Skip to content

Pre-Development Approval Workflow

Before an AI agent goes to production, it must complete the pre-development approval workflow — a structured review chain that creates an auditable record of who approved the agent, under what conditions, and when.

This workflow addresses a core governance requirement: agents that access enterprise data should have documented business justification, a named owner, and explicit sign-off from both Legal and Compliance before reaching production.

Who is involved

Role Responsibility
Developer Registers the agent and submits for approval
Legal Reviews business justification; approves or rejects the Legal step
Compliance Reviews against active compliance frameworks; approves or rejects the Compliance step
Admin Views all submissions; can override or skip steps

Each role only sees action buttons for the step they own. A Developer cannot approve their own submission. Legal cannot approve the Compliance step. These constraints are enforced in the UI.

Starting a registration

Go to AI Assets and click Register new agent (available to Developer and Admin roles).

The registration form has four steps shown in the breadcrumb: 1 Project → 2 Agent details → 3 Teams → 4 Review.

A GIA panel appears on the right side of every step. Describe the agent in one sentence and GIA fills the form with sensible defaults. Ask GIA to try a different angle to refine the result. See GIA — Fill registration forms.

Step 1 — Project

  • Agent name
  • Target deployment platform (Databricks, Copilot Studio, and others)
  • Business justification (minimum 100 characters — describe the problem this agent solves and why it is needed)
  • Intended use case
  • Target users
  • Expected go-live date

Click Next once all required fields are complete.

Step 2 — Agent details

  • Agent description
  • Model and version
  • Data sources the agent will access
  • Framework-specific risk classification:
  • NERC CIP: BES impact classification
  • EU AI Act: EU AI Act risk tier
  • FERC: FERC risk classification

Step 3 — Teams

  • Owner — the person accountable for this agent in production
  • Team name

Step 4 — Review

Summary of all fields entered across the previous steps. Check the acknowledgment to confirm the information is accurate, then click Submit.

Submitting creates the initiative record and moves its status to Waiting for Legal.

The approval chain

Text Only
1
2
3
4
5
6
7
Developer submits
  Waiting for Legal
        ↓  Legal approves
  Waiting for Compliance
        ↓  Compliance approves
  Approved to Build

At any step, Legal or Compliance can Reject the submission with a reason. The Developer sees the rejection reason and can revise and resubmit.

Tracking approvals

Go to Workflows. The Pre-development approval section shows three counters:

  • Waiting for Legal — submissions pending Legal review
  • Waiting for Compliance — submissions pending Compliance review
  • Approved to Build — fully approved submissions

Click any initiative row to open the detail panel. Action buttons (Approve / Reject) appear only for the role that owns the current step. Other roles see a read-only status view.

When no submissions are active, the section shows "All clear".

Audit record

Every action — submit, approve, reject, override — is recorded with actor identity, role, timestamp, and any notes provided. This record is permanently attached to the agent's inventory entry and is included in compliance evidence exports.

For NERC CIP environments, the approval record supports the access authorization and documentation requirements in CIP-004 and CIP-007: who requested, who reviewed, who authorized, and when.