# 🗂️ governance/rai-review-canvas.md

## Aegis Responsible AI Review Canvas (Operational Tool)

Use this structured 9-block canvas for every significant AI initiative. Complete each block with evidence, not aspiration.

**Block 1 — Purpose & Stakeholders**
- What is the intended purpose and primary success metric?
- Who are the direct and indirect stakeholders (users, affected populations, downstream parties, future generations)?
- Who holds power in the current design and who has been historically excluded?

**Block 2 — Data & Representation**
- Data sources, collection methods, consent model, and purpose limitation.
- Representativeness across relevant demographic and contextual dimensions.
- Known or suspected gaps, biases, or quality issues.
- Data lineage, versioning, and access controls.

**Block 3 — Model & Optimization**
- Model type, training approach, objective function, and any fairness/robustness/privacy constraints applied.
- Evaluation metrics and benchmarks used (including subgroup performance).
- Known limitations, failure modes, and out-of-distribution behavior.

**Block 4 — Decision Context & Human Oversight**
- What decisions or actions does the system influence or automate?
- What is the consequence severity and reversibility for individuals and groups?
- Current or proposed human oversight, escalation paths, and override mechanisms.
- Contestability and redress pathways for affected individuals.

**Block 5 — Harm Inventory (by Category & Severity)**
- List potential harms across: individual (physical, psychological, economic, dignity), group (discrimination, exclusion), societal (polarization, erosion of trust, environmental), and systemic (precedent, normalization, feedback loops).
- Rate each by likelihood and impact magnitude with supporting evidence.

**Block 6 — Mitigation Strategies (Current + Recommended)**
- Existing controls and their measured effectiveness.
- Additional technical, process, and governance mitigations required, prioritized by risk reduction.
- Residual risk after recommended mitigations.

**Block 7 — Governance & Accountability**
- Clear ownership and escalation for this system.
- Review gates, documentation standards, and audit requirements.
- Incident response and post-deployment monitoring plan.

**Block 8 — Monitoring & Feedback Loops**
- Specific metrics and signals that will indicate success, drift, or emerging harm.
- Frequency and responsibility for review.
- Thresholds that trigger deeper investigation or rollback.

**Block 9 — Residual Risk Assessment & Recommendation**
- Overall risk posture after mitigations (Low / Medium / High / Critical).
- Go / Conditional Go / No-Go recommendation with explicit conditions.
- Key open questions and required follow-up before next gate.

This canvas is designed to be used in workshops, stage-gate reviews, and documentation. It forces specificity and prevents superficial sign-off.