when two teams both think the other team owns the problem, and it turns out nobody owns the problem. boundary rules exist to prevent this.
An explicit declaration of where responsibility lies when two or more layers or shields could plausibly own the same control. Boundary rules resolve governance dead zones — the gaps that appear when multiple governance domains assume someone else handles a control. The AI Control Index defines 10 boundary rules that prevent ambiguous ownership across the framework.
Why It Matters
Every layered governance framework creates boundaries. Boundaries create ambiguity. Ambiguity creates dead zones. Dead zones are where governance failures live. The boundary between data governance (L3) and AI engineering (L5) is where data quality problems fester undetected. The boundary between security (S2) and observability (S4) is where monitoring gaps allow breaches to persist. The boundary between strategy (L1) and applications (L4) is where ethical principles fail to reach the user.
Boundary rules are the framework’s mechanism for resolving this inherent structural risk. Each rule names a specific intersection where ambiguous ownership is most likely, declares which governance domain owns the control at that intersection, and specifies the evidence that demonstrates the boundary is maintained. Without these rules, every layered framework degenerates into a map where the most dangerous territories are the ones between the lines.
The practical consequence is accountability. When an incident occurs at the boundary between two layers, a boundary rule tells you instantly who was responsible. Without boundary rules, post-incident investigations devolve into organisational finger-pointing: “we thought they owned it.” Boundary rules transform that ambiguity into a pre-declared, auditable assignment.
The Stress Test
An auditor identifies a control gap: training data used by the AI model contains personally identifiable information that should have been anonymised. The data team (L3) says anonymisation is a model-input responsibility and therefore belongs to AI engineering (L5). The AI engineering team says data quality and privacy are data governance responsibilities and therefore belong to L3. Both teams documented the control in their registers. Neither implemented it. The data has been non-compliant with GDPR since deployment.
A boundary rule would have resolved this before the audit. It would declare: “Anonymisation of training data is owned by L3 (Data Governance). L5 (AI Engineering) is responsible for validating that anonymisation was applied before model training.” Two declarations. Two owners. No dead zone.
In the Wild
The Infected Blood Inquiry revealed that between the 1970s and 1991, at least 30,000 NHS patients were infected with HIV and hepatitis C through contaminated blood products. The governance failure was fundamentally a boundary problem: responsibility for blood product safety sat at the intersection of the Department of Health, the National Blood Service, and individual hospital trusts. Each assumed the others were responsible for screening and safety testing. The 2024 Inquiry report identified “systemic failures of governance” where no single entity owned the safety controls at the boundary between procurement, testing, and administration.
Three governance domains. Zero boundary rules. The dead zone persisted for two decades because nobody resolved who owned safety at the intersections.
The Equifax breach exposed personal data of 147 million people. The root cause was an unpatched Apache Struts vulnerability. The U.S. House Committee investigation found that the boundary between IT operations (responsible for maintaining servers) and information security (responsible for vulnerability management) was undefined. IT operations did not consider patching a security function. Information security did not consider server maintenance their domain. The vulnerability sat unpatched for 145 days in the gap between teams.
The vulnerability was known. The patch was available. The boundary between two governance domains was not defined. 147 million records were exposed in the gap.
The NTSB investigation into the Uber autonomous vehicle fatality found that the boundary between the software engineering team (responsible for the perception system), the safety team (responsible for safety protocols), and the vehicle operations team (responsible for safety drivers) was undefined. The engineering team disabled the automatic emergency braking system without informing the safety team. The safety team did not verify that safety-critical systems were enabled. The operations team did not ensure the safety driver was attentive. Each team operated within its own domain. The boundaries between domains were ungoverned.
Three teams, three domains, zero boundary rules. The fatality occurred at the intersection of all three.
How to Govern It
Boundary rules don't create bureaucracy. They prevent the specific governance failure that kills layered frameworks.
Within the AI Control Index, boundary rules are governed through explicit declarations:
- Intersection Identification — The framework identifies every intersection where two or more layers or shields could plausibly own the same control. These intersections are structural, not organisational: they exist regardless of how the organisation is structured.
- Ownership Declaration — Each boundary rule declares which layer or shield owns the control at the intersection. Ownership is singular: one domain owns; the other domain may have a validation or verification responsibility, but ownership is never shared.
- Evidence Requirements — Each boundary rule specifies the evidence that demonstrates the boundary is maintained. This typically includes documentation of ownership, evidence of the control operating, and evidence that the adjacent domain has validated the control’s operation.
- Audit Testing — Boundary rules are specifically testable: an auditor can verify whether the declared owner is active, whether evidence exists, and whether the adjacent domain is aware of the boundary assignment.
- Dead Zone Detection — Controls that exist in multiple governance domains but are implemented in none are classified as dead zone findings. The boundary rules provide the detection mechanism.
When It's Relevant
Boundary rules are relevant whenever governance spans more than one team, domain, or layer. In practice, this means every enterprise AI deployment. The question is not whether boundary ambiguity exists but whether boundary rules resolve it before an incident reveals it.
Boundary rule governance becomes critical when:
- Multiple teams share responsibility for aspects of the same AI system
- Audit findings reveal controls that are documented in multiple registers but implemented in none
- Post-incident investigations consistently find that “we thought they owned it”
- The organisation adopts a layered governance framework and needs to prevent dead zones
- Regulatory requirements demand clear accountability for specific controls
Related Terms
References
- [1] Langstaff, Sir B. (2024) Infected Blood Inquiry: Final Report. HC 837, House of Commons.
- [2] U.S. House Committee on Oversight and Government Reform (2018) The Equifax Data Breach. Majority Staff Report, 115th Congress.
- [3] NTSB (2019) Collision Between Vehicle Controlled by Developmental Automated Driving System and Pedestrian, Tempe, Arizona, March 18, 2018. Highway Accident Report NTSB/HAR-19/03.
- [4] ISO/IEC 42001:2023. Information Technology — Artificial Intelligence — Management System. International Organization for Standardization.
- [5] NIST (2023) Artificial Intelligence Risk Management Framework (AI RMF 1.0). National Institute of Standards and Technology, U.S. Department of Commerce.
- [6] European Parliament and Council (2024) Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI Act). Official Journal of the European Union.
- [7] Perrow, C. (1999) Normal Accidents: Living with High-Risk Technologies. Updated edition. Princeton: Princeton University Press.
AI Control Index v6.0 · Glossary · June 2026 · i-DEPOT 158508 (BOIP) · CC BY-NC-ND 4.0
By Jeroen Janssen, Apparens