Hazard Analysis Governance

2. Summary

Hazard Analysis Governance requires that every AI agent deployment in a safety-critical or critical infrastructure context is preceded by and continuously informed by a systematic hazard analysis that identifies all credible hazard scenarios arising from the agent's operation, misoperation, or failure. The hazard analysis must specifically address AI-specific failure modes — including model drift, adversarial manipulation, out-of-distribution inputs, hallucinated outputs, and emergent behaviours — in addition to traditional system failure modes. The results of the hazard analysis must directly drive the design of safe states (AG-109), degraded modes (AG-110), safety constraints (AG-112), timing requirements (AG-113), and interlock configurations (AG-114). Without formal hazard analysis, safety controls are designed by assumption rather than evidence, leaving gaps that materialise as incidents.

3. Example

Scenario A — Autonomous Mining Vehicle Agent Deployed Without AI-Specific Hazard Analysis: A mining company deploys an AI agent to control autonomous haul trucks in an open-pit mine. The company conducts a conventional hazard analysis (HAZOP) that identifies mechanical failures, sensor failures, and communication losses. However, the analysis does not consider AI-specific failure modes. Six months into operation, the agent's perception model begins misclassifying water puddles as solid ground after a period of unusual rainfall changes the puddle appearance beyond the training distribution. A 220-tonne haul truck drives into a 3-metre-deep water-filled pit at 35 km/h. The truck is submerged to the cab level. The operator in the cab escapes with injuries.

What went wrong: The hazard analysis used traditional HAZOP methodology without extension for AI-specific failure modes. "Perception model misclassification under distribution shift" was not an identified hazard. Consequently, no mitigation existed — no safe state for perception uncertainty, no degraded mode for low-confidence perception, no interlock requiring minimum classification confidence before proceeding. A proper AI-extended hazard analysis would have identified "perception model out-of-distribution performance degradation" as a credible hazard and required mitigations such as confidence thresholds, lidar cross-validation, and minimum-speed constraints when perception confidence is below threshold. Consequence: operator hospitalised for 3 weeks, truck write-off (£4.2 million), mine safety stand-down for 2 weeks (production loss £11 million), mining regulator investigation.

Scenario B — Pharmaceutical Manufacturing Agent Without Interaction Hazard Analysis: A pharmaceutical company deploys an AI agent to optimise a multi-step chemical synthesis process. The hazard analysis considers each step independently — temperature control in the reactor, pH control in the neutralisation vessel, solvent recovery in the distillation column. The analysis does not consider interactions between steps when the AI agent optimises across the entire process simultaneously. The agent discovers that increasing reactor temperature by 8°C improves yield by 3%. It also discovers that reducing neutralisation pH by 0.4 units reduces processing time by 12 minutes. Each change is individually within the safety envelope defined by the step-level hazard analysis. However, the combination produces an intermediate compound that is thermally unstable at the elevated temperature. An exothermic decomposition in the transfer line between reactor and neutralisation vessel causes a pressure excursion that activates the emergency relief system, venting 150 kg of chemical vapour.

What went wrong: The hazard analysis considered each process step in isolation, not the interaction effects when an AI agent optimises across steps simultaneously. Traditional HAZOP examines deviations from normal operation at each node. AI agents introduce a new class of deviation — simultaneous multi-parameter optimisation that is individually compliant but collectively hazardous. A Systems-Theoretic Process Analysis (STPA) approach, extended for AI agent interactions, would have identified the cross-step interaction as a hazard. Consequence: emergency vent activation, environmental release requiring regulatory notification, production shutdown for 6 weeks during investigation, estimated cost £8.5 million.

Scenario C — Smart Building Agent Hazard Analysis Not Updated After System Change: A smart building management system uses an AI agent to optimise energy consumption across a commercial office complex. The original hazard analysis, conducted at deployment, identifies risks related to HVAC, lighting, and access control. Two years later, the building owner installs an electric vehicle charging infrastructure in the underground car park, integrated with the building management system. The AI agent now optimises energy allocation including EV charging. No updated hazard analysis is conducted. The agent's energy optimisation reduces ventilation in the car park during peak charging periods (to allocate power to chargers). CO concentration from residual vehicle movements during reduced ventilation reaches 85 ppm — above the 35 ppm occupational exposure limit — in a poorly ventilated corner of the car park.

What went wrong: The hazard analysis was not updated when the controlled system changed (addition of EV charging infrastructure). The interaction between energy optimisation and car park ventilation was not identified as a hazard because it did not exist at the time of the original analysis. AG-111 requires hazard analysis to be updated whenever the agent's scope, the controlled system, or the operational environment changes. Consequence: 3 employees experience headaches and nausea (CO exposure symptoms), HSE investigation, building management system shut down pending hazard re-analysis, estimated cost £620,000 including remediation, monitoring installation, and regulatory compliance.

4. Requirement Statement

Scope: This dimension applies to all AI agents within the scope of AG-109 (Safe-State Transition Governance) and AG-112 (Sector Safety Constraint Governance) — those operating in contexts where agent operation, misoperation, or failure could result in physical harm, environmental harm, infrastructure damage, or disruption to essential services. Additionally, this dimension applies to any AI agent deployment where the consequences of failure could include regulatory enforcement action under safety legislation (e.g., Health and Safety at Work Act 1974, COMAH Regulations, relevant sector-specific safety regulations). The scope includes agents that influence safety-critical decisions even if they do not directly control physical systems — for example, an agent that recommends maintenance schedules for safety-critical equipment, or an agent that triages emergency response requests.

4.1. A conforming system MUST conduct a formal hazard analysis before any safety-critical agent is deployed to production, using a recognised systematic methodology (e.g., HAZOP, STPA, FMEA, FTA, or equivalent) extended to address AI-specific failure modes.

4.2. A conforming system MUST include in the hazard analysis all credible AI-specific failure modes, including but not limited to: model drift, adversarial input manipulation, out-of-distribution input degradation, hallucinated or confabulated outputs, multi-parameter optimisation interactions, training data bias materialisation, and emergent behaviours not present in testing.

4.3. A conforming system MUST document, for each identified hazard, the causal chain from agent failure mode to physical consequence, the severity rating, the likelihood assessment, and the required risk reduction measures traceable to specific governance controls (AG-109 safe states, AG-110 degraded modes, AG-112 safety constraints, AG-113 timing requirements, AG-114 interlocks).

4.4. A conforming system MUST update the hazard analysis whenever any of the following changes occur: the agent's model is retrained or updated, the agent's scope or mandate is modified, the controlled system is physically modified, the operational environment changes materially, or a near-miss or incident reveals a previously unidentified hazard.

4.5. A conforming system MUST ensure the hazard analysis is conducted or reviewed by personnel with competence in both the application domain's safety engineering practices and AI system failure modes — a purely domain-safety or purely AI-technical analysis is insufficient.

4.6. A conforming system MUST retain the complete hazard analysis, including all identified hazards, risk assessments, and traceability to mitigations, as a living document accessible to all parties responsible for the agent's safe operation.

4.7. A conforming system SHOULD conduct the hazard analysis using at least two complementary methodologies (e.g., HAZOP for deviation-based analysis plus STPA for interaction-based analysis) to reduce the risk of systematic blind spots in a single methodology.

4.8. A conforming system SHOULD include in the hazard analysis an explicit assessment of the agent's behaviour under simultaneous multi-parameter deviations, not solely single-parameter deviations.

4.9. A conforming system SHOULD establish a hazard analysis review cadence (e.g., annually) independent of change triggers, to capture gradual environmental or operational drift that may not trigger the change-based update requirement.

4.10. A conforming system MAY use AI-assisted tools for hazard identification (e.g., automated FMEA generation from system models) provided that the results are reviewed and validated by qualified human analysts.

5. Rationale

Hazard Analysis Governance addresses the foundational question of safety engineering applied to AI agents: what can go wrong, and what are the consequences? Every other safety-critical governance dimension in this landscape — safe states, degraded modes, safety constraints, timing requirements, interlocks — depends on the hazard analysis for its specification. If the hazard analysis is incomplete, the safety controls will be incomplete. If the hazard analysis does not account for AI-specific failure modes, the safety controls will be blind to the most novel risk category introduced by AI agents.

Traditional hazard analysis methodologies were developed for deterministic systems. HAZOP asks "what if this parameter deviates high/low/none?" FMEA asks "what if this component fails in this mode?" FTA works backwards from a top event to identify contributing causes. These methodologies remain valuable but are insufficient for AI agents because AI agents introduce failure modes that these methodologies were not designed to capture.

AI-specific failure modes include: gradual model drift (the agent slowly becomes less accurate without a discrete failure event), distribution shift (the operational environment changes beyond the training distribution), adversarial manipulation (deliberately crafted inputs cause misclassification), multi-parameter optimisation interactions (individually safe parameter changes that are collectively hazardous), hallucinated outputs (the agent generates plausible but fictitious data), and emergent behaviours (the agent develops strategies during operation that were not present during testing). These failure modes are probabilistic, context-dependent, and may not have clear precursors — they require extension of traditional methodologies or the adoption of systems-theoretic approaches (such as STPA) that explicitly model the control structure and identify unsafe control actions.

The requirement for combined domain-safety and AI-technical competence reflects a practical reality: domain safety engineers understand the physical consequences of failures but may not understand how AI models fail; AI engineers understand model failure modes but may not understand the physical consequences in the specific application domain. Effective hazard analysis requires both perspectives working together. An AI engineer who does not understand that a 0.4-unit pH deviation in a pharmaceutical process can create a thermally unstable intermediate, or a process safety engineer who does not understand that an AI optimiser can simultaneously adjust multiple parameters in ways that a traditional control system would not, will each produce an incomplete analysis.

The update requirement addresses a critical lifecycle issue: hazard analyses are not static. The controlled system changes (new equipment, new integrations), the operational environment changes (new usage patterns, new external conditions), and the agent itself changes (model retraining, scope expansion). Each change can introduce new hazards or alter the severity or likelihood of existing hazards. An initial hazard analysis that is never updated becomes progressively less relevant and eventually provides false assurance.

6. Implementation Guidance

AG-111 establishes the hazard analysis as the analytical foundation for all safety governance controls applied to AI agents in critical infrastructure. The hazard analysis is not a one-time document — it is a living artefact that drives the specification of safe states, degraded modes, safety constraints, timing requirements, and interlocks. Every control in AG-109 through AG-114 should be traceable to a specific hazard identified in the AG-111 analysis.

Recommended patterns:

• STPA-AI methodology. Systems-Theoretic Process Analysis (STPA) is particularly well-suited for AI agent hazard analysis because it models the control structure — including the AI agent as a controller — and identifies unsafe control actions rather than component failures. Extend STPA for AI by adding a specific step: for each control action the agent can take, systematically identify how AI-specific failure modes (drift, distribution shift, adversarial input, hallucination, multi-parameter interaction) could cause the control action to be unsafe (provided when not needed, not provided when needed, provided too early/late, provided too long/too short, provided with wrong parameters). This extension naturally captures the interaction hazards that step-level analysis misses. Example: for a water treatment dosing agent, STPA-AI would identify "chlorine dose provided at wrong rate due to turbidity model out-of-distribution" as an unsafe control action, traceable to specific mitigations.
• Bow-tie analysis with AI extensions. Bow-tie diagrams connecting causes (left side) through a top event to consequences (right side) provide an intuitive visualization of hazard chains. Extend the bow-tie for AI by adding AI-specific causes on the left (model drift, adversarial input, etc.) and mapping barriers (governance controls) to specific AG-109 through AG-114 requirements. Each barrier in the bow-tie should have an identified AG dimension, a specific requirement number, and evidence of implementation. Example: the top event "uncontrolled chemical release from reactor" has AI-specific cause "multi-parameter optimisation creates unstable intermediate." Barriers include AG-112 safety constraint (parameter combination limits), AG-114 interlock (temperature-composition interlock), and AG-109 safe state (emergency quench to defined safe temperature).
• Hazard register with traceability matrix. Maintain a structured hazard register (not a prose document) where each hazard has: unique ID, description, AI-specific or traditional classification, causal chain, severity rating (using a defined scale such as MIL-STD-882E or IEC 61508 SIL determination), likelihood assessment, required risk reduction, implementing governance controls (with specific AG dimension and requirement number), and verification status. A traceability matrix links every identified hazard to at least one mitigation control, and every safety governance control to the hazards it mitigates. Any hazard without a mitigating control is an open risk. Any control without a traceable hazard should be questioned (is it necessary, or is there a missing hazard?).
• Periodic review with operational data. Establish a review cadence (at minimum annually, more frequently for rapidly changing environments) that incorporates operational data: near-misses, anomalous agent behaviours detected by AG-022 (Behavioural Drift Detection), changes to the controlled system, and changes to the operational environment. Each review should explicitly ask: "Has any new hazard emerged that was not identified in the previous analysis? Has the severity or likelihood of any existing hazard changed?"

Anti-patterns to avoid:

• Copy-paste from traditional system hazard analysis. Taking the hazard analysis from the pre-AI system and adding "AI agent" as a new component without fundamentally reconsidering the hazard landscape misses the novel failure modes that AI introduces. The AI agent is not simply a replacement for a traditional controller — it introduces qualitatively different failure modes that require specific analysis.
• Single-methodology analysis. Relying solely on HAZOP (which excels at single-parameter deviations but struggles with multi-parameter interactions), or solely on FMEA (which excels at component-level failures but struggles with system-level emergent behaviours), or solely on STPA (which excels at control structure analysis but may miss detailed component failure modes) leaves systematic blind spots. Two complementary methodologies significantly reduce the risk of missed hazards.
• AI engineers conducting hazard analysis without domain expertise. An AI engineer who identifies "model accuracy drops below 95%" as a hazard without understanding the physical consequence of that accuracy drop in the specific application produces an analysis that cannot drive meaningful safety controls. The consequence chain must be traced from AI failure mode to physical harm.
• One-time analysis without lifecycle management. A hazard analysis conducted at deployment and never updated provides decreasing value over time. Within 2 years of a significant system change, the original analysis may be actively misleading — providing assurance about a system configuration that no longer exists.
• Qualitative-only severity assessment. Severity assessments that use terms like "high" or "critical" without quantitative grounding (e.g., "could result in injury to 1-10 persons" or "could cause environmental release exceeding 100 kg of Category 2 substance") lack the specificity needed to drive proportionate mitigations. Where possible, severity should be quantified.

Industry Considerations

Process Industries (COMAH/Seveso sites). Facilities subject to the Control of Major Accident Hazards (COMAH) Regulations in the UK or Seveso III Directive in the EU must include AI agent hazard analysis within their Safety Report. The competent authority (HSE/EA in the UK) will expect the hazard analysis to demonstrate that AI-specific failure modes have been identified and that the risk of major accidents has not been increased by the deployment of AI agents. Layer of Protection Analysis (LOPA) should be used to verify that independent protection layers are sufficient, counting AI governance controls as protection layers only where they meet the independence and reliability criteria.

Nuclear. The Office for Nuclear Regulation (ONR) requires that safety cases for nuclear installations address all computer-based systems. AI agents would fall under the scope of safety case requirements, and the hazard analysis must meet the standards set out in the ONR's Safety Assessment Principles (SAPs). Given the extremely low risk tolerances in nuclear, AI-specific failure modes must be analysed to the same depth as hardware and conventional software failures.

Aviation. EASA and FAA require that AI/ML systems in aviation undergo safety assessment per ARP4761 (System Safety Assessment) and demonstrate compliance with DO-178C (software) and DO-254 (hardware). AI-specific extensions are being developed through EUROCAE/RTCA working groups. Hazard analysis must address Design Assurance Levels (DAL) appropriate to the function.

Medical Devices. ISO 14971 (Application of Risk Management to Medical Devices) applies to AI agents integrated with medical devices. The hazard analysis must address the specific risks of AI-driven clinical decisions, including bias, misclassification, and the interaction between AI recommendations and clinical workflows.

Maturity Model

Basic Implementation — A hazard analysis has been conducted for each safety-critical agent deployment using at least one recognised methodology. The analysis identifies key hazards from both traditional system failures and AI-specific failure modes. Mitigations are documented and linked to governance controls. The analysis is documented and retained. However, it may be conducted by personnel with expertise in either domain safety or AI (not necessarily both), may use a single methodology, and may not have a formal update cadence. This level establishes the analytical foundation but may have gaps from methodology limitations or competence gaps.

Intermediate Implementation — The hazard analysis uses at least two complementary methodologies (e.g., HAZOP + STPA-AI). The analysis team includes both domain-safety and AI-technical competence. AI-specific failure modes are systematically addressed using a defined taxonomy. A structured hazard register with full traceability to mitigating controls is maintained. The analysis is updated on every material change to the agent, controlled system, or operational environment, and is reviewed on a defined cadence (at minimum annually). Update triggers are defined and monitored. This level provides a robust analytical foundation with lifecycle management.

Advanced Implementation — All intermediate capabilities plus: formal quantitative risk assessment (e.g., SIL determination per IEC 61508, LOPA) is conducted for each identified hazard. The traceability matrix is verified by an independent party. Operational data (near-misses, anomalous behaviours, drift detection alerts) feeds directly into the hazard analysis review process. The hazard analysis is maintained as a machine-readable artefact (not just a document) enabling automated verification of traceability and completeness. The organisation can demonstrate to regulators that every safety governance control applied to each agent deployment is traceable to a specific identified hazard, and that every identified hazard has at least one mitigating control with verified effectiveness.

7. Evidence Requirements

Required artefacts:

• Hazard analysis report. The complete formal hazard analysis including: methodology used, scope definition, system description, identified hazards (traditional and AI-specific), causal chains, severity and likelihood assessments, required risk reduction measures, and traceability to implementing controls. For each AI-specific failure mode considered, the analysis must document whether the failure mode was assessed as credible in the specific context and, if so, the consequence chain.
• Hazard register. Structured register of all identified hazards with unique IDs, risk ratings, mitigation controls with AG dimension references, and verification status. Format: structured data (database, spreadsheet, or equivalent) enabling automated traceability queries.
• Traceability matrix. Matrix linking each identified hazard to its mitigating governance controls (AG-109 through AG-114 and others as applicable), and each governance control to the hazards it mitigates. No hazard should be without mitigation; no safety control should be without a traceable hazard.
• Analysis team competence evidence. Records demonstrating that the hazard analysis team included both domain-safety and AI-technical competence — qualifications, experience records, or professional certifications.
• Update history. Log of all hazard analysis updates, including: trigger for update (change event, scheduled review, or incident), changes made, new hazards identified, and impact on mitigating controls.

Retention requirements:

• Hazard analysis reports, registers, and traceability matrices: retained for the operational lifetime of the agent deployment plus minimum 10 years for nuclear and aviation; minimum 7 years for COMAH/Seveso sites; minimum 5 years otherwise.

Access requirements:

• Producible to safety regulators or auditors within 48 hours of request. For COMAH/Seveso sites, the hazard analysis must be included in the Safety Report available to the competent authority at all times.

8. Test Specification

Testing AG-111 compliance requires verification that hazard analyses are complete, methodologically sound, traceable, and maintained. These are analytical and procedural tests rather than system-behaviour tests.

Test 8.1: Hazard Analysis Completeness — AI-Specific Failure Modes

• Stimulus: Review the hazard analysis against a defined taxonomy of AI-specific failure modes (model drift, distribution shift, adversarial input, hallucinated output, multi-parameter interaction, training data bias, emergent behaviour). Verify that each failure mode has been explicitly assessed for the specific deployment.
• Expected behaviour: Each AI-specific failure mode in the taxonomy is addressed — either identified as a credible hazard with documented mitigations, or explicitly assessed as not credible in the specific context with documented justification.
• Pass criteria: 100% of AI-specific failure modes in the taxonomy are addressed. No failure mode is omitted without justification. (Validates requirement 4.2)
• Fail criteria: Any AI-specific failure mode is not addressed in the hazard analysis.

Test 8.2: Traceability Verification — Hazards to Controls

• Stimulus: For each identified hazard in the hazard register, verify that at least one mitigating governance control is identified and that the control is implemented and operational.
• Expected behaviour: Every hazard traces to at least one implemented control. Every control traces to at least one hazard.
• Pass criteria: No hazard lacks a mitigating control. No safety control lacks a traceable hazard. All identified controls are verified as implemented. (Validates requirement 4.3)
• Fail criteria: Any hazard lacks a mitigating control, or any identified control is not implemented.

Test 8.3: Methodology Adequacy

• Stimulus: Review the hazard analysis methodology against recognised standards (IEC 61882 for HAZOP, IEC 60812 for FMEA, STPA handbook for STPA). Verify that the methodology was applied correctly and that AI-specific extensions are documented.
• Expected behaviour: The methodology follows the recognised standard with documented AI-specific extensions. Analysis worksheets or equivalent working documents are retained.
• Pass criteria: Methodology application is consistent with the referenced standard. AI-specific extensions are documented and justified. (Validates requirement 4.1)
• Fail criteria: The methodology deviates from the referenced standard without justification, or AI-specific failure modes are not systematically addressed within the methodology.

Test 8.4: Update Currency

• Stimulus: Review the hazard analysis update history against the change log of the agent (model updates, scope changes), the controlled system (physical modifications, new integrations), and the operational environment (new usage patterns, environmental changes). Verify that every material change triggered a hazard analysis update.
• Expected behaviour: Every material change is followed by a hazard analysis update. The elapsed time between change and update is documented and reasonable (e.g., update completed before the change is deployed to production).
• Pass criteria: All material changes have corresponding hazard analysis updates. No change was deployed to production before the hazard analysis update was complete. (Validates requirement 4.4)
• Fail criteria: Any material change lacks a corresponding hazard analysis update, or any change was deployed before the update.

Test 8.5: Team Competence Verification

• Stimulus: Review the hazard analysis team composition against the competence requirement (domain-safety and AI-technical). Verify qualifications, experience, or professional certifications for team members.
• Expected behaviour: The team includes at least one member with demonstrated domain-safety competence and at least one member with demonstrated AI-technical competence (these may be the same person if both competences are demonstrated).
• Pass criteria: Both competence areas are represented on the team with documented evidence. (Validates requirement 4.5)
• Fail criteria: Either domain-safety or AI-technical competence is not represented on the team.

Test 8.6: Severity and Consequence Chain Documentation

• Stimulus: For each identified hazard, verify that the documented consequence chain traces from the AI failure mode through intermediate effects to the physical consequence, with severity quantified where possible.
• Expected behaviour: Each hazard has a documented consequence chain from cause to physical effect. Severity is rated on a defined scale with quantitative grounding.
• Pass criteria: All hazards have documented consequence chains. Severity ratings use a consistent, defined scale. (Validates requirement 4.3)
• Fail criteria: Any hazard lacks a consequence chain, or severity ratings are inconsistent or undefined.

Conformance Scoring

• Score 0: No formal hazard analysis has been conducted for AI agent deployments in safety-critical contexts — safety controls are based on assumption or informal assessment.
• Score 1: A hazard analysis exists but uses traditional methodology without AI-specific extensions. AI-specific failure modes are not systematically addressed. The analysis may not be maintained as a living document.
• Score 2: A formal hazard analysis using recognised methodology with AI-specific extensions has been conducted by a team with both domain-safety and AI-technical competence. A structured hazard register with traceability to mitigating controls is maintained. The analysis is updated on material changes. All mandatory requirements (4.1-4.6) are satisfied.
• Score 3: All Score 2 capabilities plus multiple complementary methodologies, quantitative risk assessment, independent traceability verification, operational data integration, machine-readable hazard register, and demonstrated ability to trace every safety control to its originating hazard and every hazard to its mitigating control with verified effectiveness.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 9 (Risk Management System)	Direct requirement
IEC 61508	Clause 7.4 (Hazard and Risk Analysis)	Direct requirement
IEC 61511	Clause 8 (Hazard and Risk Assessment)	Direct requirement
ISO 26262	Part 3 (Concept Phase — Hazard Analysis and Risk Assessment)	Direct requirement
ISO 14971	Risk Management for Medical Devices	Direct requirement
UK HSE	COMAH Regulations — Safety Report	Direct requirement
NIST AI RMF	MAP 1.1, MAP 1.5, MAP 2.1 (Risk Mapping)	Supports compliance
ISO 42001	Clause 6.1.2 (AI Risk Assessment)	Direct requirement
MIL-STD-882E	System Safety (US DoD)	Supports compliance

EU AI Act — Article 9 (Risk Management System)

Article 9 mandates that providers of high-risk AI systems establish, implement, document, and maintain a risk management system throughout the AI system's lifecycle. The risk management system must identify and analyse "known and reasonably foreseeable risks." For AI agents in safety-critical contexts, this directly requires formal hazard analysis addressing both traditional and AI-specific failure modes. The regulation's requirement for "appropriate and targeted risk management measures" traceable to identified risks maps directly to AG-111's traceability requirement.

IEC 61508 — Clause 7.4 (Hazard and Risk Analysis)

IEC 61508 requires hazard and risk analysis as the first step in determining the safety requirements for safety-related systems. For AI agents deployed in IEC 61508-governed contexts, the hazard analysis must determine the Safety Integrity Level (SIL) required for each safety function — including safe-state transitions, interlocks, and timing guarantees. The SIL determination directly drives the design rigour required for AG-109, AG-113, and AG-114 implementations.

IEC 61511 — Clause 8

For process industry applications, IEC 61511 requires hazard and risk assessment to identify hazardous events and determine the required risk reduction for each Safety Instrumented Function. AI agents managing process control must be analysed within this framework, with AI-specific failure modes included as potential initiating causes for hazardous events.

ISO 26262 — Part 3

For automotive applications, ISO 26262 Part 3 requires Hazard Analysis and Risk Assessment (HARA) to determine Automotive Safety Integrity Levels (ASIL) for each identified hazardous event. AI agents in autonomous vehicle systems must have their failure modes included in the HARA, with ASIL ratings driving the design requirements for safety mechanisms.

ISO 14971 — Medical Device Risk Management

ISO 14971 requires manufacturers to identify hazards, estimate and evaluate risks, and implement risk control measures for medical devices. AI agents integrated with medical devices must have their failure modes (including misclassification, bias, and hallucinated recommendations) included in the risk management process, with traceability from identified risks to control measures.

COMAH Regulations — Safety Report

Sites subject to COMAH must prepare a Safety Report demonstrating that major accident hazards have been identified and that adequate measures are in place. If AI agents are deployed on COMAH sites, the Safety Report must address AI-specific hazards. The competent authority will expect to see that AI failure modes have been analysed with the same rigour as traditional equipment failure modes.

10. Failure Severity

Field	Value
Severity Rating	Critical
Blast Radius	Systemic — inadequate hazard analysis creates blind spots that propagate across all downstream safety controls

Consequence chain: Without adequate hazard analysis governance, safety controls are designed to address assumed rather than analysed hazards. This creates systematic blind spots — hazards that exist but are not mitigated because they were never identified. The consequence is not a specific incident type but a class of incidents: "the failure mode we didn't consider." The severity is critical because hazard analysis is the analytical foundation for all other safety-critical governance dimensions. An incomplete hazard analysis means incomplete safe-state definitions (AG-109), incomplete degraded-mode profiles (AG-110), incomplete safety constraints (AG-112), potentially incorrect timing requirements (AG-113), and missing interlocks (AG-114). The blast radius is systemic because the gap propagates — a missed hazard is a missed mitigation across every downstream control. When the missed hazard materialises, the organisation has no prepared response because the scenario was never analysed. The business consequences include those of the unmitigated hazard (physical harm, environmental damage, infrastructure destruction) compounded by the regulatory finding that the hazard analysis was inadequate — demonstrating a systemic governance failure rather than an isolated control failure. Under UK health and safety legislation, failure to conduct adequate risk assessment is itself an offence, independent of whether an incident actually occurs.

Cross-references: AG-111 provides the analytical foundation for AG-109 (Safe-State Transition Governance) — safe states are designed to mitigate hazards identified here. AG-110 (Degraded-Mode and Manual Fallback Governance) degraded modes are specified based on the hazard analysis. AG-112 (Sector Safety Constraint Governance) safety constraints are derived from hazard analysis results. AG-113 (Real-Time Determinism and Latency Assurance Governance) timing requirements are determined by the process safety time identified in the hazard analysis. AG-114 (Actuation Interlock Governance) interlock configurations are specified to prevent hazardous states identified here. AG-001 (Operational Boundary Enforcement) mandate limits for safety-critical agents should be informed by the hazard analysis. AG-050 (Physical and Real-World Impact Governance) provides the broader framework for physical-impact governance that AG-111 supports with specific analytical methodology.