Business purpose, risk acceptance, data use, user procedures, and production decisions stay with accountable owners.
Trust / Governance
Shared Responsibility Model for Recurring AI Agents
A practical operating model for accountability, governance, and control across recurring AI work.
Use this page when you need boundary clarity: what Scaled Agents can make visible, what providers and platforms may support, and what remains a customer-owner decision.
Recurring AI agents create shared operational risk across vendors, platforms, business processes, data, permissions, and human review. The Shared Responsibility Model helps enterprises define who owns what before an agent is deployed, monitored, escalated, or remediated.
The Agent Passport is the governance record for recurring AI work. It records identity, ownership, scope, permissions, controls, evidence, and incident paths, but it does not replace the people and teams accountable for the work they control.
Context
Use this model to decide who owns each part of recurring AI work.
Shared responsibility separates what the organization owns, what providers or platforms may support, what operators must follow, and what the Agent Passport records as evidence. It helps prevent accountability gaps when AI agents operate across people, systems, vendors, data, and review paths.
Cloud, model, SaaS, and tool providers may supply infrastructure, but they do not own the organization's AI governance decisions.
The Passport records identity, ownership, scope, controls, review paths, and evidence; it does not transfer accountability away from people.
How the model assigns responsibility
The Passport connects the operating record, but accountability remains with the party controlling each layer of work. Scaled Agents provides governance platform capabilities; named owners remain responsible for business, technical, security, compliance, operational, and contractual decisions within their control.
Governance operating model
Use these views to define ownership, controls, RACI, incident accountability, and contract expectations before recurring AI work reaches production.
Scaled Agents shared responsibility model showing the Agent Passport as the governance record connecting vendor, enterprise platform, business owner, security and compliance, and operator responsibilities.
Governance record for recurring AI work
Vendor / Provider
Product reliability, security, uptime, support, updates
- Product capability and reliability
- Security and uptime
- Support and documentation
- Updates and change notices
Enterprise AI / Platform Team
Use case approval, platform guardrails, testing, monitoring
- Use case approval
- Platform configuration
- Guardrails and standards
- Pre-launch testing
Business Owner
Process fit, success criteria, review, improvement
- Process ownership
- Success and failure criteria
- Human review cadence
- Continuous improvement
IT / Security / Data / Compliance
Access, data governance, risk, compliance
- Access and permissions
- Data governance
- Risk classification
- Audit readiness
End User / Operator
Follow procedures, review outputs, escalate issues
- Follow approved procedures
- Review outputs
- Escalate unusual behavior
- Provide feedback
Vendor / Provider
Product reliability, security, uptime, support, updates
Enterprise AI / Platform Team
Use case approval, platform guardrails, testing, monitoring
Business Owner
Process fit, success criteria, review, improvement
IT / Security / Data / Compliance
Access, data governance, risk, compliance
End User / Operator
Follow procedures, review outputs, escalate issues
Accountability follows control
The Shared Responsibility Model defines how responsibility is assigned across the product, process, data, permissions, review, and incident layers of recurring AI work. Each party is responsible for the risks and decisions they control.
Passport as governance record
The Agent Passport records who owns the agent, what the agent is approved to do, what systems it can access, what controls apply, who reviews outputs, and how incidents are handled.
Clear accountability
The Passport creates a shared source of evidence without replacing accountable owners. Shared accountability does not mean unclear accountability.
- Define ownership before deployment.
- Document approved scope and prohibited actions.
- Map system access and permission limits.
- Set human review points and stop conditions.
- Preserve audit evidence.
- Clarify incident ownership and remediation paths.
Use the Passport to make the operating model visible before recurring AI work creates operational dependency.
Vendor / Provider
Owns
- Product capability and reliability
- Platform uptime and availability
- Product defects
- Security controls within the vendor-controlled system
- Logging features made available to customers
- Model or version change notices where applicable
- Contracted support obligations
Does not own by default
- Customer business process decisions
- Enterprise data quality
- Customer-granted permissions
- Customer user misuse
- Customer's internal review process
Enterprise AI / Platform Team
- Use case intake and approval workflow
- Agent configuration standards
- Prompt, tool, and workflow design standards
- Guardrails and policy enforcement patterns
- Pre-launch testing
- Monitoring design
- Operational governance
- Platform lifecycle management
Business Owner
- Business process fit
- Task scope and intended outcome
- Success and failure criteria
- Human review cadence
- Exception handling
- Downstream business impact
- Process improvement decisions
IT / Security / Data / Compliance
- System access
- Permission boundaries
- Data source approval
- Data quality expectations
- Privacy and legal review
- Risk classification
- Security policy controls
- Evidence and audit readiness
- Compliance requirements
End User / Operator
- Following approved procedures
- Reviewing assigned outputs
- Escalating unusual behavior
- Reporting issues
- Not bypassing safeguards
- Providing operational feedback
Responsibility rule
Responsibility is assigned based on control. The Passport records each party's role, but it does not transfer accountability away from the party that controls the work.
Every recurring production agent should have defined controls
The person or team accountable for the business process and outcome expectations.
The person or team accountable for configuration, integration, platform behavior, and technical maintenance.
What the agent is approved to do, where it can operate, and under what conditions.
What the agent must never do, including actions requiring human approval or actions outside policy.
Approved systems, documents, records, or knowledge sources the agent may use.
Applications, APIs, tools, or environments the agent can access.
Whether the agent can read, write, send, approve, modify, purchase, delete, or escalate.
When a human must review or approve the agent's work.
Error rates, unusual activity patterns, policy violations, or confidence thresholds that trigger review.
What pauses, disables, or escalates the agent when risk exceeds tolerance.
What evidence is captured, retained, and made available for review.
Who is notified, how quickly, and what workflow is followed when something goes wrong.
How often the agent, scope, permissions, outputs, and controls are revalidated.
The Passport should capture these controls before recurring AI work reaches production.
RACI for recurring AI agent governance
For recurring AI work, accountability must be mapped before deployment. The RACI view clarifies who is Responsible, Accountable, Consulted, and Informed across approval, configuration, permissions, testing, monitoring, incident handling, and remediation.
| Activity | Accountable | Responsible | Consulted | Informed |
|---|---|---|---|---|
| Approve agent use case | Business Owner | Enterprise AI / Platform Team | Legal, Risk, Security, Compliance | Operators, stakeholders |
| Configure agent workflow | Enterprise AI / Platform Team | Technical Owner | Business Owner, Vendor / Provider | Security, Compliance |
| Define success and failure criteria | Business Owner | Process SMEs | Operators, Compliance, Enterprise AI Team | Technical Owner |
| Grant system access and permissions | IT / Security | System Admin / Platform Owner | Business Owner, Compliance | Enterprise AI / Platform Team |
| Approve data sources | Data Owner / Compliance | Enterprise AI / Platform Team | Business Owner, Security, Legal | Operators |
| Test before launch | Enterprise AI / Platform Team | QA / Technical Owner | Business Owner, Vendor / Provider, Security | Operators |
| Monitor recurring activity | Business Owner | Operations / Enterprise AI Team | Security, Compliance | Stakeholders |
| Investigate incident | Business Owner or Incident Commander | Enterprise AI Team / Security / Operations | Vendor / Provider, Legal, Compliance | Affected stakeholders |
| Fix product defect | Vendor / Provider | Vendor Support / Engineering | Enterprise AI / Platform Team | Business Owner |
| Fix configuration or process issue | Enterprise AI / Platform Team or Business Owner | Technical Owner / Process Owner | Vendor / Provider, Security, Compliance | Operators |
The Passport should store or link to the RACI mapping so each recurring agent has clear accountable and responsible parties.
Incident accountability matrix
When an agent makes a mistake, the first question should not be "Who can we blame?" It should be "Which layer failed, who controlled that layer, and what evidence does the Passport show?"
Product failure
ExampleVendor platform failed, logs were unavailable, product defect caused bad behavior, or an unannounced product/model change materially affected output.
Primary accountabilityVendor / Provider
Passport evidenceVersion, vendor, capability, support terms, logs, change notices, incident records
Configuration failure
ExampleAgent instructions, tools, routing rules, or guardrails were configured incorrectly.
Primary accountabilityEnterprise AI / Platform Team
Passport evidenceConfiguration owner, approval record, prompts/workflow version, test results
Process design failure
ExampleA high-impact recurring task lacked human review, escalation, or stop conditions.
Primary accountabilityBusiness Owner / Enterprise
Passport evidenceApproved scope, success criteria, review cadence, stop conditions
Permission failure
ExampleThe agent had excessive access or could take actions without required approval.
Primary accountabilityIT / Security / Enterprise
Passport evidenceSystem access, permission limits, approval records, access review history
Data failure
ExampleThe agent used stale, incomplete, inaccurate, or unauthorized data.
Primary accountabilityData Owner / Enterprise
Passport evidenceApproved data sources, data owner, freshness requirements, retrieval configuration
User misuse
ExampleOperator bypassed safeguards, ignored required review, or used the agent outside approved procedure.
Primary accountabilityEnd User / Operator / Manager
Passport evidenceUser procedure, warnings, review assignment, audit log, escalation history
Monitoring failure
ExampleRepeated errors occurred without detection or escalation.
Primary accountabilityBusiness Owner / Operations / Enterprise AI Team
Passport evidenceMonitoring rules, thresholds, alerts, review cadence, incident path
Contract failure
ExampleVendor did not meet agreed support, audit, availability, notification, or remediation terms.
Primary accountabilityVendor / Provider through contract path
Passport evidenceSLA, support terms, incident timeline, audit log access, change notice obligations
The enterprise remains accountable to its customers, employees, and regulators. Vendor accountability determines recourse, remediation, support, and contractual remedies.
Vendor and contract expectations
For recurring AI work, vendor agreements should define the evidence, support, security, notification, and remediation expectations needed to operate agents responsibly.
Define what constitutes a product defect, platform failure, support failure, or material product behavior issue.
Specify what logs are available, how long they are retained, and how customers can access them during review or incident response.
Require notice when model, system, workflow, or platform changes may materially affect agent behavior.
Document security controls, access controls, encryption, vulnerability management, and incident handling obligations.
Define how customer data is processed, retained, deleted, isolated, and protected.
Document third-party services or processors used to deliver the product.
Define response windows, escalation paths, notification timelines, and evidence-sharing expectations.
Set support channels, severity levels, response times, and escalation paths.
Define whether customers can disable, suspend, roll back, or restrict agent behavior.
Clarify how repeated or material failures are fixed and what remedies apply.
Document known limitations, intended use, prohibited use, and customer responsibilities.
Define credits, remediation obligations, termination rights, and other agreed remedies where appropriate.
Contracts should reinforce the same principle as the Passport: clarify responsibility before an incident occurs.
What the Agent Passport does, and does not do
The Passport does
- Records agent identity and approved purpose
- Maps owners and responsibility domains
- Documents scope and prohibited actions
- Captures data sources and system access
- Defines permission limits and review points
- Records audit evidence and incident paths
- Supports governance, review, and remediation
The Passport does not
- Become the accountable actor
- Replace business ownership
- Replace technical ownership
- Replace security, compliance, or data governance
- Absorb responsibility for user misuse
- Transfer customer operational accountability to Scaled Agents
- Eliminate the need for contracts, controls, and review
Scaled Agents enables accountability by making ownership, controls, and evidence visible. Accountable owners remain responsible for the layers they control.
Make recurring AI work governable before it scales.
Use the Agent Passport to document ownership, scope, permissions, controls, evidence, and incident paths for recurring AI agents.