Autonomous mobile robots on the move, Governing autonomy | DXC Technology Insights

Article | May 22, 2026

When machines get bodies: Governing autonomy before it governs us

By David Tait, AI Lead, DXC Technology


Autonomous systems are crossing a threshold. Artificial intelligence (AI) now moves, touches and acts in the physical world — through robots, machines, vehicles and infrastructure. The resulting risk is not rogue AI or sentient machines. It is ungoverned autonomy: agents operating at machine speed, connected to imperfect data, deployed through operating models never designed for physical consequence.

This matters because autonomy is no longer peripheral. While services generate roughly two-thirds of global GDP, the remaining share is still produced by sectors anchored in physical assets. AI is being embedded directly into the systems that run this real economy.

When governance failures occur in digital systems, the impact is often financial or reputational. When those same failures are attached to motors, actuators and logistics, they become safety, regulatory and operational risks at enterprise scale.

This discussion reframes AI safety as a governance maturity challenge, not a technology problem. It introduces a practical operating model — the Agentic Control Tower — and shows how it can be executed using platforms enterprises already own, particularly ServiceNow. The core argument: Organizations do not need another AI governance product; they need to govern autonomy differently — by design, before deployment, and continuously thereafter.

AI governance is not limited to platforms and technical controls, it incorporates organizational governance, risk management and an effective operating model to support this new and rapidly evolving paradigm shift. DXC Technology and our XponentiaI framework are helping organizations to comprehensively adapt and address AI governance needs across all layers.

We don’t have an AI safety problem. We have a governance maturity problem.
 

 

Why this is ‘Tuesday,’ not ‘Terminator’

Popular narratives about AI swing between utopia and apocalypse. Robots will save us, or robots will destroy us. Both miss the point.

Imagine a logistics warehouse running hundreds of autonomous mobile robots. A routine overnight update introduces a subtle data mismatch. By morning, several robots have rerouted outside approved zones and one enters a human-occupied area. There is no malice and no ‘sentience’ — just autonomy operating at speed, connected to stale or fabricated data, without effective guardrails.

This is the same failure pattern enterprises have seen for decades with software: rapid deployment, siloed ownership and governance bolted on after something breaks. Physical AI simply makes those familiar gaps consequential.

 

The real threat model

Physical AI will not fail because it becomes malicious. It will fail because organizations deploy autonomy the way they deployed software as a service and automation: quickly, locally optimized and loosely governed. What changes in the physical world is velocity and accumulation — an autonomous system can make tens of thousands of decisions while a human organization makes one. Small inaccuracies in data or policy do not stay small; they compound beyond the point where manual intervention is possible.

The catastrophic scenario is rarely dramatic robot rebellion. It is boring, predictable wrongness at scale: misread barcodes, incorrect temperatures and routing collisions. Each is trivial in isolation; multiplied across thousands of agents and millions of decisions, minor issues become regulatory or reputational events.

The failure modes aren’t science fiction — they’re the ones you already have, except now they have motors attached.

Every robot is only as dangerous as the data and context feeding it — and the governance vacuum surrounding it.

David Tait

AI Lead, DXC Technology

Two futures. Same technology.

Physical AI is often discussed in extremes. In practice, outcomes are determined by the operating model wrapped around autonomy.

  • Governed autonomy is identity bound and policy led, tested before deployment, continuously monitored, and designed to stop safely.
  • Ungoverned autonomy has unclear ownership and scope, moves straight to production, relies on manual oversight at machine speed, and propagates risk through uncontrolled data replication.

Physical AI doesn’t add one new risk; it amplifies all existing governance gaps simultaneously. The danger is cumulative: five gaps, all open, at once — overwhelming controls designed for slower, more static systems.

The Five Amplifiers

In the agentic era, governance is the intellectual property.

As agents optimize workflows, generate operational intelligence, and improve decision quality at machine speed, a strategic question emerges: Who owns that optimization? If learning accumulates inside vendor platforms, enterprises risk outsourcing not just execution, but their competitive moat.

 

The Agentic Control Tower

Governed autonomy requires a control tower: a five-layer operating model that coordinates fast-moving, high-consequence systems with central visibility, clear authority, and controls that work at machine speed.

You don’t govern at the point of failure. You govern at the point of design.

  1. POLICY & IDENTITY LAYER: Every autonomous system has a unique identity, explicit scope and accountable owner — no exceptions.
  2. PRE-GOVERNED CONTROL PLANE: Security, risk and compliance controls are embedded before deployment, not layered on after incidents occur.
  3. DIGITAL TWIN/SIMULATION: Autonomous behavior is tested in synthetic environments before it touches the real world.
  4. ORCHESTRATION ENGINE: Governed handoffs, escalation paths and kill authority that works at machine speed.
  5. FEDERATED DATA LAYER: Governed access to data where it lives — policy enforced at the point of access, not via uncontrolled replication.

For DXC, this operating model is not theoretical. It is delivered through Xponential, DXC’s enterprise AI orchestration framework, which operationalizes the Agentic Control Tower in real organizations — defining how governed autonomy is designed, deployed and scaled in practice.

Xponential embeds governance, risk management and accountability into the way AI solutions are built and operated, aligning people, processes and technology rather than treating governance as a separate control function. This enables organizations to move beyond isolated pilots toward repeatable, compounding AI capability, where learning, controls and operational discipline strengthen over time as autonomy scales.

Making it real: Governing what you already own

This model is practical because it maps to platforms enterprises already operate.

You don’t need to buy a governance platform. You need to govern the platforms you already have — differently.

 

The ServiceNow Agentic Control Tower

ServiceNow can serve as the policy enforcement and workflow governance backbone — not only a ticketing system — using a configuration management database (CMDB) for identity and life-cycle management; governance, risk and compliance (GRC) to encode controls upstream; and Flow Designer/ IntegrationHub to orchestrate governed handoffs across systems.

Enterprise platforms such as SAP or Oracle provide financial governance, compliance automation and enterprise resource planning (ERP) integration for autonomous operations.

Between these platforms sits the orchestration gap: cross-platform, multi-agent coordination; agent registries; governed application programming interfaces (APIs); and protocol integration (A2A/MCP). This is where architecture decisions matter most — because whoever fills it shapes the intelligence layer and the control plane.

What this means in practice (DXC Technology + ServiceNow)

ServiceNow provides the platform foundation for governed autonomy, and DXC provides the operating model to deliver it at scale.

Together, DXC and ServiceNow help organizations deploy governed agents — identity bound, scope limited and monitored from Day 1 — so they can move from proof of value to enterprise scale in weeks, not quarters. Through a continuous AI Factory model, use cases are identified, deployed, governed and improved as an ongoing capability rather than a one-off project.

 

From agents to governed autonomy

Delivered through DXC’s Intelligent Operations platform (the largest managed services provider [MSP] implementation of GenAI globally), outcomes are measured rather than projected.

The governance life cycle: A continuous loop

Governance is not a single gate. It is a continuous life cycle where retirement feeds back into design:

  • Design: Policy by design, threat modeling and simulation planning before production
  • Deploy: Identity bound, scope limited, monitored from Day 1
  • Operate: Continuous telemetry, anomaly detection and human escalation paths (human-in-the-loop, where a human supervises, but is not required for every decision)
  • Learn: Governed release of improvements; no autonomous self-modification without oversight
  • Retire: Decommission, revoke identities and archive decision logs for audit and regulatory queries

Most enterprises cannot tell you how many agents (bots) they have running today. Now imagine those bots have wheels.

 

Will an AI initiative scale or stall?

  • The control plane should be owned cross-functionally. If it sits only within IT, governance can become disconnected from business accountability; if it sits with a vendor, the organization can cede authority over autonomous operations.
  • Institutional knowledge created by agents should accrue to the organization rather than remaining trapped in external models that reduce portability over time.
  • Finally, autonomous operations require a balanced scorecard that goes beyond cost savings to include risk reduction, compliance posture, decision quality and speed-to-insight.

The call to action

The agentic era requires organizations to move from ad hoc automation to governed autonomy. This shift depends on clear identity and accountability for agents, controls embedded before deployment, and continuous monitoring that operates at machine speed.

The Agentic Control Tower provides a practical operating model for this shift, and it is most effective when executed using platforms already in place — particularly ServiceNow — supported by an implementation partner such as DXC.

Organizations already recognize gaps in data quality, identity and change control, as well as fragmented security. When autonomy is connected to machines operating at speed, these gaps become safety- and compliance-critical: Minor operational errors can compound into cascading disruption and regulatory exposure. Addressing this requires governance by design, reinforced through simulation, release discipline and operational telemetry — rather than after-the-fact remediation.

In partnership with DXC — using the Agentic Control Tower operating model and ServiceNow as the governance backbone — organizations can complete four actions: audit the autonomous asset inventory (agents/bots in operation, accountable owners, and data access); standardize identity so every autonomous system has a digital identity, defined scope boundaries and a named human owner; implement a governance-first release gate so no autonomous system moves to production without passing through the control plane (including policy checks, security review and rollback readiness); and simulate a high-risk autonomous workflow in a digital-twin environment before the next release to validate controls and to surface failure modes early.

DXC accelerates delivery through a structured assessment and proof of value, translating these actions into an executable roadmap and repeatable operating cadence.

It bears repeating: Today, we don’t have an AI safety problem. We have a governance maturity problem. And the machines aren’t going to wait for us to grow up.

Learn about DXC's AI Vision

About the author

 

David Tait, AI Lead (APJ), DXC Technology

David Tait, AI Lead at DXC Technology, is an accomplished AI leader with over two decades of experience driving strategic innovation and transformation across large-scale enterprise and government environments. He is an expert in helping organizations to effectively and responsibly adopt AI to transform their businesses. Connect with David on LinkedIn.