Part 1 — For the Business

Ch. 2 — Know Your Risk Level

How to classify your agents by risk — and why that classification determines everything else about your compliance obligations.

Before mapping frameworks, before assigning ownership, before writing policies — the first question is: what risk level does this agent operate at?

Risk level is not a compliance formality. It is the input that determines which frameworks apply, how strictly they apply, and how much governance investment is warranted. Get it wrong in either direction and you pay for it — either by over-engineering compliance for a tool that carries minimal risk, or by under-governing an agent that's making consequential decisions about real people.

Consider two agents deployed inside the same organization:

Platform Agentic

Compliance, governance, and accountability for teams building agentic AI systems.

Access the book — sign in with Google·LinkedIn