Three Tiers of Trust
Authority has to be delegated in layers. Some actions are routine. Some need review. Some should never leave human hands. That is true for human officers and it remains true when some officers are software agents.
Tier 1: Act, then report
Tier 1 is the domain of autonomous execution. These are actions the agent performs without asking permission, within defined boundaries, and reports after the fact.
Twelve capabilities live here by default: maintaining books and records, preparing compliance documents, paying recurring obligations, authorizing routine expenditures, routine correspondence, information gathering, compliance deadline tracking, executing standard form agreements, internal account transfers, payroll execution, tax payments, and registered agent renewals.
The common thread is mechanical certainty. These actions have clear triggers, known procedures, and predictable outcomes. Paying a franchise tax on time or renewing a registered agent appointment does not benefit from extra human handling.
But Tier 1 is not unlimited. Every autonomous action operates within lanes that constrain the agent’s freedom. An agent can pay a recurring subscription autonomously, but only if the price has not increased by more than 10%. An agent can execute a standard form agreement, but only if the template is pre-approved and has not been modified in restricted areas like indemnification or governing law.
Step outside the lane, and the action automatically escalates. Tier 1 is trust within bounds, not trust without limits.
Tier 2: Ask, then act
Tier 2 is the domain of supervised execution. These are actions the agent identifies as necessary, prepares for execution, and then waits for explicit approval before proceeding.
Another twelve capabilities live here by default: financial commitments above limits, new contracts, material amendments, hiring employees, engaging contractors, tax elections, accounting method changes, equity communications, opening or closing bank accounts, responding to legal claims, and any action the agent classifies as ambiguous or novel.
That last category is the safety valve. When the agent encounters something it hasn’t seen before, something that doesn’t map cleanly to a known capability, the default is Tier 2. Ask first. The system treats uncertainty as a reason for caution, not a reason for paralysis.
Tier 2 approval has teeth. Silence is never approval. Approvals expire after 30 days. The approval must be recorded, timestamped, and attributed to a specific person. An agent that sends an approval request and receives no response does not proceed.
This is the tier where most of corporate governance actually lives. Not the fully autonomous actions that just need to happen, and not the existential decisions that reshape the entity. The middle ground: important enough to require a human in the loop, routine enough that an agent can do the preparation.
Tier 3: Humans only
Tier 3 is the domain of non-delegable authority. These are actions that the agent cannot perform, cannot prepare for execution, and cannot be configured to execute. Twelve capabilities are permanently locked to Tier 3 with no mechanism to downgrade them:
Amending the charter. Amending governance documents. Issuing equity. Modifying the agent framework itself. Dissolving the entity. Merging or consolidating. Selling substantially all assets. Making personal guarantees. Removing or replacing the agent. Initiating or settling litigation. Declaring dividends. Admitting new members.
These are the actions that can fundamentally alter the entity’s structure, ownership, or continued existence.
Non-delegability isn’t a configuration option. It’s a hard constraint in the policy engine. The agent can’t be configured to issue equity autonomously. The delegation schedule can’t be amended to allow charter modifications without board approval. These boundaries are immutable because they represent the line between delegation and abdication.
An agent that can dissolve the corporation it serves is no longer operating within a normal delegation model.
The escalation ratchet
The three tiers aren’t static assignments. They’re floors, not ceilings. Context can push an action up the tier hierarchy, but never down.
Three escalation rules operate globally:
Template deviation. An agent executing a standard form agreement using an approved template is Tier 1. The same action using an unapproved template escalates to Tier 2. Same action, different context, higher authority required.
Restricted modifications. Even with an approved template, if the agreement has been modified in areas like indemnification, governing law, or IP assignment, it escalates to Tier 2. The template approval covers the template. It doesn’t cover arbitrary changes to sensitive terms.
Irreversibility. Any action that cannot be undone — regardless of its default tier — escalates to Tier 2. This is the most powerful escalation rule because it applies universally. An agent can pay a bill autonomously (Tier 1), but if the payment is irreversible, it needs approval first.
These rules implement a principle that’s fundamental to sound governance: the consequences of an action determine its authority level, not just its category. The same type of action can require different levels of oversight depending on what’s actually at stake.
Degradation
Authority isn’t permanent. The delegation schedule — the document that configures what an agent can do within its tier — degrades over time if not reauthorized by the board.
After 30 days without reauthorization, the agent’s spending limits are reduced by 50%. After 90 days, all Tier 1 autonomous actions are suspended entirely. The agent doesn’t stop functioning. It just stops acting without approval. Everything becomes Tier 2.
This is a dead-man’s switch for corporate governance. If the humans stop paying attention — if the board goes silent, if the principal becomes unreachable, if nobody is reviewing the agent’s actions — the system automatically tightens the constraints. The less oversight there is, the less autonomy the agent gets.
This degradation is structural. A delegation of authority is only valid while the delegating authority remains engaged. If the board stops reviewing the agent’s work, the system responds by requiring more approval, not less.
Three modes, three postures
On top of the tier model, three operational modes adjust the agent’s overall posture:
Normal. Full delegation schedule applies. The agent operates within its configured authority.
Principal Unavailable. Only reversible Tier 1 actions are permitted. If the principal — the person who ultimately oversees the agent — can’t be reached, the agent retreats to the safest possible posture: do only what can be undone.
Incident Lockdown. All autonomous operations are suspended. A critical incident — a legal challenge, a regulatory investigation, a security breach — freezes the agent’s authority entirely until a human explicitly restores normal operations.
These modes don’t override the tiers. They constrain them further. Normal mode respects all three tiers. Principal Unavailable mode restricts Tier 1 to its safest subset. Incident Lockdown mode effectively moves everything to Tier 3.
Trust is architecture
The three-tier model is the structural answer to how much authority a machine should hold on behalf of a legal entity.
Too little authority, and the agent is useless. Every action requires approval, latency accumulates, and you’ve built an expensive notification system. Too much authority, and the agent is dangerous. It can make commitments, spend money, and alter the entity’s structure without meaningful oversight.
Three tiers find the balance. Mechanical tasks execute autonomously. Important decisions get human review. Existential actions stay in human hands. The boundaries are clear, auditable, and enforced by the policy engine.