Purpose
This template provides a complete escalation policy for WhatsApp customer service automation, updated for 2026 Saudi enterprise requirements including PDPL compliance, AI governance, and agentic decision systems. As Saudi businesses increasingly adopt governed AI agents for customer service, this template ensures your escalation workflows align with SDAIA guidelines, PDPL Article 6 data protection requirements, and the National AI Strategy's governance framework. Customize it for your business and include it in your Acceptance Pack.
Section 1: Escalation Triggers
1.1 Automatic Escalation (System-Initiated)
| Trigger | Threshold | Action |
|---|---|---|
| Confidence Score | <75% (2026 standard) | Route to human agent |
| Policy-Restricted Topic | Detected via AI governance rules | Route to specialist |
| Sentiment Score | Negative (<-0.4) | Route to senior agent |
| Failed Intent Match | 2 attempts | Route to human agent |
| Sensitive Data Request | Detected (PDPL Article 6) | Block + route to compliance |
| Agentic Decision Conflict | AI agent cannot resolve | Route to human supervisor |
| Regulatory Keyword Match | Detected (e.g., "complaint to SDAIA") | Route to compliance officer |
| Multi-Intent Overload | >3 intents in single message | Route to human agent |
1.2 Customer-Initiated Escalation
| Trigger | Detection Method | Action |
|---|---|---|
| "Agent please" | Keyword + intent match | Route to human agent |
| "Talk to human" | Keyword + intent match | Route to human agent |
| "Manager" | Keyword + context | Route to team lead |
| "Complaint" | Keyword + sentiment analysis | Route to complaints team |
| "PDPL request" | Keyword + compliance flag | Route to DPO/compliance |
| "SDAIA" | Regulatory keyword detection | Route to compliance officer |
| "Data deletion" | PDPL rights keyword | Route to DPO within 30 days |
| "Human supervisor" | Intent match + escalation flag | Route to senior agent |
1.3 Business Rule Escalation
| Scenario | Rule | Action |
|---|---|---|
| Order value >50K SAR | Order lookup + CRM | Route to account manager |
| VIP customer (tier 1) | Customer segment | Route to VIP team |
| After-hours inquiry | Time check (business hours) | Route to on-call or queue |
| Multi-language switch | Language detection | Route to Arabic/English agent |
| AI governance override | Agentic decision flagged | Route to compliance officer |
| Payment dispute >10K SAR | Transaction value threshold | Route to finance team |
| KYC/AML trigger | Identity verification required | Route to compliance specialist |
| Cross-department query | Intent classification | Route to appropriate department |
Section 2: SLA Tiers
2.1 Response Time SLAs (2026 Benchmarks)
| Customer Tier | First Response | Resolution Target | Escalation Deadline |
|---|---|---|---|
| VIP | <1 minute | <10 minutes | 5 minutes |
| Premium | <3 minutes | <20 minutes | 15 minutes |
| Standard | <5 minutes | <1 hour | 30 minutes |
| Enterprise | <2 minutes | <15 minutes | 10 minutes |
| Government | <1 minute | <5 minutes | 3 minutes |
2.2 Escalation Chain
Level 0: AI Agent (automated response + agentic decision)
↓ (trigger met)
Level 1: Customer Service Agent (general queries)
↓ (unresolved after 20 min)
Level 2: Team Lead (complex issues)
↓ (requires approval/exception)
Level 3: Manager (complaints, VIP issues)
↓ (policy violation, legal)
Level 4: Compliance/Legal (PDPL, sensitive matters)
↓ (regulatory escalation)
Level 5: DPO/SDAIA Liaison (data protection, regulatory reporting)
Section 3: Handoff Protocol
3.1 Information Passed to Agent
When escalating, the system provides:
- Customer Context: Name, segment, order history summary, consent status, PDPL data handling preferences
- Conversation Summary: Last 10 messages + AI interpretation + sentiment trend + intent confidence scores
- Escalation Reason: Specific trigger that caused handoff + governance flag + regulatory relevance
- Suggested Response: AI's best-guess response for review (with confidence score and reasoning)
- Knowledge Base Links: Relevant articles for the query + PDPL compliance references
- PDPL Data Masking: Sensitive fields masked per policy (name, phone, payment info)
- Agentic Decision Log: AI's decision path, confidence scores, and any override flags
- Consent Status: Current opt-in/opt-out status for data processing
3.2 Agent Takeover Procedure
- Agent receives notification with context (within 5 seconds)
- Agent reviews conversation summary (20 seconds max)
- Agent sends acknowledgment message to customer
- Agent resolves or escalates further
- Agent logs resolution and tags for AI training
- System updates AI model based on human resolution
- Compliance check: Agent verifies PDPL data handling during interaction
- Quality assurance: Random audit of 10% of escalated interactions
3.3 Customer Communication
Automated Handoff Message (English):
"I'm connecting you with a specialist who can help better. They'll be with you in [X] minutes. Your data is handled securely per Saudi PDPL regulations. You can request data deletion or access at any time. Thank you for your patience."
Automated Handoff Message (Arabic):
"سأوصلك بمتخصص يمكنه المساعدة بشكل أفضل. سيكون معك خلال [X] دقائق. يتم التعامل مع بياناتك بشكل آمن وفقاً للائحة حماية البيانات الشخصية السعودية. يمكنك طلب حذف بياناتك أو الوصول إليها في أي وقت. شكراً لصبرك."
Section 4: PDPL-Aware Guidelines
4.1 Data Handling During Escalation
| Data Type | AI Access | Agent Access | Logging |
|---|---|---|---|
| Name | No (default) | Yes (with consent) | Masked in logs |
| Phone | Hash only | Yes (with consent) | Masked in logs |
| Order Details | Read-only | Full | Audit trail |
| Payment Info | Never | View-only (PCI scope) | Masked in logs |
| Conversation | Summary only | Full | Retention: 90 days (PDPL compliant) |
| Biometric/Voice | Never | Never | Not collected |
| Location Data | Never | With explicit consent | Masked in logs |
| Government ID | Never | With explicit consent | Encrypted + masked |
4.2 Consent Management
- Bot informs customers of recording at conversation start (PDPL Article 13)
- Opt-out option available at any time via "Stop recording" keyword
- Escalation to human includes consent status and data handling preferences
- Data deletion requests routed to compliance within 30 days (PDPL Article 17)
- Consent records stored for audit (retention: 2 years)
- Customers can access their data via "My data" keyword (PDPL Article 16)
- Consent withdrawal does not affect lawfulness of prior processing
- Minors' data handled with parental consent verification
Section 5: Quality Monitoring
5.1 Escalation Metrics (2026 Targets)
| Metric | Target | Alert Threshold |
|---|---|---|
| Escalation Rate | <20% | >25% |
| Agent Response Time | <2 minutes | >5 minutes |
| Resolution Rate (Level 1) | >80% | <70% |
| Customer Satisfaction (CSAT) | >4.5/5 | <4.0/5 |
| PDPL Compliance Rate | 100% | <99% |
| AI Governance Flag Rate | <5% | >10% |
| First Contact Resolution | >70% | <60% |
| Average Handling Time | <8 minutes | >12 minutes |
| Agent Adherence to PDPL | 100% | <98% |
5.2 Continuous Improvement
- Monthly review of escalation triggers and thresholds
- Quarterly AI model retraining based on human resolutions
- Annual PDPL compliance audit with SDAIA alignment
- Real-time dashboard for escalation metrics
- Agent feedback loop for AI training data
- Bi-annual bias audit on escalation patterns
- Customer feedback integration into AI training
- Cross-departmental review of escalation workflows
Section 6: Governance & Compliance
6.1 AI Governance Rules
- All AI decisions logged with confidence scores and reasoning
- Human override capability for any automated decision
- Monthly bias audit on escalation patterns
- Compliance officer review of sensitive escalations
- Agentic decision logs retained for 2 years
- AI model version control for audit trail
- Regular SDAIA guideline alignment checks
- Third-party AI governance audit annually
6.2 PDPL Compliance Checklist
| Requirement | Status | Owner |
|---|---|---|
| Consent collection at start | Implemented | Compliance |
| Data minimization in escalation | Implemented | Engineering |
| Right to access data | Implemented | Customer Support |
| Right to deletion | Implemented | Compliance |
| Breach notification protocol | Implemented | Security |
| Data retention policy | Implemented | Legal |
| Cross-border data transfer controls | Implemented | DPO |
| Data processing register | Implemented | Compliance |
| DPO appointment | Implemented | HR |
| Employee training on PDPL | Implemented | HR |
Section 7: Implementation Notes
7.1 Customization Guidelines
- Adjust thresholds based on your industry (banking: lower thresholds, fintech: KYC triggers)
- Add industry-specific triggers (e.g., KYC for fintech, medical advice for healthcare)
- Integrate with your CRM for VIP detection and customer history
- Test escalation flows with real customer scenarios and edge cases
- Train agents on PDPL data handling procedures and customer rights
- Consider seasonal adjustments (Ramadan, Hajj, peak shopping periods)
- Align with SDAIA's AI ethics principles for all automated decisions
- Document all customization decisions for audit purposes
7.2 Technical Requirements
- WhatsApp Business API (Meta-approved provider with Saudi data residency)
- AI agent platform with escalation capabilities and governance logging
- CRM integration for customer context and VIP detection
- PDPL-compliant data storage (KSA-based or approved jurisdiction)
- Real-time monitoring dashboard with escalation metrics
- Audit log system with 2-year retention
- Consent management system integrated with WhatsApp
- Data masking and encryption for sensitive fields
- API gateway for secure integration with existing systems
Downloadable Template
Download the WhatsApp Escalation Policy Template (PDF)
This editable PDF includes all sections above with fillable fields for your organization's specific thresholds, team structures, and compliance contacts. Use it as your operational playbook for governed AI customer service.
This template is updated for 2026 Saudi enterprise requirements and aligned with SDAIA's AI governance framework. Customize based on your specific business needs, industry regulations, and PDPL compliance obligations. For AI governance support, contact LeenAI's compliance team at [email protected] or visit our AI Governance page.
Author: LeenAI Compliance Team
Last Updated: July 2026
Version: 2.0
Review Cycle: Quarterly
For implementation support, book a consultation with our AI governance specialists: Schedule a Demo
