Corporate Autonomy Levels (CAL)
Corporate Autonomy Levels
A scale for how autonomously a company runs.
Corporate Autonomy Levels (CAL) is a public framework that measures human involvement in a company's management loop on a six-level scale, L0–L5. Target it by design; prove it with logs.
This page is the canonical definition of CAL. Terms and definitions are free to use under CC BY 4.0; attribution is the only condition.
1The Levels — L0–L5
CAL views management as a closed loop of six elements:
- 1Executioncarrying out the work under given procedures
- 2Operational judgmentcase-by-case decisions under given rules — acceptance, branching, prioritization
- 3Anomaly responsedetect · stop · escalate · recover
- 4Improvementroot-cause analysis → rule revision (process self-improvement)
- 5Inventionnew technology, new policy
- 6Goal settingthe domain's success criteria — set & revised
Level boundaries are drawn by which forms of human involvement have been removed. Involvement recedes in five steps: doing the work → initiating and approving each task → watching → fixing exceptions and learning → setting goals.
Scope: CAL applies to any legal entity that runs a management loop, commercial or not; this page writes in terms of the company as the representative case.
The basic unit of assessment is the business domain. L0–L5 are assessed per domain; a company-level statement is made by aggregating domain assessments (§2). A business domain is a continuing unit of work with its own identifiable deliverables, goals, and anomaly handling; detailed granularity guidance — including the counting units for tasks and initiation — will be added in a future version.
Note (normativity): the definition of CAL is complete in this page's own text. All references to SAE J3016 are informative aids to understanding, not grounds of the definition. This page is a public canonical definition document, not a standard with a certification scheme; the normative/informative distinction is used following standards practice.
Vocabulary of the criteria (normative)
- "AI" — throughout this page, "AI" denotes the automated system under assessment, whatever its implementation: machine learning, rule-based systems, or scripts. CAL is technology-independent — what is measured is which forms of human involvement have been removed, not the technology that removed them.
- External output — a deliverable that crosses the domain's boundary and reaches a recipient in another domain or outside the company, where retraction becomes difficult. In a domain with no external outputs, the corresponding observable is whether a human approves each deliverable at the point it becomes final.
- Initiation — a deliverable is human-initiated when starting the work toward that one unit of deliverable requires a human act. The "task" of the L1–L2 boundary is counted per deliverable: a single human instruction from which the AI chains multiple process steps toward one deliverable is still human initiation; a deliverable the AI begins without a fresh human act is not.
- Humans in the loop — a natural person who actually carries any of the six elements counts as a human in the loop, regardless of employment form, affiliation, subcontracting, dispatch, vendor provision, or unpaid status. Assessment goes by who holds the element (Table 2), not by which legal entity the person belongs to. Outsourcing human work is not delegation; it is assessed as human retention. Vendor-side personnel intervening in individual cases are inside the loop; generic improvement of a vendor's model is outside. Involvement is attributed to the domain whose element the act carries, not to the domain the actor belongs to — a human based in one domain who handles another domain's anomalies, or sets its goals, counts inside the latter.
- Anomaly / normal operation — what counts as an anomaly is declared in advance: the domain inventory (§2) states each domain's anomaly categories before assessment. Reclassifying human interventions as "anomaly response" after the fact is not accepted. The declared typology also states which categories have pre-defined handling that AI may close, and which require escalation to a human. Failure, outage, or degradation of the automated system itself is a mandatory category in every domain's typology. An anomaly is a departure from the declared normal process; declaring an ordinary class of the domain's business as an anomaly category is not contemplated by this vocabulary.
- L0Passive tool
- L1Task assist
- L2Gated workflows
- L3Supervision removed
- L4Self-correcting domain
- L5Fully autonomous
Each criterion in Table 1 is read as a pair: the difference from the level below (what AI newly carries) and the difference from the level above (what humans still carry). The upper-side observables are defaults: for an element disclosed as an ahead-of-level delegation (§2, cumulative assessment), the criterion is read with that observable replaced by the disclosed delegation state. The full allocation is Table 2.
| Lv | Definition in a company | Involvement removed (elements) | Criterion (observable) |
|---|---|---|---|
| L0 | AI is a passive tool. Humans run every element of the management loop | — | No AI output is incorporated into a deliverable, edited or not |
| L1 | AI assists the execution of single tasks. Humans initiate and review every time | Doing the work (execution assistance — part of element 1) | AI output is incorporated into deliverables, but a human initiates every task — logs show no AI-initiated chaining |
| L2 | AI executes chained workflows. Humans supervise continuously and gate every external output | Per-task initiation (element 1 complete + element 2 gated; humans recede to gate and watch) | AI chains process steps without per-task human initiation, while 100% of external outputs pass a human gate — no ungated external output in the logs |
| L3 | Within a domain, AI executes and judges without continuous supervision. Anomalies are detected by the AI, which calls a human for any whose handling is not rule-defined | Continuous watching (element 2 complete + part of element 3 — detect & escalate; humans go on-call) | Zero human intervention in normal operation in execution and operational judgment (elements 1 and 2) — involvement under elements 4, 5, and 6, which L3 assigns to humans (revising rules, introducing new methods, setting and revising goals), does not count against this; every anomaly whose handling is not rule-defined in advance is, within the observation window, escalated to a human — closure by AI through pre-defined handling rules is permitted (handling outside the rules, and revising the rules, still pass to humans) |
| L4 | Within a domain, AI completes anomaly response and self-improvement autonomously (detect → stop → recover → root-cause analysis → rule revision). Also carries technical invention within the domain | Exceptions and learning (element 3 complete — handling internalized — + element 4 + 5a: one closed circuit) | For every anomaly in the observation window, the closed loop from occurrence to recurrence prevention shows no human in the logs, and the domain's record of adopting new methods and technology shows no human initiation (goal setting still traces to humans) |
| L5 | Autonomous through the domain's own goal setting; for the management domain this includes inventing strategy and new businesses. Achieved across all domains, management domain included = the Autonomous Firm | The domain's goal setting (element 6; for the management domain, plus 5b) | Zero humans at all times in the domain's loop, goal setting included (no human appears in the domain's goal-setting records) |
| Element | L0 | L1 | L2 | L3 | L4 | L5 |
|---|---|---|---|---|---|---|
| 1 Execution | Human | AI-assisted (humans initiate & review) | AI (chained) | AI | AI | AI |
| 2 Operational judgment | Human | Human | AI (humans watch; external outputs human-gated) | AI (no watching) | AI | AI |
| 3 Anomaly response | Human | Human | Human | Detect & escalate: AI / handle: human (execution of pre-defined handling rules may be AI) | AI (closed) | AI |
| 4 Improvement | Human | Human | Human | Human | AI | AI |
| 5a Invention — technical (in-domain) | Human | Human | Human | Human | AI | AI |
| 5b Invention — strategy & business (management domain only) | Human | Human | Human | Human | Human | AI |
| 6 Goal setting | Human | Human | Human | Human | Human | AI (the domain's goals) / purpose & continuation: owners (outside the loop) |
Note: the management function (strategy, business portfolio, resource allocation) is itself a business domain and is included in the inventory (§2). Company-wide goal setting is assessed as element 6 of the management domain; upstream of it — the will over purpose and continuation — belongs to the owners, outside the loop (§5).
Note (subdivision of element 5): element 5 is assessed in two parts — 5a, technical invention, present in every domain; and 5b, strategy-and-business invention, which exists only in the management domain. For any other domain, row 5b does not apply. Which domain is the management domain is declared in the inventory (see the note above).
Note (goals vs. derived goals): element 6 is the involvement that sets and revises the domain's goals — its success criteria, objective function, and KPI levels. Under a given goal, AI setting and re-setting intermediate goals or subgoals as it iterates — including loops that evaluate a deliverable automatically, re-target, and run again — belongs to elements 1 and 2 (and to 4 where it revises process rules), not to element 6. The observable is whether the domain's success criteria themselves change without human involvement; a configuration in which AI rewrites the success criteria is disclosed as an ahead-of-level delegation of element 6 (cumulative assessment, §2).
Note (the owners' channel): the out-of-loop owner power is limited to the articles of incorporation, capital contribution and withdrawal, liquidation, and the appointment and removal of the management system. Instructions on business goals, KPIs, budget allocation, or priorities count as element 6, whatever their frequency or form. Participation in resolutions that mandatory law reserves to owners (such as general-meeting resolutions) is exercised by the governance layer outside the loop and is excluded from the goal-setting records of element 6 — but where owner-side humans draft or substantially formulate such a resolution, that involvement counts as in-loop element 6.
Reading the boundaries
| Boundary | Involvement removed | Elements |
|---|---|---|
| L0→L1 | Doing the work (execution assistance begins) | part of 1 |
| L1→L2 | Per-task initiation (humans recede to gate and watch) | 1 complete + 2 gated |
| L2→L3 | Continuous watching (humans go on-call) | 2 complete + part of 3 (detect & escalate) |
| L3→L4 | Exceptions and learning (internalized as one closed circuit) | 3 complete (handling internalized) + 4 + 5a |
| L4→L5 | The domain's goal setting | 6 (+ 5b in the management domain) |
- L2→L3: in exchange for removing the watch, the AI takes on the duty to call a human when an anomaly exceeds its pre-defined handling rules — the jidoka gate (jidoka: Toyota's principle of building stop-and-fix judgment into the machine itself).
- L3→L4: detect → stop → recover → root-cause analysis → rule revision form one closed circuit (= Corporate Jidoka) that stops working if split; elements 3, 4, and 5a are therefore delegated across a single boundary.
- L4→L5: the domain's goal setting is delegated. In-domain technical invention (5a) belongs to L4; inventing strategy and the business itself (5b) belongs to L5 of the management domain.
InformativeCorrespondence to SAE J3016
| Lv | SAE J3016 counterpart (in a vehicle) |
|---|---|
| L0 | No driving automation (warnings and momentary emergency intervention only) |
| L1 | Either ACC or lane keeping — one, not both |
| L2 | Combined assistance; constant supervision required |
| L3 | No continuous supervision required; a fallback-ready user must respond to requests to intervene and to evident system failures |
| L4 | No human needed within the ODD; reaches a minimal-risk condition on its own |
| L5 | No ODD limitation |
The watch shift (L2→L3) corresponds to SAE L3's request to intervene and duty to respond; the internalization of exceptions (L3→L4) to SAE L4's minimal-risk condition. CAL L5 has no direct SAE counterpart — J3016 itself excludes the strategic functions (selecting destinations and waypoints) from the dynamic driving task, and does not put choosing the destination (goal setting) on its scale; SAE L5's unconditional scope corresponds, in CAL, to the company-level statement across all domains (§2). A business domain plays the role of the Operational Design Domain (ODD).
InformativeWhere existing concepts sit
| Existing concept | Approximate range | Note |
|---|---|---|
| Copilot-style tools | L1 | — |
| Company OS / Work OS | L1–L2 | Usage of the term now stretches to L3-grade claims |
| Supervised agent operations (human-in-the-loop agents) | L2 | — |
| Agentic organization (McKinsey's term) | L2–L3 | "One manager orchestrating hundreds of agents" retains human direction (source: McKinsey, "The agentic organization: Contours of the next paradigm for the AI era," 2025) |
| One-person unicorn | All domains at L4, plus one human | — |
| Autonomous Firm / Zero-Person Company | L5 (company level) | Defined by this page; not yet achieved |
Labels are self-declared. CAL assessment goes by structure, not by what a product or organization calls itself.
2The Metric — Measurement and Assessment
Levels are determined by structure and substantiated by metrics. Level assessment is not a scoring exercise. What decides a level is structure — which forms of involvement have been removed (Tables 1–3). CAL sets no composite score and no universal cross-industry thresholds. The "100%" and "zero" in the criteria column are not empirical thresholds but logical consequences of each level's definition. A level is a description of the degree of autonomy, not a rating of quality, safety, or managerial merit.
Assessment has two tiers
- Design assessment — "designed for CAL Lx"
Judged from design artifacts: permission settings, workflow definitions, the presence or absence of human gates, escalation paths, rule-revision authority. It can be performed before operation begins. The Lx column of Table 2 works as the design requirements for that level. - Verified assessment — "CAL Lx (log-verified)"
Established when operational logs prove that the designed structure actually runs.
Notation. Design-stage claims must carry the qualifier "designed for" and present the design artifacts. Verified claims are written "CAL Lx (log-verified)". Claims also state their scope: all domains, or named domains from the inventory. A claim further carries: the assessment date, the observation window it rests on (period and volume of work), who performed the assessment (self, or a named third party), the CAL version applied, a reference to the evidence together with its disclosure mode (published, or disclosed on request) and its retention period, and — for verified claims of L3 and above — the number of anomalies in the observation window by declared category and their ratio to total work. Notation example (full form): "CAL L3 (log-verified; assessed 2026-07-01; window 2026-01–06, 1,240 deliverables; anomalies 14 in 3 declared categories, 1.1% of work; self-assessed; per CAL v0.9; evidence on request, retained 5 years)". Later examples on this page are abbreviated. The two tiers must not be conflated.
Assessment procedure
- Partition the business into domains.
- Establish the delegation status of each of the six elements through boundary questions — a provisional level from structure (= design assessment; a design claim becomes possible).
- Substantiate it with operational logs matching that level's criterion (Table 1) — verified assessment (a verified claim becomes possible).
- Aggregate all domain assessments to state a company level (inventory + minimum + profile, scope stated). (Figure 1.)
A material structural change (model replacement, permission changes, workflow redesign, revision of the typology or inventory) lapses the verified claim; re-verification returns to ③ (lifecycle of a claim).
Cumulative assessment and ahead-of-level delegations. Levels are assessed cumulatively — claiming a level requires meeting every requirement in that level's column of Table 2. A form of involvement counts as removed only where the element transfer of the corresponding boundary (Table 3) — the AI-side structure that takes it over — is in place; removal without the structure is not delegation. Where the per-element delegation state matches no Lx column exactly, the level is the highest column satisfied contiguously from below: the level is capped by the lowest form of involvement not yet removed, and autonomy achieved above that cap does not constitute the level. A configuration that satisfies no level column contiguously from below is recorded as a non-conforming configuration — distinct from unassessed, where the boundary questions cannot be answered — with the per-element delegation state disclosed. Notation example: "non-conforming (scope: distribution; elements 1–2: AI, chained without approval; element 3: no monitoring, no gate, no escalation structure; elements 4–6: human)". A company with a non-conforming domain cannot state a company level; external estimates record it as "non-conforming × n" in the profile. An ahead-of-level delegation — AI carrying a higher element while a lower one remains human (say, humans still handle anomalies while AI already revises the rules) — does not raise the level, because the order of the boundaries is a dependency: a higher delegation over a still-open lower element does not constitute that level's closed structure (such as L4's closed circuit). Ahead-of-level delegations are not lost, however: an assessment discloses the per-element delegation state and records them as ahead-of-level, and they surface in the metrics as leading indicators of readiness for the next boundary. Notation example: "CAL L3 (log-verified, scope: support; ahead-of-level: 4 Improvement, 5a)".
Assessment rule: A verified level claim is established by presenting operational logs that match the criterion (Table 1). A design claim is established by presenting the delegation structure as design artifacts, with the "designed for" qualifier. A self-declared rating without evidence is not a CAL claim. A design assessment is provisional, not a certification — only a verified assessment is definitive. An element whose holders are mixed — human and AI — is assessed at its most human-dependent state: the involvement has not been removed. "Logs" in the criteria means the whole of the records covered by a completeness declaration: a verified claim is accompanied by an enumeration of the channels through which humans can intervene and of how each channel is recorded, together with integrity safeguards for those records (append-only stores, hash chains, third-party timestamps, or equivalent). The completeness declaration also states the liveness-monitoring channel, independent of the primary system, by which failure or silence of the automated system itself is detected. Pseudonymized or anonymized records satisfy the log requirement as long as the human-or-AI distinction and the fact of intervention remain determinable. Selecting observation windows or record systems after the fact is not accepted. Where no anomaly occurs within the observation window, records of deliberate fault injection or of anomaly-response drills that actually exercised the loop are admitted as verified-tier evidence for the anomaly-side criteria. A claim of L4 or above requires that the domain's declared typology contain no category requiring escalation to a human. Where the observation window contains no instance of element 5a (adoption of a new method or technology) or of element 6 (goal revision), a claim resting on that window states this alongside.
Lifecycle of a claim: A verified claim speaks for the structure that produced its logs — when that structure changes materially (model replacement, permission changes, workflow redesign, revision of the declared anomaly typology, reorganization of the domain inventory), the verified claim lapses and re-verification is required. Human repair, recall, or rework performed after the observation window on deliverables produced inside it is treated as evidence that operation contradicted the claimed criterion (grounds for downward correction). If operation is later found to contradict the claimed criterion, the claim is corrected downward: the verified tier follows the logs, and a design claim contradicted by operation is re-scoped or withdrawn. A company-level claim may take the verified tier only when every domain in the inventory is verified; otherwise it is stated at the design tier.
Who assesses
CAL appoints no certification body — this site does not certify. Assessments are performed following the procedure this page defines in §2 — the assessment procedure, the assessment rule, and Table 6 — by the claiming company itself or by any third party it engages. CAL takes evidence-backed self-declaration as its base; third-party verification is optional. An outside reading made without access to the evidence is an external estimate, not a CAL claim — neither a design assessment (which requires the design artifacts) nor a verified assessment (which requires the logs) can be performed from outside; anyone speaking in CAL terms should say which one they are making. An external estimate states the public information it relies on.
Company-level assessment — aggregating domains
- Domain inventory. Enumerate every business domain that makes up the management loop — the management function is itself a domain and is included. The inventory carries a coverage statement: all human work and all outsourced work that falls under the six elements is attributed to some domain in it — work with no domain to belong to means the inventory is incomplete. The inventory also declares each domain's anomaly categories in advance (§1, vocabulary of the criteria), and where delegation states vary by season or condition, the domain is subdivided by those conditions and listed accordingly. A company-level claim cannot be made from a partial inventory.
- Minimum rule. The company level is the minimum across all domains: the least autonomous domain determines where the company still needs humans.
- Profile. Report the distribution of domains by level alongside the minimum. Notation example: "CAL L2 (log-verified, scope: all domains; profile: L4×7, L3×2, L2×1)". Stating each domain's scale alongside (FTE or share of work) is recommended (informative).
- Scoped claims. A claim limited to particular domains states its scope, using the domain names as listed in the inventory (e.g., "designed for CAL L4, scope: accounting").
- Company-level L5 = every domain at L5, the management domain included. This is the assessment condition for the Autonomous Firm (Zero-Person Company).
- Unassessed is not L0. A domain whose boundary questions cannot be answered is marked unassessed. A company with unassessed domains cannot state a company level; external estimates record them as "unassessed × n".
The four metrics measure the human involvement that remains inside an assessed level — how much of it remains, how far the no-touch work reaches, whether the remaining reviews are still needed, and what the remaining involvement costs in time. A falling residue is progress within the level; a residue shown to be no longer needed is the safety grounds for the next boundary; the record of a residue reaching its endpoint (zero minutes / 100%) doubles as the evidence for the level above. Formally, the metrics serve three roles — (a) criterion observables — the evidence for verification, (b) leading indicators for transitions, (c) continuous measures of progress and payoff (Figure 2). All four are measured per domain; levels alone aggregate to the company level, the metrics do not. CAL calls the degree to which human intervention (human-in-the-loop, HITL) has been removed from the management loop the HITL removal rate — not a single composite value; it is measured through the following four metrics:
- Intervention density (how much human effort remains) — human minutes per deliverable. Roles (a)(c): zero minutes on elements 1 and 2 in normal operation is direct evidence for L3; the trajectory toward zero is progress within a level.
- Autonomous completion rate (how far no-touch work reaches) — reported separately as a task completion rate and an anomaly completion rate: the share of tasks, and of anomalies, completed without a human touch (counting unit: the domain's deliverables as defined in the inventory; details will be specified with the granularity guidance in a future version). Role (a): the primary evidence that a claimed structure actually operates — L4 is substantiated by the anomaly completion rate.
- Override rate (whether the remaining reviews are still needed) — the share of human reviews that overturn the AI's judgment, measured where and while human review exists. Role (b): the leading indicator that a gate has become redundant — the safety basis for the L2→L3 transition. When used as grounds for a transition, the substance of the reviews is disclosed with it (sampled double review, agreement with blind re-assessment, or equivalent).
- Human Wait Ratio (what the remaining involvement costs in time) — the share of lead time spent waiting for a human action. Role (c): the payoff gauge of leveling up; the true cost of a human gate is not effort but queueing (lean's flow efficiency; the waste of waiting). The measurement boundary — the start and end of lead time, calendar or business hours — will be specified in the detailed measurement procedure to be added (§6, Versioning). By design, the difference between an L2 company and an L3 company is expected to show up mainly in speed, not quality.
Two companies can both be L2 while differing utterly in maturity — one at 45 human-minutes per deliverable with a 30% override rate, another at 3 minutes and 1%: the latter is ready for L3. And two companies can share the same 3 minutes while sitting in different structures — every deliverable receiving a 3-minute gate review (task completion 0%) versus nine deliverables in ten untouched and the tenth taking 30 minutes (task completion 90%): the metrics are read as a set. The continuous metrics make visible what the ordinal level cannot.
| Metric (what it measures) | L0 | L1 | L2 | L3 | L4 | L5 |
|---|---|---|---|---|---|---|
| Intervention densityamounthow much human effort remains — where it pools (min/deliverable) | all work is human | per-task initiation, review, fixes | gate-review minutes only | 0 min● criterion (elements 1–2, normal operation) | ○ held at 0regression lapses the claim | ○ held at 0 |
| Autonomous completion — tasksreachhow far no-touch work reaches, normal operation (%) | — (no AI deliverables) | ≈0% (every task touched) | partial (external outputs 0% — gate 100%) | 100%● criterion (normal operation) | ○ held | ○ held |
| Autonomous completion — anomaliesreachdo anomalies close without a human touch (%) | — | 0% (anomalies are human-handled) | 0% (same) | pre-ruled categories only; its rise = readiness for L4 | ≈100%● criterion — L4's primary evidencerule-outside absorbed via improvement | ○ held |
| Override ratenecessityis the remaining gate still doing work (share overturned) | — (no AI judgment to review) | measurable under per-task review; falling = maturing | ▶ →0: gate redundant = safety grounds for L2→L3 | — (no reviews in normal operation) | — | — (only where reviews exist, e.g. audits) |
| Human Wait Ratiotime costhow much speed the waits take — no criterion at any level (payoff gauge) | high | approval waits dominate | gate waits dominate | the big step down (gate waits gone) | anomaly waits gone too | ≈0 |
Required evidence and measurement burden: the evidence a verified claim requires is the logs matching the claimed level's criterion (Table 1) — nothing more. The four metrics are instruments for roles (a)–(c), not requirements for a level claim. Intervention density and Human Wait Ratio need no dedicated time-keeping; deriving them from existing workflow timestamps suffices. Where exhaustive measurement is disproportionate, the continuous metrics may be sampled (representative periods and representative work, with the method disclosed). The criterion observables themselves — the "zero" and "100%" conditions — cannot be sampled: they are read against the full records covered by the completeness declaration (assessment rule above).
Two-stage assessment
Stage 1 = design assessment (provisional) · Stage 2 = verified assessment
| Metric | Stage 1: design assessment (design checklist) | Stage 2: verified assessment (log measurement) |
|---|---|---|
| Level (structure) | Boundary questions per element for each domain (Is approval required for external outputs? Who acts on an anomaly? Who initiates and adopts new methods in the domain? Who revises the rules? Who sets and revises the domain's goals (success criteria)? Have the owners issued instructions on goals, KPIs, or budgets? Do vendor-side personnel touch individual cases? How are the delivery of and response to intervention requests recorded? — among others) | Cross-check permission settings against actual logs |
| Intervention density | Self-reported estimate | Measured time logs |
| Autonomous completion rate | Ask who handles anomalies | Classified tickets and logs |
| Override rate | — (hard to obtain via checklist) | Measured review records |
| Human Wait Ratio | Estimated approval wait time | Measured workflow timestamps |
The design checklist also collects rough estimates of three of the four metrics (override rate is hard to obtain via checklist) to cross-check the structural answers — a claimed L3 structure with a large approval-wait share casts doubt on the answers and holds the provisional level. Stage 1 is planned to be offered free of charge on this site. Stage 2 follows the assessment rule and Table 6, and can be run by the company itself or by third parties; its detailed measurement procedures (including the metrics' measurement boundaries) will be added through revisions of this page (§6, Versioning).
3Responsibility
External liability rests, as a rule, with the legal entity at every level — that does not change. What rising autonomy moves is accountability inside the firm: how far an outcome can be traced to someone's work or someone's approval. Accountability follows the delegation structure (Table 2) — it traces to whoever, or whatever mechanism, holds the element. The boundary is L4: once the in-domain closed loop runs without humans, then within the scope of that circuit there is no individual left for accountability to reach; it consolidates in the governance that designs and operates the system. Responsibility follows the structure actually in operation (the verified tier), not the design claim.
| Lv | Where accountability sits inside the firm |
|---|---|
| L0–L2 | Traces to the individuals who executed and approved (task accountability of the doer and the approver) |
| L3 | In normal operation, to the governance side operating the system. The on-call human retains accountability for responding to intervention requests — but failure to respond falls on the individual only where the request reached them and the conditions for responding (a reasonable on-call design and load) were met; the reachability and redundancy of the escalation path and the adequacy of the on-call arrangement are the governance side's accountability |
| L4 | For the operation of the closed circuit (elements 3, 4, and 5a), it no longer traces to any individual; it consolidates in the governance (organization) that designs and operates the system. Accountability for the elements humans still hold — goal setting (element 6), and strategy-and-business invention (5b) in the management domain — still traces to those individuals |
| L5 | No individual inside the management loop remains for it to trace to; it rests solely with the firm's governance (the appointment-and-continuation mechanisms held by owners) — the connection point to the "AI legal personhood" debate |
What disappears is operational task accountability — who executed, who approved. Accountability for designing, approving, and supervising the system remains with the organs and individuals that did so (directors and officers, typically): that is what governance accountability consists of.
InformativeCounterpart in driving automation
| Lv | Counterpart in driving automation |
|---|---|
| L0–L2 | The driver is liable (as a rule) |
| L3 | Manufacturer-side acceptance of liability while engaged rests on Mercedes-Benz's voluntary statement (Drive Pilot); that failure to respond to a request to intervene stays with the driver corresponds to the takeover duty under Japan's revised Road Traffic Act |
| L4 | Japan's "specified automated operation" regime (in force since 2023): no driver required; the permitted operator bears responsibility |
| L5 | No L5-specific legal regime is in force yet in major jurisdictions |
Limit of the comparison: in driving automation, the externally liable party itself shifts (driver → manufacturer / operating entity). In a company, external liability stays fixed on the legal entity; what shifts is internal accountability.
This section is not legal advice. "Responsibility" here distinguishes external liability from internal accountability; actual legal liability varies by jurisdiction, contract, and case. Doctrines that extend external liability to individuals or owners — piercing the corporate veil, directors' liability to third parties — exist in each jurisdiction; CAL levels neither trigger nor block their application.
4Key Terms
- Corporate Autonomy Levels (CAL)
- A measurement framework that defines, per business domain, how much of the six-element management loop (execution, operational judgment, anomaly response, improvement, invention, goal setting) is carried by AI, on a scale from L0 to L5. Assessment follows the procedure defined on this page and requires evidence — the delegation structure for design claims, operational logs for verified claims. "AI" here denotes the automated system under assessment, whatever its implementation — CAL is technology-independent.
- Corporate Jidoka
- The management discipline of building anomaly detection, stopping, recovery, root-cause analysis, and recurrence prevention into the AI work loop itself. An extension to management of jidoka — Toyota's principle of building stop-and-fix judgment into the machine. Its first stage — the jidoka gate, by which the AI detects an anomaly and calls a human for what exceeds its pre-defined handling rules — is the precondition for L3; internalizing the full closed circuit through stopping, recovery, root-cause analysis, and recurrence prevention is the precondition for L4 and above.
- Autonomous Firm
- The state in which the management loop contains zero humans at all times and the legal entity continues to run itself on its own judgment (CAL L5 at company scope). Humans remain outside the loop as owners and beneficiaries.
- Zero-Person Company
- The colloquial name for the Autonomous Firm; a banner term for the corporate form that comes after the one-person unicorn.
- HITL removal rate
- The degree to which human intervention (human-in-the-loop) has been removed from the management loop. Not a single composite value: it is measured through four metrics — intervention density, autonomous completion rate, override rate, and Human Wait Ratio.
5Beyond L5 — The Next Layer and a Different Axis
There is no L6 in this version of CAL. But the seat is reserved. At company-level L5, delegation is complete across every domain, the management domain included — the top of the management layer's scale. Above the goals delegated inside the loop (each domain's goals, and the management goals carried by the management domain), one tier still remains: the will over purpose, continuation, and capital — an owner's power, the governance layer. What lies beyond L5 is therefore not only a different axis; it includes the next layer in the same direction.
HORIZON O — L6 RESERVEDOwnership Autonomy
Autonomy of the governance layer. AI occupies even the owner's seat, and the will over purpose and continuation leaves human hands. The direction — removing humans — is the same as L0–L5; the layer shifts from management to governance. Under current law, control structures that do not trace back to natural persons are generally not constructible (legal wrappers for DAOs and ownerless-foundation forms are the closest scaffolds), so it is not yet a level one can design for. When (1) law admits such structures and (2) an assessment methodology — design and verification — is established, it will be incorporated as L6 through the version history of this canonical page. Until then it is not treated as a level.
HORIZON M — DIFFERENT AXISMachine Economy
An economy in which customers and counterparties are AI as well, and value exchange completes between AIs — the extension of agentic commerce (commerce in which AI agents are the buyers). Market composition changes the inputs to goal setting, but not who holds the six elements. It can make every level easier to reach, yet it constitutes no assessment — hence a horizon, not a level.
CAL measures the management layer. The governance layer (ownership) sits as the reserved L6 under version control; market composition is out of scope. Any extension of CAL — including the formal incorporation of L6 — happens only through the version history of this canonical page.
6Provenance & License
- Canonical URL: https://corporateautonomy.com/ · First published: 2026-07-12 · Version: 0.9 (public review draft) · Changelog: end of this page.
- Status: public review draft. Promotion to v1.0 requires: (1) at least one applied assessment documented, (2) a further independent review yielding no blocker-class findings, and (3) public comments received via the contact address (§7) having been addressed. During 0.x, meaning-level revisions increment a third digit (0.9.1, 0.9.2, …); the compatibility discipline below applies from v1.0 onward. Editorial fixes remain outside versioning.
- Versioning: the version changes only when the meaning of definitions or terms changes (clarifications and additions increment the minor version; incompatible changes, the major version). A change is incompatible when it can alter the outcome — level or scope — of an existing conformity assessment; by this criterion, the future incorporation of L6 is a minor-version change. Editorial fixes do not change the version and are not listed in the changelog. A claim persists under the version it was assessed against and is identified by the version notation it carries; transition arrangements for an incompatible revision are defined at the time of that revision. A Wayback Machine snapshot of each published version is taken as a third-party timestamp.
- License: the body of this page — the terms, definitions, level table, and assessment procedure — is licensed under CC BY 4.0; attribution is the only condition.
- Conformity-claim rule (a separate layer from the copyright license): CC BY 4.0 permits adapting the text, but a "CAL" / "CAL Lx" conformity claim is valid only against the unmodified definitions and procedures of this canonical page — an assessment made under modified definitions may not be described as CAL. The canonical version is this page only.
- Suggested citation: "Corporate Autonomy Levels (CAL) v0.9 (public review draft), corporateautonomy.com"
- References (informative): external materials this page refers to by name — SAE J3016 (taxonomy and definitions for driving automation levels; SAE International) / jidoka in the Toyota Production System / Mercedes-Benz's stated acceptance of L3 liability for Drive Pilot / Japan's revised Road Traffic Act (takeover duty) and the "specified automated operation" regime (in force 2023) / McKinsey, "The agentic organization: Contours of the next paradigm for the AI era" (2025).
- Trademark note: SAE and J3016 are standards and names of SAE International. "Jidoka" is a term originating in the Toyota Production System. This page is an independent document that references them for structural comparison; it is not affiliated with or endorsed by SAE International or Toyota Motor Corporation. CAL is not an SAE standard.
7Disclosure
This framework is created and maintained by the operator of the kaishaos project (kaishaos.com). The definitions are vendor-neutral and do not presuppose the use of any particular product. This site does not offer paid services such as assessments or implementation support. Contact: contact@kaishaos.com — inquiries, errata reports, and licensing questions.