AIPS — Governance Obligation & Risk Control Framework (Normative)
1. Behavior Profile Declaration
1.1 Primary Archetype (AIPS-GOV-001)
Every AI Product MUST declare exactly one primaryArchetype.
Allowed values (v0.1):
INFERENCEGENERATIVEAGENTIC
An AI Product SHALL NOT declare more than one primary archetype.
(AIPS-GOV-002)
1.2 Secondary Capabilities (AIPS-GOV-003)
An AI Product MAY declare zero or more secondaryCapabilities.
Secondary capabilities:
- MUST be drawn from the approved archetype ENUM. (AIPS-GOV-004)
- SHALL NOT duplicate the primary archetype. (AIPS-GOV-005)
- SHALL trigger additive governance obligations. (AIPS-GOV-006)
1.3 Governance Stacking Rule (AIPS-GOV-007)
The effective governance obligations of an AI Product SHALL be computed as:
Obligations =
RiskTierObligations
UNION
PrimaryArchetypeObligations
UNION
SecondaryCapabilityObligations
No obligation required by any dimension may be suppressed by another dimension.
(AIPS-GOV-008)
2. AI Products MUST declare an intended riskTier.
(AIPS-RISK-001)
Allowed values: (AIPS-RISK-002)
R0— MinimalR1— LimitedR2— ModerateR3— HighR4— Critical
2.1 Risk Tier Determination (AIPS-RISK-003)
The effective risk tier SHALL be computed as:
effectiveRiskTier =
MAX(
declaredRiskTier,
archetypeMinimumTier,
calculatedImpactTier,
topologyMinimumTier
)
The platform MUST enforce the computed effective tier. (AIPS-RISK-004)
The calculatedImpactTier SHALL be computed by the platform governance engine based on declared impact attributes and SHALL NOT be manually overridden without governance review artifact.
(AIPS-RISK-005)
Impact attributes SHALL include:
- Domain sensitivity
- Decision finality
- Action authority
- Impact scale
- Reversibility
2.2 Archetype Minimum Risk Tier (AIPS-RISK-006)
The minimum baseline risk tier per archetype SHALL be:
- INFERENCE → R1
- GENERATIVE → R1
- AGENTIC → R2
2A. AI Topology Scope Classification
2A.1 Topology Scope Declaration (AIPS-TOPO-001)
Every AI Product MUST declare a topologyScope.
Allowed values (v0.1):
STANDALONEDOMAIN_COUPLEDCROSS_DOMAIN_FEDERATEDENTERPRISE_ORCHESTRATED
Failure to declare topologyScope SHALL result in validation failure.
2A.2 Topology Scope Definitions
STANDALONE (AIPS-TOPO-010)
Operates within a single bounded domain. No cross-division coupling.
DOMAIN_COUPLED (AIPS-TOPO-020)
Interacts within same business division only. No enterprise-level feedback loops.
CROSS_DOMAIN_FEDERATED (AIPS-TOPO-030)
Interacts across divisions. Does not orchestrate enterprise-wide capital allocation.
ENTERPRISE_ORCHESTRATED (AIPS-TOPO-040)
Coordinates behavior across multiple divisions. Influences enterprise-level capital posture, liquidity dynamics, or operational state.
2A.3 Authority Scope Escalation Rule (AIPS-TOPO-100)
If:
primaryArchetype = AGENTIC- AND
topologyScope = ENTERPRISE_ORCHESTRATED
Then:
effectiveRiskTier MUST be R4.
This rule SHALL apply regardless of declaredRiskTier.
2A.4 Federated Influence Escalation (AIPS-TOPO-110)
If:
- topologyScope = CROSS_DOMAIN_FEDERATED
- AND AI Product actions cause capital reallocation or risk posture changes outside originating domain
Then:
- calculatedImpactTier SHALL be evaluated for R4 threshold.
2A.5 Topology Change Re-evaluation (AIPS-TOPO-120)
Any modification to topologyScope SHALL trigger:
- Mandatory risk re-evaluation.
- Governance obligation recalculation.
- Deployment pause pending validation.
2A.6 Undeclared Federation Constraint (AIPS-TOPO-130)
If runtime behavior indicates cross-domain coordination or enterprise-level orchestration not declared:
- Product SHALL be marked non-compliant.
- Deployment SHALL be suspended.
- effectiveRiskTier SHALL be recomputed.
- Governance escalation SHALL be triggered.
2A.7 Topology Minimum Tier (AIPS-TOPO-200)
The topologyMinimumTier SHALL be determined as follows:
- If AIPS-TOPO-100 applies → topologyMinimumTier = R4.
- Otherwise → derived from systemic influence assessment defined in AIPS-TOPO-110.
3. Risk Tier Baseline Obligations
(unchanged R0–R4 obligations retained as previously structured)
4. Archetype-Specific Obligations
(unchanged INFERENCE / GENERATIVE / AGENTIC obligations retained)
5. Hard Constraints & Invalid States
5.1 AGENTIC Risk Floor (AIPS-HC-001)
If AGENTIC declared → effectiveRiskTier MUST NOT be less than R2.
5.2 Financial / Physical Authority Constraint (AIPS-HC-002)
If AGENTIC AND financial/physical control → effectiveRiskTier MUST NOT be less than R3.
5.3 Systemic Authority Escalation (AIPS-HC-003)
If:
- topologyScope = ENTERPRISE_ORCHESTRATED
- OR runtime systemic authority equivalent to ENTERPRISE_ORCHESTRATED
- AND impact irreversibility high
Then:
- effectiveRiskTier MUST be R4.
5.4 R3 Human Override Mandate (AIPS-HC-004)
If effectiveRiskTier ≥ R3 → Human override MUST exist.
5.5 R3+ Immutable Audit (AIPS-HC-005)
If effectiveRiskTier ≥ R3 → Immutable audit logging MUST be enforced.
5.6 R2+ Drift Monitoring (AIPS-HC-006)
If effectiveRiskTier ≥ R2 → Drift detection MUST be active.
5.7 Runtime Consistency (AIPS-HC-007)
Declared archetypes MUST match runtime behavior.
6. Executive Override Artifact (EOA)
(EOA clauses unchanged but structurally retained)
7. Change & Escalation Rules
Include topology in re-evaluation trigger:
Any modification to:
- Archetype
- Secondary capabilities
- Action authority
- Impact scale
- topologyScope
SHALL trigger mandatory risk re-evaluation. (AIPS-CHG-001)
8. Compliance Determination
(unchanged)
9. Learning & Inference Contract (LIC)
(All LIC sections retained exactly as previously defined)
9.8 LIC Validation Requirement (AIPS-LIC-402)
An AI Product SHALL NOT proceed to AIPDS generation without a valid and complete Learning & Inference Contract.
Incomplete or missing LIC SHALL result in deployment block.
9.9 Platform Compilation Requirement (AIPS-LIC-401)
The platform MUST compile the LIC into:
- Evaluation harness
- Monitoring rules
- Drift detection logic
- Escalation workflows
- Runtime guardrails
10. AI Product Maturity Assessment (Informative)
AI Product maturity MAY reference AIPCH characteristics.
Maturity scoring MAY inform governance oversight but SHALL NOT override mandatory obligations defined in this specification.