# Autonomy risk register

Use this register to make AI authority visible, reviewable, and operable.

## Risk fields

| Field | Description |
| --- | --- |
| Workflow | The process or user journey affected |
| Autonomous action | The exact action an agent can take |
| Data class | Public, internal, confidential, regulated, or restricted |
| Reversibility | Easy rollback, manual correction, or irreversible |
| Failure mode | Wrong answer, wrong action, leak, outage, bias, fraud, or delay |
| Mitigation | Approval, limit, test, policy, alert, or rollback |
| Owner | Person accountable for accepting or closing the risk |

## Review cadence

- Review before pilot, production launch, and every authority expansion.
- Re-score after incidents, model changes, new integrations, or policy changes.
- Keep open risks attached to implementation work, not presentation notes.

## Launch rule

Autonomy expands only when the register shows owners, mitigations, monitoring, and rollback paths.