Skip to content
ARAF Standard ARAF Standard ARAF Standard

ARAF Specification: Formal Structure

Agentic Risk Architecture Framework (ARAF)

Section titled “Agentic Risk Architecture Framework (ARAF)”

Version 3.0
Published 2026

Introduction

Section titled “Introduction”

The Agentic Risk Architecture Framework (ARAF) is an open governance standard defining the classification and certification infrastructure required for autonomous system governance. It provides the structural layer that connects AI system architecture to institutional oversight obligations.

ARAF is designed to answer a governance problem that existing policy frameworks, ethics principles, and controls libraries do not fully resolve: how autonomous systems become governable by the institutions that must assume responsibility for their behaviour.

Governance Problem

Section titled “Governance Problem”

Autonomous systems create a structural break in institutional accountability. Traditional governance models assume that consequential decisions are made by identifiable humans acting within defined authority structures. Autonomous systems weaken that assumption by introducing decision processes that operate at machine scale, through probabilistic logic, and across distributed technical and organisational environments.

The resulting problem is not merely model risk, data risk, or operational risk. It is a governance architecture problem. Institutions need a way to classify governance exposure, assign accountability, generate evidence, and communicate governance posture in a form that boards, regulators, insurers, and investors can use.

Trust Architecture

Section titled “Trust Architecture”

ARAF defines trust architecture as the governance infrastructure that converts autonomous systems from opaque operational risk into institutional-grade assets that can be classified, governed, insured, financed, and relied upon.

Trust architecture consists of:

  • classification
  • accountability architecture
  • evidence standards
  • certification

Each layer performs a distinct governance function. Together they create the conditions under which autonomous systems become institutionally legible.

→ See Trust Architecture

Decision Supply Chain

Section titled “Decision Supply Chain”

ARAF treats autonomous decisions as products of a broader decision environment rather than of a single model alone. Consequential decisions are increasingly produced through a distributed chain of systems, data sources, human reviewers, providers, and execution infrastructure.

This chain must itself be governed. A system-level assessment without chain-level accountability and evidence continuity governs only part of the exposure.

→ See Decision Supply Chain

Six ARAF Dimensions

Section titled “Six ARAF Dimensions”

The framework assesses governance posture across six dimensions:

  1. Autonomy Gradient
  2. Data Sensitivity Exposure
  3. Contract Infrastructure
  4. Liability Architecture
  5. Commercial Leverage
  6. Adaptive Stability

Together these dimensions produce a governance profile rather than a single abstract judgement.

→ See Six ARAF Dimensions

Governance Benchmark Index (GBI)

Section titled “Governance Benchmark Index (GBI)”

The Governance Benchmark Index (GBI) is the composite scoring model used within ARAF. It converts the six-dimensional assessment into a comparable governance signal while preserving dimensional visibility and multiplier logic.

Multipliers represent systemic instability triggers created by interacting governance dimensions. When specified dimensional thresholds are reached simultaneously, the interaction produces governance conditions that significantly increase institutional risk. In these circumstances the base governance score is adjusted by a defined multiplier increment.

MultiplierTriggerIncrementGovernance implication
Systemic EscalationD1 ≥ 4 AND D4 ≥ 4+3High autonomy combined with inadequate liability architecture. The system produces consequential decisions at scale with no structural liability containment.
Infrastructure CollapseD3 ≥ 4 AND D1 ≥ 3+2Infrastructure Collapse occurs when contractual governance infrastructure is inadequate relative to the level of autonomous action the system is authorised to take. Trigger conditions include: (A) absence of documented decision authority allocation across the supply chain; (B) contractual terms that do not address autonomous decision consequences; absence of liability caps or indemnification provisions calibrated to AE3 exposure; absence of escalation and override provisions; and absence of D6 Infrastructure Dependency Stability documentation. Trigger: D3 ≥ 4 AND D1 ≥ 3.

An underwriter assessing a system with Infrastructure Collapse active faces a deployment where autonomous action volume is not supported by the contractual architecture required to allocate, cap, or transfer the liability that volume creates.

| Leverage Collapse | D5 ≥ 4 AND D4 ≥ 3 | +2 | High commercial dependency combined with inadequate liability architecture. The system is structurally resistant to remediation. | | Political Cascade | D5 ≥ 4 AND D3 ≥ 3, single-provider dependency, government-adjacent customer concentration | +2 | Government designation events can convert customer concentration into immediate revenue disruption where contract infrastructure does not address the cascade mechanism. | | Probabilistic Cascade | D1 ≥ 4 AND D6 ≥ 4 | +2 | Probabilistic Cascade occurs when autonomous system behaviour can evolve faster than the governance architecture responsible for controlling it. In these conditions, the governance posture assessed at deployment may not reflect the governance posture operating when consequential decisions occur. |

A GBI score applies to the deployment node declared at assessment intake. The score reflects the governance posture of that node at the time of assessment. It does not extend to other nodes operated by the same organisation unless those nodes have been separately assessed and scoped.

Higher GBI numbers represent greater governance risk, not stronger performance.

→ See Governance Benchmark Index (GBI)

Certification

Section titled “Certification”

Certification is the mechanism that allows governance posture to travel through markets. It converts assessment output into a compressed, independently verified signal that institutional audiences can use without conducting the full assessment themselves.

ARAF defines three certification tiers:

  • ARAF Assessed
  • ARAF Compliant
  • ARAF Certified

→ See Certification

Institutional Translation

Section titled “Institutional Translation”

ARAF is designed to function across multiple institutional audiences. The same governance architecture produces different decision-useful outputs for each:

  • boards need oversight-grade accountability and reporting
  • regulators need demonstrable governance evidence
  • insurers need risk classification and underwriting visibility
  • investors need diligence-grade governance comparability

The framework is therefore not only technical or legal. It is translation infrastructure between autonomous system architecture and institutional decision-making.

Citation

Section titled “Citation”

Martin, Carly. Agentic Risk Architecture Framework (ARAF), Version 3.0. Institute for Autonomous Governance Pty Ltd, 2026.