G3 · Agentic AI Governance · 2026
Module G3 — Governance Series
When AI acts
in place of
humans.
Governance framework · Human-in-the-loop · AgentOps · EU AI Act · Auditability
The paradigm shift

"The agentic wave introduces a fundamental model change: we move from AI that assists employees to AI that acts on systems autonomously. The challenge is no longer experimentation, but stabilization, governance, and industrialization."

Source: Benchmark Agentic for Tech, 2026
SCOPE

Governance framework for autonomous agents: who decides what, Human-in-the-loop, decision auditability, action rights, AgentOps, EU AI Act, DORA compliance.

TARGET AUDIENCE

CDO, CIO, CISO, AI leads, risk teams, compliance, internal auditors, AI Product Owners, Data Scientists in production.

REGULATION

EU AI Act Art. 9-17 (high-risk systems), Art. 25 (deployers), DORA (operational resilience), Cigref BP5 (AI policy), NIS 2.

DURATION

1 day (7h) — 3 sessions + 1 EU AI Act classification workshop + 1 Human-in-the-loop design workshop on a business case.

ORBii.Academy — Governance SeriesG3 · P.01
G3 · Agentic AI Governance
Agentic autonomy spectrum

From AI assistant to autonomous agent — 5 levels of action

Before governing an agent, you must position its level of autonomy. The higher the autonomy, the stronger the governance, auditability, and regulatory compliance requirements. Governance is not the same for AI that suggests and AI that executes.

1
Assistance — AI suggests, human decides

AI generates content, summarizes, translates, proposes. The human validates every action. No direct action on systems. EU AI Act: low or limited risk.

2
Co-pilot — AI proposes actions, human confirms

The agent prepares structured actions (email drafting, ticket creation). The human approves before execution. DORA: compliant if systematic human validation.

3
Supervised automation — agent executes, human monitors

The agent executes structured tasks (data pipelines, ticket processing). The human supervises and can intervene. EU AI Act: requires documented AI policy (Cigref BP5 C1).

4
Semi-autonomous agent — automated operational decisions

The agent makes operational decisions (routing, scoring, alerts) without systematic human validation. Gates defined for exceptional cases. EU AI Act high risk if regulated domain (credit, HR, security).

5
Autonomous agent — orchestrates other agents, strategic decisions

The agent coordinates other agents, makes high-stakes decisions, modifies business processes. Critical regulatory zone: EU AI Act Art. 9-17 mandatory, DORA Art. 5.2 executive accountability.

Governance principle — ORBii

The autonomy level of an agent defines the required governance level. Before any agentic deployment, the organization must classify each agent on this spectrum — and verify that the corresponding governance framework is in place. Deploying a level 4-5 agent without a level 4-5 governance framework creates a major regulatory and operational risk.

ORBii.Academy — Governance SeriesG3 · P.02
Protected content

You have viewed the preview of this module (first 2 pages).
To access the full content, enter your access code or request access.

12 pages remaining Personal link · Valid 24h