How to decide whether AI is ready to act
An AI readiness checklist for deciding when agents or automation can act: context, source coverage, authority, confidence, reversibility, and review.
TLDR
- AI is ready to act only when the work context is clear, the sources are sufficient, authority is explicit, and mistakes can be detected or recovered.
- Model capability is only one input; readiness also depends on governance, source coverage, confidence checks, reversibility, and escalation paths.
- The safest path is staged delegation: assist, draft, recommend, act with approval, then act automatically only in narrow and monitored conditions.
AI readiness should be judged by context, source coverage, authority, confidence checks, reversibility, and review paths, not model capability alone.
In this article, "ready to act" means ready for an AI system to do something that changes the state of work: send a message, update a record, approve a step, reject a request, trigger a workflow, change a priority, create an obligation, or call a tool that affects other systems.
That is different from being ready to answer a question. A model can be useful for drafting and analysis before it is safe to act. The readiness test should therefore focus on the operating conditions around the action.
Two conditions recur throughout this test: human-in-the-loop review for claims that need evidence.
Readiness As A Delegation Decision
AI readiness is a delegation decision. You are deciding whether software can take a step on behalf of a person or organisation.
NIST's AI Risk Management Framework is helpful because it does not treat AI risk as a property of the model alone. It asks organisations to govern, map, measure, and manage risk across the AI lifecycle, and it says deployment should be based on a contextual assessment of trustworthiness, risks, impacts, costs, and benefits 1.
That means the question is not "is the model good?" The question is "is this system, in this workflow, with this data, authority, monitoring, and recovery path, ready to take this action?"
Why The Problem Exists
Capability does not equal authority
An AI system may be capable of drafting a reply, identifying a likely category, or recommending a next step. That does not mean it has authority to send the reply, assign the category, or execute the step.
Authority has to be granted explicitly. The organisation must define what the system may read, write, send, approve, deny, spend, schedule, disclose, or delete. Without that boundary, "AI readiness" becomes vague and risky.
Confidence is not self-evident
Generative AI can produce confident outputs that are false or unsupported. NIST's Generative AI Profile describes confabulation as confidently presented erroneous or false content and notes that false logic or citations can mislead users into trusting an output 2.
Readiness therefore requires confidence checks outside the model's tone. The system needs source checks, policy checks, constraint checks, test cases, monitoring, and paths for human review.
The Readiness Checklist
1. Context
Can the system see the relevant state of work?
Useful action depends on context: the user, customer, matter, case, deadline, policy, history, obligations, permissions, and current status. If context is missing or fragmented, the system may take an action that is locally plausible and globally wrong.
2. Source coverage
Does the system have the right evidence, and can it show it?
Source coverage is not just retrieval. It includes freshness, authority, completeness, and conflict handling. A system that cannot distinguish current policy from outdated notes should not act on policy. A system that cannot show its sources should not make accountable claims.
3. Authority
Is the action within explicit permission?
Anthropic's guidance on building effective agents distinguishes workflows, where code defines the path, from agents that dynamically direct their own process and tool use. It recommends starting with constrained patterns and adding autonomy only where needed 3. That is a useful readiness principle: grant narrow tool authority before broad autonomy.
4. Confidence checks
Can the system test the proposed action before taking it?
Checks might include schema validation, source matching, policy comparison, duplicate detection, contradiction detection, threshold checks, simulations, or evaluator review. The point is to create independent friction before a bad action leaves the system.
5. Reversibility
Can the action be undone or contained?
Updating an internal draft is different from sending a client email. Creating a task is different from approving a payment. Reversible actions can be delegated earlier. Irreversible, external, regulated, or high-consequence actions need stronger approval.
6. Review paths
What happens when the system is uncertain, blocked, or outside authority?
Readiness includes the ability to stop. The EU AI Act's human oversight requirements for high-risk AI systems emphasize effective oversight and awareness of automation bias 4. In practice, that means review cannot be an afterthought. The workflow must define who reviews, what they see, and how they override.
A Staged Delegation Model
Most teams should not jump from chatbot to autonomous action. A staged model is safer and more evaluable.
| Stage | AI role | Readiness standard |
|---|---|---|
| Assist | Summarize, search, explain | Helpful and source-aware |
| Draft | Prepare text or structured fields | Human reviews before use |
| Recommend | Propose next action | Evidence and rationale visible |
| Act with approval | Prepare action, wait for confirmation | Clear authority and reviewer path |
| Act automatically | Execute narrow actions | Low risk, reversible, monitored, auditable |
This model also makes progress measurable. A workflow may be ready for drafting but not sending. It may be ready to update an internal status but not notify a client. It may be ready for one department but not another because the source coverage or policy context differs.
What This Is Not
AI readiness is not a single benchmark score. Benchmarks can help compare models, but they do not prove that a specific workflow has enough context, authority, source coverage, and recovery design.
It is also not a once-a-year approval. ISO/IEC 42001 describes AI governance as a management system for establishing, implementing, maintaining, and continually improving responsible AI use 5. Readiness changes as policies, data, models, tools, and operating conditions change.
Examples
Ready to draft, not ready to send
A client update assistant can retrieve recent activity, draft a summary, and list evidence. It should not send the update automatically if relationship tone, legal exposure, or unresolved facts matter.
Ready to update a status
An internal workflow agent may be ready to mark a task as "waiting for review" when required fields are complete and the next owner is known. The action is visible, reversible, and low-risk.
Not ready to deny a request
A system should not automatically deny a customer, applicant, or employee request if the decision depends on incomplete evidence, ambiguous policy, protected characteristics, or appeal rights.
The Conclusion
AI is ready to act when the surrounding operating design is ready for delegation. That means the system has context, sources, authority, checks, reversibility, review, and monitoring.
The practical standard is this: if the system is wrong, can the organisation detect it, explain it, contain it, and assign accountability? If not, the AI may still be useful, but it is not yet ready to act.
Sources
/ Start
Start with one operating area. Expand from there.
Begin with a focused review rhythm, workflow, or team where better operating context would immediately change the quality of preparation and judgment.