3.4 · The Approval Workflow — From Idea to Live

The Eight Gates

⏱ 14 minCourse 03

The Eight Gates model provides a sequential approval structure for AI proposals. Each gate has a defined purpose, defined reviewers, and a binary pass/fail outcome. A proposal that fails a gate is either redesigned to address the failure or declined — it does not continue to the next gate.

Gate 1: Problem Definition

Question: Is there a clearly defined problem with measurable impact? Reviewers: Business sponsor + relevant department head. Pass criteria: The problem is documented, the current-state cost is quantified, and there is a specific hypothesis about how AI will address it.

Gate 2: Data Feasibility

Question: Does the data exist, and is it suitable? Reviewers: Data team + CISO/DPO. Pass criteria: Data sources are identified, volume and quality are assessed, legal basis for processing is confirmed, and no data gaps are expected to block model development.

Gate 3: Ethical Review

Question: Does this proposal cross any legal or organisational red lines? Reviewers: Legal + AI ethics lead or equivalent. Pass criteria: Five-Dimension Framework score above 12, no red-line violations, and risk mitigation plan for any dimension scoring below 3.

Gate 4: Build vs Buy Decision

Question: Should we build this, buy a solution, or use an existing tool? Reviewers: CTO + Finance. Pass criteria: Build/buy analysis documented with cost, time-to-value, vendor risk, and customisation requirements assessed.

Gate 5: Pilot Design

Question: Is there a rigorous pilot design with success metrics defined in advance? Reviewers: Project sponsor + data team + operations lead. Pass criteria: Pilot scope, duration, success metrics, and baseline measurement methodology all documented before pilot launch.

Gate 6: Risk Assessment

Question: Have all material risks been identified and mitigated? Reviewers: Risk function + Legal + CISO. Pass criteria: Formal risk assessment completed, mitigations documented for all identified risks, and residual risk accepted by appropriate authority.

Gate 7: Stakeholder Sign-Off

Question: Have all required approvals been obtained? Reviewers: Board/relevant committee (for high-risk), leadership team, Works Council or equivalent where legally required. Pass criteria: All required sign-offs obtained and documented. For high-risk AI, board approval is mandatory.

Gate 8: Post-Deployment Monitoring

Question: Is there a monitoring regime in place before go-live? Reviewers: Operations + Risk. Pass criteria: Performance metrics defined, monitoring cadence established, escalation triggers documented, named owner assigned for ongoing oversight. Go-live is conditional on monitoring infrastructure being in place.

3–6 weeks

Typical time for a well-prepared proposal to pass all eight gates

Gate 3

The gate most proposals fail — ethical review surfaces what pitch decks hide

Gate 8

The gate most organisations skip — and the one that catches slow-moving failures