Physical Calibration Verification Governance defines the mandatory procedures, evidence standards, and runtime checks by which an autonomous or semi-autonomous agent must confirm that all sensors and actuators it relies upon have been calibrated within valid tolerances before any consequential action is permitted. This dimension is foundational to Cyber-Physical System (CPS) safety because an agent operating on miscalibrated hardware cannot form accurate beliefs about the state of the physical world, making every downstream inference, control command, and safety evaluation unreliable regardless of the quality of the agent's reasoning logic. Failure manifests as systematic positional drift in mobile robots, dose-calculation errors in medical automation, false-clear readings in hazard-detection networks, and actuation overshoot in industrial manipulators — each of which can result in irreversible physical harm, regulatory enforcement action, or loss of life.
A fleet of 120 autonomous mobile robots operates in a large-scale logistics facility running three shifts per day, seven days per week. Each robot relies on a LiDAR unit, two inertial measurement units (IMUs), and wheel-odometry encoders to navigate and to locate pick stations within ±15 mm positional accuracy. Shift-change maintenance logs show that IMU drift correction is re-run every 72 hours. On day 61 of operation, a single robot's IMU accumulates 2.3° of heading drift — well within acceptable single-reading noise but compounding across a 180-metre traverse — producing an effective positional error of 7.2 m at the target pick station. The agent has no runtime calibration check; it trusts its onboard state estimate. The robot commands its lift mechanism to extend at the wrong XYZ coordinate, striking a shelving upright at 0.9 m/s with 320 kg of loaded mass. The collision shears the upright, causing a cascade topple of three adjacent shelving bays, destroying inventory valued at approximately €2.1 million and injuring two workers. Post-incident analysis confirms the IMU had not been recalibrated in 91 hours — 19 hours past the validated recalibration interval. Had a pre-action calibration-validity check been mandatory, the robot would have flagged drift-threshold exceedance, requested a static recalibration pause of 90 seconds, and resumed with corrected heading before approaching the pick station.
A municipal water treatment plant deploys an AI dosing agent to regulate chlorine concentration in real time. The agent reads sensor inputs from three residual chlorine analysers installed at the post-filtration stage. Analysers require reagent-standard verification (a three-point calibration check against certified reference solutions) every 24 hours per the instrument manufacturer's specification and the local water authority's operating licence. Following a holiday weekend with reduced staffing, one analyser goes 58 hours without verification. Its output drifts to read 0.41 mg/L when the true residual is 0.09 mg/L. The dosing agent, relying on the falsely elevated reading, concludes that chlorine dosing should be reduced and cuts the chlorine pump duty cycle by 68%. Over the next 14 hours, true residual chlorine falls to 0.03 mg/L across the distribution zone serving approximately 47,000 residents. The utility receives confirmed reports of gastrointestinal illness from 312 individuals before a manual sample check triggers emergency redosing. Regulatory investigation concludes that the agent lacked any mechanism to compare analyser last-calibration timestamp against the permitted operating interval before acting on sensor data. A calibration-validity gate requiring timestamp validation against a maximum 24-hour interval and cross-comparison between redundant analysers would have halted autonomous dosing reduction and escalated to human operators within minutes of the first interval breach.
A robotic surgical assistance system provides tool-tip force feedback and guided cutting paths during minimally invasive procedures. The system's force-torque sensor on the instrument wrist must be zeroed — tared against the instrument's known static weight — at the start of each sterile setup, producing a calibration offset applied to all subsequent force readings. A software update to the instrument-exchange workflow inadvertently removes the mandatory tare-check confirmation step from the pre-operative checklist enforced by the agent's operating state machine. Over the following three weeks, 14 procedures are completed in which the tare step is sometimes performed and sometimes omitted, depending on the individual scrub technician's routine. In two procedures where the tare is skipped, the force-torque sensor reports a baseline offset of 1.8 N attributed to instrument weight as genuine tissue contact force. The agent's haptic feedback algorithm interprets this offset as the operator having reached maximum safe force and throttles the instrument velocity to near-zero during a dissection step. The surgeon, perceiving unexpected resistance, increases manual override force, causing an uncontrolled lateral motion of 6 mm — intersecting a structure outside the planned resection margin. Both patients require additional corrective surgery. Regulatory review under the applicable medical device quality management requirements concludes that the agent failed to enforce a pre-operative actuator calibration validity confirmation as a mandatory, non-bypassable gate.
This dimension applies to any agent that directly reads from, or issues commands to, physical-world sensors or actuators as part of its operational decision loop. This includes but is not limited to: autonomous mobile robots; robotic manipulators and surgical assistants; edge AI controllers governing industrial process equipment; IoT-orchestration agents that aggregate sensor data to trigger physical actuation; unmanned aerial, ground, or marine vehicles; smart-grid and utility dosing controllers; and any agent whose outputs can produce mechanical force, fluid flow, electrical switching, or motion in the physical environment. The dimension applies regardless of whether the agent is fully autonomous or operates under human-in-the-loop supervision, because calibration errors corrupt the inputs to both the agent and any supervising human who relies on agent-mediated sensor displays. Agents that consume only digital data feeds without any path to physical actuation are out of scope.
4.1.1 The agent MUST maintain or have verified access to a Calibration State Registry (CSR) that records, for each sensor and actuator in its operational configuration: the instrument identifier, the calibration procedure type, the timestamp of last successful calibration, the calibration interval limit, the technician or automated process identifier that performed calibration, and the calibration outcome status (pass/conditional-pass/fail).
4.1.2 The CSR MUST be cryptographically signed or integrity-protected such that tampering or undetected modification is detectable by the agent at query time.
4.1.3 The CSR MUST be updated atomically upon completion of each calibration event; partial updates MUST be treated as calibration failures until the record is complete and integrity-verified.
4.1.4 Where a CSR is hosted on a remote service, the agent MUST verify that the CSR query response was received within a configurable staleness window not to exceed 60 seconds; responses exceeding this window MUST be treated as CSR unavailable.
4.2.1 The agent MUST perform a Calibration Validity Gate (CVG) check before initiating any consequential action sequence. A consequential action is defined as any command that produces or could produce physical force, motion, material flow, energy switching, or environmental modification.
4.2.2 The CVG MUST confirm that: (a) every sensor supplying inputs to the current decision is present in the CSR; (b) the elapsed time since last successful calibration for each such sensor does not exceed the instrument-specific calibration interval limit; and (c) the CSR record carries a passing integrity signature.
4.2.3 The CVG MUST be executed as a non-bypassable software gate — it MUST NOT be possible to disable, skip, or override the CVG through configuration files, environment variables, operator command, or runtime API calls without a documented emergency-bypass procedure that itself generates an immutable audit event (see 4.7).
4.2.4 If the CVG check fails for any sensor or actuator, the agent MUST NOT initiate the consequential action and MUST immediately transition to the safe-hold state defined in Section 4.5.
4.3.1 The agent MUST implement continuous or periodic in-operation drift monitoring for any sensor whose output is used in a closed-loop control function. The monitoring interval MUST not exceed one-tenth of the sensor's validated recalibration interval or 15 minutes, whichever is shorter.
4.3.2 Drift monitoring MUST compare current sensor output against at least one of: a redundant independent sensor measuring the same physical quantity; a model-derived expected value with bounded uncertainty; or a known reference stimulus applied transiently (where the sensor design permits).
4.3.3 Where drift monitoring detects that sensor output deviates from the reference or cross-sensor consensus by more than the declared drift-alarm threshold, the agent MUST log the event to the immutable audit trail, reduce confidence weighting on that sensor's contribution to the decision, and, if the deviation exceeds the safety-critical drift limit, transition immediately to safe-hold.
4.3.4 Drift monitoring routines MUST themselves be self-tested at agent startup and following any software update. A failed self-test MUST prevent the agent from entering operational mode.
4.4.1 For each actuator (including but not limited to servo motors, hydraulic valves, stepper drives, pneumatic cylinders, force-torque sensors, and chemical dosing pumps), the agent MUST verify that actuator calibration — including zeroing, taring, end-stop mapping, and gain verification — has been successfully completed and recorded in the CSR before the actuator is energised for consequential motion.
4.4.2 The agent MUST enforce instrument-exchange recalibration; whenever an instrument, end-effector, or tool is attached, detached, or substituted, the agent MUST invalidate the CSR entry for the affected actuator channel and MUST require a fresh calibration event before re-authorising that channel for consequential use.
4.4.3 The agent SHOULD verify actuator response linearity by commanding a known reference motion or force and comparing the measured outcome against the expected value at the start of each operational session, recording the result in the CSR.
4.5.1 The agent MUST define and implement a Safe-Hold State (SHS) representing the minimum-risk physical configuration of all actuators (e.g., brakes engaged, valves closed to neutral, manipulator returned to home pose, dosing pump halted).
4.5.2 Upon CVG failure, drift-limit exceedance, or CSR integrity failure, the agent MUST transition to SHS within the time limit specified in its Safety Requirements Specification (SRS), which MUST not exceed 500 milliseconds for safety-critical applications.
4.5.3 The agent MUST NOT exit SHS autonomously. Exit from SHS MUST require either a successful recalibration event followed by a passing CVG, or an authorised emergency-bypass event (see 4.7), or explicit human operator release accompanied by a logged acknowledgement.
4.5.4 The agent SHOULD implement graceful degradation modes in which operations that do not depend on the miscalibrated sensor or actuator may continue at reduced scope, provided the degraded scope is explicitly enumerated in the Safety Requirements Specification and does not introduce unacceptable risk.
4.6.1 For each sensor and actuator, the agent's configuration MUST specify a maximum calibration interval derived from: the manufacturer's validated recalibration period; the applicable regulatory or standards body requirement; and the operational environment factors (temperature cycling, vibration exposure, chemical exposure, cycle count) documented in the system's environmental envelope specification.
4.6.2 Calibration intervals MUST be reviewed and revalidated at a frequency not to exceed 12 months or following any significant change in operating environment, software update affecting sensor processing pipelines, or recorded drift-alarm event cluster (three or more drift alarms within a 30-day period on the same instrument).
4.6.3 The agent MUST NOT allow calibration interval limits to be extended at runtime without a documented change-control approval recorded in the CSR change log.
4.6.4 The agent SHOULD implement a pre-expiry warning, alerting the operations team when a calibration interval will expire within a configurable lead time (default: 20% of the interval duration), providing sufficient time to schedule recalibration without forcing an unplanned SHS transition.
4.7.1 If an emergency bypass of the CVG is operationally necessary (e.g., to move a system out of a dangerous physical position when calibration cannot be performed), the bypass MUST require two-factor authorisation from personnel with documented authority.
4.7.2 Each emergency bypass event MUST be recorded as an immutable audit entry containing: the authorising personnel identifiers, the specific calibration gate bypassed, the stated operational justification, the timestamp, and the physical state of all sensors and actuators at the time of bypass.
4.7.3 Emergency bypass MUST impose an automatic operational scope restriction limiting actuator velocity, force, and range of motion to no more than 25% of nominal limits unless the Safety Requirements Specification explicitly authorises a higher limit for a specific bypass scenario.
4.7.4 Emergency bypass MUST trigger an immediate post-event review process. The agent MUST generate a bypass incident report within 24 hours, and the report MUST be reviewed by the safety authority responsible for the system before the next unbyassed operational session begins.
4.8.1 Where the agent fuses outputs from multiple sensors (e.g., combining LiDAR, camera, and IMU for state estimation), the agent MUST verify that all sensors contributing to a fused estimate have current valid CSR entries before the fused estimate is used in a consequential decision.
4.8.2 The agent MUST implement cross-sensor consistency checking as part of the drift monitoring function (see 4.3), detecting cases where one sensor's output diverges from the consensus of the others by more than a declared consistency threshold.
4.8.3 When a multi-sensor fusion consistency check fails, the agent MUST NOT treat the fused estimate as reliable. The agent MUST identify which sensor is the outlier (if determinable), flag its CSR entry as suspect, and either exclude it from the fusion while maintaining sufficient redundancy or transition to SHS.
4.8.4 The agent SHOULD maintain a cross-calibration record documenting the spatial and temporal alignment parameters between co-located sensors (e.g., extrinsic camera-to-LiDAR transforms), and MUST re-verify these alignment parameters following any physical maintenance, sensor replacement, or mounting change.
4.9.1 The agent MUST generate a calibration status report at a frequency not less than once per operational session, or once every eight hours, whichever is more frequent. The report MUST be accessible to authorised operations personnel and safety oversight roles without requiring agent restart or service interruption.
4.9.2 Calibration failure events, SHS transitions, drift alarms, and emergency bypass events MUST be written to an append-only, integrity-protected audit log that persists independently of the agent's runtime process (e.g., stored on a dedicated log service or hardware write-once medium).
4.9.3 The agent MUST support remote query of current CSR state by authorised oversight systems, and MUST respond to such queries within 5 seconds under normal operating conditions.
4.9.4 Human operators MUST be able to initiate a manual recalibration sequence from the agent's operator interface without requiring code modification or developer-level access. The manual calibration workflow MUST be documented in the operator manual and tested during commissioning.
The failure mode addressed by this dimension is categorically different from reasoning errors or model hallucinations. A calibration error corrupts the agent's perception of physical reality at the data-acquisition layer, before any inference or decision logic is applied. This means that no amount of sophisticated reasoning, uncertainty quantification, or ethical constraint checking can compensate for the fact that the raw numbers flowing into the decision system are wrong. An agent that "knows" it should keep force below 10 N but whose force sensor reads 6 N when actual force is 16 N will inflict harm while believing it is operating correctly. This makes calibration verification a structural prerequisite — a necessary precondition for all other safety properties — rather than merely one concern among many.
In traditional manual operation, a miscalibrated instrument produces an incorrect human observation, and a skilled operator may apply experiential sanity checks or cross-reference other indicators to detect the anomaly. Autonomous agents do not apply experiential intuition. They integrate sensor readings numerically, often across fusion pipelines that amplify small consistent biases into large systematic errors. IMU heading drift compounds quadratically with travel distance. Dosing sensor offsets accumulate linearly over time. Force-torque tare errors are constant and therefore maximally insidious — they do not appear as noise but as a stable, plausible baseline. Without explicit calibration governance, the agent has no mechanism to question the fidelity of its inputs.
Standard practice in many industries is to rely on maintenance schedules, operator checklists, and quality management systems to ensure instruments are recalibrated on time. This approach is insufficient for autonomous agents for two reasons. First, autonomous agents operate continuously and may act on stale calibration data at any moment between maintenance events without any human noticing. Second, environmental stressors (vibration, temperature excursion, chemical exposure, mechanical shock) can invalidate calibration well before the scheduled recalibration date. The agent is the only entity present at every moment of operation and therefore must be the primary enforcement point for calibration validity.
This dimension is classified as Preventive because its primary function is to prohibit consequential action before harm can occur, not to detect harm after it has happened or to mitigate harm once the agent is already operating on bad data. The Calibration Validity Gate (CVG) is the most direct expression of this preventive posture: it is a hard block, not an alert. The contrast with a purely detective control (e.g., a post-hoc analysis of sensor data quality) is significant — by the time a detective control identifies that calibration was invalid, the agent may already have discharged a lethal dose of chlorine, struck a human worker, or cut tissue outside the surgical margin. Prevention is the only acceptable primary control at this tier.
Pattern 1: Centralised CSR with Distributed Read Verification Implement a centralised Calibration State Registry hosted on infrastructure that is independent of individual agent processes. Each agent queries the CSR at startup and at configurable periodic intervals, caches a signed copy locally, and validates the signature before each CVG check. The cache is invalidated automatically when the signed timestamp exceeds the staleness window (Section 4.1.4). This pattern tolerates temporary network partitions while preventing stale reads from being silently accepted.
Pattern 2: Hardware-Anchored Calibration Tokens For high-criticality instruments, pair the CSR software record with a hardware-anchored calibration token — a cryptographically signed datum written to a tamper-evident memory element on the instrument module itself. The agent reads both the CSR record and the hardware token and requires consistency between them before accepting the calibration as valid. This prevents software-only CSR records from being spoofed or incorrectly associated with a different physical instrument.
Pattern 3: Embedded Reference Stimulus Channels For sensors where inline drift monitoring is critical and cross-sensor consensus is unavailable (e.g., a single gas analyser in a confined space), design or procure instruments with embedded reference stimulus channels — internal precision references that can be switched into the measurement path on command. The agent periodically triggers an embedded reference measurement, compares the result against the reference value, and updates the drift-alarm state accordingly. This provides in-operation calibration confidence without requiring a human technician.
Pattern 4: Recalibration State Machine with Enforced Sequencing Implement calibration workflows as formal state machines with enumerated, ordered states (e.g., IDLE → INSTRUMENT_IDENTIFIED → REFERENCE_APPLIED → READINGS_TAKEN → RESIDUALS_EVALUATED → CSR_UPDATED → RELEASED). Make it structurally impossible to transition from IDLE to RELEASED without passing through all intermediate states. Use the state machine output as the sole authorisation signal for CVG pass. This eliminates the category of failure illustrated in Example 3.3, where a workflow step can be inadvertently omitted.
Pattern 5: Calibration-Aware Mission Planning For mobile and autonomous robotic systems, integrate calibration validity horizons into mission planning. Before a mission is authorised, the planner checks whether any sensor or actuator will exceed its calibration interval before the estimated mission completion time. If so, the planner either schedules a recalibration stop at an appropriate waypoint or shortens the mission scope. This pattern avoids unplanned SHS transitions mid-mission, which may themselves cause safety risks (e.g., a drone entering SHS mid-flight requires careful design of the SHS for aerial platforms).
Pattern 6: Operator Alerting Ahead of Calibration Expiry Implement the pre-expiry warning described in Section 4.6.4 as a tiered alerting system: advisory (20% of interval remaining), warning (10% remaining), and critical (5% remaining, requiring supervisor acknowledgement). Integrate these alerts into the site operations management system rather than displaying them only on the agent's local interface, ensuring that operations staff are aware even when not actively monitoring the agent.
Anti-Pattern A: Trusting the Maintenance Schedule as Implicit Proof Assume that because the maintenance schedule says calibration was performed yesterday, the CSR does not need to be checked at agent startup. This assumption fails whenever a maintenance step was skipped, documented incorrectly, or invalidated by a post-maintenance environmental event (e.g., an instrument dropped during reinstallation). The agent must always verify the CSR directly.
Anti-Pattern B: Treating Calibration Verification as a One-Time Boot Check Run the CVG once at startup and assume calibration remains valid for the entire operational session. This fails to account for drift accumulation, environmental changes during operation, instrument degradation from mechanical stress, and the introduction of new instruments mid-session (e.g., tool exchange in robotic surgery). Calibration verification must be continuous and event-triggered, not merely a startup ceremony.
Anti-Pattern C: Configuring CVG as a Warning Rather Than a Block Implement calibration checks that generate log warnings or operator notifications but permit the agent to proceed with consequential actions regardless of outcome. This pattern is commonly introduced to avoid operational downtime pressure but eliminates the preventive value of the control entirely. A warning that does not block action is not a safety gate; it is documentation of a known risk being accepted without authorisation.
Anti-Pattern D: Storing Calibration Records in the Agent's Own Volatile State Keep calibration timestamps in an in-memory data structure that is reset on agent restart, power cycle, or software crash. This means that after any unplanned restart, the agent has no calibration history and must either refuse to operate (acceptable) or default to assuming calibration is current (catastrophic). Calibration records must persist in a write-protected external store.
Anti-Pattern E: Using Wall-Clock Time Without NTP Synchronisation Compare calibration timestamps to the current time using a local clock that has not been synchronised against a trusted time source. In edge and IoT deployments, unsynchronised clocks can drift by minutes or hours, causing valid calibrations to appear expired or — more dangerously — causing expired calibrations to appear current. All calibration timestamp comparisons must use a verified, synchronised time source.
Anti-Pattern F: Bypassing CVG "Temporarily" Without Audit Allow field technicians to disable the CVG by setting a configuration flag during troubleshooting and failing to re-enable it before returning the system to service. This pattern has directly contributed to multiple industrial incidents where systems were returned to autonomous operation in an uncalibrated state. Every bypass must be time-limited, audited, and auto-expiring.
Nascent Deployments: Begin with manual calibration record entry into a simple CSR (even a secured database table) and a software-enforced CVG that reads the CSR at startup. This alone eliminates the most common failure mode (operating with expired calibration records because no one checked).
Developing Deployments: Add automated calibration workflow state machines, drift monitoring with threshold alerting, and integration of CSR into the site operations management system for proactive maintenance scheduling.
Advanced Deployments: Implement hardware-anchored calibration tokens, embedded reference stimulus channels, calibration-aware mission planning, and cross-fleet calibration analytics that detect systematic instrument degradation trends before individual threshold violations occur.
The agent's operator must maintain CSR records for every sensor and actuator in the operational configuration. Each CSR record must include: instrument make and model (without proprietary identifiers in the governance record, cross-reference to the instrument class specification); calibration procedure identifier and revision; calibration date and time (UTC, synchronised source identified); calibration personnel or automated system identifier; calibration interval limit in force at the time; measured values and residuals from the calibration procedure; pass/fail determination; and the cryptographic signature or integrity hash of the complete record. CSR records must be retained for the longer of: (a) the life of the instrument plus two years; (b) the applicable regulatory retention period for the deployment sector (e.g., 10 years for medical device records under applicable quality management regulations; 5 years for water utility operational records in most jurisdictions); or (c) 7 years from the date of record creation.
Every execution of the Calibration Validity Gate must produce a log entry including: the timestamp of CVG execution; the list of sensors and actuators checked; the CVG outcome (pass/fail) for each; and the elapsed time since last calibration compared against the interval limit for each instrument checked. CVG logs must be retained for a minimum of 3 years, or the applicable regulatory audit retention period, whichever is longer.
All drift alarm events, drift-limit exceedance events, and safe-hold transitions triggered by drift monitoring must be recorded in the immutable audit log with: the sensor identifier; the drift measurement value and the threshold crossed; the reference or consensus value at the time of the alarm; the agent state transition resulting from the alarm; and the timestamp. Retained for 5 years minimum.
Every emergency bypass event (Section 4.7) must produce a bypass incident report retained for 7 years, or the applicable regulatory period, containing all fields specified in 4.7.2, the post-event review outcome, and the date of safety authority review. The completeness of bypass records is a mandatory audit item under this dimension.
Documentation of each calibration interval review (Section 4.6.2) must be retained for the duration of the system's operational life plus 5 years, including the rationale for any interval changes and the approval authority.
Records of all calibration verification tests performed at system commissioning, including actuator response linearity verification (Section 4.4.3), state machine self-test results (Section 4.3.4), and manual recalibration workflow testing (Section 4.9.4), must be retained for the operational life of the system plus 5 years.
Periodic calibration status reports generated per Section 4.9.1 must be retained for 1 year. Reports that coincide with a drift alarm, CVG failure, or SHS transition must be retained for 5 years.
Maps to: 4.1.1, 4.1.2, 4.1.3
Objective: Confirm that the Calibration State Registry contains complete records for all operational instruments and that its integrity protection mechanism correctly detects tampering.
Procedure:
Conformance Scoring:
Maps to: 4.2.1, 4.2.2, 4.2.3, 4.2.4
Objective: Confirm that the CVG blocks consequential actions when calibration is expired or invalid, and that the CVG cannot be bypassed through normal operator or configuration interfaces.
Procedure:
Conformance Scoring:
Maps to: 4.3.1, 4.3.2, 4.3.3, 4.3.4
Objective: Confirm that continuous drift monitoring detects out-of-tolerance sensor behaviour and triggers the correct agent response within the required time limits.
Procedure:
Conformance Scoring:
| Regulation | Provision | Relationship Type |
|---|---|---|
| EU AI Act | Article 9 (Risk Management System) | Direct requirement |
| NIST AI RMF | GOVERN 1.1, MAP 3.2, MANAGE 2.2 | Supports compliance |
| ISO 42001 | Clause 6.1 (Actions to Address Risks), Clause 8.2 (AI Risk Assessment) | Supports compliance |
Article 9 requires providers of high-risk AI systems to establish and maintain a risk management system that identifies, analyses, estimates, and evaluates risks. Physical Calibration Verification Governance implements a specific risk mitigation measure within this framework. The regulation requires that risks be mitigated "as far as technically feasible" using appropriate risk management measures. For deployments classified as high-risk under Annex III, compliance with AG-589 supports the Article 9 obligation by providing structural governance controls rather than relying solely on the agent's own reasoning or behavioural compliance.
GOVERN 1.1 addresses legal and regulatory requirements; MAP 3.2 addresses risk context mapping; MANAGE 2.2 addresses risk mitigation through enforceable controls. AG-589 supports compliance by establishing structural governance boundaries that implement the framework's approach to AI risk management.
Clause 6.1 requires organisations to determine actions to address risks and opportunities within the AI management system. Clause 8.2 requires AI risk assessment. Physical Calibration Verification Governance implements a risk treatment control within the AI management system, directly satisfying the requirement for structured risk mitigation.
| Field | Value |
|---|---|
| Severity Rating | Critical |
| Blast Radius | Organisation-wide — potentially cross-organisation where agents interact with external counterparties or shared infrastructure |
| Escalation Path | Immediate executive notification and regulatory disclosure assessment |
Consequence chain: Without physical calibration verification governance, the governance framework has a structural gap that can be exploited at machine speed. The failure mode is not gradual degradation — it is a binary absence of control that permits unbounded agent behaviour in the dimension this protocol governs. The immediate consequence is uncontrolled agent action within the scope of AG-589, potentially cascading to dependent dimensions and downstream systems. The operational impact includes regulatory enforcement action, material financial or operational loss, reputational damage, and potential personal liability for senior managers under applicable accountability regimes. Recovery requires both technical remediation and regulatory engagement, with timelines measured in weeks to months.