AI OWNERSHIP CHARTER (ONE-PAGE TEMPLATE)

Feature/System Name:
Primary User Impact:
Model Stack (provider + model names/versions):
Orchestration (framework/tools, if any):

1) ACCOUNTABLE OWNER
- DRI (Directly Responsible Individual):
- Exec sponsor:
- On-call team:
- Who can disable the feature (names/roles):

2) DECISION RIGHTS (BE SPECIFIC)
Classify each as: Draft-only / Recommend-with-review / Fully automated.
- Money movement (refunds, credits, payments):
- Access control (account changes, permissions):
- Policy enforcement (moderation, bans):
- Legal/compliance language (contracts, claims):
- Customer communications (support replies, outbound):

3) DATA BOUNDARIES
- Allowed data sources (RAG indices, databases, connectors):
- Explicitly forbidden data classes (secrets, HR, customer PII, etc.):
- Retention policy for prompts/outputs:
- Redaction rules (what must never appear in logs):

4) TOOL PERMISSIONS
- Tool allowlist:
- Credential strategy (scoped tokens, read-only defaults):
- Rate limits/timeouts:
- Human-approval points (which tool calls require approval):

5) TRACEABILITY REQUIREMENTS
You must be able to export an “incident bundle” containing:
- trace_id, user_id, timestamp
- model identifier (provider/model-version)
- system prompt + user messages
- retrieved documents (IDs + sources)
- tool calls (args + results)
- final output + any policy flags
Storage location:
Access controls:

6) EVALS THAT GATE SHIPPING
Define a small suite tied to real failure modes.
- Safety/policy evals (must-pass cases):
- Tool safety evals (misuse and injection attempts):
- Retrieval grounding checks:
- Regression trigger (what change requires rerun):
Where it runs (CI/CD):
Who approves failures:

7) FALLBACK + KILL SWITCH
- Safe mode behavior (read-only, human handoff, deterministic flow):
- Kill switch mechanism (feature flag name/location):
- Customer messaging plan during disablement:

8) INCIDENT RESPONSE
- What counts as an AI incident for this feature:
- Severity levels (define SEV0/1/2 in your terms):
- Pager rotation:
- Postmortem owner + timeline:
- Required remediation outputs (new eval cases, policy update, tooling change):

Sign-off (DRI):
Sign-off (Security/Legal as needed):
Review cadence (e.g., quarterly or on major model changes):