This dimension governs the conditions under which an autonomous or semi-autonomous agent operating in a transport, logistics, or mobility context must abstain from proceeding with a planned manoeuvre and instead execute a safe, pre-defined holding or deceleration behaviour when collision risk exceeds defined thresholds or when the uncertainty of the agent's situational assessment rises above operationally safe bounds. The control is critical because autonomous mobility agents — including road vehicles, autonomous forklifts, drone delivery platforms, and rail-adjacent guidance systems — operate in dynamic environments where sensor degradation, occlusion, conflicting data streams, and edge-case object classifications create conditions under which any forward action carries non-trivial probability of causing irreversible physical harm to humans, infrastructure, or cargo. Failure in this dimension manifests as an agent that continues a planned trajectory despite unresolved uncertainty or elevated risk, resulting in collision events, regulatory liability, loss of operating licences, and, in the most severe cases, fatalities that could have been prevented had the agent correctly identified and acted on an abstention trigger.
An autonomous last-mile delivery vehicle operating at 24 km/h in a mixed urban zone approaches a signalised intersection with a right-of-way green signal. A construction hoarding on the near-side footpath creates a complete visual occlusion of approximately 4.2 metres of pedestrian crossing zone. The vehicle's LiDAR returns a clean corridor but the camera-based object detection pipeline reports confidence degraded to 0.41 (system threshold for safe operation: 0.70) due to lens condensation from a recent rain event. The fusion layer flags a sensor disagreement but does not escalate to the abstention subsystem because the abstention policy is misconfigured to require unanimous sensor failure rather than threshold-weighted disagreement. The vehicle proceeds at 22 km/h. A child on a bicycle, fully occluded until 1.1 metres into the crossing, is struck at an estimated closing speed of 19 km/h. The child sustains a fractured clavicle and concussion requiring hospitalisation. Subsequent investigation reveals that a correct abstention trigger — reducing speed to 6 km/h or holding at stop line pending occlusion clearance — would have reduced closing speed to a level at which the vehicle's emergency braking could have achieved full stop within the available 1.1-metre margin. The operator loses its municipal operating permit for 14 months and incurs a €2.3 million regulatory fine under the applicable road safety ordinance.
A fleet of twelve autonomous forklifts operates in a large-scale distribution centre with a throughput of approximately 4,800 pallet moves per shift. During a peak-load period, a forklift carrying a 1,200 kg steel coil pallet at a fork height of 1.8 metres approaches a blind T-junction at 4.5 km/h. The internal occupancy map has a 340-millisecond latency spike caused by a dropped UDP packet from a zone-coverage Wi-Fi access point; the forklift's onboard dead-reckoning system accumulates a positional error of approximately 0.22 metres during this window. A human picker operating on foot emerges from the perpendicular aisle. The forklift's proximity radar detects an obstacle at 0.9 metres but classifies it as a low-profile rolling cart (classification confidence: 0.58; human-presence confidence: 0.34) because the picker is crouching to retrieve a floor-level item, reducing their radar cross-section. The abstention logic is designed to trigger at human-presence confidence ≥ 0.60; the 0.34 reading does not trigger it. The forklift continues and clips the picker's shoulder with the fork tine at 0.4 metres/second residual velocity after partial braking. The picker sustains a rotator cuff tear requiring surgery and six weeks of absence. The warehouse operator faces an OSHA recordable incident, a mandatory process halt of 11 hours, and an insurance-rated loss of approximately $380,000 in disrupted throughput and liability settlement. A correctly configured abstention policy — triggering abstention when either human-presence confidence OR positional uncertainty exceeds individual thresholds, rather than requiring combined confidence breach — would have immobilised the forklift at 1.5 metres from the junction.
A three-vehicle autonomous freight convoy crosses from one national jurisdiction into another mid-route. The lead vehicle is operating under SAE Level 4 automation; the two trailing vehicles are in cooperative following mode with 8-metre inter-vehicle gaps at 84 km/h. Approximately 23 kilometres into the second jurisdiction's road network, freezing rain reduces visibility to under 60 metres and coats radar antenna housings, degrading forward radar range from a nominal 150 metres to an effective 38 metres at current speed. The gap between safe stopping distance at 84 km/h (approximately 95 metres under wet conditions per the jurisdiction's road safety standard) and available sensor range (38 metres) creates a 57-metre blind stopping deficit. The lead vehicle's risk engine calculates a collision risk index of 0.71 (fleet abstention threshold for this convoy operator: 0.65 under the originating jurisdiction's configuration profile). However, the convoy has entered a new jurisdiction where no jurisdiction-specific safety profile has been loaded; the system defaults to a permissive "base profile" with an abstention threshold of 0.85. The convoy continues at 84 km/h. A jackknifed heavy goods vehicle 52 metres ahead is detected at 41 metres by the degraded radar. Emergency braking achieves partial deceleration but the lead vehicle impacts the stationary trailer at approximately 31 km/h. The second vehicle, following 8 metres behind, cannot stop and collides with the lead vehicle's rear. Both lead and second vehicle sustain total write-off damage. Cargo valued at €940,000 is destroyed. There are no fatalities, but two remote safety monitors require medical evaluation for acute stress. The fleet operator faces cross-jurisdictional liability proceedings in two countries and a mandatory 90-day operational suspension by the second country's transport regulator. The root cause is identified as the absence of a jurisdiction-aware abstention profile loading mechanism — a requirement that correct Collision-Risk Abstention Governance would have mandated.
This dimension applies to any AI agent, autonomous system, or AI-augmented decision engine that directly controls or materially influences the motion, trajectory, or velocity of a physical vehicle, mobile platform, or load-handling device in environments shared with humans or other unpredictable dynamic actors. This includes, but is not limited to: road-going autonomous vehicles at SAE Levels 2 through 5; autonomous mobile robots (AMRs) and automated guided vehicles (AGVs) in industrial, warehouse, or port settings; autonomous drone and unmanned aerial vehicle platforms operating in controlled or uncontrolled airspace; autonomous or semi-autonomous rail guidance advisory systems; and cooperative or platooning vehicle formations regardless of the jurisdiction in which they operate. The scope encompasses both onboard inference systems making real-time manoeuvre decisions and cloud-connected orchestration layers that push route, speed, or trajectory commands to on-vehicle execution stacks.
Where an agent operates under human supervisory control (SAE Level 2 or equivalent), this dimension governs the agent's obligation to issue mandatory abstention advisories and to transfer control under conditions defined herein, even when the human operator has not requested such transfer.
This dimension does not govern post-collision response behaviour (addressed under AG-089) or the mechanisms by which human operators may override an abstention decision (addressed under AG-134); however, it does govern the conditions that trigger handoff to those adjacent controls.
4.1.1 The deploying organisation MUST define and formally document a Collision-Risk Index (CRI) — a quantitative scalar or vector metric that captures the probability and severity of imminent collision given current vehicle state, environment state, sensor data, and uncertainty estimates.
4.1.2 The CRI MUST incorporate, at minimum: (a) distance and closing velocity to nearest detected obstacle; (b) stopping distance calculated from current speed under worst-case surface conditions appropriate to the operating environment; (c) sensor confidence score from the active sensor fusion pipeline; (d) positional uncertainty estimate from the localisation subsystem; and (e) a time-to-collision (TTC) estimate.
4.1.3 An abstention trigger threshold (ATT) MUST be defined in terms of the CRI and MUST be set at a value that is at minimum 15% more conservative than the minimum threshold validated in the system's most recent safety validation test campaign.
4.1.4 The ATT MUST be reviewed and re-validated whenever a new operating environment is introduced, when hardware or software changes affect sensor performance envelopes, or at a maximum interval of 12 months, whichever occurs first.
4.1.5 Where the system operates across multiple jurisdictions or physical environments with materially different risk profiles (e.g., open motorway versus urban mixed-traffic zone versus indoor pedestrian-shared space), the deploying organisation MUST maintain a separate, jurisdiction-aware or environment-aware ATT configuration profile for each distinct operational domain, and MUST implement a mechanism that loads the correct profile before the system operates in that domain.
4.2.1 The system MUST treat sensor uncertainty as an independent, sufficient condition for abstention, not merely as one input to the CRI. When any primary sensor subsystem's confidence score falls below its defined minimum operational confidence threshold (MOCT) — regardless of whether the CRI independently exceeds the ATT — the system MUST initiate an abstention response.
4.2.2 The MOCT for each sensor subsystem MUST be defined in the system's safety case and MUST be calibrated against empirical degradation data from the sensor class under the environmental conditions expected in the operational design domain.
4.2.3 When sensor fusion detects a disagreement between two or more primary sensors that exceeds a configurable disagreement tolerance (expressed as a Mahalanobis distance or equivalent distribution-aware metric), the system MUST treat this as a sensor uncertainty abstention trigger, independent of whether any individual sensor's confidence score falls below the MOCT.
4.2.4 The system MUST NOT require unanimous failure or simultaneous breach across all sensor channels before activating a sensor-uncertainty abstention. A single primary sensor breach or a pairwise disagreement exceeding tolerance MUST be sufficient.
4.3.1 Upon activation of an abstention trigger (whether CRI-based or sensor-uncertainty-based), the system MUST execute a pre-defined, deterministic abstention response behaviour (ARB). The ARB MUST be selected from a validated library of safe behaviours appropriate to the current vehicle state and environment.
4.3.2 The ARB library MUST include, at minimum: (a) controlled deceleration to a minimum risk condition (MRC) speed, where MRC speed is defined as the maximum speed at which the vehicle can stop within its currently confirmed sensor range; (b) controlled full stop with hazard signalling where the system state permits; (c) controlled lateral movement to a safe stopping position where the roadway or aisle geometry allows; and (d) cooperative broadcast to any other connected agents in the vicinity indicating the abstention event, for multi-agent fleet environments.
4.3.3 The selected ARB MUST be executable within the vehicle's current physical constraints (braking capability, available stopping distance, current speed) and MUST NOT itself introduce a secondary collision risk (e.g., emergency braking on a multi-vehicle road train without prior cooperative deceleration signalling to following vehicles).
4.3.4 The system MUST complete initiation of the ARB within a latency budget that MUST be defined in the system's safety case, and that MUST be demonstrated to produce a safe outcome given the worst-case closing velocities and obstacle distances expected within the operational design domain.
4.3.5 The system MUST NOT resume autonomous forward motion after executing an abstention response until either: (a) sensor confidence has been restored above the MOCT for all primary sensors; (b) CRI has fallen below the ATT; and (c) a minimum dwell period (defined in the safety case) has elapsed to confirm steady-state recovery — or until a qualified human operator has reviewed the situation and issued an explicit resumption command.
4.4.1 The deploying organisation MUST implement technical controls that prevent any software layer, fleet management command, or remote instruction from remotely disabling or raising the abstention trigger thresholds during live operation without a logged, authenticated, dual-authorisation change event.
4.4.2 Where a human operator is present and has physical access to override controls, the system MUST log every instance of a human operator overriding an abstention trigger, including timestamp, operator identifier, the CRI value at override time, the sensor confidence values at override time, and the outcome of the subsequent motion (collision or clear).
4.4.3 Aggregate override frequency data MUST be reviewed as part of the periodic safety review process defined in 4.1.4, and any pattern of overrides that suggests the ATT is miscalibrated for the operational environment MUST trigger an immediate ATT recalibration process.
4.5.1 In fleet or convoy environments, when one agent initiates an abstention response, the agent MUST broadcast an abstention event notification to all directly connected agents within the fleet coordination network within a latency budget defined in the system's safety case.
4.5.2 All receiving agents MUST process the abstention broadcast and evaluate whether the originating agent's abstention trigger condition is relevant to their own current trajectory and risk state. Where relevance is confirmed, receiving agents MUST evaluate their own CRI and sensor confidence and MUST initiate their own abstention response if applicable thresholds are met.
4.5.3 The fleet coordination protocol MUST NOT treat the absence of an abstention broadcast as evidence of a safe environment. Each agent MUST independently evaluate its own abstention conditions regardless of the broadcast state of peer agents.
4.6.1 Every abstention event MUST be logged with, at minimum: the timestamp of abstention trigger; the triggering condition (CRI value, sensor channel, disagreement metric); the selected ARB; the time elapsed between trigger and ARB initiation; the final vehicle state at resolution of the abstention; and whether resumption was autonomous or human-commanded.
4.6.2 Abstention logs MUST be stored in a tamper-evident format and MUST be retained for a minimum period consistent with the regulatory requirements of all jurisdictions in which the system operates, and no less than 36 months.
4.6.3 The system MUST provide a mechanism for abstention log data to be exported in a structured, interoperable format for regulatory audit on request within 72 hours of such a request being received.
4.7.1 The abstention subsystem itself MUST be subject to continuous self-monitoring, and its operational status MUST be independently verifiable without reliance on the same computational components it is designed to monitor.
4.7.2 If the abstention subsystem detects an internal fault condition — including but not limited to: configuration file corruption, threshold parameter out of range, sensor fusion pipeline non-response, or CRI computation timeout — the system MUST default to maximum-conservatism mode, treating all motion as prohibited until the fault is resolved.
4.7.3 The abstention subsystem MUST undergo fault injection testing as part of each major software release cycle, with test scenarios that include: deliberate sensor confidence injection below MOCT; deliberate CRI injection above ATT; deliberate corruption of the ATT configuration file; and deliberate network partition in multi-agent environments. Results MUST be documented and archived.
4.8.1 Where the system operates or may operate across jurisdictional boundaries, the deploying organisation MUST maintain a geofence-linked jurisdiction profile database that maps operational zones to their applicable ATT and MOCT configurations.
4.8.2 The system MUST load the relevant jurisdiction profile before entering a new operational zone, and MUST confirm successful profile load before re-enabling forward motion commands in the new zone.
4.8.3 If a jurisdiction profile cannot be loaded — due to connectivity failure, missing profile data, or database error — the system MUST default to the most conservative ATT and MOCT values available across all loaded profiles and MUST NOT use a permissive base or fallback profile unless that base profile itself meets the conservatism requirement of 4.1.3.
4.9.1 The deploying organisation MUST produce and maintain a documented safety case for the Collision-Risk Abstention Governance subsystem. The safety case MUST demonstrate that the combination of CRI definition, ATT values, MOCT values, ARB library, latency budgets, and resumption conditions provides a quantifiably safe outcome across the full operational design domain.
4.9.2 The safety case MUST be reviewed by a qualified independent safety assessor at each major system revision and at a minimum interval of 24 months.
4.9.3 The safety case MUST explicitly address the scenario classes documented in Section 3 of this dimension (sensor-confidence degradation, classification uncertainty in non-nominal human pose, and jurisdiction profile loading failure) and demonstrate that the current implementation would produce a safe abstention outcome in each scenario class.
The fundamental insight motivating Collision-Risk Abstention Governance is that autonomous agents in mobility contexts are not merely software artefacts — they are physical-force actuators operating in shared human environments. Unlike a software agent that miscategorises a financial instrument or generates an incorrect summary, a mobile autonomous agent that makes a wrong manoeuvre decision converts computational error directly into kinetic energy applied to biological organisms and physical infrastructure. The asymmetry between the cost of abstaining (a delay, a partial throughput loss, an inconvenience) and the cost of proceeding incorrectly (irreversible physical harm, legal liability, loss of operating licence, human death) is so extreme that the governance architecture must be structurally biased toward caution.
This asymmetry is not adequately addressed by optimisation-based approaches that treat collision risk as one cost term among many in a utility function. When an agent is uncertain about whether a 0.34 confidence classification of a partially occluded object is a human or a rolling cart, no expected-value calculation should be permitted to conclude that proceeding at 4.5 km/h with a 1,200 kg steel coil is the utility-maximising action. The structural requirement for abstention is not a degenerate constraint; it is the recognition that certain actions are categorically foreclosed under uncertainty when the downside is irreversible harm to persons.
Behavioural enforcement of safe abstention — relying on agents to "learn" appropriate caution through training — is insufficient as a sole control because it provides no verifiable, testable guarantee. Trained systems exhibit distributional generalisation failures precisely in the novel, edge-case conditions that constitute the most dangerous operating states. An autonomous vehicle that has never encountered a crouching child in a high-luminosity industrial environment during a sensor degradation event may not correctly classify the risk simply because that scenario does not exist in its training distribution.
The threshold architecture mandated in Section 4 provides structural enforcement: the ATT and MOCT are configuration parameters whose values are defined, auditable, and testable. They are not emergent from training; they are engineered constraints. This means that a failure of the abstention system is a traceable engineering failure rather than an opaque emergent failure, which is essential for regulatory accountability and post-incident forensic analysis.
The requirement in Section 4.2.4 — that sensor uncertainty be a sufficient independent trigger — addresses the specific failure mode demonstrated in Example 3.1, where a well-designed CRI failed to trigger because the CRI's sensor confidence component was overridden by clean LiDAR data despite degraded camera confidence. In environments with partial occlusion, these sensors are not redundant in the information-theoretic sense; they are complementary, and degradation of either removes information that the other cannot supply.
Section 4.8 may appear to be an operational rather than a governance requirement, but Example 3.3 demonstrates that the absence of jurisdiction-aware profile management is a governance failure. The agent in that scenario was behaving correctly according to its loaded configuration — the loaded configuration was simply wrong for the environment. Governance structures that define safety thresholds without mandating that the correct thresholds are loaded at the right time provide only the appearance of safety assurance. The cross-jurisdiction requirement closes this gap by making profile loading a mandatory pre-condition to autonomous motion in a new zone, not a best-effort operational step.
Tiered Abstention Architecture. Implement abstention as a tiered response rather than a binary stop/proceed decision. The first tier triggers MRC-speed reduction; the second tier triggers a controlled full stop; the third tier triggers system-wide immobilisation and operator alert. This reduces the frequency of full-stop events (which can themselves create secondary hazards in high-density environments) while maintaining safety margins.
Conservative Fusion Scoring. When aggregating confidence scores from multiple sensor channels into the CRI, use a minimum-operator (take the lowest individual confidence score) or harmonic-mean aggregation rather than arithmetic mean or maximum. Mean-based aggregation allows a high-confidence sensor to statistically compensate for a failing sensor, masking the failure. The minimum-operator approach ensures that any single sensor degradation propagates immediately into the CRI.
Geofence-Linked Profile Preloading. Rather than loading jurisdiction profiles at the point of crossing a jurisdictional boundary, implement predictive preloading: when the route planner determines that a jurisdictional boundary will be crossed within a configurable lookahead distance (e.g., 10 km), initiate profile loading and validation immediately. This eliminates the window of risk during which the vehicle is in the new jurisdiction but has not yet loaded the correct profile.
Abstention Event Replay Testing. Maintain a curated library of abstention events (anonymised from live operations) and replay them as part of every regression test cycle for the abstention subsystem. This ensures that changes to CRI computation, sensor fusion logic, or ATT configuration do not silently break abstention behaviour on previously observed edge cases.
Dual-Watchdog Architecture. Implement the abstention subsystem on an independent processing partition (hardware or hypervisor-isolated) with a dual-watchdog pattern: the abstention subsystem monitors the main planning stack, and an independent watchdog monitors the abstention subsystem itself. Neither watchdog should rely on the component it is monitoring for its own timing signals.
Human Override Friction. Where physical override controls are provided to operators, implement a deliberate friction mechanism: a two-step confirmation with a brief mandatory delay (e.g., 3 seconds) before override takes effect. This prevents accidental or pressure-induced overrides while still allowing a qualified operator to take command when genuinely necessary. Log both the initiation and confirmation timestamps.
Abstention Rate as a System Health Metric. Instrument abstention rate (abstentions per 100 km travelled, or per 1,000 operational hours) as a primary system health metric alongside availability and throughput. A sustained increase in abstention rate signals environmental degradation, sensor drift, or ATT miscalibration. A sustained decrease to near-zero may indicate that the abstention subsystem has been inadvertently disabled or that ATTs have been raised without authorisation.
Unanimous-Failure Requirement. Requiring all sensor channels to fail simultaneously before triggering sensor-uncertainty abstention. This is the failure mode in Example 3.1 and is categorically unsafe. A single sensor channel's degradation removes information that the system is designed to rely on; requiring unanimous failure before acting on that information inverts the precautionary logic.
Shared Computational Platform for Abstention Subsystem. Running the abstention subsystem on the same processor, memory partition, or OS process as the motion planning stack it is intended to override. If the planning stack enters an error state (memory fault, loop deadlock, priority inversion), it can prevent the abstention subsystem from executing. Safety-critical override logic must have guaranteed execution priority via hardware isolation, real-time OS scheduling guarantees, or equivalent mechanisms.
ATT Tuning for Throughput Optimisation. Raising ATT values during periods of operational pressure (peak throughput, schedule delays, driver shortages) to reduce the frequency of abstention events and improve delivery metrics. This practice converts a safety parameter into a performance variable and is inconsistent with the structural function of this control. ATT values MUST be changed only through the safety case revision process defined in 4.9.
Soft Fallback to Permissive Defaults. Designing the system to fall back to a permissive base configuration when jurisdiction profiles fail to load, on the theory that "something is better than nothing." As Example 3.3 demonstrates, a permissive base profile that is not calibrated to the actual environment is worse than a maximally conservative default because it provides false safety assurance.
Confidence Score Averaging Across Heterogeneous Sensor Modalities. Computing a single fused confidence score by averaging camera confidence, LiDAR confidence, and radar confidence as if they were measuring the same quantity. Confidence scores from different sensor modalities are not commensurable without calibration. A 0.80 confidence score from a camera classifier and a 0.30 confidence score from a radar classifier do not average to a meaningful 0.55. Each modality should be evaluated against its own MOCT before fusion, and the fusion logic should apply disagreement detection (Requirement 4.2.3) before any aggregation.
Abstention Subsystem Testing in Simulation Only. Validating abstention thresholds exclusively in simulation environments without physical hardware-in-the-loop testing. Sensor degradation behaviour in physical hardware (lens condensation, radar coating, LiDAR beam scatter in precipitation) cannot be fully reproduced in simulation, and the confidence score distributions produced by physical sensor degradation may differ substantially from simulated counterparts. Physical testing in representative degraded-sensor conditions is required.
Warehouse and Industrial AMR Environments. Indoor environments present a specific challenge: the operational design domain is nominally controlled, but human behaviour within it is highly variable (posture, trajectory, proximity to vehicle lanes). The MOCT for human presence detection should be set conservatively, and the ARB library should include slow-approach confirmation behaviours (e.g., reduce speed to 0.5 m/s and emit audible alert before approaching unresolved detections). Throughput models should budget for abstention dwell time rather than treating abstention as an anomaly.
Urban Autonomous Vehicle Deployments. Regulatory frameworks in most jurisdictions require that an autonomous vehicle be capable of reaching a minimum risk condition (MRC) autonomously. The ARB library must include MRC achievement as a guaranteed terminal state for any abstention scenario. Deployers should also consider that urban pedestrian behaviour is legally protected (pedestrians have priority in many jurisdictions) and that the interaction between CRI thresholds and legal right-of-way norms requires explicit treatment in the safety case.
Cross-Border Freight Autonomous Operations. Operators of cross-border autonomous freight systems should pre-negotiate data-sharing agreements with road authorities in all transit jurisdictions to maintain an up-to-date jurisdiction profile database. The latency of regulatory change (new speed limits, temporary hazard zones, seasonal weather overlays) means that static profile databases become stale. A subscription-based profile update mechanism with integrity verification is preferable to a batch-update approach.
| Maturity Level | Description |
|---|---|
| Level 1 — Reactive | Abstention occurs only on hard collision detection; no threshold-based pre-emptive abstention; no sensor uncertainty trigger; no logging of abstention events. |
| Level 2 — Defined | CRI and ATT formally defined; sensor uncertainty triggers implemented; ARB library contains at minimum two response behaviours; abstention events are logged. |
| Level 3 — Managed | All 4.1–4.9 requirements implemented; jurisdiction-aware profiles operational; dual-watchdog architecture deployed; abstention rate monitored as system health metric; safety case documented and reviewed. |
| Level 4 — Optimised | Abstention event replay integrated into CI/CD pipeline; cross-fleet abstention broadcast operational; independent safety assessor reviews safety case on schedule; abstention rate trend analysis driving proactive ATT recalibration; physical degraded-sensor testing conducted at each major release. |
| Artefact | Description | Retention Period |
|---|---|---|
| Collision-Risk Index Specification | Formal definition of CRI components, aggregation method, and quantitative derivation | Lifetime of system plus 10 years |
| Abstention Trigger Threshold Documentation | ATT and MOCT values per operational domain/jurisdiction, with derivation rationale | Lifetime of system plus 10 years |
| ARB Library Specification | Full specification of each Abstention Response Behaviour, including entry conditions, physical execution parameters, and exit conditions | Lifetime of system plus 10 years |
| Safety Case Document | Complete safety case for the Collision-Risk Abstention Governance subsystem, including independent assessor review records | Lifetime of system plus 10 years |
| Fault Injection Test Results | Results of fault injection testing per 4.7.3 for each major software release | Minimum 7 years |
| Artefact | Description | Retention Period |
|---|---|---|
| Abstention Event Log | Tamper-evident log of all abstention events per 4.6.1 | Minimum 36 months; extended to 7 years if any abstention event was followed by a collision or near-miss |
| Override Log | Log of all human operator overrides of abstention triggers per 4.4.2 | Minimum 36 months |
| Jurisdiction Profile Load Records | Log of jurisdiction profile load events including profile version, load timestamp, and confirmation status | Minimum 36 months |
| Abstention Rate Trend Reports | Periodic reports (minimum quarterly) on abstention rate per operational domain | Minimum 36 months |
| ATT/MOCT Change Records | Authenticated, dual-authorisation records of any change to ATT or MOCT values in production | Lifetime of system plus 10 years |
| Artefact | Description | Frequency | Retention Period |
|---|---|---|---|
| ATT Recalibration Record | Documentation of the recalibration process, data used, and revised ATT values | At each review per 4.1.4 | 10 years |
| Independent Safety Assessor Review | Report from qualified independent assessor per 4.9.2 | Minimum every 24 months | 10 years |
| Override Pattern Analysis | Analysis of override frequency and outcomes per 4.4.3 | At each periodic safety review | 7 years |
Objective: Verify that the implemented CRI incorporates all required components as specified in 4.1.2.
Method: Static analysis of CRI computation code and/or configuration documentation. For each required component (obstacle distance and closing velocity; stopping distance calculation; sensor confidence score; positional uncertainty estimate; TTC estimate), confirm that: (a) the component is present in the CRI computation; (b) the component's input data source is identified; and (c) the component is not null or defaulted to a fixed value under any documented operating condition.
Pass Criteria:
Objective: Verify
| Regulation | Provision | Relationship Type |
|---|---|---|
| EU AI Act | Article 9 (Risk Management System) | Direct requirement |
| NIST AI RMF | GOVERN 1.1, MAP 3.2, MANAGE 2.2 | Supports compliance |
| ISO 42001 | Clause 6.1 (Actions to Address Risks), Clause 8.2 (AI Risk Assessment) | Supports compliance |
Article 9 requires providers of high-risk AI systems to establish and maintain a risk management system that identifies, analyses, estimates, and evaluates risks. Collision-Risk Abstention Governance implements a specific risk mitigation measure within this framework. The regulation requires that risks be mitigated "as far as technically feasible" using appropriate risk management measures. For deployments classified as high-risk under Annex III, compliance with AG-546 supports the Article 9 obligation by providing structural governance controls rather than relying solely on the agent's own reasoning or behavioural compliance.
GOVERN 1.1 addresses legal and regulatory requirements; MAP 3.2 addresses risk context mapping; MANAGE 2.2 addresses risk mitigation through enforceable controls. AG-546 supports compliance by establishing structural governance boundaries that implement the framework's approach to AI risk management.
Clause 6.1 requires organisations to determine actions to address risks and opportunities within the AI management system. Clause 8.2 requires AI risk assessment. Collision-Risk Abstention Governance implements a risk treatment control within the AI management system, directly satisfying the requirement for structured risk mitigation.
| Field | Value |
|---|---|
| Severity Rating | Critical |
| Blast Radius | Organisation-wide — potentially cross-organisation where agents interact with external counterparties or shared infrastructure |
| Escalation Path | Immediate executive notification and regulatory disclosure assessment |
Consequence chain: Without collision-risk abstention governance, the governance framework has a structural gap that can be exploited at machine speed. The failure mode is not gradual degradation — it is a binary absence of control that permits unbounded agent behaviour in the dimension this protocol governs. The immediate consequence is uncontrolled agent action within the scope of AG-546, potentially cascading to dependent dimensions and downstream systems. The operational impact includes regulatory enforcement action, material financial or operational loss, reputational damage, and potential personal liability for senior managers under applicable accountability regimes. Recovery requires both technical remediation and regulatory engagement, with timelines measured in weeks to months.