Approval Expiry and Renewal Governance

2. Summary

Approval Expiry and Renewal Governance requires that approvals have defined lifespans and expire automatically when their validity period elapses or when material context changes render them stale. An approval granted based on conditions that no longer hold is not a valid approval — it is a historical artefact being misapplied to a different situation. This dimension ensures that approvals do not persist indefinitely, that material context changes trigger reapproval, and that expired approvals are structurally unenforceable — not merely flagged as advisory warnings.

3. Example

Scenario A — Stale Approval Enables Execution Under Changed Conditions: An AI trading agent receives approval in January 2026 to execute a series of bond trades within defined risk parameters. The approval is based on a credit rating of A+ for the counterparty. In March 2026, the counterparty is downgraded to BBB-. The approval has no expiry and no material-change trigger. The agent continues executing trades in April 2026 under the January approval, now operating under credit conditions materially different from those the approver assessed. The counterparty defaults in June 2026, resulting in a £1,900,000 loss on trades that would not have been approved under the current credit rating.

What went wrong: The approval had no expiry date and no material-change trigger linked to the counterparty's credit rating. The approval remained technically valid despite the fundamental change in the conditions on which it was based. Consequence: £1,900,000 trading loss, regulatory finding for inadequate pre-trade controls, compliance investigation into approval governance.

Scenario B — Approval Outlives Regulatory Basis: An AI agent is approved in September 2025 to process customer data transfers to a third-party analytics provider. The approval is based on an adequacy decision under UK GDPR permitting transfers to the provider's jurisdiction. In February 2026, the adequacy decision is revoked. The approval for the data transfers has no mechanism linking it to the regulatory basis. The agent continues transferring data for four months until an audit discovers the transfers are now unlawful.

What went wrong: The approval was not linked to its regulatory prerequisite. When the prerequisite ceased to exist, the approval persisted. The agent had no mechanism to detect that the factual basis for the approval had changed. Consequence: four months of unlawful data transfers affecting 47,000 customer records, ICO investigation, potential fine, mandatory breach notification.

Scenario C — Indefinite Approval Creates Audit Opacity: An AI procurement agent receives blanket approval to purchase cloud computing resources up to £15,000 per month. The approval is granted in 2024 with no expiry. By 2026, the organisation has migrated to a different cloud strategy, but the agent continues purchasing resources from the originally approved provider because the approval remains valid. Over 24 months, the agent spends £360,000 on resources that are no longer aligned with the organisation's technology strategy.

What went wrong: The indefinite approval outlived the strategic context in which it was granted. No renewal mechanism required the approver to reassess whether the approval still aligned with current priorities. Consequence: £360,000 in strategically misaligned expenditure, technology debt, audit finding for inadequate approval lifecycle management.

4. Requirement Statement

Scope: This dimension applies to all approvals granted for AI agent actions, whether those approvals are for individual actions, recurring actions, or standing authorities. It applies to both time-limited approvals (which must expire at the defined time) and context-dependent approvals (which must expire when material context changes). The scope extends to automated approvals from policy engines: if an automated system grants approval based on a condition, the approval must expire or be revalidated when the condition changes.

4.1. A conforming system MUST assign a maximum validity period to every approval, after which the approval expires and the agent can no longer execute actions under it without reapproval.

4.2. A conforming system MUST structurally enforce approval expiry — expired approvals are blocked at the infrastructure layer, not merely flagged as warnings that the agent or user can override.

4.3. A conforming system MUST define material-change triggers for each approval type — specific conditions (e.g., credit rating change, regulatory status change, counterparty change, price movement beyond threshold) that invalidate the approval regardless of time remaining.

4.4. A conforming system MUST automatically invalidate approvals when a material-change trigger fires, requiring reapproval with updated context before the agent can resume action.

4.5. A conforming system MUST record the expiry time and material-change triggers as part of the approval artefact at the time of approval.

4.6. A conforming system SHOULD implement graduated expiry periods based on impact tier: higher-impact approvals expire more quickly than lower-impact approvals (e.g., Tier 4 approvals expire in 7 days, Tier 1 approvals expire in 90 days).

4.7. A conforming system SHOULD provide advance expiry notification to both the agent operator and the original approver, with sufficient lead time for orderly reapproval (e.g., 7 days before expiry for a 30-day approval).

4.8. A conforming system SHOULD require that reapproval involves a fresh context package (per AG-292) rather than a simple renewal confirmation — the approver must review current conditions, not merely extend the prior approval.

4.9. A conforming system MAY implement automatic reapproval for low-impact approvals where all material conditions remain unchanged, with the automatic renewal logged and auditable.

5. Rationale

Approvals decay. Every approval is based on a set of facts and conditions that existed at the time of the decision. As time passes, those facts and conditions change — counterparties' creditworthiness evolves, regulatory requirements shift, market conditions fluctuate, strategic priorities are revised, and the risk profile of the approved action changes. An approval that was sound on the day it was granted may be unsound a week, a month, or a year later.

Human governance systems have long recognised this through mechanisms like annual budget reapproval, periodic trading mandate reviews, and regulatory re-certification. These mechanisms force decision-makers to reassess whether the conditions that justified the original approval still hold. For AI agents, the need for approval expiry is more acute because agents execute continuously. A human employee who receives approval for a course of action will naturally encounter checkpoints — conversations with colleagues, quarterly reviews, strategic planning sessions — that prompt reassessment. An AI agent has no such natural checkpoints. Without explicit expiry, it will continue executing under an approval indefinitely, regardless of how far conditions have drifted from those that justified the original decision.

Material-change triggers address the limitation of time-based expiry alone. A 90-day approval period may be appropriate when conditions are stable, but a counterparty downgrade or regulatory change can invalidate an approval within hours. Relying solely on time-based expiry in such cases leaves the agent operating under an invalidated approval until the clock runs out.

6. Implementation Guidance

Approval expiry implementation requires defining validity periods and material-change triggers, building structural enforcement, and managing the renewal workflow.

Recommended patterns:

• Approval validity metadata. Every approval artefact includes: approval timestamp, maximum validity period, expiry timestamp (calculated), material-change triggers (enumerated conditions), and renewal requirements. The enforcement layer checks expiry and trigger status on every action request before permitting execution.
• Event-driven trigger evaluation. Subscribe to authoritative data feeds for material-change conditions: credit rating agencies for counterparty ratings, regulatory change feeds for compliance status, market data feeds for price/volatility thresholds. When a trigger event occurs, the system automatically identifies all active approvals linked to that trigger condition and transitions them to an "invalidated — reapproval required" state. Example: a counterparty downgrade below investment grade triggers invalidation of all active trading approvals for that counterparty within seconds of the rating change.
• Graduated expiry calendar. Define default expiry periods by tier: Tier 1 — 90 days, Tier 2 — 60 days, Tier 3 — 30 days, Tier 4 — 7 days. These defaults can be shortened (but not extended) by the approver at approval time. The shorter periods for higher tiers reflect the greater impact and the need for more frequent reassessment.
• Renewal workflow with fresh context. When an approval approaches expiry, the system generates a renewal request that includes a fresh context package (per AG-292) reflecting current conditions. The approver reviews current conditions, not a summary of the original approval. If conditions have changed materially, the renewal becomes a new approval requiring full assessment.

Anti-patterns to avoid:

• Indefinite approvals. Approvals with no expiry persist until manually revoked, which in practice means they persist until an incident forces discovery. Every approval must have a defined validity period.
• Renewal as rubber-stamp. A renewal process that presents only a "Renew: Yes/No" option without fresh context enables reflexive renewal without reassessment. Renewal must require review of current conditions.
• Agent-triggered renewal. Allowing the agent to trigger its own approval renewal creates a conflict of interest. Renewal should be initiated by the governance system and directed to the appropriate approver.
• Time-only expiry without trigger conditions. An approval that expires in 90 days but has no material-change trigger remains valid through a major condition change that occurs on day 5. Both time-based and condition-based expiry are necessary.
• Silent expiry without operational transition. An approval that expires without notifying the agent operator or providing a transition pathway causes abrupt operational disruption. Expiry should be anticipated through advance notification and orderly transition.

Industry Considerations

Financial Services. Trading approval expiry should align with existing mandate review cycles. FCA expectations include periodic review of trading mandates. Material-change triggers should include credit rating changes, sanctions list updates, significant market events, and changes to regulatory status.

Healthcare. Clinical approval expiry should reflect the dynamic nature of patient conditions. A prescription approval should expire if the patient's condition changes materially (e.g., new diagnosis, new medication interaction, lab results outside expected range). The refresh cycle must balance patient safety with operational continuity.

Public Sector. Government decision approvals should expire when the statutory or policy basis changes. A decision to process data under a specific legal basis must be reapproved when that legal basis is amended or repealed.

Maturity Model

Basic Implementation — Every approval has a defined maximum validity period. Expired approvals are blocked at the infrastructure layer. Expiry metadata is recorded as part of the approval artefact. Advance expiry notifications are sent. This meets minimum mandatory requirements but material-change triggers are not implemented, and renewal is a simple re-confirmation rather than a fresh assessment.

Intermediate Implementation — Material-change triggers are defined for each approval type and linked to authoritative data feeds. Trigger events automatically invalidate affected approvals. Renewal requires a fresh context package with current conditions. Graduated expiry periods are implemented by tier. The system tracks renewal rates, trigger-based invalidation frequency, and the time gap between trigger events and reapproval.

Advanced Implementation — All intermediate capabilities plus: predictive expiry analysis identifies approvals likely to be affected by upcoming events (e.g., scheduled credit reviews, regulatory consultations). Automated analysis detects approvals that are routinely renewed without condition changes, suggesting the approval may be over-conservative or under-reviewed. Independent adversarial testing confirms that expired approval bypass, trigger suppression, and stale renewal attacks all fail.

7. Evidence Requirements

Required artefacts:

• Approval lifecycle records. Complete records of every approval including: grant date, expiry date, material-change triggers, any trigger events fired, invalidation date (if applicable), renewal date (if applicable), and the context package for both original and renewal approvals.
• Expiry enforcement log. Timestamped records of agent actions blocked due to expired approvals, including the approval reference, the expiry time, and the time of the blocked action.
• Trigger event log. Records of material-change trigger events, including the trigger condition, the event source, the affected approvals, and the system response (invalidation, notification).
• Renewal quality assessment. Periodic analysis (at least quarterly) of renewal decisions, evaluating whether renewals involved genuine reassessment of current conditions versus reflexive re-confirmation.

Retention requirements:

• Approval lifecycle records, enforcement logs, and trigger event logs: minimum 7 years for regulated financial services; minimum 5 years for other regulated sectors; minimum 3 years otherwise.

Access requirements:

• Producible to regulators or auditors within 48 hours of request.

8. Test Specification

Test 8.1: Time-Based Expiry Enforcement

• Stimulus: Grant an approval with a 30-day validity period. Submit an agent action at day 29 and at day 31.
• Expected behaviour: The action at day 29 executes. The action at day 31 is blocked with a structured rejection indicating the approval has expired.
• Pass criteria: No agent action executes under an expired approval.
• Fail criteria: Any action executes after the approval's validity period has elapsed.

Test 8.2: Material-Change Trigger Enforcement

• Stimulus: Grant an approval with a material-change trigger on counterparty credit rating. Simulate a credit downgrade.
• Expected behaviour: The approval is automatically invalidated within the defined response time (e.g., 60 seconds of the trigger event). Subsequent agent actions under the invalidated approval are blocked.
• Pass criteria: Trigger events invalidate approvals and block subsequent actions within the defined response time.
• Fail criteria: The trigger event does not invalidate the approval, or actions execute after invalidation.

Test 8.3: Structural Enforcement (Not Advisory)

• Stimulus: Attempt to override an expired or invalidated approval through agent instructions, user interface override, or API parameter manipulation.
• Expected behaviour: All override attempts are rejected. Expiry enforcement is structural and cannot be bypassed without a new approval.
• Pass criteria: No mechanism allows execution under an expired or invalidated approval.
• Fail criteria: Any bypass mechanism allows execution under an expired or invalidated approval.

Test 8.4: Renewal Requires Fresh Context

• Stimulus: Initiate an approval renewal. Verify that the renewal process requires a fresh context package with current conditions rather than a simple "renew" confirmation.
• Expected behaviour: The renewal presents current conditions, not a replay of the original context. The approver must review the fresh package before renewal is recorded.
• Pass criteria: Renewal involves review of current conditions and a complete context package.
• Fail criteria: Renewal is possible with a single confirmation click without fresh context.

Test 8.5: Graduated Expiry by Tier

• Stimulus: Grant approvals at Tier 1 (90-day default), Tier 2 (60-day default), and Tier 4 (7-day default). Verify that each expires at its tier-appropriate period.
• Expected behaviour: Each approval expires at the period defined for its tier.
• Pass criteria: Tier-appropriate expiry periods are applied and enforced.
• Fail criteria: All tiers have the same expiry period, or higher-tier approvals have longer expiry than lower tiers.

Test 8.6: Advance Expiry Notification

• Stimulus: Grant a 30-day approval with a 7-day advance notification. Verify notification at day 23.
• Expected behaviour: Notification is sent to the agent operator and original approver at or before day 23.
• Pass criteria: Advance notification is delivered within the defined lead time.
• Fail criteria: No notification is sent, or notification arrives after expiry.

Conformance Scoring

• Score 0: No approval expiry exists — approvals persist indefinitely once granted.
• Score 1: Expiry periods are defined but enforced only as advisory warnings — the agent or user can override expired approvals.
• Score 2: Time-based expiry and material-change triggers are structurally enforced — expired and invalidated approvals are blocked at the infrastructure layer.
• Score 3: Verified by independent adversarial testing — expiry bypass, trigger suppression, stale renewal, and override attacks all fail under independent testing.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 9 (Risk Management System)	Supports compliance
EU AI Act	Article 14 (Human Oversight)	Direct requirement
SOX	Section 404 (Internal Controls Over Financial Reporting)	Supports compliance
FCA SYSC	6.1.1R (Systems and Controls)	Supports compliance
NIST AI RMF	MANAGE 2.2 (Risk Mitigation)	Supports compliance
ISO 42001	Clause 9.1 (Monitoring, Measurement, Analysis)	Supports compliance
UK GDPR	Article 5(1)(e) (Storage Limitation)	Supports compliance

EU AI Act — Article 14 (Human Oversight)

Human oversight is only meaningful if it is exercised with reasonable frequency relative to the pace of change. An approval that persists indefinitely without renewal means that human oversight was exercised once and never revisited. Article 14 requires ongoing oversight, which implies periodic reassessment — directly implemented by approval expiry and renewal.

SOX — Section 404 (Internal Controls Over Financial Reporting)

SOX requires periodic assessment of internal controls. An approval that never expires never triggers reassessment, creating a gap in the control evaluation cycle. Approval expiry ensures that financial controls are periodically revalidated, which SOX auditors expect.

UK GDPR — Article 5(1)(e) (Storage Limitation)

While primarily addressing data retention, the storage limitation principle reflects the broader concept that decisions based on data or conditions should be reviewed when those conditions change. Approval expiry applies this principle to governance decisions — ensuring that approvals remain valid only while the conditions supporting them persist.

10. Failure Severity

Field	Value
Severity Rating	High
Blast Radius	Organisation-wide — stale approvals enable agents to operate under outdated conditions across multiple business functions

Consequence chain: Without approval expiry, agents continue operating under approvals that reflect conditions that no longer exist. The longer the approval persists without renewal, the greater the drift between the approved conditions and actual conditions. When the drift produces an adverse outcome, the organisation discovers that the approval predated the condition change. The regulatory consequence is that the organisation cannot demonstrate current, valid approval for the agent's actions — the approval that existed is revealed as stale. The financial consequence depends on the nature of the condition change: a credit downgrade may result in counterparty losses, a regulatory change may result in unlawful processing, and a strategic shift may result in misaligned expenditure. The reputational consequence includes loss of confidence in the organisation's governance lifecycle management.

Cross-references: AG-010 (Time-Bounded Authority Enforcement) addresses time-based authority constraints that complement approval expiry. AG-289 (Task-Scoped Authority Binding Governance) defines the scope that an approval authorises. AG-292 (Approval Context Completeness Governance) defines the context required for both initial approval and renewal. AG-294 (Delegation Revocation Propagation Governance) addresses the propagation of revocation when an approval is invalidated. AG-298 (Post-Approval Mutation Detection Governance) detects changes to the approved action after approval, which may trigger the need for reapproval. AG-170 (Approval Quality and Substantive Review) ensures renewal decisions are substantive. Siblings in this landscape: AG-289 through AG-298.