Boundary Rule

when two teams both think the other team owns the problem, and it turns out nobody owns the problem. boundary rules exist to prevent this.

"asked who owns data quality for the AI model. the data team said 'that's an L5 problem.' the AI team said 'that's an L3 problem.' the data has been ungoverned since launch."
"the security team secures the infrastructure. the AI team secures the model. nobody secures the API between them. classic boundary violation."
"we found the governance dead zone during the audit. turns out both teams had documented the control in their registers. neither had actually implemented it."
Share this one
Canonical Definition

An explicit declaration of where responsibility lies when two or more layers or shields could plausibly own the same control. Boundary rules resolve governance dead zones — the gaps that appear when multiple governance domains assume someone else handles a control. The AI Control Index defines 10 boundary rules that prevent ambiguous ownership across the framework.

Why It Matters

Every layered governance framework creates boundaries. Boundaries create ambiguity. Ambiguity creates dead zones. Dead zones are where governance failures live. The boundary between data governance (L3) and AI engineering (L5) is where data quality problems fester undetected. The boundary between security (S2) and observability (S4) is where monitoring gaps allow breaches to persist. The boundary between strategy (L1) and applications (L4) is where ethical principles fail to reach the user.

Boundary rules are the framework’s mechanism for resolving this inherent structural risk. Each rule names a specific intersection where ambiguous ownership is most likely, declares which governance domain owns the control at that intersection, and specifies the evidence that demonstrates the boundary is maintained. Without these rules, every layered framework degenerates into a map where the most dangerous territories are the ones between the lines.

The practical consequence is accountability. When an incident occurs at the boundary between two layers, a boundary rule tells you instantly who was responsible. Without boundary rules, post-incident investigations devolve into organisational finger-pointing: “we thought they owned it.” Boundary rules transform that ambiguity into a pre-declared, auditable assignment.

The Stress Test

An auditor identifies a control gap: training data used by the AI model contains personally identifiable information that should have been anonymised. The data team (L3) says anonymisation is a model-input responsibility and therefore belongs to AI engineering (L5). The AI engineering team says data quality and privacy are data governance responsibilities and therefore belong to L3. Both teams documented the control in their registers. Neither implemented it. The data has been non-compliant with GDPR since deployment.

A boundary rule would have resolved this before the audit. It would declare: “Anonymisation of training data is owned by L3 (Data Governance). L5 (AI Engineering) is responsible for validating that anonymisation was applied before model training.” Two declarations. Two owners. No dead zone.

In the Wild

Healthcare — NHS Blood Contamination, 1970s–1991
A Governance Dead Zone That Lasted Decades

The Infected Blood Inquiry revealed that between the 1970s and 1991, at least 30,000 NHS patients were infected with HIV and hepatitis C through contaminated blood products. The governance failure was fundamentally a boundary problem: responsibility for blood product safety sat at the intersection of the Department of Health, the National Blood Service, and individual hospital trusts. Each assumed the others were responsible for screening and safety testing. The 2024 Inquiry report identified “systemic failures of governance” where no single entity owned the safety controls at the boundary between procurement, testing, and administration.

Three governance domains. Zero boundary rules. The dead zone persisted for two decades because nobody resolved who owned safety at the intersections.

Technology — Equifax Data Breach, 2017
Patching Responsibility in the Gap Between IT and Security

The Equifax breach exposed personal data of 147 million people. The root cause was an unpatched Apache Struts vulnerability. The U.S. House Committee investigation found that the boundary between IT operations (responsible for maintaining servers) and information security (responsible for vulnerability management) was undefined. IT operations did not consider patching a security function. Information security did not consider server maintenance their domain. The vulnerability sat unpatched for 145 days in the gap between teams.

The vulnerability was known. The patch was available. The boundary between two governance domains was not defined. 147 million records were exposed in the gap.

Autonomous Vehicles — Uber ATG, 2018
Where Testing, Safety, and Operations Met Nobody

The NTSB investigation into the Uber autonomous vehicle fatality found that the boundary between the software engineering team (responsible for the perception system), the safety team (responsible for safety protocols), and the vehicle operations team (responsible for safety drivers) was undefined. The engineering team disabled the automatic emergency braking system without informing the safety team. The safety team did not verify that safety-critical systems were enabled. The operations team did not ensure the safety driver was attentive. Each team operated within its own domain. The boundaries between domains were ungoverned.

Three teams, three domains, zero boundary rules. The fatality occurred at the intersection of all three.

How to Govern It

Boundary rules don't create bureaucracy. They prevent the specific governance failure that kills layered frameworks.

Within the AI Control Index, boundary rules are governed through explicit declarations:

  • Intersection Identification — The framework identifies every intersection where two or more layers or shields could plausibly own the same control. These intersections are structural, not organisational: they exist regardless of how the organisation is structured.
  • Ownership Declaration — Each boundary rule declares which layer or shield owns the control at the intersection. Ownership is singular: one domain owns; the other domain may have a validation or verification responsibility, but ownership is never shared.
  • Evidence Requirements — Each boundary rule specifies the evidence that demonstrates the boundary is maintained. This typically includes documentation of ownership, evidence of the control operating, and evidence that the adjacent domain has validated the control’s operation.
  • Audit Testing — Boundary rules are specifically testable: an auditor can verify whether the declared owner is active, whether evidence exists, and whether the adjacent domain is aware of the boundary assignment.
  • Dead Zone Detection — Controls that exist in multiple governance domains but are implemented in none are classified as dead zone findings. The boundary rules provide the detection mechanism.

When It's Relevant

Boundary rules are relevant whenever governance spans more than one team, domain, or layer. In practice, this means every enterprise AI deployment. The question is not whether boundary ambiguity exists but whether boundary rules resolve it before an incident reveals it.

Boundary rule governance becomes critical when:

  • Multiple teams share responsibility for aspects of the same AI system
  • Audit findings reveal controls that are documented in multiple registers but implemented in none
  • Post-incident investigations consistently find that “we thought they owned it”
  • The organisation adopts a layered governance framework and needs to prevent dead zones
  • Regulatory requirements demand clear accountability for specific controls

See boundary rules in the framework. All 10 boundary rules are defined in the AI Control Index v6.0.

Open Framework →

Related Terms

References

  1. [1] Langstaff, Sir B. (2024) Infected Blood Inquiry: Final Report. HC 837, House of Commons.
  2. [2] U.S. House Committee on Oversight and Government Reform (2018) The Equifax Data Breach. Majority Staff Report, 115th Congress.
  3. [3] NTSB (2019) Collision Between Vehicle Controlled by Developmental Automated Driving System and Pedestrian, Tempe, Arizona, March 18, 2018. Highway Accident Report NTSB/HAR-19/03.
  4. [4] ISO/IEC 42001:2023. Information Technology — Artificial Intelligence — Management System. International Organization for Standardization.
  5. [5] NIST (2023) Artificial Intelligence Risk Management Framework (AI RMF 1.0). National Institute of Standards and Technology, U.S. Department of Commerce.
  6. [6] European Parliament and Council (2024) Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI Act). Official Journal of the European Union.
  7. [7] Perrow, C. (1999) Normal Accidents: Living with High-Risk Technologies. Updated edition. Princeton: Princeton University Press.

AI Control Index v6.0 · Glossary · June 2026 · i-DEPOT 158508 (BOIP) · CC BY-NC-ND 4.0

By Jeroen Janssen, Apparens