Governance without gridlock — a review board nobody can ship through is its own failure.
There are two ways governance fails. The visible one is too little: an unaccountable agent does damage. The invisible one is too much: a review process so heavy that teams route around it — shipping ungoverned agents labelled "experiments", or not shipping value at all. Both produce ungoverned systems; the second also destroys trust in governance itself. This essay is about the second failure: making governance an enabler through risk-proportionate tiering, safe defaults, automation, and an honest accounting of what gridlock actually costs.
Uniform process is the disease, not the cure.
The instinct after an incident is to put every agent through the same heavy review. This is the core mistake. A read-only internal summarizer and an agent that issues refunds do not carry the same risk, and subjecting them to the same gate teaches the organization that governance is friction unrelated to danger. People respond rationally: they minimize, mislabel, or evade. Uniform process on non-uniform risk simultaneously over-controls the safe cases and, because reviewers are swamped by them, under-scrutinizes the dangerous ones. Proportionality is not a softening of governance — it is the precondition for it working at all.
Tier the process to the risk, explicitly.
Define a small number of tiers keyed to the C3 risk placement, with the process attached to each tier known in advance, not negotiated per case. Low tier (reversible, no personal data, internal): self-service against a checklist, automated gates, no board. Medium tier (customer-facing, bounded effects): lightweight review, required eval evidence, named operator. High tier (irreversible, regulated, high-consequence): full review, sign-off, dual control. The decisive property is that a team can determine its own tier up front and knows exactly what is required — predictability is what stops the routing-around behavior, because the compliant path is also the fast path for the low-risk majority.
# tier is self-determinable; process is known per tier, not negotiated tier = classify(reversible, touches_pii, consequence) process = { "low": "self-serve checklist + automated gates", "medium": "lightweight review + eval evidence", "high": "full review + sign-off + dual control", }[tier]
Make the safe default the path of least resistance.
The highest-leverage governance investment is not the review board — it is a paved road where the compliant choice is the easy one. A blessed agent template that ships with audit logging (C1), policy enforcement hooks (C2), a named-operator field (C4), and data-purpose tagging (C5) wired in by default means a team gets most of governance by using the standard tooling, not by passing a gate. Governance you have to remember to apply will be forgotten under deadline; governance baked into the default platform is applied because deviating from it is the harder path.
Every control you can move from "reviewed for" to "true by construction" removes a review without removing the guarantee. The board's job should shrink to the genuinely novel and the genuinely high-risk.
Automate the evidence; reserve humans for judgment.
Most of what a slow review checks is mechanical and should be a CI gate, not a meeting: audit logging present, policy tests passing, eval thresholds met, data-purpose tags set, an operator assigned. Automating these does two things — it makes low-tier approval instant, and it lets human reviewers spend their scarce attention on the questions only judgment can answer: is this autonomy appropriate for this consequence, is the oversight real, are we comfortable being accountable for this. A governance process that spends senior reviewers' time on checklist items they could have automated is generating gridlock and worse decisions at the same time.
Count the cost of gridlock as a real cost.
Governance discussions overweight the cost of a bad agent shipping and underweight the cost of a good agent not shipping, or of the shadow agent built specifically to dodge a process people experience as arbitrary. Gridlock has a price: forgone value, talent attrition, and — most corrosively — a parallel ungoverned ecosystem that exists because the official path was unusable. A governance function should track its own latency and its evasion rate as health metrics. If teams are routing around governance, the finding is about the process, not the teams; an unusable control is functionally equivalent to no control, at higher cost.
The honest tradeoff.
Proportionate governance accepts an explicit, deliberate residual risk: low-tier agents ship on automation and self-attestation, so a misclassified agent can slip through with less scrutiny than a uniform gate would have nominally applied. That is the real cost — and it is smaller than it looks, because a uniform gate that everyone evades or games provides scrutiny on paper only. Calibrate friction to consequence and make the compliant path the fast path; a governance process that optimizes only against shipping a bad agent, and never against blocking a good one, will be defeated by the organization it governs.