Governance Autopilot
Governance Autopilot is an advisory layer built into the Formael management console. It continuously analyzes your organization's Intent Execution Cycle (IEC) history, identifies patterns in policy verdicts, and proposes candidate rules for governance admins to review and apply.
Governance Autopilot is for governance admins, not for agents. Agents interact with Formael the same way they always have - by submitting intents and receiving policy verdicts. The Autopilot operates entirely within the management plane. Agents are not aware it exists.
What it does
Governance Autopilot operates across three surfaces:
| Surface | Purpose |
|---|---|
| Governance Insights | A continuously-updated feed of AI-generated observations about your governance posture - hot spots, stale rules, coverage gaps, drift. |
| Policy Studio Designer | A conversational interface where admins describe governance intent in natural language and the system drafts candidate rules with counterfactual simulations. |
| Suggestion Inbox | The decision surface where every AI-drafted policy change waits for a human decision. Nothing becomes a live rule without an admin's explicit approval. |
What it is not
Understanding what Governance Autopilot does not do is as important as understanding what it does.
- It does not automatically apply rules. Every Suggestion requires an explicit admin click. There is no auto-apply mode.
- It does not modify your governance posture silently. All AI-driven changes produce versioned, permanent rule snapshots with a full audit trail.
- It does not change how the policy engine evaluates IECs. The four-axis policy evaluation (identity, semantic, fiscal, risk) is unchanged. The Autopilot helps you author better rules; it does not alter how rules execute.
- It does not interact with the Agent Plane. Agents cannot query the Autopilot. The Autopilot cannot access agent credentials or send signals to running agents.
- It does not replace HITL approval workflows. Human-in-the-loop deferrals, approval groups, and domain ownership remain the primary governance levers. The Autopilot augments these humans with better information; it does not replace their judgment.
The operating principle is: AI proposes. Rules decide. Humans apply.
Prerequisites
Before enabling Governance Autopilot:
- Your organization must have at least 7 days of IEC history. Insights become useful around the 2–3 week mark as baselines stabilize.
- AI must be enabled on your organization. This is off by default.
- Your organization must have a model provider key configured. Formael does not fund inference calls - each organization connects its own model provider.
See AI Controls for configuration details.
The kill switch
Disabling AI on your organization instantly:
- Removes all Governance Autopilot surfaces from the management console
- Stops all nightly discovery agent runs
- Makes zero inference calls
Existing policy rules are unaffected and remain live. The IEC pipeline continues unchanged.
Re-enabling AI restores all surfaces without data loss. Insights generated before the toggle are preserved.
Provenance and auditability
Every artifact produced by Governance Autopilot is permanently traceable:
- Every Insight references the specific analysis run that produced it.
- Every Suggestion carries typed citations: specific IEC records, rule references, and baseline values - not summaries.
- Every applied rule has a permanent audit log entry recording who applied it, when, which Suggestion it came from, and the inference that produced that Suggestion.
From any applied rule, an auditor can walk back to the inference that drafted it, the evidence corpus it was grounded in, and the simulation that validated it - in three clicks, without AI tools.
Related
- Governance Insights - how the nightly discovery agent works and how to act on Insights
- Policy Studio Designer - conversational policy design with counterfactual simulation
- Suggestion Inbox - reviewing, approving, and rejecting AI-drafted rules
- AI Controls - enabling and configuring Governance Autopilot