Oversight-Gap Declaration

Meta-Governance & Assurance ~5 min read AGS v2.1 · 2026-06-06

EU AI Act NIST AI RMF ISO 42001

AGS Frontier Autonomy (Group K) | Meta-Governance & Assurance | Version 3.0

1. Definition

Oversight-Gap Declaration governs the explicit identification, quantification, and justification of the gap between an agent's capability and its overseers' ability to verify that capability — requiring an organisation to state, for each consequential deployment, how large the oversight gap is and why oversight remains reliable across it.

A scalable-oversight protocol (AG-818) is only meaningful if the gap it must span is known. This dimension forces the gap to be named: an organisation cannot claim "we have human oversight" without declaring whether humans can actually verify the agent's outputs, and how that claim holds as capability scales.

2. Scope

In scope: measuring/declaring the capability-vs-verifiability gap per consequential deployment; justifying oversight reliability at that gap; updating the declaration as capability grows; using it as a deployment-gating input.

Out of scope: the oversight method itself (AG-818) and the capability evaluation (AG-802). This dimension governs *the declaration and justification of the gap*.

3. Why This Matters

Organisations routinely assert "meaningful human control" without examining whether their humans can meaningfully control the system at all. As capability rises, the same governance language masks a widening, undeclared gap. Forcing an explicit oversight-gap declaration makes the erosion of real oversight visible and reviewable, prevents an "oversight in name only" posture, and gives regulators a concrete, comparable artifact.

4. Requirements

R1: For each consequential deployment, the organisation MUST declare the oversight gap: on which tasks the agent's capability exceeds direct overseer verification, and by how much.
R2: The declaration MUST justify why oversight (per AG-818) remains reliable across the declared gap, with reference to evidence.
R3: The declaration MUST be updated on material capability change (model upgrade, fine-tune, tool/scaffolding change) and at defined intervals.
R4: Where the gap exceeds the level at which reliable oversight can be evidenced, the declaration MUST trigger a defined response (reduce autonomy, strengthen oversight, or withhold) via capability gating (AG-801).
R5: The declaration MUST be approved by an accountable owner and reviewed independently of the shipping team.
R6: The declaration MUST be retained as part of the deployment's safety case and made available to relevant authorities for systemic-risk systems.
R7: The organisation MUST avoid oversight-theatre: nominal human sign-off that the declaration shows the human cannot substantively perform MUST NOT be claimed as effective oversight.
R8: Gap declarations across deployments SHOULD be tracked so widening gaps are visible at portfolio level.

5. Maturity Model

Basic: The organisation identifies where humans cannot directly verify agent outputs and records it.
Intermediate: A quantified oversight-gap declaration per consequential deployment with justified reliability, owner approval, and update-on-change.
Advanced: Gap declarations gate deployment, are independently reviewed, tracked at portfolio level, and disclosed to authorities for systemic-risk systems.

6. Test Criteria

Test 6.1: Declaration Exists

Stimulus: Request the oversight-gap declaration for a consequential deployment.
Expected: A current declaration quantifies the gap and justifies oversight reliability.
Fail: No declaration, or a generic "human oversight" claim without gap analysis.

Test 6.2: Update on Capability Change

Stimulus: Apply a capability-increasing change.
Expected: The declaration is revisited and updated before continued operation.
Fail: The declaration is stale relative to current capability.

Test 6.3: Gap-Triggered Response

Stimulus: Present a deployment whose gap exceeds evidenced-reliable oversight.
Expected: A defined response (reduce autonomy / strengthen oversight / withhold) is triggered.
Fail: Deployment proceeds with an unjustifiable gap.

7. Scoring

Score	Criteria
0	No analysis of whether overseers can actually verify the agent ("oversight" assumed)
1	Gap acknowledged qualitatively but not quantified or justified
2	Quantified per-deployment declaration with justified reliability, owner approval, update-on-change
3	Gap-gated deployment, independent review, portfolio tracking, authority disclosure

8. Failure Scenarios

Scenario A — Oversight Theatre: A deployment claims "human-in-the-loop" while humans approve outputs they demonstrably cannot evaluate. An oversight-gap declaration would have exposed that the control was nominal.

Scenario B — Silent Widening: Successive model upgrades widen the gap without any declaration update; oversight quietly degrades from real to nominal over a year, unnoticed until an incident.

Scenario C — Unbounded Gap Shipped: A new capability puts the agent far beyond verifiable oversight, but with no gap-triggered response the deployment proceeds at full autonomy.

9. Regulatory Mapping

Requirement	EU AI Act	NIST AI RMF	ISO 42001
R1: Declare the oversight gap	Art. 14 — Human oversight	MAP 2.2 — Knowledge limits & oversight	Clause 6.1 — Actions to address risk
R2: Justify reliability across the gap	Art. 55 — Model evaluation	GOVERN 1.3 — Risk-based activity	Clause 8.3 — Verification
R3: Update on capability change	Art. 9 — Risk management lifecycle	MANAGE 4.1 — Post-deployment monitoring	Clause 9.1 — Monitoring and measurement
R4: Gap-triggered response	Art. 55 — Risk mitigation	MANAGE 1.3 — High-priority response	Clause 6.1 — Actions to address risk
R5: Owner approval + independent review	Art. 55 — Governance	GOVERN 2.1 — Accountability	Clause 9.3 — Management review
R6: Retained safety case / disclosure	Art. 11 — Technical documentation	GOVERN 4.3 — Information sharing	Clause 7.5 — Documented information
R7: No oversight theatre	Art. 14 — Effective oversight	MAP 3.5 — Human oversight	A.9 — Use of AI systems

EU AI Act — Article 55 and Article 9

Article 55 systemic-risk assessment must reckon with whether oversight is real; Article 9 requires lifecycle risk management. AG-819 makes the oversight gap an explicit, managed risk artifact rather than an unexamined assumption.

NIST AI RMF — GOVERN 1.3, MAP 2.2

GOVERN 1.3 (risk-based activity levels) and MAP 2.2 (document system knowledge limits and human oversight of outputs) require exactly the declared, justified oversight gap.

ISO 42001 — Clause 6.1, Clause 9.1

Clause 6.1 (actions to address risks) and Clause 9.1 (monitoring) require identifying and acting on the oversight gap as a managed risk.

AG-818 (Scalable-Oversight Protocol) — the method whose required span this declaration sizes
AG-801 (Capability-Threshold Gating) — consumes the gap declaration in the gating decision
AG-802 (Dangerous-Capability Elicitation Evaluation) — measures the capability side of the gap
AG-820 (Undetectable-Deception-Under-Oversight Evaluation) — tests reliability at the declared gap
AG-792 (Assurance Framework Compliance) — the declaration forms part of the assurance evidence

Cite this protocol

AgentGoverning. (2026). AG-819: Oversight-Gap Declaration. The Protocols of AI Agent Governance, AGS v2.1. agentgoverning.com/protocols/AG-819

← Previous

AG-818

Scalable Oversight Protocol

Next Protocol →

AG-820

Undetectable Deception Under Oversight Evaluation