A Practical Guide for Deployment Managers
You are deploying AI whether you planned to or not. Your employees are already running Claude Code in their terminals, transcribing every meeting with AI tooling, and wiring homemade apps into their workflows without security review. The question is how to turn that unmanaged use into deliberate capability.
This Capability Maturity Model maps that path across five levels: Shadow, Sanctioned, Designed, Infrastructural, and Planetary — from the first unsanctioned use to the point where AI is invisible civilizational coordination infrastructure.
The conventional AI governance response — acceptable use policies, data boundaries, approved tool lists — addresses the wrong question. The right question is protocol design: specifying coordination rules at the handoff points where AI output enters organizational accountability.
Building capability systematically means clearing each level's governance requirements before advancing to the next. Each transition requires a different kind of governance. The failure modes at each level are predictable.
Most organizations are at Level 1 or early Level 2. That is the expected starting point, not a failure. The assessment below identifies where your organization sits, which failure modes you are most exposed to, and what the next move looks like.
Each level describes an organizational state with characteristic governance challenges and failure modes. Levels 1–3 are actionable today. Levels 4–5 are projected.
Adoption maturity is defined by an organization's ability to govern uncertainty.
Most organizations apply enterprise-software governance logic to AI: policies, compliance controls, tooling checklists. That logic was designed for deterministic processes. AI systems are probabilistic. The mismatch produces characteristic failures — shadow adoption, quality floor collapse, liability exposure, over-reliance. The conventional response treats this as a control problem. The right framing is protocol design.
The unit of maturity in this model is the organization's ability to govern uncertainty productively: to define which AI outputs require human verification, to enforce that oversight, and to learn from failures when they occur.
Individuals with domain expertise are already discovering new protocols through daily AI use. Organizational standardization lags behind by design: the protocols worth formalizing are those that have proved their value through individual experimentation. The model describes how organizations close that gap.
Levels 1–3 describe organizational states deployment teams can act on directly. Levels 4–5 describe what happens when AI governance becomes an industry and civilizational challenge, beyond what any single organization controls.
Read the diagnostic question at the bottom of each card — one of these patterns is probably yours.
Answer based on where your organization is today. Six months from now is not the question.
Covers AI adoption, organizational governance, and protocol design — written for practitioners, not vendors.
Subscribe ↗If you're navigating Level 2 or 3, we run structured working sessions on governance protocol design.
Get in touch ↗Essays from Protocolized on protocol thinking, AI adoption, and organizational design.