Village Governance CourseModule 8 of 8
All modules
Module 8Application50–65 min

Risk assessment and organisational migration

This module turns the course's concepts into a practical lens a board can use. It sets out a risk taxonomy for evaluating non-sovereign records, the readiness indicators that signal an organisation can begin serious adoption work, and a realistic staged migration path. The aim is not to declare every record sovereign overnight, but to help a board decide which records justify the change and how to start.

8.1 A board-level risk taxonomy

Not every record carries the same exposure, and treating them all alike wastes effort and obscures the records that genuinely matter. A board can evaluate non-sovereign records across six dimensions: jurisdictional risk (whose laws and authorities reach the data), evidentiary risk (whether authenticity and integrity can be proven), cultural / community-trust risk (whether custodianship matches community expectations), AI-override risk (whether machine processes can act without human constraint), portability risk (whether the organisation can leave with its history intact), and operator-dependence risk (whether continuity rests on a single vendor or individual).

Risk lens: Can the organisation prove authenticity? Constrain access and export? Reconstruct decision history? Survive vendor, dispute, or inquiry stress?
Operating implication: Some records can stay lightweight; some require a sovereign substrate; and some AI uses are tolerable only with structural controls in place.
Key teaching points
  • The six dimensions are a triage tool, not a scorecard — they help a board rank records by exposure, not assign a single grade.
  • A record can be low-risk on most dimensions and acutely high-risk on one; that single dimension is enough to justify a sovereign substrate.
  • AI-override risk and operator-dependence risk are frequently underweighted because they are invisible until the day they are tested.
Discussion topics
  • Which of the six dimensions does your organisation currently have no defensible answer for?
  • Where do convenience and exposure pull in opposite directions, and who decides the trade-off?
  • Which records are low-risk enough to leave untouched, and is that judgement written down anywhere?

8.2 Readiness indicators

Adoption work fails when it begins as a tooling decision rather than a governance one. Organisations are ready for serious adoption work when they can do four things plainly: name their high-value governance records, identify their present vendor dependencies, describe their AI-assisted workflows, and articulate which decisions must remain explicitly human. None of these require new technology — they require the board to have looked clearly at its own practice.

Teaching point: Readiness is a property of self-knowledge, not of budget or technical maturity. A board that cannot yet name where its constitutional memory lives is not ready to migrate it, regardless of the tools available.
Key teaching points
  • Naming high-value records forces a distinction between what feels important and what would actually be load-bearing under challenge.
  • Mapping vendor dependencies surfaces the operator-dependence and jurisdictional risks from 8.1 in concrete terms.
  • Articulating which decisions must remain human is the boundary that makes AI-assisted workflows safe to extend rather than dangerous to adopt.
Discussion topics
  • Could your board, today, list its high-value governance records without a meeting to construct the list first?
  • Which AI-assisted workflows are in use that the board has never formally described or approved?
  • Which decisions has the organisation implicitly delegated to a tool that it would insist, on reflection, must remain human?

8.3 The migration path

Digital sovereignty is a journey, not an all-or-nothing leap. A realistic staged path lets an organisation move deliberately, learn from a bounded first step, and extend only where the value is proven. The stages: (1) identify the highest-risk deliberation records; (2) map jurisdictional and provider dependencies; (3) separate convenience workflows from constitutional-memory workflows; (4) introduce stronger provenance and approval logging; (5) pilot a sovereign environment for a bounded governance function; and (6) extend to AI-assisted decision support and sensitive community-facing processes.

Teaching point: The first use case should be one where integrity and contestability matter enough to justify change — not the easiest workflow, but the one where proving the value will most clearly earn the board's confidence to go further. A workshop should leave the organisation with a pilot hypothesis, not abstract awareness.
Key teaching points
  • Stages 1–3 are diagnostic and cost almost nothing; they sharpen judgement before any technology decision is made.
  • Separating convenience workflows from constitutional-memory workflows prevents over-engineering the records that do not need it.
  • A bounded pilot earns the evidence and confidence that justify extending to AI-assisted and community-facing processes — the order matters.
Discussion topics
  • What is the narrowest viable pilot that still proves the governance value of sovereign deliberation records?
  • Which workflow is genuinely "convenience" and which is constitutional memory wearing a convenience disguise?
  • What would have to be true at the end of a pilot for the board to commit to stage six?

8.4 Trade-offs and what you give up

A sovereign move is not cost-free, and a board does itself no favours by treating it as one. Disciplined adoption work weighs the costs alongside the benefits, and the same risk discipline from 8.1 applies to the sovereign choice itself.

Key teaching points
  • Running cost — sovereign infrastructure has to be paid for, maintained, and operated; that cost is real and recurring, not a one-off.
  • Convenience and integrations — some mainstream-tool convenience, polish, and ready-made integrations are given up, and that friction is felt day to day.
  • Vendor continuity — a smaller or newer provider carries continuity and maturity risk that a large incumbent may not, and that risk must be assessed squarely.
  • Sovereign platform is itself an operator dependence — adopting a single sovereign platform creates its own operator-dependence risk and must be put through the same Module 8.1 taxonomy, not exempted from it.
Discussion topic
  • If you ran the sovereign option itself through the 8.1 risk taxonomy, where would it score worse than your current arrangement — and is that trade-off one your board would knowingly accept?
Self-check

1. What is the purpose of the six-dimension risk taxonomy in 8.1?

The taxonomy ranks records by exposure across dimensions — a single acute dimension can be enough to justify change.

2. According to 8.2, readiness for serious adoption work is primarily a matter of…

Readiness comes from clear self-knowledge, not budget or tooling — a board that cannot locate its constitutional memory is not ready to migrate it.

3. What should the first migration pilot be chosen for?

The first use case should make the value unmistakable — a workshop should leave the board with a pilot hypothesis, not abstract awareness.

Completing the module saves your progress on this device.
← Module 7 Capstone →

Useful so far? Share Module 8 with a colleague, or show a QR code to scan.