AIA Impact Levels I Through IV Explained: What Each Level Actually Requires From Your Team
Published March 2026
~9 min read
Who This Is For
Program owners, project managers, and legal reviewers who need to translate an AIA impact level into staffing, approvals, timelines, and ongoing obligations.
What You'll Learn
What types of systems land at each level, the specific obligations triggered at each tier, and how to plan your project around them.
Key Point
Your AIA impact level is not a score you file away. It determines whether you need senior executive approval, whether a human must review every decision, whether you owe the public a technical explanation of your algorithm, and whether you need one peer reviewer or two.
How the Level Is Calculated
The scoring algorithm takes your 65 risk responses and 41 mitigation responses, applies the 80% threshold rule, and maps the adjusted score to one of four ranges. You do not choose the level. If you believe it's wrong, update inputs or redesign the system. For background on the framework itself and why these tiers were designed this way, see what an AIA is.
Level I — Little to No Impact
Typical systems:
Email sorting, document routing, low-value eligibility checks.
Obligations:
- • Full automation permitted
- • No peer review, no GBA+
- • Delegated approval
- • FAQ-based explanations
- • Scheduled AIA reviews
- • Minimal administrative burden
Level II — Moderate Impact
Typical systems:
Immigration triage, EI screening, benefit routing, LMIA processing. Most published federal AIAs land here.
Obligations:
- • Peer review by 1+ qualified expert, published before production
- • GBA+ required
- • Meaningful per-denial explanations — not generic FAQs
- • Full automation still permitted
Project planning:
Add 1–3 months for peer review. Budget for bilingual publication. Build explanation logic. Assign a GBA+ lead.
This is where the AIA stops being a form and starts being a multi-month project. You are coordinating peer review, GBA+, explanation design, and publication across multiple teams. The information is straightforward. The coordination is where it gets hard.
Level III — High Impact
Typical systems:
Security clearance decisions, professional licensing, longer-term benefit determinations.
Key requirement:
A human must be involved before the final decision. Not a rubber stamp — a qualified person with override authority who meaningfully reviews each case.
Additional:
- • Senior management approval before production
- • Plain-language system description published
- • Explanations include system logic, not just the outcome
Level IV — Very High Impact
Typical systems:
Parole, refugee status, national security assessments.
Obligations:
- • Final decision must be made by a person
- • Deputy Minister approval
- • 2+ peer reviewers
- • Comprehensive public transparency
- • Continuous monitoring
The requirements at Level IV are deliberately onerous. TBS designed them to strongly discourage very high-risk automated deployments without proportionate safeguards. Some departments redesign their systems to reduce the impact level rather than meeting Level IV requirements — which is the framework working as intended.
Full Comparison Table
| Obligation | Level I | Level II | Level III | Level IV |
|---|---|---|---|---|
| Full Automation | Yes | Yes | No | No |
| Human Oversight | Not required | Not required | Before final decision | Makes final decision |
| Peer Review | None | 1+ expert | 1+ expert | 2+ experts |
| GBA+ | No | Yes | Yes | Yes |
| Approval | Delegated | Delegated | Senior mgmt | Deputy head |
| Explanation | FAQ | Per-decision | Decision + logic | Comprehensive |
Key Takeaway
At Level II and above, the AIA becomes a multi-month project with parallel workstreams and cross-functional dependencies. Knowing the requirements is the easy part. Tracking who owns what, what evidence is collected, and whether you are on schedule — that is not a knowledge problem. It is a coordination problem. See how AIA Simplified approaches this in our solutions overview.