Graventure — Autonomous System Accountability

The Accountability Gap

Organisations are deploying agentic systems and autonomous workflows faster than governance is adapting. The problem is not model performance. The problem is accountability over time.

If an autonomous system causes harm while acting within policy, most organisations cannot demonstrate:

who authorised the system’s objectives
who owned its behaviour over time
who had the authority to intervene or stop it

That becomes a litigation, audit, and insurance problem — not a technology debate.

The Diagnostic

Autonomous Behaviour & Accountability Diagnostic (4–6 weeks)

What it does

Identifies autonomous / agentic systems and workflows in scope
Classifies delegation level (D0–D3)
Maps accountability ownership and escalation gaps
Defines minimum defensible controls for D2/D3 systems

What you receive

Board-ready memo (2–3 pages) with named accountability gaps
Risk register entry (adoptable internal wording)
Delegation map of in-scope systems (D0–D3)
Minimum defensible controls baseline (governance prerequisites)

Graventure does not implement tooling on this engagement. Output is designed to be defensible across Risk, Legal, Audit, and Technology.

The Framework (In One Sentence)

“When autonomous systems act over time, accountability is determined after the fact. We define the place where that accountability can be demonstrated coherently.”

Delegation Levels

We classify systems by the degree of delegated decision-making authority (not “AI capability”).

D0 — Assistive (no autonomous action)
D1 — Human-authorised action
D2 — Bounded autonomous action
D3 — Persistent autonomous agency

Minimum Defensible Controls

For D2/D3 systems, defensibility requires governance prerequisites — not “best effort.”

Objective authorisation
Scope & boundary definition
Behaviour logging & auditability
Named behavioural owner
Escalation + kill / rollback capability

Board Questions (7)

These are not “AI questions”. These are accountability questions. If you can’t answer them, you have an exposure.

Who authorised the system’s objectives?

Not “who approved the project” — who approved what the system is allowed to pursue.

Who owns behaviour over time?

Name a single accountable role for the system’s actions after go-live — not a committee.

What delegation level are we operating at?

Is this D0, D1, D2, or D3 — and is that classification documented and reviewed?

What can it do without human approval?

Tools, permissions, data access, external communications, transactions, changes in production.

Can we reconstruct decisions after an incident?

Do we have behaviour logging, traceability, and retention that would survive audit and discovery?

Who can intervene — and how fast?

Is there a tested kill / rollback path, escalation authority, and a defined threshold for intervention?

What happens when it acts within policy but causes harm?

Where does liability land — Legal, Risk, Technology, the business — and is that agreed in advance?

If your answers are partial, inconsistent across functions, or depend on “we’ll investigate if needed” — that is the gap the diagnostic is designed to surface.

Request a Board Briefing See the Diagnostic

Founding Engagements (3)

We are working with three founding organisations to validate v1.0 of the Autonomous Accountability standard before wider release.

Who it’s for

Regulated organisations deploying D2/D3 systems
Risk / Legal / Audit leaders who need defensible ownership
Teams facing board scrutiny, regulator questions, or underwriting renewal pressure

What founding organisations receive

Input into v1.0 taxonomy wording and control baseline
Optional acknowledgement as a contributor to the standard
Perpetual licence at founding rates (future pricing changes)
Early access to updates and revisions (v1.x)

This is not a discounted “pilot”. It’s a limited founding cohort with structural advantages that later clients will not receive.

Enquire About a Founding Slot Request a Briefing

Who This Is For

Designed for UK and EU regulated environments.

Chief Risk Officer / Head of Enterprise Risk
General Counsel / Litigation & Regulatory Risk
Internal Audit / Controls / Operational Resilience
Third-Party Risk / Procurement (autonomous vendor behaviour)
Security leadership (when authorised behaviour becomes liability)

The Accountability Gap

The Diagnostic

What it does

What you receive

The Framework (In One Sentence)

Delegation Levels

Minimum Defensible Controls

Board Questions (7)

Who authorised the system’s objectives?

Who owns behaviour over time?

What delegation level are we operating at?

What can it do without human approval?

Can we reconstruct decisions after an incident?

Who can intervene — and how fast?

What happens when it acts within policy but causes harm?

Founding Engagements (3)

Who it’s for

What founding organisations receive

Who This Is For

Request a Briefing

If you can’t name who owns autonomous system behaviour, you’ve already found the gap.