What ITIL V5 Actually Brings to Military AI Governance
When ITIL Version 5 launched in February 2026, it marked the most significant update to the framework since Version 4 in 2019. PeopleCert designed it as AI-native, meaning AI and automation are treated as standard operating conditions.
ITIL Version 5 didn’t just update the framework — it rebuilt it from the ground up with AI as the default.
The framework unifies product and service management into one eight-stage lifecycle:
- Discover, Design, Acquire, Build
- Changeover, Operate, Deliver, Support
For military AI governance, this structure matters. Each stage creates a defined control point. Early stages support risk identification.
Later stages support monitoring and corrective action.
The dedicated AI Governance module adds policy, accountability, and maturity assessment tools specifically for responsible AI use. The framework draws on 36% completely new content developed to address modern digital and AI-driven operating environments. Critically, the 34 ITIL practices remain unchanged in scope, meaning organisations can adopt new AI governance guidance without dismantling existing service management investments. This integration approach also enhances service request management and aligns IT services with operational objectives.
How AI-Enabled Drones Are Breaking Existing Control Frameworks
AI-enabled drones are not simply faster versions of older unmanned systems — they represent a fundamental shift in how decisions get made during operations. Traditional control frameworks assumed predictable inputs, stable communications, and observable decision chains. AI breaks all three assumptions.
Key breakdowns include:
- Onboard autonomy shifts authority from operators to embedded software when links fail
- Black-box models produce decisions that cannot be traced or explained after the fact
- Adaptive behavior changes over time, making static rule sets obsolete
- Compressed decision cycles eliminate time for human review
Governance built for deterministic systems cannot contain probabilistic ones. MIT researchers have demonstrated that machine learning-based adaptive control algorithms can reduce trajectory tracking error by 50 percent compared to baseline methods, even in wind conditions never encountered during training. AI detection systems have demonstrated the capacity to identify defects, anomalies, or objects with precision exceeding 95 percent, a capability that outpaces the verification and audit mechanisms embedded in conventional governance models. The rapid adoption of cloud-native integration platforms has enabled faster deployment and streamlined integration across complex systems.
How ITIL V5 Change Management Applies to Autonomous Strike Decisions
The breakdown of traditional control frameworks reveals a direct governance gap that ITIL V5 change management is positioned to address. Autonomous strike decisions require structured classification, not assumptions.
ITIL V5 demands organizations define:
- Decision authority across strategy, delivery, and operations
- Pre-authorization risk assessment covering model behavior, sensor reliability, and escalation thresholds
- End-to-end traceability from mission requirement through post-deployment review
- High-consequence approval workflows including technical, legal, and operational validation
A lethal autonomous function is never a routine change. Irreversible outcomes demand explicit accountability, documented rationale, and a defined disablement path before activation occurs. ITIL V5 positions governance closer to work, reducing approval layers while maintaining defined boundaries for high-consequence decisions. Standard changes, modeled changes, and emergency changes each require different handling protocols, ensuring speed and control are balanced according to the risk level of each decision type. Organizations can adopt ServiceNow to automate and enforce these ITIL-aligned workflows.
The Accountability Gap When Machines Recommend Strikes
Autonomous systems that recommend or execute strikes expose a structural flaw in military accountability: no single person is clearly responsible when a machine selects a target and causes harm. AI creates three compounding problems:
When machines select targets and cause harm, no single person is clearly responsible—a structural flaw in military accountability.
- Geographic and temporal distance separates decision-makers from consequences.
- Opacity makes intent, negligence, and foreseeability difficult to prove.
- Compressed decision cycles reduce documentation and human review time.
Command responsibility remains the primary legal anchor. Commanders who deploy systems with foreseeable targeting defects face war-crimes exposure. However, distributed machine agency weakens traditional criminal models, leaving harmful outcomes without clear individual ownership—a genuine governance failure ITIL V5 frameworks must directly address. When accountability for erroneous targeting is unclear, responsibility may fall on programmers, employing companies, deploying commanders, or the State sanctioning utilization. A robust integration strategy that aligns systems, stakeholders, and compliance processes can reduce silos and clarify lines of responsibility.
Where ITIL V5 Draws the Line on Human Authorization
Where governance frameworks draw the line on machine authority matters most when the consequences are irreversible. ITIL V5 positions human authorization as the required checkpoint before high-stakes decisions execute.
AI may analyze, sort, and recommend — but humans retain approval authority. This boundary holds across three decision tiers:
- Routine tasks — automation permitted
- Normal changes — human scheduling and authorization required
- High-consequence actions — human sign-off is non-negotiable
In warfare, that third tier covers targeting and lethal force. ITIL V5’s governance logic is clear: AI advises, humans decide. Treating autonomous weapons as moral agents risks shifting AI from a military tool to a source of moral authority, a concern raised directly by the U.S. Defense Department Defense Science Board.
ITIL V5’s value equation reinforces this logic: value is only realized when outcomes are achieved and risks are removed, and in high-stakes environments, ungoverned automation introduces costs and risks imposed that no efficiency gain can offset. This approach aligns with ITSM principles that emphasize continuous improvement and risk reduction through standardized processes.
