AIGP Study Guide
Module 7: Governing AI Deployment · BoK IV.A

The three-tier guardrail framework

Guardrails scale with use-case risk: Foundation → Risk → Society. Tier 1 foundational guardrails apply to every system and follow ISO/IEC 42001 and the NIST AI RMF; Tier 2 risk-based guardrails are sized to the use case (retail bot vs banking disputes bot); Tier 3 societal guardrails address communities, industries and the environment.

Mnemonic

Foundation → Risk → Society - Tier 1 for every system · Tier 2 sized to the use case · Tier 3 for the wider world.

  • Tier 1 - Foundational guardrails → the same guardrails all AI systems need (privacy, transparency, explainability, security, safety), following ISO/IEC 42001 and the NIST AI RMF; record each system's intended goals, boundaries and limitations, add safety features, secure access, and revise pre-existing guardrails for agentic risks.
  • Tier 2 - Risk-based guardrails → adjust by use-case risk: a retail product chatbot needs minimal guardrails (disclaimers, basic accuracy/bias monitoring, routine review), while a banking disputes chatbot needs rigorous pre-deployment testing, detailed audit logging, stricter access controls, real-time supervision and human-in-the-loop confirmation for high-impact decisions.
  • Tier 3 - Societal guardrailsethical design with communities, experts and users, upskilling, incident response, emergency controls to pause or shut down and public policy engagement → builds long-term public trust.
Agentic safety best practices

Human evaluation of task suitability · constrain the action space and require human approval · make default behaviours the least disruptive · explainability of agent actions · automated monitoring by other AI systems · reliable attribution of agent actions · interruptibility → graceful shutdown capabilities.

  • Enterprise & legal → start early conversations on accountability, documentation, compliance and include privacy and risk teams from the outset.
  • Tech & productbuild explainability and safety in from the beginning, with provenance and monitoring, avoiding silos and blind spots.
  • Regulators → explore risk-based, use-case-specific rules that encourage transparency, training and international alignment.

Key terms - quick answers

What is “Tier 1 foundational guardrails”?
Guardrails all AI systems need (privacy, transparency, explainability, security, safety) per ISO/IEC 42001 and NIST AI RMF.
What is “Tier 2 risk-based guardrails”?
Guardrails sized to the use-case risk, from light (retail bot) to rigorous (banking disputes bot).
What is “Tier 3 societal guardrails”?
Guardrails for impacts on communities, industries and the environment, including emergency shutdown and public policy engagement.
What is “ISO/IEC 42001”?
AI management system standard underpinning foundational guardrails.