Advanta is currently undergoing final system calibration ahead of launch. Selected infrastructure and experiences may still be in active refinement.

advanta

HomeModule Library

Module GOV-10 sigil: Governance pillar, Strategy layer, maturity bands 1 to 3.Deterministic sigil for Module GOV-10. The Pillar geometry encodes Governance (Pillar 4); the top-right marker S encodes the Strategy layer; the baseline meter encodes maturity bands 1 to 3.SGOV-10

P4

L-E

GOV-10

AI Lifecycle Operating Manual

Maps the complete AI tool lifecycle from identification through retirement, integrating every governance module into a single coherent operational sequence.

ModuleAdvancedContinuousProtect lensComply lensGrow lensTransform lens

Audience

AI Governance LeadGeneral CounselLegal OperationsIT Security

·

Stage 1–4 (Tiers 0–2): 2–5 business days per tool. Stage 1–4 (Tiers 3–4): 5–10 business days. Stage 5–6: Ongoing. Stage 7 standard: 2–4 weeks. Stage 7 emergency: 24–72 hours active response.

Executive Summary

GOV-10 is the AI Lifecycle Operating Manual: the integration layer that maps the complete journey of an AI tool from initial identification through evaluation, registration, authorisation, active deployment, periodic review, and eventual retirement. It is the procedural backbone connecting every other governance module — DAT-06, GOV-02, GOV-04, GOV-08, GOV-09, STR-07, SUS-06, USE-07, TAL-06, and MAT-01 — into a single coherent lifecycle sequence. The Manual defines seven lifecycle stages with explicit governance gates, responsible parties, required inputs and outputs, and cross-references to the module governing each stage. Tiers 0–2 follow a standard track; Tiers 3–4 follow an agentic track that requires GOV-08 Panel authorisation, verification of five Mandatory Provisions, and tighter reauthorisation cycles. A Lifecycle Governance Calendar maps recurring governance touchpoints by frequency and tier, giving the AI Governance Lead a consolidated operating cadence. The DPS evidence schedule covers adoption records, evaluation reports, authorisation certificates, monitoring logs, and deregistration records across three retention lenses, ensuring that the full provenance of every AI tool decision is preserved for regulatory and professional scrutiny.

Metric 0 Pre-Check

Before any GOV-10 lifecycle process proceeds, two gates must pass.

Gate 1 — GOV-02 AI Use Policy Is in Force

Confirm an active GOV-02 AI Use Policy exists and has been approved by the General Counsel or designated authority. The lifecycle cannot proceed without a governing policy framework: all use case definitions, scope constraints, and authorisation decisions operate within the policy’s boundaries. If failed: establish GOV-02 AI Use Policy before initiating any lifecycle stage.

Gate 2 — DAT-06 AI BoM Register Is Operational

Confirm the DAT-06 AI Bill of Materials register is active and accessible. The lifecycle is anchored in DAT-06 registration: every stage from Provisional through Retired is a DAT-06 lifecycle event. If the AI BoM register does not exist, the lifecycle has no operational home. If failed: establish DAT-06 AI BoM standard and register before initiating any lifecycle stage.

---

1. Purpose

GOV-10 establishes the AI Lifecycle Operating Manual: the integration governance document that maps the complete journey of every AI tool used in the organisation from initial identification through evaluation, registration, authorisation, active deployment, periodic review, and eventual retirement.

The Legal AI Operating System governs AI tools through a constellation of purpose-built modules — DAT-06 for registration, GOV-08 for agentic authorisation, GOV-09 for evaluation, SUS-06 for retirement, STR-07 for incidents, USE-07 for Shadow AI conversion, TAL-06 for literacy, and MAT-01 for maturity. Each module governs one stage or domain of the AI tool relationship. GOV-10 provides the integration layer: the single document that sequences those modules into a coherent operational lifecycle, defines the governance gates between stages, specifies which stages differ by Agentic Tier, and gives the AI Governance Lead a consolidated view of every active, pending, and retired tool.

Without GOV-10, organisations operate individual governance modules in isolation, with no authoritative map of which stages must be completed in which order and which modules govern each transition. The result is lifecycle gaps — tools that have been registered but never formally authorised, tools that have passed evaluation but never received a GOV-02 policy entry, or tools that have been retired operationally but remain Active in the AI BoM. GOV-10 closes those gaps.

---

2. Strategic Context

AI tool governance is not a single event but a lifecycle. The governance decision made at deployment — the evaluation verdict, the Panel authorisation, the use case scope — degrades over time as the underlying model changes, the regulatory environment shifts, and the organisation’s use of the tool evolves. A governance framework that only governs adoption, without governing the full lifecycle, creates an accumulating compliance deficit.

EU AI Act Article 9 imposes ongoing risk management obligations throughout the AI system lifecycle, not merely at deployment. ISO/IEC 42001 requires a continuous AI management system with defined processes for the full operational lifecycle. Professional conduct obligations under ABA Model Rules 5.1–5.3 require ongoing supervision of AI tools affecting client matters, not merely initial vetting.

GOV-10 gives practical operational form to these lifecycle obligations. The seven lifecycle stages and their governance gates are the mechanism by which the organisation can demonstrate, to any regulatory body or professional conduct authority, that AI tools are governed throughout their operational life — not merely assessed once and forgotten.

---

3. Operating Principles

Principle 1 — One Lifecycle, One Register

Every AI tool has one and only one lifecycle record, anchored in its DAT-06 AI BoM entry. All lifecycle events — registration, authorisation, suspension, retirement — are recorded in that entry. Parallel or shadow lifecycle records are not recognised.

Principle 2 — Gates Are Not Optional

Each lifecycle stage has defined governance gates that must pass before the next stage begins. Proceeding without a passed gate is a governance failure, not a process variant. The AI Governance Lead is accountable for gate compliance.

Principle 3 — Tier Determines Track

The Agentic Tier classification of the tool (DAT-06 Field 15) determines which lifecycle track applies. Tiers 0–2 follow the standard track. Tiers 3–4 follow the agentic track, which includes additional evaluation requirements (GOV-09 Agentic Supplement), Panel authorisation (GOV-08), and continuous Mandatory Provisions. Tier classification is reviewed at every reauthorisation.

Principle 4 — No Unanchored Deployments

A tool is not deployed in the organisation’s governance framework until it reaches Active status in the AI BoM. A tool in Provisional status is under governance review, not approved for operational use. Operational use of a Provisional-status tool is a Class 6 Shadow AI event.

Principle 5 — Reauthorisation Is Mandatory

Active tools without current authorisation must move to Suspended status pending reauthorisation. There is no grace period and no informal extension. The reauthorisation schedule set at Stage 4 is binding.

Principle 6 — Retirement Completes the Record

Retirement is a governance milestone, not merely an operational event. Stage 7 must be completed with full DAT-06 deregistration and a DPS evidence package. A tool that is operationally discontinued without completing Stage 7 remains Active in the AI BoM — creating a governance record that does not reflect operational reality.

---

4. Lifecycle Framework Overview

The AI tool lifecycle comprises seven stages, each with defined governance gates, responsible parties, and module cross-references.

Stage 1 — Identification and Use Case Definition

A business need for an AI tool is identified. The proposed use case is defined and assessed against the GOV-02 AI Use Policy scope. A preliminary Agentic Tier classification is made. The AI Governance Lead approves progression to evaluation.

Stage 2 — Technical Evaluation

The tool undergoes the GOV-09 AI Evaluation Harness. The evaluation produces a verdict (Pass, Conditional Pass, or Fail) and an Evaluation Harness Report that feeds DAT-06 Field 10. Only tools achieving Pass or Conditional Pass proceed.

Stage 3 — Registration and Policy Entry

The tool is registered in the AI BoM (DAT-06, 22-field schema). A GOV-02 AI Use Policy entry is created. The tool moves to Provisional status. GOV-04 vendor due diligence data is incorporated.

Stage 4a — Standard Authorisation (Tiers 0–2)

The AI Governance Lead reviews the complete registration, confirms Tier classification, and issues a Standard Deployment Authorisation. The tool moves to Active status.

Stage 4b — Agentic Panel Authorisation (Tiers 3–4)

All five Mandatory Provisions (kill-switch, intervention log, scope limitation, escalation protocol, bias monitoring) are verified as operational. The GOV-08 Agentic Governance Panel convenes and, on unanimous approval, issues an Agentic Deployment Authorisation Certificate. The reauthorisation schedule is set. The tool moves to Active status.

Stage 5 — Active Deployment and Ongoing Oversight

The tool is deployed per its approved use cases and user groups. Ongoing monitoring is conducted per the Tier-specific schedule in the Lifecycle Governance Calendar. STR-07 incidents are reported as they arise. GOV-09 re-evaluation is triggered by qualifying events.

Stage 6 — Periodic Review and Reauthorisation

At the scheduled reauthorisation date (or on event-triggered review), the tool is re-assessed. Use cases are confirmed as current. If the model version has changed materially, GOV-09 re-evaluation is conducted. The Stage 4a or 4b authorisation process is repeated. Updated DAT-06 and GOV-02 entries are issued.

Stage 7 — Suspension and Retirement

The tool is retired, either through planned retirement (end-of-contract, consolidation, maturity uplift) or emergency retirement (critical incident, Shadow AI Tier 1 severity, GOV-08 Class A failure). The SUS-06 Technology Sunsetting Plan governs the retirement process. DAT-06 moves to Retired status. An AI BoM Deregistration Certificate is issued.

Defensibility Evidence

GOV-10 generates DPS evidence across all three lenses by anchoring lifecycle governance in the AI BoM. Adoption lens (5-year retention): Approved Use Case Briefs from Stage 1 with AI Governance Lead approval records; Standard Deployment Authorisation records from Stage 4a; periodic review confirmations for Tiers 0–2 at Stage 6; and retirement initiation records from Stage 7. Sophistication lens (5-year retention): GOV-09 Evaluation Harness Reports from Stage 2; DAT-06 AI BoM entries at each lifecycle stage transition (Draft, Provisional, Active, Under Review, Suspended, Retired); GOV-02 AI Use Policy entries and amendments; Agentic Deployment Authorisation Certificates from Stage 4b; GOV-08 Panel authorisation records; reauthorisation records from Stage 6; and five Mandatory Provision verification records from Stages 4b and 6. Defensibility lens (7-year retention): AI BoM Deregistration Certificates from Stage 7; emergency retirement records including STR-07 cross-references and access shutdown confirmations within 24 hours; GOV-11 disclosure assessment records arising from lifecycle events; all regulatory correspondence relating to lifecycle decisions; and GOV-08 intervention logs and kill-switch test records for Tiers 3–4 (GOV-08 Provisions 1 and 2 independently require 7-year retention). The 7-year Defensibility retention period applies because lifecycle governance records may be referenced in regulatory investigations or professional disciplinary proceedings arising years after the tools concerned were retired.

Operational Artefacts

  • AI Lifecycle Governance Runbook (Stages 1–7)

    docx · v2026.1

    Gated

  • AI Lifecycle Status Dashboard Template

    xlsx · v2026.1

    Gated

  • Lifecycle Governance Calendar Checklist

    checklist · v2026.1

    Gated

Framework Crosswalk

EU AI Act

European Union

Operationalises Article 9 lifecycle risk management and supports documentation for high-risk and general-purpose AI systems used in legal services.

ISO/IEC 42001

ISO/IEC

Provides the AI management system lifecycle structure that GOV-10 instantiates for identification, deployment, monitoring, and retirement of AI systems.

NIST AI Risk Management Framework

NIST

Aligns GOV-10 lifecycle stages with Govern, Map, Measure, and Manage functions across the AI portfolio.

ABA Model Rules 5.1–5.3

American Bar Association

Supports supervisory duties over lawyers and nonlawyer assistants by governing AI tools that affect client matters throughout their lifecycle.

GDPR

European Union

Supports controller and processor accountability by tracking AI tools that process personal data from adoption through retirement, including data handling at decommissioning.

Operational Details

Inputs

  • · Business needs statement and proposed AI tool or use case
  • · GOV-09 evaluation capacity and qualified assessor
  • · DAT-06 AI BoM register (operational)
  • · GOV-02 AI Use Policy (in force)
  • · GOV-04 vendor due diligence records for the tool vendor
  • · GOV-08 Agentic Governance Panel availability (Tiers 3–4)
  • · STR-07 incident records (for event-triggered lifecycle actions)
  • · SUS-06 retirement protocol (for Stage 7)

Outputs

  • · Approved Use Case Brief (Stage 1)
  • · GOV-09 Evaluation Harness Report (Stage 2)
  • · DAT-06 AI BoM entry at each lifecycle stage (Stages 3–7)
  • · GOV-02 AI Use Policy entry (Stage 3)
  • · Standard Deployment Authorisation record (Stage 4a)
  • · Agentic Deployment Authorisation Certificate (Stage 4b)
  • · Periodic review and reauthorisation records (Stage 6)
  • · AI BoM Deregistration Certificate (Stage 7)
  • · Complete DPS evidence package across all seven stages

Owner

AI Governance Lead

Telemetry & Observability

Telemetry-ready

Key Takeaways

  • Require every AI tool to complete all lifecycle stages from identification through retirement before operational use.

  • Use DAT-06 as the single lifecycle anchor: one tool, one AI BoM record, all status changes recorded.

  • Route Tiers 3–4 through GOV-08 Panel authorisation with five Mandatory Provisions before Active deployment.

  • Suspend any Active tool whose authorisation has expired; do not allow grace periods or informal extensions.

  • Treat emergency retirement as a governed lifecycle event under SUS-06, not as a governance failure.

  • Use the Lifecycle Governance Calendar to coordinate evaluations, monitoring, and reauthorisations across tiers.

  • Rely on lifecycle artefacts as primary DPS evidence of AI governance sophistication and defensibility.

Get This Module

This module is available as part of an Advanta Advisory engagement.

Explore Advisory

Module Details

Type

Pillar

P4

Layer

E · Execution

Duration

Stage 1–4 (Tiers 0–2): 2–5 business days per tool. Stage 1–4 (Tiers 3–4): 5–10 business days. Stage 5–6: Ongoing. Stage 7 standard: 2–4 weeks. Stage 7 emergency: 24–72 hours active response.

Advisory

Yes

Access

enterprise

Maturity Bands

OperationalIntegratedOptimisedDefensible

Risk Classes Mitigated

Related Resources

P4 · GovernanceModule Library →Take the Free Baseline Diagnostic →

Governance

Methodology
v2026.1

ADVISORY

Need help implementing this — and the 49 modules around it?

Advanta Advisory works with legal departments to deploy the full Legal AI OS framework — governance design, implementation roadmap, and team capability — structured around your maturity baseline.

Explore Advisory →Run the Diagnostic first
← Back to Module Library