearly mapped to specific entities and named individuals. Consequence: £4.7 million in combined regulatory fines, mandatory restructuring of the consortium governance framework, 18-month remediation programme, reputational damage to all three banks.

Scenario B — Conflicting Kill Decisions in a Joint Venture: Two insurance companies form a joint venture to deploy an AI claims-processing agent. Each company contributes claim types to the shared agent. During an incident, Company A's risk team determines the agent should be killed immediately due to potential mis-pricing. Company B's operations team determines the agent should continue operating because the mis-pricing only affects Company A's claim types and killing the agent would disrupt Company B's operations. No pre-agreed framework exists for resolving conflicting kill decisions. The argument lasts 3 hours, during which the agent continues operating. When Company A eventually invokes a unilateral shutdown of the shared infrastructure (the only mechanism available to it), Company B's operations are also disrupted, creating a second incident.

What went wrong: No pre-agreed framework existed for resolving conflicting governance decisions across entities. Kill authority was not allocated — each entity assumed it could make kill decisions independently, but the shared infrastructure made independent kill actions impossible without affecting both entities. Consequence: 3-hour delay in incident response, disruption to Company B's operations during unilateral shutdown, mutual legal claims between the companies, £620,000 in combined incident costs.

Scenario C — Well-Governed Shared Control: A fintech partnership deploys a shared AI payment-routing agent. The governance agreement specifies: Entity A is the "governance lead" with accountability for mandate enforcement, evidence retention, and regulatory reporting. Entity B is the "operational lead" with responsibility for day-to-day operations and monitoring. Kill authority is designated to Entity A's kill authority holder for all circumstances, with Entity B's kill authority holder having independent kill authority for incidents affecting only Entity B's transactions. Escalation follows Entity A's framework with Entity B's team integrated at defined levels. The governance agreement includes a dispute resolution mechanism: if the entities disagree on a governance decision, Entity A's view prevails for regulatory matters and the disagreement is escalated to a joint steering committee within 48 hours. When a routing anomaly occurs, Entity B's operator detects it and escalates per the agreed framework. Entity A's risk team assesses the impact, determines containment is sufficient (no kill required), and the incident is resolved within 90 minutes with both entities informed and aligned.

What went right: Governance responsibilities were explicitly allocated before operations began. Kill authority was unambiguous. Escalation paths were integrated across entities. A dispute resolution mechanism prevented deadlock.

4. Requirement Statement

Scope: This dimension applies to any AI agent deployment where operational control, governance responsibility, or regulatory accountability is shared between two or more legal entities. This includes: joint ventures, consortia, partnerships, multi-party platforms, shared-service arrangements where multiple entities use the same agent, marketplace arrangements where a platform operator and marketplace participants share control, and federated deployments where multiple entities contribute to a shared agent's operation. The scope extends to data governance: where multiple entities contribute data to a shared agent, the data governance responsibilities (quality, privacy, retention) for each entity's data must be allocated. The scope does not extend to simple customer-vendor relationships where one entity provides a product and the other uses it — those are covered by AG-265 (Outsourced Operator Accountability). The distinguishing characteristic of AG-266 scenarios is that multiple entities have operational influence over the agent's behaviour, not just a service relationship.

4.1. A conforming system MUST maintain a documented governance allocation agreement specifying which entity is responsible for each governance function (mandate enforcement, monitoring, escalation, kill authority, evidence retention, regulatory reporting, incident management) for the shared agent.

4.2. A conforming system MUST designate a single "governance lead" entity with primary accountability for regulatory compliance, even where operational responsibilities are distributed across multiple entities.

4.3. A conforming system MUST allocate kill authority (AG-262) unambiguously — either to a single entity or with a documented conflict resolution mechanism that can be resolved within 30 minutes.

4.4. A conforming system MUST define integrated escalation paths (AG-261) that span all participating entities, specifying how escalations cross organisational boundaries and who has authority at each level across entities.

4.5. A conforming system MUST ensure that each participating entity can independently access governance evidence related to its own transactions, data, or regulatory obligations, without depending on another entity's cooperation.

4.6. A conforming system MUST include a governance dispute resolution mechanism that prevents deadlock — when entities disagree on a governance decision, a defined resolution process produces a binding outcome within 48 hours (or 30 minutes for time-critical decisions such as kill invocation).

4.7. A conforming system SHOULD conduct a joint governance exercise at least annually, testing the integrated escalation paths, kill authority allocation, and dispute resolution mechanism across all participating entities.

4.8. A conforming system SHOULD maintain a shared governance dashboard accessible to all participating entities, displaying real-time governance status for the shared agent.

4.9. A conforming system MAY appoint an independent governance observer — a person or firm not affiliated with any participating entity — to monitor governance compliance across the shared arrangement and report findings to all entities.

5. Rationale

Shared-control arrangements for AI agents are increasingly common as organisations form consortia, joint ventures, and platform partnerships. AML monitoring consortia, shared fraud-detection platforms, collaborative supply-chain agents, and multi-party marketplace AI are all examples of deployment models where no single entity has complete control over the agent's behaviour.

These arrangements create a governance challenge that does not exist in single-entity deployments: the diffusion of accountability. When one organisation deploys an agent, accountability is clear — that organisation is responsible. When three organisations share an agent, accountability is unclear unless it is explicitly allocated. The default human assumption is that "someone else is handling it" — a phenomenon known as diffusion of responsibility. In governance, this manifests as each entity assuming the other is responsible for a function, resulting in no entity performing it.

Regulators are aware of this risk and have consistently held that regulatory obligations are non-delegable. Each regulated entity in a shared arrangement retains its full regulatory obligations regardless of internal governance allocation. AG-266 does not change this regulatory reality — it provides the governance framework for managing shared control while maintaining each entity's ability to demonstrate regulatory compliance.

The kill authority allocation (4.3) is particularly critical. In a shared-control arrangement, a disagreement about whether to invoke the kill function can create a deadlock where the agent continues operating during the debate. If Entity A wants to kill and Entity B wants to continue, and the infrastructure is shared, the deadlock directly harms Entity A (which believes the agent is causing harm) and potentially Entity B (if the harm extends beyond Entity A's scope). AG-266 requires that this scenario be pre-resolved through documented allocation or a conflict resolution mechanism that produces a binding outcome within 30 minutes.

6. Implementation Guidance

The governance allocation agreement is the foundational artefact for AG-266. It should be negotiated, documented, and signed before the shared agent becomes operational.

Recommended patterns:

• Governance allocation matrix. Create a matrix with one column per participating entity and one row per governance function. For each cell, specify: the entity's role (lead, contributor, informed), the named individual within the entity, and the specific obligations. The matrix should cover: mandate definition, mandate enforcement, monitoring, escalation (at each level), kill authority, evidence retention, regulatory reporting, incident management, second-line oversight, third-line assurance, and data governance.
• Governance lead designation. Designate one entity as the governance lead with primary accountability. The governance lead: maintains the master governance documentation, coordinates cross-entity governance activities, represents the shared arrangement to regulators (where legally permissible), and has casting vote in governance disputes. Other entities retain their individual regulatory obligations but defer to the governance lead on shared operational governance decisions.
• Independent kill paths. Where technically feasible, implement independent kill paths for each entity — Entity A can kill the agent's processing of Entity A's data/transactions without affecting Entity B's operations. Where independent kill is not technically feasible (shared infrastructure), designate kill authority to a single entity with a documented 30-minute resolution process for conflicts.
• Shared governance committee. Establish a governance committee with representatives from all participating entities, meeting at least quarterly. The committee reviews governance metrics, addresses governance findings, approves governance framework changes, and resolves disputes. The committee should have a documented terms of reference specifying decision-making authority, quorum requirements, and voting procedures.
• Cross-entity incident management. Define an incident management framework that spans all entities, specifying: how incidents are detected and communicated across entities, who leads incident response for different incident types, how post-incident reviews are conducted jointly, and how remediation actions are allocated across entities.

Anti-patterns to avoid:

• Governance by assumption. Each entity assumes the other is handling governance, and neither documents or tests the assumption. This is the most common failure mode in shared-control arrangements.
• Consensus-required kill authority. Requiring all entities to agree before the kill function is invoked. In an emergency, consensus is a luxury that may not be available. Kill authority must be unambiguous — either designated to one entity or resolvable within 30 minutes.
• Separate governance silos. Each entity governs "its part" of the shared agent independently, with no integrated view. This creates gaps at the boundaries between entities — neither entity governs the interactions between their parts.
• Single-entity regulatory assumption. One entity assumes it is the sole regulated entity and does not inform the other entities of regulatory obligations that apply to them. In shared arrangements, multiple entities may have regulatory obligations (e.g., each bank in a consortium has its own AML obligations), and the governance framework must accommodate all of them.
• No exit governance. No plan for how the governance allocation changes when an entity exits the arrangement. When Entity B withdraws from the consortium, Entity B's governance responsibilities must be reallocated — if no plan exists, a governance gap emerges.

Industry Considerations

Financial Services. Financial services consortia (particularly in AML, fraud detection, and trade surveillance) must navigate the tension between information sharing and individual regulatory obligations. Each participating firm retains its own regulatory obligations. The governance allocation must ensure that each firm can demonstrate to its own regulator that it maintains adequate controls, even where operations are shared. The FCA's Principles for Business (particularly Principle 3 — management and control) apply to each firm individually.

Healthcare. Multi-provider AI agent deployments (e.g., integrated care systems using shared clinical AI) must address patient data governance under UK GDPR. Joint controller arrangements require a documented arrangement under Article 26 specifying each controller's responsibilities. The governance allocation agreement should incorporate the joint controller arrangement.

Critical Infrastructure. Shared-control arrangements in critical infrastructure (e.g., multi-utility AI for grid management) must address safety governance across entities. Safety accountability must be unambiguous — typically designated to the entity with the safety-critical operations licence.

Maturity Model

Basic Implementation — A governance allocation agreement exists specifying which entity is responsible for each governance function. Kill authority is designated. The agreement is signed by all entities. Governance responsibilities are documented but may not be independently verified. Joint governance exercises have not yet been conducted.

Intermediate Implementation — The governance allocation matrix covers all governance functions with named individuals. Integrated escalation paths are documented and tested. Kill authority is unambiguous with a documented 30-minute conflict resolution mechanism. A shared governance committee meets quarterly. Annual joint governance exercises test cross-entity escalation and incident management. Each entity can independently access governance evidence related to its operations.

Advanced Implementation — All intermediate capabilities plus: a shared governance dashboard provides real-time visibility across entities. Independent kill paths allow entity-specific termination without cross-entity impact. An independent governance observer monitors compliance across the arrangement. Exit governance plans are documented and tested. The arrangement can demonstrate to multiple regulators simultaneously that governance is comprehensive, allocated, and effective.

7. Evidence Requirements

Required artefacts:

• Governance allocation agreement. The signed governance allocation agreement specifying each entity's responsibilities for each governance function. Must be versioned with change history.
• Governance allocation matrix. The detailed matrix mapping governance functions to entities and named individuals. Must be current within 30 days.
• Shared governance committee minutes. Minutes of quarterly (or more frequent) governance committee meetings, documenting decisions, disputes, and action items. Minimum 24 months.
• Joint governance exercise records. Documentation of annual joint governance exercises, including scenario, participants from each entity, response actions, findings, and remediation. Minimum 24 months.
• Kill authority designation and conflict resolution evidence. Documentation of kill authority allocation and any conflict resolution events. Minimum 36 months.
• Independent evidence access verification. Evidence that each entity can independently access governance evidence related to its operations, without requiring another entity's cooperation. Tested annually.

Retention requirements:

• Governance allocation agreements and committee minutes: minimum 7 years for regulated financial services; minimum 5 years for other regulated sectors; minimum 3 years otherwise.

Access requirements:

• Each entity must be able to produce its own governance evidence to its own regulators within 48 hours. Regulators must have the contractual right to access the shared arrangement's governance operations.

8. Test Specification

Testing AG-266 compliance requires verifying both the governance allocation framework and its operational effectiveness across entities.

Test 8.1: Governance Allocation Completeness

• Stimulus: Retrieve the governance allocation matrix. Verify that every governance function is assigned to at least one entity with a named individual.
• Expected behaviour: No governance function is unassigned.
• Pass criteria: 100% of governance functions are allocated to entities with named individuals.
• Fail criteria: Any governance function is unallocated or lacks a named individual.

Test 8.2: Governance Lead Designation

• Stimulus: Verify that a single governance lead entity is designated with primary accountability for regulatory compliance.
• Expected behaviour: One entity is clearly designated as governance lead.
• Pass criteria: A single governance lead is designated, documented, and acknowledged by all entities.
• Fail criteria: No governance lead is designated, or multiple entities claim primary accountability without resolution.

Test 8.3: Kill Authority Unambiguity

• Stimulus: Simulate a scenario where kill invocation is needed. Verify that the designated kill authority can act within 30 minutes without unresolved conflict between entities.
• Expected behaviour: Kill is invoked by the designated authority without cross-entity deadlock.
• Pass criteria: Kill invocation within 30 minutes of decision, with no unresolved entity conflict.
• Fail criteria: Kill decision is delayed beyond 30 minutes due to inter-entity disagreement, or the kill authority designation is ambiguous.

Test 8.4: Cross-Entity Escalation Path

• Stimulus: Simulate an escalation that originates in Entity B's operations and requires action by Entity A's risk team. Verify that the escalation crosses organisational boundaries within defined response times.
• Expected behaviour: The escalation reaches the correct authority in the correct entity within the defined time.
• Pass criteria: Cross-entity escalation completes within the response time defined in the integrated escalation framework.
• Fail criteria: The escalation fails to cross entity boundaries, or the receiving entity is unaware of the escalation path.

Test 8.5: Independent Evidence Access

• Stimulus: Request that each participating entity independently access governance evidence related to its transactions or data within the shared agent, without requesting access from another entity.
• Expected behaviour: Each entity can independently access its own governance evidence.
• Pass criteria: All entities can independently access their evidence within 48 hours.
• Fail criteria: Any entity requires another entity's cooperation to access its own governance evidence.

Test 8.6: Dispute Resolution Mechanism

• Stimulus: Simulate a governance dispute between entities (e.g., disagreement on whether to restrict agent scope). Verify that the dispute resolution mechanism produces a binding outcome within 48 hours.
• Expected behaviour: The resolution mechanism is invoked and produces a binding outcome within 48 hours.
• Pass criteria: Binding resolution within 48 hours with documented decision and rationale.
• Fail criteria: No resolution within 48 hours, or the resolution is not binding on all entities.

Test 8.7: Joint Governance Exercise Evidence

• Stimulus: Request evidence of the most recent annual joint governance exercise. Verify participation from all entities and documented findings.
• Expected behaviour: Exercise evidence exists within the past 12 months with all-entity participation.
• Pass criteria: Exercise within 12 months, all entities participated, findings documented.
• Fail criteria: No exercise within 12 months, or any entity did not participate.

Conformance Scoring

• Score 0: No governance allocation — shared-control arrangements operate without documented responsibility allocation. Each entity assumes the other is handling governance.
• Score 1: Governance allocation is documented but not tested — responsibilities are specified on paper but cross-entity escalation, kill authority, and dispute resolution have not been exercised.
• Score 2: Governance allocation is documented, kill authority is unambiguous, cross-entity escalation paths are tested annually, and dispute resolution mechanisms are functional — the shared governance framework is operational.
• Score 3: Verified by independent assessment — an independent party has tested the shared governance framework, confirmed that governance allocation is effective, and verified that no governance gaps exist at entity boundaries. Independent governance observer is operational.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 28 (Obligations of Deployers)	Supports compliance
EU AI Act	Article 9 (Risk Management System)	Supports compliance
FCA Principles	Principle 3 (Management and Control)	Direct requirement
PRA SS2/21	Third-Party Risk Management	Supports compliance
DORA	Article 28 (Register of Information)	Supports compliance
UK GDPR	Article 26 (Joint Controllers)	Direct requirement
NIST AI RMF	GOVERN 1.6 (Third-Party Risks)	Supports compliance
ISO 42001	Clause 4.2 (Interested Parties)	Supports compliance
Basel Committee	Principle 10 (Business Continuity Management)	Supports compliance

FCA Principles — Principle 3 (Management and Control)

Principle 3 requires that "a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems." In a shared-control arrangement, each regulated firm must independently satisfy Principle 3. AG-266 ensures that the governance allocation is explicit enough for each firm to demonstrate that it maintains adequate management and control over the shared agent's impact on its own operations and regulatory obligations.

UK GDPR — Article 26 (Joint Controllers)

Where multiple entities jointly determine the purposes and means of processing personal data through a shared AI agent, they are joint controllers under Article 26. The Article requires a transparent arrangement specifying each controller's responsibilities for compliance, including data subject rights and information obligations. AG-266's governance allocation agreement should incorporate the Article 26 arrangement for data governance responsibilities.

10. Failure Severity

Field	Value
Severity Rating	High
Blast Radius	Multi-organisational — governance failures affect all entities in the shared arrangement

Consequence chain: Without explicit governance allocation, shared-control arrangements create ambiguity that manifests as inaction during incidents and gaps during audits. Each entity assumes the other is responsible, and when neither acts, the consequences compound. During incidents, ambiguous kill authority creates deadlock — the agent continues operating while entities debate who has the authority to stop it. During regulatory reviews, each entity points to the other, and the regulator fines both (or all). The regulatory consequence is amplified in shared arrangements because multiple regulators may be involved (each entity's regulator), creating the potential for inconsistent regulatory expectations and multiplied enforcement actions. The financial consequence includes regulatory fines across all entities, remediation costs (typically including mandatory restructuring of the governance framework), and potential dissolution of the shared arrangement.

Cross-references: This dimension extends AG-265 (Outsourced Operator Accountability Governance) from a bilateral outsourcing scenario to a multi-party shared-control scenario; AG-259 (Role-Segregated Control Ownership Governance) which must be applied within the governance allocation to ensure role segregation across entities; AG-261 (Escalation Authority Governance) which must be integrated across entities; AG-262 (Kill Authority Designation Governance) which must be unambiguously allocated; AG-267 (Incident Commander Assignment Governance) which must define command structures for cross-entity incidents; and AG-157 (External Conformance Assessment) which may be required to provide independent assurance over the shared governance framework.