← Home/AI Governance

AI decides within a cadre.
Humans stay in humans in control.

Living Oversight & Operations Protocol. 4 trust zones, 3 escalation levels, living registry. AI under control — traced, audited, mastered.

Discover the 4 zones →Talk to the team →
● Red · Escalation
Orange · Supervision ●
● Green · Autonomy
LOOP™
Green Zone
Autonomous execution
Confidence >90% — the agent acts without validation. Reversible tasks, continuously traced.
Orange Zone
Human validation
Confidence 70–90% — the agent proposes, the human validates before execution.
Red Zone
Mandatory escalation
Confidence <70% — human decision required within 4h. No automatic action.
Black Zone
Immediate block
CISO alert, full stop, audit trail. Absolute out-of-scope.
4trust zones
·
7living registry dimensions
·
3LOOP™ certification levels
·
ISO 42001NIST AI RMF · AI Act aligned
4trust zones
7living registry dimensions
3LOOP™ certification levels
ISO 42001NIST AI RMF · AI Act aligned
4trust zones
7living registry dimensions
3LOOP™ certification levels
ISO 42001NIST AI RMF · AI Act aligned
Why governance is non-negotiable

Without a framework, your AI agents become a risk.

69% of executives deploy agents without formal governance. BCG 2026. Result: decisions made by black boxes, with no traceability, no identified owner.

Accountability impossible to trace
When an agent makes a bad decision, who is responsible? Without a documented RACI per agent, nobody can answer — internally or before a regulator.
Compliance impossible to prove
The EU AI Act and ISO 42001 require complete traceability of automated decisions. Without a living registry, a compliance audit is impossible to pass — and the penalties are real.
Silent agent drift
Models evolve, prompts drift, data changes. Without continuous supervision, an agent can degrade for weeks without anyone detecting it.
The 4 LOOP™ zones

Every agent operates in a zone. Defined before going to production.

Zones are not fixed per module — they are defined at the level of each possible action of each agent. The same agent can be in the green zone for 80% of its actions and in the red zone for the remaining 20%.

01Green zone> 90% confidence

Autonomous execution. The agent executes without human intervention. The decision is made, the action is carried out, the result is logged. Zero operational friction for low-risk, high-volume tasks.

Examples
L1 ticket triage, standard report generation, automatic bank reconciliation, employee FAQ responses, inbound lead qualification.
02Orange zone70–90% confidence

Human validation before execution. The agent formulates a complete, reasoned recommendation. A designated human validates before the action is executed. The decision remains human — the agent prepares and accelerates.

Examples
Supplier payments above threshold, sensitive customer responses, recruitment decisions, significant financial amounts, contract modifications.
03Red zone< 70% confidence

Mandatory escalation. The agent stops, documents what it understood and what it is missing, and alerts the designated owner in the registry. Human decision required within 4h. No automatic action.

Examples
Legal decisions with contractual implications, out-of-scope financial commitments, unforeseen ambiguous situations, unexpected sensitive data.
04Black zoneAbsolute out-of-scope

Immediate block & CISO alert. The agent detects an out-of-scope situation. Immediate block, CISO alert, full audit trail activated. Total execution stop — no action, no attempt.

Examples
Access to data outside authorized classification, requests to bypass guardrails, prompt injection attempts, critical security situations.
Green zone
Autonomous execution
> 90% confidence
The agent executes without human intervention. The decision is made, the action is carried out, the result is logged. Zero operational friction for low-risk, high-volume tasks.
Examples: L1 ticket triage, standard report generation, automatic bank reconciliation, employee FAQ responses, inbound lead qualification.
Orange zone
Human validation before execution
70–90% confidence
The agent formulates a complete, reasoned recommendation. A designated human validates before the action is executed. The decision remains human — the agent prepares and accelerates.
Examples: Supplier payments above threshold, sensitive customer responses, recruitment decisions, significant financial amounts, contract modifications.
Red zone
Mandatory escalation
< 70% confidence
The agent stops, documents what it understood and what it is missing, and alerts the designated owner in the registry. Human decision required within 4h. No automatic action.
Examples: Legal decisions with contractual implications, out-of-scope financial commitments, unforeseen ambiguous situations, unexpected sensitive data.
Black zone
Immediate block & CISO alert
Absolute out-of-scope
The agent detects an out-of-scope situation. Immediate block, CISO alert, full audit trail activated. Total execution stop — no action, no attempt.
Examples: Access to data outside authorized classification, requests to bypass guardrails, prompt injection attempts, critical security situations.
Zones are defined per action, not per module.
A Finance agent can be in the green zone to generate a report, in the orange zone to validate an invoice >€10K, and in the black zone to access payroll data. This granularity is the core of LOOP™.
3 escalation levels: Informationnotification without blocking · Validationhuman approval required before action · Blockfull stop, CISO alert, audit trail activated.
The living registry

7 dimensions. For every agent. Updated in real time.

The registry is not a static document. It is a dynamic repository maintained by Koneetiv teams — accessible to your stakeholders, auditable at any time.

01Identity

Name, parent module, version, production date, environment, current status.

02RACI owners

Business owner, technical owner, escalation manager, CISO validator. Clear, documented accountability per agent.

03Data accessed

Each data source classified N1-N4. Zero Trust perimeter. Documented access rights. Retention policy.

04Versioned instructions

System prompts, guardrails, LOOP™ thresholds versioned like code. Full changelog. Every modification traced.

05Perimeter & Limits

Authorized actions, prohibited actions, zone escalation rules, blocking conditions. Validated by the CISO.

06Real-time metrics

Resolution rate, cost/interaction, satisfaction, uptime, escalation volume. Dashboard shared with your stakeholders.

07Full history

Incidents, deployed updates, optimizations, past audits. Full traceability since production deployment.

01
Identity
Name, parent module, version, production date, environment, current status.
02
RACI owners
Business owner, technical owner, escalation manager, CISO validator. Clear, documented accountability per agent.
03
Data accessed
Each data source classified N1-N4. Zero Trust perimeter. Documented access rights. Retention policy.
04
Versioned instructions
System prompts, guardrails, LOOP™ thresholds versioned like code. Full changelog. Every modification traced.
05
Perimeter & Limits
Authorized actions, prohibited actions, zone escalation rules, blocking conditions. Validated by the CISO.
06
Real-time metrics
Resolution rate, cost/interaction, satisfaction, uptime, escalation volume. Dashboard shared with your stakeholders.
07
Full history
Incidents, deployed updates, optimizations, past audits. Full traceability since production deployment.
Regulatory alignments

Natively designed for the AI regulatory framework.

LOOP™ was not retrofitted to satisfy regulators. It was designed from the ground up to align with the three frameworks that define responsible AI governance.

ISO 42001
Responsible AI management
LOOP™ covers all ISO 42001 requirements: documented AI policies, system registry, risk assessment, review processes. Each deployment produces the evidence needed for a certification audit.
EU AI Act
European AI regulation
In force since August 2024. High-risk system obligations: August 2026. Fines up to €30M or 6% of global revenue. LOOP™ ensures decision traceability, documentation of high-risk systems, and the required human supervision mechanisms.
NIST AI RMF
AI risk management framework
The 4 NIST AI RMF functions (Govern, Map, Measure, Manage) are structurally addressed by LOOP™ and its 4 loops: Observe / Orient / Optimize / Prove. Ideal for organizations operating in regulated environments.
✦ With LOOP™vsWithout governance
Accountability per agent
RACI documented per agent and per action
Undefined
Decision traceability
Full log, auditable in real time
Absent
Human supervision
Orange/red zone validation workflow
Ad hoc, unstructured
Incident management
Registry + systematic post-mortem
Reactive, undocumented
ISO 42001 audit
Evidence available at any time
Impossible to pass
EU AI Act
Native structural compliance
Regulatory exposure
Agent evolution
Versioning, testing, controlled deployment
Untracked modifications

LOOP™ vs ungoverned approaches

Requirement✦ With LOOP™Without governance
Accountability per agentRACI documented per agent and per actionUndefined
Decision traceabilityFull log, auditable in real timeAbsent
Human supervisionOrange/red zones with validation workflowAd hoc, unstructured
Incident managementIncident registry, systematic post-mortemReactive, undocumented
ISO 42001 auditEvidence available at any timeImpossible to pass
EU AI ActNative structural complianceRegulatory exposure
Agent evolutionVersioning, testing, controlled deploymentUntracked modifications
LOOP™ Certifications

Train your teams to govern. Not just to use.

The University delivers 3 LOOP™ certification levels — Qualiopi-certified, OPCO-fundable. Foundation (1 day), Practitioner (3 days), Expert (5 days).

N1Foundation1 day · 7 hours

For project managers and team leads

Understand the 4 LOOP™ zones and their operational significance
Identify when to validate an agent recommendation (orange zone)
Correctly escalate an incident or abnormal situation
Read a basic agent supervision dashboard
Understand your responsibilities as an end user
Funding
Qualiopi certifiedOPCO-fundable
N2Practitioner3 days · 21 hours

For tech teams and data scientists

Drive performance of a production agent portfolio
Read and interpret advanced supervision dashboards
Adjust confidence thresholds based on observed data
Lead a monthly governance review with stakeholders
Document and resolve level 1 and 2 incidents
Funding
Qualiopi certifiedOPCO-fundable · CPF
N3Expert5 days · 35 hours

For CAIOs and governance leads

Architect and configure the complete LOOP™ living registry
Define trust zones per action for each agent
Set up validation and escalation workflows
Lead an ISO 42001 / EU AI Act compliance program
Train and certify other teams independently
Funding
Qualiopi certifiedOPCO-fundable · FNE
Level 1
Foundation
1 day · 7 hours
For project managers and team leads
Understand the 4 LOOP™ zones and their operational significance
Identify when to validate an agent recommendation (orange zone)
Correctly escalate an incident or abnormal situation
Read a basic agent supervision dashboard
Understand your responsibilities as an end user
Qualiopi certifiedOPCO-fundable
Level 2
Practitioner
3 days · 21 hours
For tech teams and data scientists
Drive performance of a production agent portfolio
Read and interpret advanced supervision dashboards
Adjust confidence thresholds based on observed data
Lead a monthly governance review with stakeholders
Document and resolve level 1 and 2 incidents
Qualiopi certifiedOPCO-fundable · CPF
Level 3
Expert
5 days · 35 hours
For CAIOs and governance leads
Architect and configure the complete LOOP™ living registry
Define trust zones per action for each agent
Set up validation and escalation workflows
Lead an ISO 42001 / EU AI Act compliance program
Train and certify other teams independently
Qualiopi certifiedOPCO-fundable · FNE
Go further

LOOP™ integrates with all our
nos solutions.

Governance is not an isolated module — it is integrated into every Koneetiv deployment.

Sprint · 5 days
Claude Ignite
Lay the LOOP™ foundations before your first deployment.
Migration · 8-12 wks
Moove to Claude
End-to-end migration and governance of your agents.
Direction · Part-time
Claude Cockpit
Strategic and operational steering of your AI program.
CIO · Acceleration
CIO Boost
Turn your IT department into a governed enterprise AI engine.
Compliance · AI Act
Ignite AI Act
Bring your agents into compliance with the EU AI Act and LOOP™.
Take action

Assess your AI governance maturity.

We assess your current AI agent governance in 30 minutes — and tell you precisely what needs to be put in place to be compliant and operational.

Assess my governance →