SAIL 2.0

/

AI Policy & Safe experimentation (Plan)

/

Undefined Risk Tolerance & Categorization

1.3

.

Undefined Risk Tolerance & Categorization

sail
1.3
Risk

Undefined Risk Tolerance & Categorization

Description

Lack of clear criteria for AI risk tolerance and classifying AI systems by risk level (regular/high/critical) and by agent autonomy level (supervised, semi-autonomous, fully autonomous).

Example

A fully autonomous procurement agent classified at the same tier as a supervised summarization assistant, missing required action-authorization controls.

Assets Affected

Risk framework

AI inventory

Impact assessments

AI Agent

Mitigation
  • Define risk tolerance thresholds
  • establish risk categories with clear criteria
  • introduce agent autonomy tiers driving control intensity
  • impact assessment process
  • classification guidelines.
Standards Mapping
  • ISO: Clause 6.1.2, A.5.2
  • EU AI Act: Art. 6, Art. 9(2)
  • DASF: Platform 12.6
  • AIUC-1: C001