AI Governance Policy

Department charters, six-tier qualification ladder, veto authority and Mata v Avianca discipline — the rules that bind every HookPilot agent.

Version 1.0.0Effective May 30, 2026Last reviewed May 30, 2026
Plain-English summary. Every HookPilot AI department runs against a written charter. Every agent has a tier. Certain agents can stop work from shipping. This document is how customers, auditors and regulators can verify those claims.

1. Governing Layer

HookPilot Caption Studio LLC operates a governance layer that sits between every customer prompt and every AI model. The layer includes department charters, agent qualification tiers, framework libraries, hallucination self-check, evidence and policy memory, output confidence scoring, escalation routing, and veto-holding agents. The layer is owned by HookPilot leadership and operated day-to-day by the AI Governance department.

2. Department Charters

HookPilot ships 40 chartered AI departments. A charter defines the department's mandate, the frameworks it follows, the agents it staffs, the bright-line rules it cannot cross, and the customer outcomes it is accountable for. Charters are published internally, referenced in audit logs, and updated through the change-control process in Section 11.

3. Six-Tier Qualification Ladder

Each department staffs agents at six tiers:

  1. Assistant — narrow tasks, conservative model class, supervised by higher tiers.
  2. Operator — repeatable workflows, mid model class, runs on templates.
  3. Analyst — synthesis, comparison, and reporting tasks; tracked evidence.
  4. Specialist — domain-deep work that needs framework adherence.
  5. Department Lead — signs off on department-grade deliverables.
  6. Executive Advisor — cross-department judgment, escalation point.

4. Independent Veto Authority

Each department appoints veto roles — typically the Chief Officer, the Statute (compliance) agent, the Shield (security) agent, and where applicable the Guard (safety) agent. A veto stops the workflow from shipping, is logged, attributed, and visible in the audit trail. The veto cannot be removed by a customer prompt; it can only be appealed through the human review path. The HookPilot Internal Security department (-HPS) has a parallel veto for the platform itself.

5. Bright-Line Rules

Every department's charter contains bright-line rules — things the department will not do regardless of how the prompt is phrased. Examples: the Legal & Compliance department will not produce filings; the Healthcare department will not diagnose; the Finance & Banking department will not give individualized advice; the Defense & Intelligence department will not assist with sanctioned end-users. Bright-line rules are enforced before generation, during generation, and at the veto step.

6. Hallucination Self-Check

Every customer-visible output runs through a self-check that compares claims against the prompt, supplied facts, the framework library, and agent memory. Unsupported claims are flagged, re-drafted with evidence, or escalated. See AI Disclosure §5.

7. Memory and Audit

Agent memory is scoped per workspace and per agent. Memory entries are auditable in the workspace and via API. Audit logs record agent, tier, model used, prompt hash, framework references, veto decisions, and human reviewer attestations. Retention follows the Data Retention Policy.

8. Risk Classification

HookPilot classifies use cases by risk: minimal (caption variation, sentiment summary), limited (brand-voice rewriting, internal research), high (regulated communications, hiring assistance, health/finance/legal content), and prohibited (the Acceptable Use carve-outs). High-risk use cases require explicit human-in-the-loop attestation. Prohibited use cases are refused.

9. EU AI Act Mapping

HookPilot tracks the EU AI Act's risk tiers, transparency obligations for general-purpose AI systems, and the additional duties placed on deployers of high-risk systems. Customers operating high-risk workflows under the AI Act remain responsible for their deployer obligations; HookPilot supports them with documentation, audit logs, and pre-completed Annex IV templates on request.

10. NIST AI RMF Mapping

HookPilot's governance layer is aligned to the NIST AI Risk Management Framework's Govern, Map, Measure and Manage functions. Mapping evidence is maintained internally and shared with Enterprise customers under NDA.

11. Change Control

Charters, bright-line rules, framework libraries, and veto-role assignments are versioned. Material changes require AI Governance department review, are recorded with a change ID, and propagate to the audit log used by all 40 departments. Customer-visible changes are announced in-product.

12. Contact

AI governance questions: legal@hookpilot.co. Customer-facing AI feedback: support@hookpilot.co.