Version History
The ARAF standard is actively maintained.
Version history is published here to fulfil three governance obligations: transparency about how the framework has evolved, identification of the version against which any assessment was conducted, and institutional confidence that changes to the standard follow the version discipline and methodological consistency principles established in Standard Governance.
This page operationalises Governance Principle 1 (Version Discipline): each public version is clearly identified by version number, publication date, and changelog, and is distinguishable from prior and future versions.
Version Classification
Section titled “Version Classification”ARAF uses a three-level version numbering convention. Each level carries defined implications for certified organisations, accredited assessors, and institutional audiences.
| Level | Format | Scope of Change | Backwards Compatibility | Reassessment Implication |
|---|---|---|---|---|
| Patch | v3.0.1 | Typographical corrections, text clarifications where intended meaning is unchanged, and updated cross-references. No change to methodology, scoring, thresholds, or evidence requirements. | Fully backwards compatible. Assessments under the prior patch version require no action. | None. No reassessment obligation. |
| Minor | v3.1 | Clarifications to dimensional sub-factor definitions, additions to evidence guidance, expanded examples, new interpretive guidance notes, and additional regulatory alignment mappings. No change to dimensional definitions, GBI scoring logic, multiplier thresholds, or certification tier boundaries. | Backwards compatible. Assessments under the prior minor version remain valid for the period of their certification. Reassessments are conducted against the current version at reassessment time. | Reassessment uses the current version. No accelerated reassessment required. |
| Major | v4.0 | Changes to dimensional definitions, GBI scoring logic, multiplier thresholds, certification tier boundaries, evidence category structure, or accountability chain architecture; or any change that could alter score or certification outcome if an existing assessment were rerun. | Not guaranteed backwards compatible. Transition guidance is published with the major release specifying impacts on existing assessments, transition validity, and reassessment timing under the new version. | Certified organisations are subject to the transition guidance published with the major version. |
The version classification is determined by the standard maintainer at the time of publication. Each version release includes a statement identifying the classification level and the backwards compatibility status.
Version Table
Section titled “Version Table”| Version | Date | Status | Classification | Backwards Compatibility |
|---|---|---|---|---|
| v3.0 | March 2026 | Current | Major (initial public release) | N/A (first public version) |
Version 3.0 — Release Notes
Section titled “Version 3.0 — Release Notes”Publication date: March 2026 Status: Current public open standard Classification: Major (initial public release)
Amendment Protocol Compliance Record (v3.0)
Section titled “Amendment Protocol Compliance Record (v3.0)”v3.0 is classified as a major release under the ARAF amendment protocol because it establishes the first public normative baseline for certification, assessor accreditation, and institutional reliance.
For governance transparency, the v3.0 release record confirms:
- major-release classification rationale published with release notes
- public consultation requirement applied (minimum 60-day consultation period prior to publication; submissions and responses retained in the maintainer publication file)
- impact and compatibility assessment completed (no prior public certification cohort existed before v3.0)
- transition guidance published for assessments and reassessments commenced after publication
- changelog and citation updates published on this page at release
This section is the formal protocol-compliance statement for the v3.0 major release.
What v3.0 establishes
Section titled “What v3.0 establishes”The following components constitute the complete ARAF v3.0 specification:
- The six ARAF dimensions (Autonomy Gradient, Data Sensitivity Exposure, Contract Infrastructure, Liability Architecture, Commercial Leverage, Adaptive Stability) and their sub-factor methodology.
- The Governance Benchmark Index (GBI) composite scoring model (1.0 to 5.0 scale; lower scores indicate stronger governance posture).
- Multiplier logic for compound dimensional weaknesses (Systemic Escalation, Infrastructure Collapse, Leverage Collapse) and the Compound Activation Principle.
- Three certification tiers: ARAF Assessed (no minimum score, 60-day reliance freshness), ARAF Compliant (GBI ≤ 2.50, GCI ≥ 0.70, 12-month validity), ARAF Certified (GBI ≤ 1.75, GCI ≥ 0.85, Tier 1 evidence ≥ 80% of sampled controls, 24-month validity with mandatory 12-month interim surveillance).
- The Governance Coherence Index (GCI) methodology, comprising Authority Adherence, Control Exercise, and Drift Detection, evaluated over a minimum 180-day evidence window. The GCI is combined with the GBI via the penalty formula (Effective Dimension Score = GBI Dimension Score × (2 − GCI Dimension Score)) to determine certification tier eligibility. The GCI methodology was previously published as the Governance Coherence Addendum (GCA v1.0.1), which is superseded by ARAF Standard v3.0, Clause 8.
- The four-link accountability chain (design, deployment, operational, outcome accountability).
- The AIOC governance model (scaling from named founder at seed stage to standing committee at enterprise stage).
- The Decision Supply Chain framework and chain governance requirements.
- The Evidence Infrastructure Standard (EIS-01 v3.0): four evidence components (Execution Event, Contextual State, Authority and Attribution, Integrity Anchor), four evidence tiers (Tier 1 infrastructure-generated, Tier 2 contemporaneous documentation, Tier 3 reconstructed documentation, Tier 4 management representation excluded from certification), and governance agent output admissibility conditions.
- Assessor Accreditation Standard: three qualification domains (governance assessment competence, autonomous systems governance literacy, ARAF methodology proficiency), two accreditation levels (Level 1 Design Adequacy, Level 2 Full Certification), independence requirements, and quality assurance.
- Certification Lifecycle: initial assessment, tier-specific validity periods, event-triggered reassessment with 60-day notification obligation, and certification withdrawal.
Relationship to earlier versions
Section titled “Relationship to earlier versions”ARAF v3.0 is the first public open release. Earlier versions were internal working documents developed during the design and validation phase. They are not publicly available and were not used for external assessments. No backwards compatibility obligations exist between internal working versions and v3.0.
Backwards Compatibility Policy
Section titled “Backwards Compatibility Policy”Changes that would impair comparability across assessment periods or break backwards compatibility with prior certification decisions require explicit justification and transition guidance. This principle, established in Standard Governance under Governance Principle 4 (Institutional Usability), governs all version transitions.
Assessments conducted under earlier versions
Section titled “Assessments conducted under earlier versions”Assessments conducted under a prior version remain valid for the period of their certification. The assessment report records the methodology version applied. Institutional audiences evaluating an assessment report can identify the version against which the assessment was conducted and, by consulting this page, determine whether the current version introduces changes that affect the assessment’s conclusions.
Reassessment version rule
Section titled “Reassessment version rule”Reassessments (both scheduled and event-triggered) are conducted against the current published version of the standard at the time the reassessment commences. Assessors must apply the current version, not the version under which the original assessment was conducted.
Transition guidance for major version releases
Section titled “Transition guidance for major version releases”When a major version is published, the release includes transition guidance specifying:
- which changes affect existing certifications
- whether a transition period applies during which prior-version certifications remain valid
- the deadline by which certified organisations must complete reassessment under the new version
- any dimensional or evidence changes that assessors must apply differently from the prior version
The transition period for a major version release will not be shorter than 6 months from the publication date, providing certified organisations adequate time to prepare for reassessment under the new methodology.
Assessor obligations on version transition
Section titled “Assessor obligations on version transition”Assessors are responsible for applying the current published version of the methodology in all assessments commenced after the publication date of a new version. Assessments in progress at the time of a version change are completed under the version in effect when the assessment commenced.
Change Log
Section titled “Change Log”The change log records every published change to the standard, including patch-level corrections. Each entry identifies version, date, classification level, sections affected, and change description.
| Version | Date | Classification | Sections Affected | Change Description |
|---|---|---|---|---|
| v3.0 | March 2026 | Major (initial public release) | All | Initial public release of the complete ARAF specification, including six dimensions, GBI methodology, GCI methodology (absorbed from GCA v1.0.1), multiplier logic, certification tiers with GCI thresholds, EIS-01 evidence infrastructure standard, assessor accreditation standard, and publication of amendment-protocol compliance and transition guidance. |
The change log will be updated with each subsequent version release.
Citing a Specific Version
Section titled “Citing a Specific Version”When citing ARAF in research, policy documents, regulatory submissions, insurance underwriting guidelines, or assessment reports, include the specific version number. This allows readers to identify the precise methodology used and verify whether later version changes affect the cited content.
Recommended citation format:
Martin, Carly. Agentic Risk Architecture Framework (ARAF), Version 3.0. Institute for Autonomous Governance Pty Ltd, 2026.
Where citing a specific section, append the page title:
Martin, Carly. “Evidence Infrastructure Standard,” in Agentic Risk Architecture Framework (ARAF), Version 3.0. Institute for Autonomous Governance Pty Ltd, 2026.
Notification of Updates
Section titled “Notification of Updates”Version updates are announced through the following channels:
- the ARAF standard website (this page is updated with each release)
- direct notification to accredited assessors (who are required to apply the current version)
- direct notification to organisations holding current ARAF certification where the update affects certification or reassessment obligations
Accredited assessors are responsible for monitoring version updates and applying the current methodology. Certified organisations are responsible for engaging with reassessment obligations triggered by major version releases, as specified in the transition guidance accompanying each major release.
Licence
Section titled “Licence”The ARAF standard is published under Creative Commons Attribution 4.0 International (CC BY 4.0).
The CC BY 4.0 licence permits sharing and adaptation of the framework material for any purpose, including commercial purposes, provided that appropriate credit is given, a link to the licence is provided, and any changes made are indicated.
Scope of the licence
Section titled “Scope of the licence”The CC BY 4.0 licence applies to the standard’s methodology and documentation: the specification, dimensional guidance, GBI methodology, GCI methodology, evidence standard, and all published supporting materials.
What the licence does not cover
Section titled “What the licence does not cover”The following designations are not freely licensed for unrestricted use:
-
Certification designations: The terms “ARAF Assessed,” “ARAF Compliant,” and “ARAF Certified” are certification designations that may only be used by organisations holding current, valid certification issued by an accredited assessor. Use of these designations by non-certified entities, or by entities whose certification has expired or been withdrawn, is prohibited under the Certification Mark and Usage Rules.
-
Assessor accreditation: The designation “Accredited ARAF Assessor” may only be used by individuals or organisations holding current accreditation under the Assessor Accreditation Standard.
The distinction ensures that the methodology remains open and independently reviewable (supporting institutional confidence and regulatory transparency), while the certification ecosystem maintains the integrity that institutional reliance requires.
- See Standard Governance for governance model, governance principles, and development trajectory.
- See Certification and Institutional Reliance for tiers, lifecycle, and institutional reliance guidance.
- See Assessor Accreditation Standard for methodology version adherence obligations.
Citation
Section titled “Citation”Martin, Carly. Agentic Risk Architecture Framework (ARAF), Version 3.0. Institute for Autonomous Governance Pty Ltd, 2026.