Template 01 — AI Risk Appetite Statement

Purpose

A single signed page from company leadership stating where AI may operate inside the company and where it may not. Without this, every approval becomes a fresh philosophical debate.

• When you use it: Once, at program start (M3 in the In Action roadmap). Revisit every 12 months and at any material event (M&A, new jurisdiction entry, regulatory change).
• Who fills it: AI CoE Lead drafts. Executive sponsor + General Counsel + CISO sign.
• Length: 1 page. Anything longer means it isn't enforceable.
• Approvers required: All three — sponsor (budget/political), Legal (regulatory), Security (technical risk).

Worked example (AP Accountant invoice reconciliation context)

"ACME Corp is a US-headquartered B2B SaaS company with ~400 employees and EU customers. The AI Adoption Lead is appointed Q1 2026. Below is the signed risk appetite statement, drafted in week 2 of the role."

ACME Corp — AI Risk Appetite Statement v1.0

Effective date: 2026-03-15 Next review: 2026-03-15 (annual) Signatures: CEO · General Counsel · CISO (see signature block below)

1. Scope

This statement defines where AI systems built or procured by ACME Corp may operate. It applies to:

• Internally built AI agents in any approved orchestrator
• Vendor-embedded AI features in any SaaS tool ACME uses
• Any AI / ML system that processes ACME data or makes decisions affecting ACME stakeholders

2. AI is approved for the following purposes

• ✅ Drafting internal communications (Slack, email, internal docs) for human review before send
• ✅ Drafting customer-facing communications (email, support replies) with mandatory human approval before send
• ✅ Summarizing meetings, calls, documents for internal use
• ✅ Classifying, routing, prioritizing transactions, tickets, or requests (advisory recommendations only)
• ✅ Information retrieval over internal knowledge bases (Q&A bots, search assistants)
• ✅ Drafting code, technical specs, or internal documentation
• ✅ Data extraction from structured documents (invoices, contracts, forms) where a human reconciles the result

3. AI is NOT approved for the following

• ❌ Sending customer communications without human review
• ❌ Authorizing any financial payment over $1,000
• ❌ Posting journal entries in any financial system
• ❌ Influencing hiring, promotion, or termination decisions about employees
• ❌ Influencing credit, pricing, or eligibility decisions about customers
• ❌ Accessing regulated PII (SSNs, medical records, financial account numbers) without DLP filters
• ❌ Any use case prohibited by EU AI Act Article 5 (social scoring, predictive policing, emotion recognition in workplace, etc.)

4. Data classifications AI may access

5. Jurisdictions in scope

• United States — federal + California (CCPA), Colorado (CAIA), Illinois (BIPA where applicable)
• European Union — EU AI Act applies because we have EU customers and process their data
  • Annex III high-risk categories: not currently in scope (no biometrics, no critical infrastructure, no hiring AI, no credit-scoring AI). If a use case proposes one, automatic High tier + Legal sign-off + EU AI Act conformity assessment required.
  • Article 50 transparency: AI-generated customer-facing content will be labeled as AI-assisted
• Canada — PIPEDA applies for any personal-data processing
• United Kingdom — UK GDPR applies; UK AI framework is currently non-statutory

6. Risk appetite per tier (framework §10)

• Low risk (e.g., meeting summaries, internal Q&A): approved with CoE Lead sign-off
• Medium risk (e.g., outbound comms drafts with HITL, ranking that informs human decisions): approved with CoE Lead + Department Head sign-off
• High risk (e.g., financial actions, decisions about people, customer-facing autonomous): approved with CoE Lead + Department Head + Security + Legal sign-off

7. Autonomy

• Stage 1 (Assistive) is the default for new agents. Stage 2 (Validated) requires 30 days of Stage 1 performance ≥90% acceptance. Stage 3 (Autonomous) requires 60 days of Stage 2 performance ≥95% success plus explicit re-approval from this risk-appetite committee.
• No agent is approved for Stage 3 by default. Stage 3 is the exception, not the goal.

8. Vendor AI

• Vendor-embedded AI features count as AI under this statement. Procurement reviews all new vendor AI features against this statement before enabling them.
• Vendors are required to notify ACME of material AI behavior changes (contractual clause per templates/13-vendor-contract-clauses.md).

9. Exception process

Exceptions to this statement may be granted only by the executive sponsor in writing. Exceptions are time-limited (max 90 days), logged in the AI Registry, and reviewed at the next signing cycle.

10. Review cadence

This statement is reviewed annually and at any of the following material events:

• Entry into a new jurisdiction
• Material change in the regulatory landscape (new EU AI Act delegated act, new US state law)
• Acquisition or divestiture
• Severity-1 AI incident
• Material change in the company's data classification baseline

Signatures

Blank template (copy below for your company)

# [Company Name] — AI Risk Appetite Statement v[X.X]

**Effective date:** [YYYY-MM-DD]
**Next review:** [YYYY-MM-DD] (annual)
**Signatures:** [list signing roles]

## 1. Scope

This statement defines where AI systems built or procured by [Company] may operate. It applies to:

- Internally built AI agents in any approved orchestrator
- Vendor-embedded AI features in any SaaS tool [Company] uses
- Any AI / ML system that processes [Company] data or makes decisions affecting [Company] stakeholders

## 2. AI is approved for the following purposes

[List specific approved use cases. Be concrete — "drafting customer emails with human review" not "communications."]

- ✅ [Use case 1]
- ✅ [Use case 2]
- ✅ [Use case 3]

## 3. AI is NOT approved for the following

[List specific prohibited uses. The "not" list is often more important than the "yes" list — it's what protects you in disputes.]

- ❌ [Prohibited use 1]
- ❌ [Prohibited use 2]
- ❌ Any use case prohibited by EU AI Act Article 5 (if EU-exposed)

## 4. Data classifications AI may access

| Classification | AI access | Conditions |
|---|---|---|
| Public | [✅ / ❌ / ⚠️] | [Conditions] |
| Internal | [✅ / ❌ / ⚠️] | [Conditions] |
| Confidential | [✅ / ❌ / ⚠️] | [Conditions] |
| PII (regulated) | [✅ / ❌ / ⚠️] | [Conditions] |
| PHI | [✅ / ❌ / Not in scope] | [Conditions or "not in scope"] |
| [Other classifications specific to your company] | | |

## 5. Jurisdictions in scope

[List every jurisdiction the company operates in. For each, name the relevant regulation.]

- **[Jurisdiction 1]** — [applicable regulations]
- **[Jurisdiction 2]** — [applicable regulations]

If applicable: **EU AI Act in scope?** [Yes / No]. If yes, list any Annex III high-risk categories you might touch and the special approval path for them.

## 6. Risk appetite per tier (framework §10)

- **Low risk:** approved with [approver list]
- **Medium risk:** approved with [approver list]
- **High risk:** approved with [approver list]

## 7. Autonomy

[State the default autonomy stage and the conditions for promotion. Default should be Stage 1 — Assistive.]

- New agents default to Stage [X].
- Promotion to higher autonomy requires [criteria].
- Stage 3 (Autonomous Operations) is [allowed by default? requires re-approval? not approved at all?].

## 8. Vendor AI

[Confirm that vendor-embedded AI is in scope of this statement and that procurement enforces it.]

## 9. Exception process

[Define who may grant exceptions, how they are logged, how long they last, and when they are reviewed.]

## 10. Review cadence

This statement is reviewed annually and at any of the following material events:

- [Event 1]
- [Event 2]
- [Event 3]

## Signatures

| Role | Name | Date | Signature |
|---|---|---|---|
| [Executive sponsor role] | | | |
| [Legal role] | | | |
| [Security role] | | | |

Usage notes

• Length discipline matters. If this document grows past 2 pages, it stops being read. Pressure-test every sentence: would deleting it change behavior? If not, delete it.
• The "NOT approved" list is the load-bearing part. Specifics like "no payments over $1,000" are enforceable. Vague principles like "use AI responsibly" are not.
• Sign-off must be wet-equivalent. A typed name in a Notion page is fine if the company's existing policy approvals work that way. If higher-stakes documents at your company are wet-signed or DocuSigned, this should be too.
• Don't try to anticipate every use case. It's enough to cover the categories above. New cases go through the intake form (template 02) and get tier-classified — they don't require updating this document unless they fall outside the stated scope.
• Avoid "we will follow all applicable laws." That's not a risk appetite — it's a tautology. Be specific about which laws you've considered and what your position is.

Common pitfalls

Framework cross-references

• framework.md §5 (readiness gate #2 — risk appetite stated in writing)
• framework.md §10 (risk classification + 3 drivers used in Section 6)
• framework.md §22.1 (EU AI Act risk tiers — relevant if EU-exposed)
• framework.md §22.5 (compliance stacking — order of EU AI Act / NIST / ISO 42001)
• workflows.md Step A2 (sub-steps of producing this document)
• workflows.html → In Action view → node M3 (Risk appetite signed)