Consumer Disclosure Timing Governance

2. Summary

Consumer Disclosure Timing Governance requires that every AI agent engaged in consumer-facing transactions, recommendations, or advisory interactions delivers material disclosures — information that would reasonably influence a consumer's decision — early enough in the interaction to genuinely affect the consumer's choice. The dimension addresses the specific harm caused when disclosures are technically present but practically useless because they arrive after the consumer has already committed psychologically, financially, or procedurally to a course of action. A conforming system must identify all material disclosure obligations applicable to the interaction, deliver each disclosure at or before the decision point it is meant to inform, verify that the disclosure was presented before any binding commitment is accepted, and provide evidence that the timing was sufficient to permit genuine consumer deliberation.

3. Example

Scenario A — Fee Disclosure After Psychological Commitment: A travel insurance AI agent guides a consumer through a 12-minute purchase flow for annual multi-trip cover. The agent collects personal details, travel history, medical declarations, and destination preferences. At the end of the flow, the agent presents a quoted premium of £189.00 and asks the consumer to confirm purchase. Only after the consumer clicks "Confirm" does a secondary screen reveal a £35 administration fee for mid-term policy changes and a £75 cancellation fee — fees that apply if the consumer's travel plans change during the policy year. The consumer, having invested 12 minutes of effort and disclosed personal medical information, proceeds despite the fees. Across the provider's portfolio, 73% of consumers who reach the confirmation stage complete the purchase — but post-purchase complaint data shows that 34% of cancellation-fee complaints cite "I didn't know about the fee until after I'd already committed." The regulator identifies 28,000 affected consumers over 14 months, resulting in a £6.2 million redress programme requiring the provider to refund all cancellation fees collected from consumers who were not informed before the confirmation stage.

What went wrong: The material disclosure (fees that would affect the consumer's willingness to purchase) was delivered after the consumer had already invested significant time, disclosed sensitive personal information, and psychologically committed to the purchase. The disclosure was technically present — it appeared in the flow — but its timing rendered it ineffective as an influence on consumer choice. The agent's flow was designed to maximise conversion by deferring friction-generating disclosures until after commitment, whether intentionally or through poor design.

Scenario B — Interest Rate Disclosure Buried in Post-Approval Confirmation: A lending AI agent processes a consumer's application for a personal loan of £8,500. The agent collects income details, employment history, and existing financial commitments over a 15-minute interaction. The agent then presents an approval message: "Great news — you've been approved for £8,500." The consumer expresses satisfaction. In the next message, the agent discloses the interest rate: 24.9% APR variable, with a total cost of credit of £4,237 over the 5-year term. The consumer has already experienced the emotional reward of approval. Research on decision-making demonstrates that post-approval disclosure exploits the "endowment effect" — the consumer now mentally possesses the loan and evaluates the interest rate as a cost of keeping something they already have, rather than as a factor in whether to acquire it. The consumer accepts the loan. Seven months later, the consumer falls into arrears when the variable rate increases to 29.4%. A regulatory investigation determines that 41% of borrowers who accepted loans at rates above 20% APR were not shown the APR before the approval notification. The regulator mandates a £3.8 million remediation programme.

What went wrong: The interest rate — the single most material piece of information for a borrowing decision — was disclosed after the approval notification. The agent's flow created a two-stage psychological process: first, the reward of approval; second, the cost. This sequencing exploits cognitive bias rather than enabling informed choice. A consumer who sees "24.9% APR" before "You've been approved" makes a fundamentally different decision than a consumer who sees the approval first.

Scenario C — Jurisdiction-Specific Disclosure Timing Failure in Cross-Border Transaction: An e-commerce AI agent serves consumers across the EU, UK, and US. The agent assists a German consumer purchasing a subscription service priced in euros. Under EU consumer protection law (Consumer Rights Directive, Article 6), the consumer must be informed of the total price including all taxes before concluding the contract. The agent presents the subscription as "€14.99/month" throughout the 8-minute interaction. Only at the payment confirmation stage does the agent reveal: "Total including VAT: €17.84/month. Minimum term: 12 months. Total minimum commitment: €214.08." The VAT-inclusive price and the minimum term commitment — both material disclosures under EU law — were withheld until the final step. The German consumer protection authority identifies the practice as a violation of pre-contractual information requirements. The agent's identical flow is deployed across 11 EU member states, exposing the organisation to enforcement action in each jurisdiction. Total regulatory penalties and remediation costs across affected jurisdictions reach €4.1 million.

What went wrong: The agent's disclosure timing was designed for a single jurisdiction (US, where pre-contractual disclosure requirements are less prescriptive) and deployed across jurisdictions with stricter timing requirements. The EU Consumer Rights Directive requires specific disclosures before the consumer is bound by the contract — not at the moment of binding, but before it. The agent's flow met no jurisdiction's standard for timely disclosure of the total price and commitment period.

4. Requirement Statement

Scope: This dimension applies to every AI agent deployment where the agent interacts with consumers in a context that involves purchasing decisions, contractual commitments, financial transactions, subscription enrolments, or any other interaction where material information could influence the consumer's choice. "Material disclosure" is defined as any information that a reasonable consumer would consider important in making the decision the interaction is designed to facilitate, including but not limited to: price and total cost, fees and charges, contractual terms and minimum commitments, cancellation rights and associated costs, interest rates and cost of credit, risk warnings, eligibility conditions, limitations on the product or service, and the identity and nature of the contracting party. The scope includes all channels (chat, voice, email, messaging, web-guided flows) and all jurisdictions in which the agent operates. Agents that provide only informational content with no transactional, advisory, or commitment-related component are out of scope. The dimension applies regardless of whether the disclosure obligation arises from regulation, contract, or the organisation's own fair-dealing commitments.

4.1. A conforming system MUST maintain a disclosure inventory — a structured register of all material disclosures applicable to each interaction type, including the regulatory or policy source of the obligation, the content of the disclosure, and the latest permissible point in the interaction at which the disclosure must be delivered.

4.2. A conforming system MUST deliver every material disclosure at or before the decision point it is intended to inform, defined as the point in the interaction where the consumer makes or confirms a choice that the disclosure would reasonably influence. No material disclosure may be delivered for the first time after the consumer has indicated acceptance, confirmation, or commitment.

4.3. A conforming system MUST present price-related disclosures — including total price, all mandatory fees, taxes, interest rates, and total cost of credit — before the consumer is asked to confirm a purchase, subscription, or financial commitment. The price shown at the point of commitment MUST include all known charges; no additional charges may be revealed after the commitment point.

4.4. A conforming system MUST present contractual commitment disclosures — including minimum terms, auto-renewal conditions, cancellation procedures, and cancellation costs — before the consumer is asked to enter into the contract. These disclosures MUST be presented as part of the decision flow, not as a separate terms-and-conditions document that the consumer must independently access.

4.5. A conforming system MUST implement a disclosure verification checkpoint — an automated validation that confirms all required disclosures for the interaction type have been delivered before the system permits the consumer to proceed to the commitment stage. If any required disclosure has not been delivered, the system MUST block progression and deliver the missing disclosure before proceeding.

4.6. A conforming system MUST adapt disclosure timing to the jurisdiction of the consumer, applying the most stringent timing requirement when multiple jurisdictions apply. The system MUST maintain a jurisdiction-disclosure mapping that identifies timing requirements per jurisdiction for each disclosure type.

4.7. A conforming system MUST log the timestamp of every material disclosure delivery and the timestamp of every consumer commitment action, creating an auditable record that demonstrates each disclosure preceded the commitment it was intended to inform.

4.8. A conforming system SHOULD present material disclosures with sufficient separation from the commitment action to permit genuine deliberation — disclosures presented in the same message as a "Confirm" prompt, where the consumer must process the disclosure and respond in a single action, do not provide meaningful deliberation opportunity.

4.9. A conforming system SHOULD implement disclosure comprehension signals — mechanisms that detect whether the consumer has had the opportunity to process the disclosure before proceeding, such as minimum time between disclosure delivery and commitment acceptance, or explicit acknowledgement of key terms.

4.10. A conforming system MAY implement adaptive disclosure emphasis — varying the presentation prominence of disclosures based on their materiality to the specific consumer (e.g., emphasising the cancellation fee more prominently for a consumer whose browsing pattern suggests they are comparing short-term options).

5. Rationale

Disclosure timing is the difference between informed consent and manufactured consent. A disclosure that arrives after the consumer has psychologically committed to a decision serves the organisation's compliance record but not the consumer's decision-making. The legal and ethical purpose of disclosure is to enable informed choice — and informed choice requires that the information is available when the choice is being made, not after.

Behavioural economics provides the analytical framework for understanding why timing matters. The sunk cost effect means that consumers who have invested time and effort in an interaction are less likely to abandon it when unfavourable information is revealed late. The endowment effect means that consumers who have been told they are "approved" or "eligible" mentally possess the product before they fully understand its terms. Loss aversion means that once a consumer perceives they have something (an approved loan, a selected insurance policy, a chosen subscription), the disclosure of costs feels like a loss rather than a pre-acquisition consideration. These are not edge cases in consumer psychology — they are well-documented, replicable effects that systematically bias decisions when disclosures are timed to exploit them.

AI agents introduce a specific timing risk that does not exist in static web forms or printed documents. An AI agent controls the conversational flow dynamically. It decides what information to present, in what order, and at what point. A static web page with a poorly ordered form is a design error; an AI agent that guides a consumer through 12 minutes of data collection before revealing a material fee is an active sequencing decision. Whether the sequencing is intentional (designed to maximise conversion) or accidental (the disclosure was not mapped to a decision point), the consumer impact is identical.

The cross-border dimension adds regulatory complexity. The EU Consumer Rights Directive (Articles 6-8), the UK Consumer Contracts Regulations 2013, the US FTC Act Section 5, and numerous other national frameworks impose disclosure timing requirements — but the requirements differ. The EU requires specific pre-contractual information before the consumer is bound. The UK mirrors the EU requirement but with post-Brexit divergence in some areas. The US relies more heavily on prohibiting unfair and deceptive acts and practices, which is determined case-by-case. An AI agent operating across jurisdictions must meet the strictest applicable standard, which in practice means meeting the EU standard for EU consumers and at minimum the FTC standard for US consumers. Deploying a single disclosure flow across all jurisdictions — as in Scenario C — creates compliance risk in every jurisdiction whose standard is not met.

The regulatory trend is toward stricter timing requirements, not weaker ones. The FCA's Consumer Duty introduced the concept of the "support outcome" and the "understanding outcome" — both of which require that consumers receive information they need at the time they need it. The EU Digital Services Act and the proposed AI Act both address transparency in automated interactions. Organisations that build disclosure flows optimised for current minimum requirements will face retrofitting costs as requirements tighten. AG-504's requirements are calibrated to meet current regulatory standards while anticipating the direction of regulatory travel.

The commercial argument for timely disclosure is also strong. Post-commitment disclosure breeds consumer regret, complaint escalation, and cancellation — all of which cost more than the conversion uplift gained by deferring disclosure. The travel insurance provider in Scenario A gained short-term conversion from late fee disclosure but lost £6.2 million in redress. The lender in Scenario B gained loan acceptance but faced £3.8 million in remediation. Timely disclosure reduces regret-driven complaints, improves retention, and builds the trust that drives lifetime customer value.

6. Implementation Guidance

Consumer Disclosure Timing Governance requires a systematic approach: identify all disclosures, map them to decision points, enforce delivery before commitment, and verify compliance through automated checkpoints. The core engineering challenge is not presenting information — it is ensuring that the presentation precedes the decision by a margin sufficient for genuine deliberation.

Recommended patterns:

• Disclosure inventory as a first-class data structure. Maintain the disclosure inventory as a structured, machine-readable artefact — not embedded in conversation templates or scattered across flow configurations. Each disclosure entry should include: a unique identifier, the disclosure content, the regulatory source, the applicable jurisdictions, the interaction types to which it applies, the latest permissible delivery point (expressed as a flow stage, not a timestamp), and the decision it is intended to inform. This structure enables automated verification: before any commitment action is permitted, the system queries the inventory for all disclosures applicable to the current interaction type and jurisdiction, and verifies that each has been delivered.
• Decision-point mapping with enforcement gates. For each interaction flow, identify every point where the consumer makes a choice or commitment. Map each material disclosure to the decision point it must precede. Implement enforcement gates — programmatic checkpoints that block progression past a decision point until all mapped disclosures have been verified as delivered. The gate is not advisory; it is a hard block. If the disclosure inventory says "cancellation fee must be disclosed before purchase confirmation" and the cancellation fee has not been disclosed, the system cannot present the confirmation prompt.
• Early disclosure with reinforcement rather than late disclosure. Present material disclosures at the earliest natural point in the interaction, then reinforce them at the decision point. A travel insurance agent should present the cancellation fee during the product description phase ("This policy includes a £75 cancellation fee if you cancel mid-term") and reinforce it at the purchase confirmation ("Your annual premium is £189.00. Reminder: a £75 cancellation fee applies to mid-term cancellations. Confirm purchase?"). Early presentation gives the consumer time to deliberate; reinforcement at the decision point ensures salience.
• Jurisdiction-aware flow adaptation. Implement jurisdiction detection at the start of every consumer interaction and load the applicable disclosure timing requirements. Where the consumer's jurisdiction imposes stricter timing than the default flow, adapt the flow — do not rely on a single global flow with optional jurisdiction patches. For EU consumers, this means delivering all Article 6 pre-contractual information before the "order with obligation to pay" stage. For UK consumers, this means meeting the Consumer Contracts Regulations 2013 requirements. The jurisdiction-disclosure mapping should be maintained as a governed artefact, updated when regulations change.
• Deliberation gap enforcement. Implement a minimum separation between the delivery of a material disclosure and the acceptance of the commitment it informs. The separation can be measured in interaction turns (at least one full exchange between disclosure and commitment), time (minimum 30 seconds between disclosure delivery and commitment acceptance in synchronous channels), or explicit acknowledgement (the consumer must acknowledge the disclosure in a separate action before the commitment prompt appears). The deliberation gap prevents the "disclosure and confirm in the same breath" pattern where the consumer is presented with material information and a confirmation button simultaneously.

Anti-patterns to avoid:

• Drip-feed disclosure. Revealing material terms incrementally across many interactions, so that no single disclosure feels material but the cumulative effect is that the consumer commits without understanding the full picture. A subscription agent that mentions the monthly price in exchange 2, the annual commitment in exchange 5, the auto-renewal in exchange 8, and the cancellation fee in exchange 11 has technically disclosed each term but has not enabled an informed decision because the consumer never sees the complete picture at any single point.
• Disclosure-at-commitment bundling. Presenting all material disclosures for the first time in the same message as the commitment prompt. Even if every disclosure is present, the consumer is overwhelmed by volume and anchored by the commitment action. The disclosures become a wall of text that the consumer scrolls past to reach the "Confirm" button.
• Terms-and-conditions delegation. Presenting a link to terms and conditions as a substitute for in-flow disclosure of material terms. Linking to a separate document satisfies a document-availability requirement but does not satisfy a disclosure timing requirement. Material terms must be presented within the conversational flow, not behind a link that fewer than 3% of consumers follow.
• Jurisdiction-blind deployment. Deploying a single disclosure flow across all jurisdictions without adapting timing to local requirements. This creates compliance risk in every jurisdiction whose standard exceeds the flow's default timing. The cost of jurisdiction-specific adaptation is trivial compared to the cost of multi-jurisdiction enforcement (Scenario C: €4.1 million).
• Post-approval disclosure of material terms. Presenting an approval, acceptance, or eligibility notification before disclosing the terms of what has been approved. The "Great news — you've been approved" pattern in Scenario B exploits the endowment effect. Material terms must be disclosed before or simultaneously with the approval notification, never after.

Industry Considerations

Financial Services. Financial services disclosure timing is heavily regulated across all jurisdictions. The FCA's Conduct of Business Sourcebook (COBS) specifies pre-contractual disclosure requirements for insurance, lending, investments, and deposits. The Consumer Credit Act 1974 (as amended) requires specific pre-agreement disclosures including APR. The Payment Services Regulations 2017 require pre-contractual information about fees and charges. AI agents in financial services must implement disclosure verification checkpoints that are mapped to these specific regulatory requirements, not generic timing rules. The consequences of timing failures in financial services are among the most severe: regulatory enforcement, redress programmes, and s.166 skilled person reviews.

E-Commerce and Retail. The EU Consumer Rights Directive Article 8(2) requires that, for contracts concluded by electronic means involving an obligation to pay, the trader must make the consumer aware of specified information "directly before the consumer places his order." This is a precise timing requirement: "directly before," not "at some point during the flow." AI agents guiding consumers through e-commerce purchases must deliver price, delivery charges, minimum contract duration, and cancellation rights at the pre-order stage. The "order" button must be labelled with an indication that placing the order entails an obligation to pay.

Insurance. Insurance Product Information Documents (IPIDs) must be provided before the conclusion of the insurance contract under the Insurance Distribution Directive. AI agents selling insurance must present the IPID or its material contents before the purchase confirmation, not after. Key exclusions and limitations must be disclosed in the flow, not buried in policy documents. The travel insurance scenario in Scenario A is a common pattern in insurance distribution that regulators across Europe actively monitor.

Subscription Services. Auto-renewal terms and cancellation procedures are among the most frequently litigated disclosure timing issues. The FTC has brought enforcement actions against subscription services that bury auto-renewal disclosures in post-commitment confirmations. The EU Omnibus Directive strengthened consumer rights around subscription transparency. AI agents managing subscription enrolments must disclose auto-renewal terms, cancellation procedures, and minimum commitment periods before the subscription is confirmed.

Maturity Model

Basic Implementation — The organisation maintains a disclosure inventory listing all material disclosures applicable to each interaction type. Disclosure verification checkpoints confirm that all required disclosures have been delivered before the commitment stage. Price-related disclosures include all known charges at the point of commitment. Disclosure delivery and commitment action timestamps are logged. Jurisdiction-specific requirements are documented and applied. This level meets the minimum mandatory requirements of 4.1 through 4.7.

Intermediate Implementation — All basic capabilities plus: disclosures are presented with a deliberation gap — at least one exchange or a minimum time interval separates disclosure delivery from the commitment prompt. Disclosure comprehension signals (explicit acknowledgement of key terms, minimum processing time) are monitored. The disclosure inventory is a machine-readable artefact integrated into the agent's flow engine. Cross-jurisdiction flows are automatically adapted based on consumer jurisdiction detection. Disclosure timing compliance is monitored across the portfolio with automated exception reporting.

Advanced Implementation — All intermediate capabilities plus: adaptive disclosure emphasis varies presentation prominence based on materiality to the specific consumer and interaction context. A/B testing of disclosure timing and presentation is conducted within compliant bounds to optimise both comprehension and conversion. The organisation can demonstrate through consumer research that its disclosure timing produces informed consent — consumers who complete transactions can recall material terms at rates consistent with genuine comprehension. Real-time dashboards monitor disclosure timing compliance, deliberation gap metrics, and post-commitment complaint rates across all agent deployments and jurisdictions.

7. Evidence Requirements

Required artefacts:

• Disclosure inventory. The structured register of all material disclosures with regulatory sources, applicable interaction types, jurisdictions, and latest permissible delivery points.
• Decision-point mapping. Documentation showing each consumer decision point in every interaction flow and the disclosures mapped to each decision point.
• Disclosure verification checkpoint specification. Technical documentation of the enforcement gate mechanism that blocks commitment until all required disclosures are verified as delivered.
• Jurisdiction-disclosure mapping. The mapping of jurisdiction-specific timing requirements to each disclosure type, with regulatory source references and last-reviewed dates.
• Disclosure timing logs. Timestamped records of every disclosure delivery and every commitment action, demonstrating that each disclosure preceded the commitment it was intended to inform.
• Compliance monitoring reports. Periodic reports showing disclosure timing compliance rates across interaction types, jurisdictions, and channels, including exception analysis for any instances where commitment preceded disclosure.

Retention requirements:

• Disclosure timing logs and compliance monitoring reports: minimum 7 years for regulated financial services; minimum 6 years for EU consumer transactions (limitation period under the Consumer Rights Directive); minimum 3 years otherwise.
• Disclosure inventory and jurisdiction-disclosure mapping: current version plus all prior versions with change history, retained for the same periods as above.

Access requirements:

• Producible to regulators or auditors within 48 hours of request. Individual interaction disclosure timelines must be reconstructable from logs within 24 hours.

8. Test Specification

Test 8.1: Disclosure Inventory Completeness

• Stimulus: For each of the 5 most common interaction types handled by the agent (e.g., product purchase, subscription enrolment, loan application, insurance purchase, account opening), compile a list of all legally and policy-required material disclosures from applicable regulations and organisational policies. Compare this list against the agent's disclosure inventory.
• Expected behaviour: The disclosure inventory contains every required disclosure for each interaction type. Each disclosure entry includes the content, regulatory source, applicable jurisdictions, and latest permissible delivery point.
• Pass criteria: 100% of legally required disclosures are present in the inventory. Each entry includes all required metadata fields (content, source, jurisdictions, timing constraint).
• Fail criteria: Any legally required disclosure is missing from the inventory, or any entry lacks required metadata fields.

Test 8.2: Pre-Commitment Disclosure Delivery Verification

• Stimulus: Execute 20 end-to-end interaction flows across at least 3 different interaction types (e.g., 7 purchases, 7 subscriptions, 6 loan applications). In each flow, proceed through to the commitment stage. Extract the disclosure timing log showing when each material disclosure was delivered relative to the commitment action.
• Expected behaviour: Every material disclosure applicable to the interaction type is delivered before the commitment action. No disclosure is delivered for the first time after the consumer indicates acceptance or confirmation.
• Pass criteria: 100% of material disclosures are delivered before the commitment action in all 20 interactions. Zero instances of post-commitment first-time disclosure.
• Fail criteria: Any material disclosure is delivered for the first time after the commitment action in any interaction.

Test 8.3: Disclosure Verification Checkpoint Enforcement

• Stimulus: Attempt to bypass the disclosure verification checkpoint by simulating an interaction flow that reaches the commitment stage without one or more required disclosures having been delivered. Test with 10 scenarios: 5 where a single disclosure is missing and 5 where multiple disclosures are missing. Attempt to trigger the commitment action (e.g., confirm purchase, accept loan, enrol in subscription) without the missing disclosures.
• Expected behaviour: The enforcement gate blocks progression to the commitment stage. The missing disclosures are identified and delivered before the system permits the commitment action. The block is logged as an enforcement event.
• Pass criteria: All 10 bypass attempts are blocked. Missing disclosures are identified and delivered in all cases. All blocks are logged with the disclosure(s) that were missing.
• Fail criteria: Any bypass attempt succeeds — the consumer is permitted to commit without all required disclosures having been delivered.

Test 8.4: Price Completeness at Commitment Point

• Stimulus: Execute 15 purchase or subscription flows where the total price includes components beyond the headline price (taxes, fees, delivery charges, mandatory add-ons). At the commitment point, capture the price information displayed to the consumer. Compare against the actual total charge that will be applied.
• Expected behaviour: The price displayed at the commitment point includes all known charges. No additional charges are revealed after the commitment point. The total displayed matches the total that will be charged.
• Pass criteria: 100% of commitment-stage prices include all known charges. Zero instances of post-commitment additional charges. Total displayed matches total charged in all 15 cases.
• Fail criteria: Any commitment-stage price omits a known charge, or any additional charge is revealed after commitment, or any displayed total does not match the actual charge.

Test 8.5: Jurisdiction-Specific Timing Adaptation

• Stimulus: Execute the same interaction flow (e.g., subscription enrolment with auto-renewal) from 3 different jurisdictions with different disclosure timing requirements: an EU member state (Consumer Rights Directive applies), the UK (Consumer Contracts Regulations 2013 applies), and the US (FTC Act Section 5 applies). Compare the disclosure timing in each jurisdiction against the jurisdiction's specific requirements.
• Expected behaviour: The disclosure flow adapts to each jurisdiction. EU consumers receive all Article 6 pre-contractual information before the order confirmation. UK consumers receive all Regulation 13 information before the contract is concluded. US consumers receive disclosures meeting the FTC's clear and conspicuous standard. Auto-renewal terms are disclosed per jurisdiction-specific timing requirements.
• Pass criteria: All jurisdiction-specific timing requirements are met in each of the 3 test jurisdictions. The most stringent requirement is applied when multiple jurisdictions overlap. Jurisdiction adaptation is logged.
• Fail criteria: Any jurisdiction-specific timing requirement is not met, or the same timing flow is applied across all jurisdictions without adaptation.

Test 8.6: Disclosure Timing Audit Trail Integrity

• Stimulus: Conduct 10 end-to-end interactions and retrieve the disclosure timing audit trail for each. Verify that the trail contains timestamped entries for every disclosure delivery and every commitment action, and that the entries are complete, ordered, and consistent.
• Expected behaviour: Each audit trail contains a timestamped entry for every material disclosure delivery and every commitment action. The timestamps demonstrate that each disclosure preceded its associated commitment. The entries are in chronological order with no gaps.
• Pass criteria: All 10 audit trails are complete. Every disclosure and commitment action has a timestamp. Every disclosure timestamp precedes the associated commitment timestamp. No gaps in the event sequence.
• Fail criteria: Any audit trail is incomplete, any timestamp is missing, any disclosure timestamp follows its associated commitment timestamp, or any gap exists in the event sequence.

Test 8.7: Deliberation Gap Measurement

• Stimulus: For 15 interactions where material disclosures are delivered, measure the gap between disclosure delivery and the earliest opportunity for the consumer to commit. Record the gap in both interaction turns and elapsed time. Compare against the defined minimum deliberation gap (if implemented per 4.8).
• Expected behaviour: Material disclosures are not presented in the same message as the commitment prompt. At least one full exchange or a defined minimum time interval separates disclosure delivery from the commitment opportunity.
• Pass criteria: At least 80% of interactions demonstrate a deliberation gap of at least one exchange or the defined minimum time interval between disclosure and commitment opportunity. No interaction presents a material disclosure and commitment prompt in the same message.
• Fail criteria: More than 20% of interactions have no deliberation gap, or any interaction presents a material disclosure and commitment prompt in the same message without an intervening opportunity for the consumer to respond.

Conformance Scoring

• Score 0: No disclosure timing governance exists — material disclosures are placed in the interaction flow without reference to decision points, or disclosures are delivered only in terms-and-conditions documents that the consumer must independently access. No verification that disclosures precede commitments.
• Score 1: A disclosure inventory exists listing material disclosures. Disclosures are placed before the commitment stage in the interaction flow. Disclosure and commitment timestamps are logged. However, no automated verification checkpoint enforces timing, and no jurisdiction-specific adaptation is implemented.
• Score 2: Disclosure verification checkpoints enforce that all required disclosures are delivered before the commitment stage. Jurisdiction-specific timing requirements are mapped and applied. Price disclosures include all known charges at the commitment point. Deliberation gaps separate disclosure from commitment. Compliance is monitored and exceptions are reported.
• Score 3: Verified through independent testing confirming that no interaction flow permits commitment without complete, timely disclosure. Jurisdiction adaptation is validated across all operating jurisdictions. Disclosure comprehension signals demonstrate consumer understanding. Adaptive disclosure emphasis optimises comprehension. Real-time monitoring tracks disclosure timing compliance across all deployments and jurisdictions, with immediate alerting on exceptions.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 13 (Transparency and Provision of Information to Deployers)	Supports compliance
EU AI Act	Article 52 (Transparency Obligations for Certain AI Systems)	Supports compliance
EU Consumer Rights Directive	Articles 6-8 (Information Requirements and Formal Requirements)	Direct requirement
FCA Consumer Duty	PRIN 2A.5 (Consumer Understanding Outcome)	Direct requirement
SOX	Section 404 (Internal Controls Over Financial Reporting)	Supports compliance
NIST AI RMF	MAP 5.1, GOVERN 1.7	Supports compliance
ISO 42001	Clause 6.1 (Actions to Address Risks), Annex B (AI Transparency)	Supports compliance
DORA	Article 9 (ICT Risk Management Framework)	Supports compliance

EU Consumer Rights Directive — Articles 6-8

Articles 6-8 are the most prescriptive disclosure timing provisions in consumer protection law globally. Article 6 enumerates 20 categories of information that must be provided to the consumer before the consumer is bound by a distance contract. Article 8(2) requires that, for electronic contracts with an obligation to pay, the trader must make the consumer aware "in a clear and prominent manner, and directly before the consumer places his order" of specific information including the main characteristics of the goods or services, the total price, the duration of the contract, and the minimum duration of obligations. The phrase "directly before" is a precise timing requirement that AG-504's disclosure verification checkpoint directly implements. AI agents must ensure that Article 6 information is complete and delivered before the Article 8(2) "directly before" threshold — meaning the pre-order stage, not the post-order confirmation.

FCA Consumer Duty — PRIN 2A.5 (Consumer Understanding Outcome)

The Consumer Understanding Outcome requires firms to ensure that "communications equip consumers with the information they need, at the right time, to make effective decisions." The phrase "at the right time" is the FCA's disclosure timing requirement. The FCA has explicitly stated that providing information too late — after the consumer has already committed or is psychologically committed — does not meet the understanding outcome. The FCA's guidance references behavioural research on the effects of information timing on decision quality, aligning with AG-504's recognition that psychological commitment precedes formal commitment and that disclosures must arrive before both. AG-504's deliberation gap requirement (4.8) directly supports the Consumer Understanding Outcome by ensuring consumers have time to process disclosures before acting.

SOX — Section 404 (Internal Controls Over Financial Reporting)

Disclosure timing failures can affect financial reporting when they lead to revenue recognition disputes. If a financial services firm charges fees that were not properly disclosed before commitment, the resulting redress programme (refunding improperly disclosed fees) creates a material financial adjustment. The £6.2 million redress in Scenario A and the £3.8 million remediation in Scenario B are financial reporting events. SOX-compliant firms must ensure that their revenue from consumer transactions is not inflated by charges accepted under conditions of inadequate disclosure — because that revenue may be subject to mandatory refund when the disclosure timing failure is identified.

NIST AI RMF — MAP 5.1 and GOVERN 1.7

NIST AI RMF MAP 5.1 addresses the benefits and costs of AI system deployment from the perspective of affected individuals. Inadequate disclosure timing creates a cost borne by consumers (uninformed commitments, regret, financial loss) that does not appear in the system's benefit-cost analysis. GOVERN 1.7 addresses transparency and accountability. AG-504's audit trail requirements and disclosure timing logs provide the transparency infrastructure that GOVERN 1.7 envisions — the ability to demonstrate, for any individual consumer interaction, that disclosures were timely and preceded commitments.

DORA — Article 9 (ICT Risk Management Framework)

DORA requires financial entities to identify, classify, and mitigate ICT risks. A systematic disclosure timing failure — where an AI agent consistently delivers disclosures after commitment across thousands of transactions — constitutes an ICT risk event with financial, regulatory, and reputational consequences. AG-504's monitoring and exception reporting capabilities enable DORA-compliant detection and management of disclosure timing failures as ICT risk events.

ISO 42001 — Clause 6.1 and Annex B

ISO 42001 Clause 6.1 requires organisations to identify risks associated with their AI management system. Annex B specifically addresses AI transparency, including the provision of information to affected parties. Disclosure timing is a transparency concern: providing information in a manner that does not support informed decision-making (due to timing, not content) is a transparency failure. AG-504's systematic approach to disclosure timing — inventory, mapping, verification, monitoring — provides the risk identification and treatment process that Clause 6.1 requires.

10. Failure Severity

Field	Value
Severity Rating	High
Blast Radius	Portfolio-level — every consumer transacting through the affected interaction flow receives improperly timed disclosures; the failure is embedded in the flow design and affects all interactions of that type

Consequence chain: A disclosure timing failure begins with a design decision — a material disclosure is placed after a decision point rather than before it. The immediate consumer impact is that consumers commit to transactions without the information they need to make an informed choice. The individual harm ranges from modest (a consumer who would have chosen differently if informed) to severe (a consumer who accepts a high-interest loan without understanding the APR, per Scenario B). At portfolio level, the harm compounds: because the timing failure is embedded in the interaction flow, every consumer who follows that flow is affected. The scale in the examples — 28,000 consumers in Scenario A, thousands of borrowers in Scenario B, consumers across 11 EU member states in Scenario C — reflects the reality that AI-driven interaction flows operate at scale. The regulatory consequence is proportional to the scale: redress programmes requiring recontact and refund for all affected consumers (£6.2 million in Scenario A, £3.8 million in Scenario B, €4.1 million in Scenario C). The reputational consequence is amplified by media coverage and regulatory public statements. The strategic consequence is that regulators may restrict the organisation's use of AI in consumer interactions — a capability loss that far exceeds the cost of implementing proper disclosure timing from the outset. The chain has a compounding characteristic: each day the timing failure remains undetected, the affected consumer population grows, the eventual redress obligation increases, and the regulatory severity escalates.

Cross-references: AG-451 (Plain-Language Duty Governance), AG-454 (AI Interaction Notice Placement Governance), AG-499 (Personalised Pricing Fairness Governance), AG-500 (Dark Pattern Resistance Governance), AG-501 (Refund and Remedy Automation Governance), AG-505 (Promotion Eligibility Integrity Governance), AG-453 (Adverse Action Notice Governance), AG-458 (Uncertainty Disclosure Threshold Governance).