advanta

HomeModule LibraryGovernance

Module GOV-14 sigil: Governance pillar, Strategy layer, maturity bands 1 to 3.Deterministic sigil for Module GOV-14. The Pillar geometry encodes Governance (Pillar 4); the top-right marker S encodes the Strategy layer; the baseline meter encodes maturity bands 1 to 3.SGOV-14
P4· L-G· Bands IntegratedOptimisedDefensible

· GOV-14

Delegation-Authority Register Architecture

When AI takes an action, the question that determines liability is: who authorised that action class? The Delegation-Authority Register Architecture defines the canonical record of every decision authority delegated to AI — by capability, by tier, by matter type, by named human signatory. The Architecture specifies the delegation taxonomy, the standing approval scope, the matter-by-matter exception path, and the revocation trigger. Without an explicit Register, AI actions trace to no specific delegated authority and the firm carries the accountability dilution risk by default. Methodology v2026.1.

strategic

·

Quarterly

·

2 hours first run per Tier 3+ capability; 30 minutes quarterly refresh

Methodology v2026.1

Executive Summary

Every Tier 3 (Workflow operator) and Tier 4 (Autonomous agent) capability that operates without human review on every transaction requires a named delegation of authority: what decisions the system may make, within what scope, with what guardrails, and with which human held accountable. The Delegation-Authority Register is that record. It does not prevent AI autonomy — it structures autonomy so that it is defensible. One entry per Tier 3+ capability: the delegated decision type, the accountable human, the materiality threshold (calibrated in GOV-16), the escalation path, and the audit cadence. Refresh quarterly at the Operate stage Governance Cadence review. Archive each entry at Sunset with the final post-mortem record. A function that cannot produce this register for each Tier 3+ capability does not have governance — it has exposure.

Defensibility Evidence Produced

The Delegation-Authority Register is primary evidence for Risk Taxonomy 2026 Class 9 (Accountability dilution). A signed, current register demonstrates that every Tier 3+ capability has a named human accountable — the canonical test for accountability at the level of the system rather than the individual transaction.

Elements:

Decision traceabilityGovernance posture

The operational problem

When AI takes an action, the question that determines liability is not what did the AI do? but who authorised that action class, in advance, in writing, with named accountability? The answer determines whether the firm carries the action as institutional governance or as accountability dilution.

In most legal functions today the answer is implicit. The AI Use Policy (GOV-02) names the scope; the AI Task Force (STR-07) approved the procurement; the practice group operates the tool. Nowhere is there a written delegation of authority that specifies what the system may decide, within what scope, and which human is accountable when the decision is wrong.

That gap is Class 9 (Accountability dilution) operationalised. Without an explicit Delegation-Authority Register, every Tier 3 (Workflow operator) and Tier 4 (Autonomous agent) capability deployment carries the dilution risk by default. The function cannot answer the regulator’s first question about an autonomous action — who delegated this authority? — because no document holds the delegation record.

Legal AI OS Relevance

The Delegation-Authority Register Architecture sits at the intersection of Pillar P4 (Governance, Risk & Defensible AI) and the Governance Layer (Layer G). It produces evidence for two Defensibility Elements:

  • DE-1 Decision traceability — the register specifies which decisions the system may make and therefore the trace of who authorised the decision class
  • DE-4 Governance posture — the signed register is itself the governance-posture artefact at the level of the system, not the transaction

Anchoring to Bands 3, 4, and 5 (Integrated → Optimised → Defensible), the Module is required before any Tier 3+ capability is deployed at Band 3 or above. At Band 4 the register is operated at quarterly cadence with the Materiality Calibration (GOV-16) refresh. At Band 5 the register is integrated with the Evidence Register (GOV-13) such that every delegated decision class has a traceable evidence row. Methodology v2026.1.

Pillar Alignment

Pillar 4 (Governance, Risk & Defensible AI) is the institutional capability that holds AI accountable. The Delegation-Authority Register operationalises accountability at the system level — what the system may decide, under what scope, with which human held accountable when the decision is wrong.

The Pillar 4 posture this Module advances: from implicit authorisation through procurement approval to explicit, signed, named, scope-bounded delegation per Tier 3+ capability.

Operating Layer Impact

The Governance Layer (Layer G) is the institutional substrate that constrains how AI may be operated. The Delegation-Authority Register is the Layer-G artefact that names the accountability for every Tier 3+ capability. The Agentic Governance Charter (GOV-08) writes against the register. The Evidence Register (GOV-13) writes against it. The Materiality Calibration (GOV-16) tunes the thresholds the register specifies.

Without the Delegation-Authority Register, the Execution Layer operates AI under implicit authority and the function cannot defend the autonomy posture at any cadence.

Maturity Band Relevance

The Module strengthens the Defensibility and Autonomy lenses of the Maturity Stack.

From Band

To Band

Defensibility-lens shift

Autonomy-lens shift

3 — Integrated

4 — Optimised

Implicit authorisation → explicit signed register per Tier 3+ capability

Tier 3 deployed without delegation → Tier 3 deployed under documented delegation

4 — Optimised

5 — Defensible

Register operated at quarterly cadence with materiality calibration

Tier 4 (autonomous agent) deployment is gated by register population

5 — Defensible

(sustaining)

Register integrated with Evidence Register; per-decision audit trail

Autonomy posture defensible to regulator at the level of the system

Tier 3 (Workflow operator) capability requires the register to deploy. Tier 4 (Autonomous agent) capability requires the register and the Agentic Governance Charter (GOV-08) and the Evidence Register (GOV-13) and the Materiality Calibration (GOV-16) in operation.

Operational Outcomes

Operating the Architecture produces four institutional artefacts:

Artefact

Purpose

DPS evidence stream

Delegation-Authority Register — per Tier 3+ capability

The signed record of what the system may decide and which human is accountable

DE-1 + DE-4 (primary)

DPS Governance Posture section input

The register feeds Element 4 directly

DE-4

Escalation path documentation

Per delegation entry, the path when scope is exceeded or guardrail is hit

DE-1

Sunset archive record per decommissioned capability

At capability retirement, the register entry archives with the final post-mortem

DE-4

Records retain for the regulator’s limitation period for the longest applicable jurisdiction, plus the full lifecycle of the AI system.

Defensibility and Governance Considerations

The Module produces evidence for DE-1 (Decision traceability) and DE-4 (Governance posture). The Risk Class addressed is Class 9 (Accountability dilution); the register’s existence is the canonical mitigation for Class 9 at the system level.

For Tier 4 (Autonomous agent) capability, the register requires:

  • A delegation entry per decision class the system may execute autonomously
  • Linkage to the Materiality Calibration (GOV-16) row for each in-scope decision type
  • An escalation path: what triggers human handoff, who handles, on what cadence
  • A revocation trigger: which performance or risk condition revokes the delegation
  • A signature by the GC or delegated AI Task Force Chair, dated, with effective date

For Tier 3 (Workflow operator) capability, the register requires:

  • A delegation entry per workflow the system operates
  • The boundary: what the system may not do without exception-triggered HITL per GOV-16
  • The accountable individual: by named role and named person
  • The audit cadence: when the delegation is reviewed against actual operation

The editorial-independence attestation applies — the Module makes no vendor-specific recommendations.

Institutional Use Cases

Use case 1 — A 14-partner firm deploying first Tier 3 capability. The firm is at Band 3. The contract-extraction capability operates against a workflow that previously required associate review. The Delegation-Authority Register entry specifies: the delegated decision class is extract canonical clauses from a contract for partner review; the system may not decide legal sufficiency; the accountable human is the supervising partner per the engagement; the escalation path is the senior partner for any extracted clause flagged as ambiguous; the revocation trigger is more than two errors per ten extractions in a quarter. Signed by GC; effective dated 2026-Q3.

Use case 2 — A 200-lawyer in-house function deploying Tier 4 autonomous agent for vendor-renewal triage. The function is at Band 4. The capability triages incoming renewal requests against a pre-approved playbook, auto-approving routine renewals and routing non-routine to a named contracts lead. The register entry specifies: 18 decision classes (renewal-as-is up to threshold, renewal-with-price-change within band, etc.); 12 are in autonomous scope; 6 require exception-triggered HITL per GOV-16. The Materiality Calibration row specifies the financial threshold at which Full HITL is mandatory regardless of class. The Agentic Governance Charter (GOV-08) chairs the standing review. The Evidence Register (GOV-13) captures every autonomous decision for sample audit. The capability deploys only when all four artefacts are operational and signed.

Use case 3 — A global energy GC office at Band 5 with 11 Tier 3+ capabilities. The register holds 11 entries with collectively 137 in-scope decision classes. The annual external attestation samples 22 decisions across the year and verifies each against the register entry. The attestation finding informs the register’s annual refresh; one delegation revoked in the year due to performance degradation; two new delegations added; one capability migrated from Tier 3 to Tier 4 with the corresponding Agentic Governance Charter activation.

Recommended Stakeholders

RACI role

Stakeholders

Owner

General Counsel

Approvers

General Counsel · AI Task Force Chair

Contributors

Legal Operations · Risk and Compliance

Informed

Board · Audit Committee · CIO / CISO

The GC holds the signing authority per delegation entry. The AI Task Force Chair (per STR-07) is the standing forum where new delegations are deliberated; the GC signs after Task Force recommendation.

Implementation Complexity

Dimension

Specification

First run per Tier 3+ capability

2 hours

Quarterly refresh per capability

30 minutes

Cross-team dependencies

Risk (escalation pathway design) · IT (system-actual-behaviour validation) · the Practice Group (decision-class taxonomy)

Self-serve viability

Partial — first run benefits from advisory at Tier 4; Tier 3 is self-serve

Advisory recommendation

Programme Design for first Tier 4 capability; Strategic Retainer for functions operating ≥3 Tier 3+ capabilities

The Module is methodology-versioned (v2026.1); each entry’s effective date and next review are the operating telemetry.

Inputs

Input

Source

Capability Portfolio Tier 3+ capability list

SUS-10

Materiality Calibration HITL tier per decision type

GOV-16

AI Use Policy delegated authority scope

GOV-02

Agentic Tier classification per capability

STR-07 + Agentic Governance Charter where applicable

Framework — the Delegation Entry

Entry structure

The canonical structure is one entry per Tier 3+ capability. Each entry holds:

Section

Content

Capability identifier

Canonical name from Capability Portfolio (SUS-10)

Tier classification

Tier 3 (Workflow operator) or Tier 4 (Autonomous agent)

Effective date

Date the delegation is in force

Next review

Quarterly cadence date

Accountable human

Named individual + role

Delegated decision classes

One row per class; what the system may decide

Guardrails

What the system may not decide without exception-triggered HITL

Materiality threshold

Linked to GOV-16 row

Escalation path

Trigger condition + recipient + handover protocol

Revocation trigger

Performance or risk condition that revokes the delegation

Signatory

GC or delegated AI Task Force Chair

Evidence Register cross-reference

GOV-13 row IDs

Decision class taxonomy

The canonical pattern: each decision class is specified at the verb level — recommend, triage, flag, route, summarise, extract, generate-draft, approve-routine, execute. Verb specificity prevents scope creep.

Verb

Tier 3 typical

Tier 4 typical

Recommend

Yes — system recommends; human decides

Yes — same

Triage

Yes — system routes per playbook; human handles

Yes — system handles routine per playbook; human handles flagged

Flag

Yes

Yes

Route

Yes

Yes

Summarise

Yes

Yes

Extract

Yes

Yes

Generate-draft

Yes — for human review

Yes

Approve-routine

No — Tier 4 only

Yes — within financial/scope threshold per GOV-16

Execute

No — Tier 4 only

Yes — within delegated authority

Guardrails

For each delegated decision class, guardrails specify what triggers exception-triggered HITL or full handover. Common guardrails:

Guardrail

Trigger

Materiality threshold

GOV-16 Full HITL boundary crossed (financial, regulatory, client-impact)

Confidence threshold

System’s own confidence score below the calibrated floor

Out-of-scope detection

Decision class not in the delegated taxonomy

Anomaly detection

Decision pattern deviates from the population in the audit sample

Regulatory change

New rule activates; pending delegation review

Escalation path

Trigger

Recipient

Handover protocol

Guardrail hit

Named accountable human

System pauses; package context to recipient; recipient decides

Revocation trigger met

AI Task Force Chair

Delegation revoked; capability returns to Tier 2 review or sunset

Regulatory inquiry on a delegated decision

GC

Evidence Register (GOV-13) row produced; delegation documented

Revocation triggers

Trigger

Action

Performance below the calibrated floor (e.g., > 2% error in audit sample)

Delegation revoked pending review

Audit finding requiring scope reduction

Delegation amended at next quarterly cadence

Regulatory change altering the scope

Delegation suspended pending GOV-16 recalibration

Capability sunset

Delegation archived with the Capability Portfolio sunset entry

Worked Example

A 200-lawyer in-house function at Band 3 deploys its first Tier 3 capability: a contract-extraction system that extracts canonical clauses for partner review.

Step

Activity

Output

1

Capability Portfolio entry confirms in-scope; Tier 3 classification

SUS-10 entry

2

Materiality Calibration row populated: extraction is Audit-only; flagging is Exception-triggered HITL

GOV-16 row

3

Delegation-Authority Register entry drafted: decision class list, guardrails, escalation path, revocation trigger

Entry v0.1

4

AI Task Force review at next monthly session

Recommended to GC

5

GC signs the entry

Entry v1.0, effective 2026-09-01

6

Evidence Register rows updated to cross-reference the delegation

GOV-13 updated

7

Capability deployed under delegated authority

Operating

Quarterly cadence at quarter +1: audit sample of 30 extractions; 1 error; well within revocation trigger threshold. Delegation continues. At quarter +4: annual review; performance trend reviewed; capability promoted to Tier 4 candidacy under GOV-08 evaluation.

Common Failure Modes

Failure mode

Detection signal

Recovery

Tier 3+ capability deployed without register entry

Capability live; register row absent

Pause capability; populate entry; re-deploy under delegation

Delegation entry signed but never refreshed

Last-review date older than two quarters

Bind refresh to Governance Cadence (GOV-15)

Guardrail trigger fires but system continues

Out-of-scope decision class executed

Capability paused; AI Task Force investigation; revocation considered

Accountable human named but not in role

Role turnover loses the accountability trace

Bind register updates to HR change-notice cadence

Materiality threshold drifts without recalibration

GOV-16 row not refreshed; threshold stale

Standing quarterly recalibration per GOV-16

Tier 3 → Tier 4 promotion without Agentic Charter

Capability operating at Tier 4 scope but Tier 3 register entry

Pause; activate GOV-08; rewrite delegation entry

Revocation trigger met but not actioned

Performance breach in audit; no register update

Audit Committee escalation; documented remediation plan

Edge Cases

The Module does not apply when:

  • The function operates only Tier 1 (Standalone assistant) and Tier 2 (Workflow assistant) capabilities — no delegation entries required; the AI Use Policy (GOV-02) is sufficient
  • The function operates under a parent organisation’s enterprise-wide delegation architecture — the Module produces sub-entries that feed the parent’s enterprise register
  • The function is below Band 3 — Tier 3+ deployment is premature; build Bands 1-2 through CHG-01 + GOV-01 first
  • The capability is third-party-hosted and the third party holds the delegation under a separate framework — the Module produces a counterparty-attestation entry rather than a delegation entry

Operational Signals

gov-14.delegation-coverage

Defensibility Posture Statement

Proportion of active agentic capabilities with current Register delegation — DE-1 Decision traceability record.

Quarterly

gov-14.delegation-review-cycle

Annual Legal AI OS Index

Delegations reviewed and re-attested on cadence feeds the Annual Legal AI OS Index governance signal.

Quarterly

gov-14.exception-rate

Console

Matter-by-matter exception authorisations per quarter for Console intelligence substrate.

On change

Recommended Stakeholders

Owner

  • General Counsel

Approvers

  • General Counsel
  • AI Task Force Chair

Contributors

  • Head of Legal Operations
  • Risk & Compliance

Informed

  • Board
  • Audit Committee
  • CIO / CISO

Inputs · Outputs

Inputs

  • · Capability Portfolio (SUS-10) — Tier 3+ capability list
  • · Materiality Calibration (GOV-16) — HITL tier per decision type
  • · AI Use Policy — delegated authority scope
  • · Agentic Tier classification per capability

Outputs

  • · Delegation-Authority Register — per Tier 3+ capability
  • · DPS input: Governance posture element (Defensibility Element 4)
  • · Escalation path documentation
  • · Sunset archive record per decommissioned capability

Diagnostic Relevance

Running the Delegation-Authority Register Architecture strengthens the Defensibility and Autonomy lenses — expected Band progression: Optimised → Defensible.

Confidence: high

Key Takeaways

  • Complete one entry per Tier 3 or Tier 4 capability in the Capability Portfolio

  • Name the decision type delegated, the authority scope, and the accountable human

  • Define guardrails: what the system may not decide without human escalation

  • Connect materiality threshold to GOV-16 (Materiality Calibration)

  • Refresh quarterly at the Operate stage Governance Cadence review

  • Archive each entry at Sunset with the post-mortem record attached

Run this Module via advisory

This Module is operated within Advanta advisory engagements. Methodology v2026.1.

View Engagement Models

Targeting

Audience

GC / CLOLegal OperationsRisk & Compliance

Strengthens

Defensibility lensAutonomy lens

Module Details

Format
Module
Difficulty
Advanced
Pillar
P4
Owner
General Counsel
Access
Practitioner Membership
Certification
Practitioner

Maturity Bands

IntegratedOptimisedDefensible

Risk Classes Mitigated

Where this Module lives

The Delegation-Authority Register is the accountability spine underneath agentic capability. It is the source of authorisation that the Agentic Governance Charter (GOV-08) writes against, and produces DE-1 (Decision traceability) and DE-4 (Governance posture) records into the DPS. Without this Module, the AI Task Force cannot answer 'who authorised this?' for any agentic action.

Advisory

When this Module sits inside a Programme.

Modules are operated in-house by GC and Legal Operations teams. When the capability transformation is multi-Pillar — or when the regulator timeline tightens — Advanta operates the canonical Module sequence as a Programme.