Amazon Did Not Have a Coding Problem. It Had a Governance Architecture Problem.

What the AWS outages reveal about the difference between oversight and governance — and why "senior sign-off" is not a fix.

Roshan Ghadamian··6 min read

What Happened

In early March 2026, Amazon's most senior eCommerce technology leader convened a mandatory all-hands with his most senior retail technology leaders. The trigger: four Sev-1 incidents in a single week. An internal memo identified "genAI tools supplementing or accelerating production change instructions, leading to unsafe practices" as a contributing factor.

The response: junior and mid-level engineers can no longer push AI-assisted production changes without senior approval.

Amazon has disputed that AI-generated code caused the outages. The governance argument does not depend on resolving that dispute.

Because the governance response — senior sign-off — addresses the operational link. The problem was built into the design link.

The Four-Link Accountability Chain

Every consequential institutional action has four accountability links: design (who authorised the system), deployment (who scaled it), operations (who monitored it), and outcomes (what happened).

The design link is visible in who called the meeting. The executive who convened the mandatory all-hands to address the consequences of AI-assisted code failures is the same executive who signed the November 2025 memo mandating Kiro as Amazon's standard AI coding tool, setting an 80 per cent weekly usage target across the engineering organisation. When the person who made the design decision is the person managing the operational failure, the four-link accountability chain has not been exercised. It has collapsed.

Between October 2025 and January 2026, Amazon cut 30,000 corporate engineers — roughly ten per cent of its corporate workforce — while simultaneously mandating 80 per cent weekly adoption of an agentic AI coding tool. The people who held institutional knowledge of why the systems were built the way they were exited. The AI was then deployed into that knowledge vacuum, at a corporate-OKR-tracked adoption rate, under an executive publicly claiming $2 billion in AI cost savings from the same deployment.

What was not measured: the governance risk produced by that deployment.

Senior Sign-Off Is Governance Theatre

Amazon's response installs an additional reviewer in the approval chain. This is the same structural response that failed in 2008, when adding one more reviewer to the mortgage approval chain could not address the underlying problem of mortgages that no one had verified at the point of origination.

Oversight and governance are not the same thing. Oversight is a procedural requirement: a senior engineer must approve before deployment. Governance is an institutional requirement: the organisation must be able to reconstruct, from contemporaneous records, who made which decisions, on what information, and with what authority.

The engineers now required to obtain sign-off are not, in most cases, junior. At Amazon, mid-level engineers (L5, SDE II) typically carry three to ten years of industry experience. Requiring an engineer at that level to obtain senior sign-off for AI-assisted production changes is an implicit acknowledgement that the organisation does not trust the output of its own mandated tool below the senior level. That risk assessment should have preceded the adoption mandate.

Senior sign-off applied to AI-generated code that no one fully understands produces approval without comprehension. The system now has one more reviewer. It does not have a governance record.

The Reconstructability Problem

The clearest evidence that no governance record exists: on the day of the meeting itself, Amazon edited its own briefing document. An initial version identified "GenAI-assisted changes" as a contributing factor. Before the meeting began, that bullet point was deleted.

An organisation with adequate governance infrastructure does not need to edit the causal attribution out of its own incident briefing on the morning of the meeting called to address that incident.

A governance record is not just a document. It is a decision artefact produced at the moment the governance decision occurs, by the person with authority to make it, recording what was known, what was decided, and why. It cannot be reconstructed after the fact. The moment at which it most needs to satisfy an evidentiary standard — an incident, an investigation, a board inquiry — is precisely the moment at which it is too late to build it.

This is what we call the Proof Layer: the infrastructure that produces contemporaneous evidence at the moment of action, not retrospective documentation after the fact.

The Three Questions That Matter

ASIC v Bekier [2026] FCA 196, handed down on 5 March 2026 — ten days before the Amazon meeting — establishes the governing accountability standard. The court asks three questions of any governance record:

Who was responsible? Not who signed the approval form. Who held institutional accountability for the decision to mandate AI tool adoption at scale, under an 80 per cent usage OKR, while simultaneously reducing experienced engineering headcount by tens of thousands?

What did they know? What information existed, at the time of the design decision, about the reliability of AI-generated code at scale? When the $2 billion cost savings figure was presented at AWS re:Invent in December 2025, what governance data sat alongside it?

What did they do? Amazon attributed the December 2025 Kiro incident to "user error." Amazon's own COE process requires asking whether that attribution completed the root cause chain, or whether it stopped one level above the design-link question.

These questions are answerable. But they are answerable only from contemporaneous records — governance artefacts produced at the moment decisions were made, not reconstructed after an incident reveals their absence.

Governance Telemetry: What Would Fix This

The gap is structural and specific. Three things are required:

Classification. AI-assisted code changes affecting production systems at scale are not routine operational decisions. A risk classification framework identifies the governance threshold — the point at which a deployment decision requires institutional authorisation, not engineering sign-off. For Amazon, that framework would distinguish between AI-assisted changes with narrow, reversible blast radius and agentic changes with operator-level permissions affecting production infrastructure.

Evidence architecture. What we call governance telemetry — distinct from engineering telemetry. Engineering telemetry tells you what the system is doing. Governance telemetry tells you who decided, on what basis, and with what authority. At Amazon's scale, this doesn't need to cover every deployment. It needs to cover the decisions at the design link: adoption mandates, tool standardisation decisions, OKR-level targets that shape deployment behaviour across tens of thousands of engineers.

Accountability assignment. The four-link chain requires explicit assignment at each link before deployment, not after an incident. Who holds design accountability for the adoption mandate? Who holds deployment accountability for the decision to scale AI-assisted changes? These assignments are governance decisions that take the existing structure and make the accountability positions within it explicit, documented, and reconstructable.

Having principles on the wall is not the same as having architecture at the design link. The architecture is what makes the principles reconstructable when it matters.

What This Means for Every Organisation

Amazon is not an outlier. It is the leading indicator.

GitClear analysed 211 million lines of code and recorded an eightfold increase in code duplication over two years. The Google DORA Report for 2024 found that a 25 per cent increase in AI usage accelerates code review while simultaneously reducing release reliability by 7.2 per cent. A METR study found that experienced developers using AI tools were objectively 19 per cent slower while subjectively rating their own speed as 20 per cent faster. The metric says one thing. The understanding says another.

What these studies describe as a knowledge gap — engineers shipping more while understanding less — is, at the institutional level, a reconstructability gap. If engineers cannot explain what the code does, the organisation cannot produce a governance record of why it was deployed.

The organisations that will emerge from this period with governance postures adequate for regulatory scrutiny, insurance underwriting, and investor accountability are the ones that treat governance architecture as a precondition of deployment — not a response to failure.

Constellation is governance infrastructure that produces contemporaneous evidence at the moment of action. Every consequential action is checked against the institution's own constraints, enforced, and traced — automatically. The proof layer exists before anyone needs it, because the moment you need it is the moment it's too late to build it.

Related Glossary Terms

Governance DebtAgentic AI Governance

Related Posts

ASIC v Bekier: The Three Questions Every CEO, CFO, and Director Must Now AnswerA landmark Federal Court decision, handed down 5 March 2026, establishes the governing accountability standard for institutional governance. Here is what it means for you.The Governance Bottleneck: Why AI Investment Hits a CeilingAmdahl's Law predicted this fifty years ago. Your AI agents are fast. Your governance isn't. Here's why that's the constraint that matters.Corporate Governance in 2026: What's Changed and What Hasn'tAI agents are making decisions, teams are distributed, and the speed of business has doubled. Board structures haven't moved.

See governance infrastructure in action

Constellation enforces corporate governance at the moment of action — for both humans and AI agents.

How it worksFree governance health check
← All postsBrowse glossary →