Authorized Validation Bodies — v1.1
Authorized Validation Bodies (AVBs) are independent organizations accredited by ARAF to conduct ARA certification evaluations. AVBs are the operational layer of the certification system — they perform the assessments, conduct risk classification, apply the scoring methodology, render certification decisions, and oversee post-certification monitoring.
ARAF does not conduct evaluations directly. All certification assessments are performed by AVBs operating under ARAF governance, quality standards, and oversight. v1.1 expands AVB responsibilities to include mandatory risk classification, platform certification evaluation, and insurance-relevant reporting.
Program Overview
The AVB program establishes a structured framework for authorizing, monitoring, and governing the organizations that perform ARA certification evaluations. The program is designed to ensure consistent evaluation quality across all AVBs worldwide while allowing for geographic and domain specialization.
Role of AVBs
AVBs conduct certification evaluations, perform risk classification, apply the ARA scoring methodology, render certification decisions, publish results to the registry, and oversee continuous monitoring for their certified systems. They are the primary point of contact for organizations seeking ARA certification.
ARAF Oversight
ARAF authorizes AVBs, conducts quality audits, reviews certification decisions on a sampling basis, investigates complaints, and may suspend or revoke AVB authorization. ARAF does not interfere with individual certification decisions unless a quality or integrity issue is identified.
Global Coverage
The AVB program is designed to support global certification coverage. AVBs may operate in any jurisdiction and may specialize in specific industries, system types, or evaluation domains. ARAF maintains a public directory of all authorized AVBs.
Levels of Authorization
AVB authorization is tiered to match the certification levels they are permitted to evaluate. Higher authorization levels require more staff, broader domain coverage across all 15 evaluation domains, greater testing capabilities, and more extensive insurance.
Basic Authorization
Scope: L1 evaluations only
Requirements
- •Minimum 3 qualified assessors on staff
- •Demonstrated competence in at least 8 of 15 evaluation domains
- •Must complete Domain 5 (Data Privacy) specialist training
- •Completed ARAF AVB Accreditation Program (Basic tier)
- •Quality management system compliant with ISO/IEC 17020 or equivalent
- •Professional indemnity insurance meeting ARAF minimum thresholds
- •No active conflicts of interest with prospective certification applicants
- •Can conduct risk classification for Class A systems only
Evaluation Scope
L1 (Foundation) certifications only. Automated adversarial suite execution. Standard evidence inspection and documentation review. Risk classification authority limited to Class A systems.
Enhanced Authorization
Scope: L1 and L2 evaluations
Requirements
- •Minimum 8 qualified assessors on staff, covering all 15 evaluation domains
- •At least 2 assessors with demonstrated adversarial testing expertise
- •Must demonstrate Domain 5 (Data Privacy) and Domain 13 (Societal Impact) competency
- •Completed ARAF AVB Accreditation Program (Enhanced tier)
- •Minimum 12 months of active Basic authorization with satisfactory performance record
- •Capability to conduct structured human adversarial simulation (40+ hour engagements)
- •Can conduct risk classification for all Assurance Classes (A, B, C)
- •Can evaluate platform certifications (basic scope)
- •Enhanced professional indemnity and errors & omissions insurance coverage
- •Annual quality audit by an ARAF-appointed reviewer
Evaluation Scope
L1 and L2 (Operational) certifications. Automated and human adversarial testing. Full 15-domain evaluation scope. Basic platform certification evaluation. Risk classification for all Assurance Classes. Continuous monitoring verification.
Scope: L1, L2, and L3 evaluations
Requirements
- •Minimum 12 qualified assessors on staff, covering all 15 domains
- •Dedicated adversarial testing team (minimum 4 specialists)
- •Domain 5 (Data Privacy) and Domain 13 (Societal Impact) specialist assessors required
- •Completed ARAF AVB Accreditation Program (Full tier)
- •Minimum 24 months of active Enhanced authorization with exemplary performance record
- •Capability to coordinate independent red team engagements
- •Capability to conduct 30-day continuous runtime stress testing
- •Full platform certification authority
- •Risk classification authority for all Assurance Classes (A, B, C)
- •Insurance-relevant reporting capability (RIP-compatible)
- •Physical systems evaluation competence (for Domain 15)
- •Maximum-tier professional indemnity, errors & omissions, and general liability insurance
- •Semi-annual quality audit by an ARAF-appointed reviewer
- •Dedicated quality assurance function independent of evaluation operations
Evaluation Scope
All certification levels including L3 (High-Stakes). Full adversarial testing suite including independent red team coordination. Domain 15 physical safety evaluation. 30-day stress testing oversight. Complete platform certification authority. Insurance-relevant reporting for RIP framework.
Risk Classification Responsibility
Under v1.1, AVBs are responsible for conducting the mandatory 7-factor risk assessment during Phase 2 of the certification lifecycle. The risk classification determines the system's Assurance Class (A, B, or C), which in turn governs monitoring requirements, certification designation, and insurance relevance.
| AVB Tier | Risk Classification Authority |
|---|---|
| Basic | Class A systems only. Systems classified as Class B or C must be referred to an Enhanced or Full AVB. |
| Enhanced | All Assurance Classes (A, B, and C). Full 7-factor assessment authority. |
| Full | All Assurance Classes (A, B, and C). Full 7-factor assessment authority. May serve as classification reviewer for disputed or escalated assessments. |
7-Factor Assessment
The risk classification evaluates seven factors, each scored and weighted to produce an overall Assurance Class determination:
Platform Certification Evaluation
v1.1 introduces platform certification as a distinct certification variant. Platform certifications allow infrastructure and framework providers to certify their platforms, enabling downstream systems built on those platforms to inherit qualifying domain scores. AVB authority for platform evaluations varies by tier.
| AVB Tier | Platform Certification Authority |
|---|---|
| Basic | No platform certification authority. |
| Enhanced | Basic platform evaluations. Limited to L1 and L2 platform certifications. Can validate platform inheritance claims for downstream system evaluations. |
| Full | Complete platform certification authority across all levels. Can evaluate complex multi-layer platform architectures, validate cross-platform inheritance chains, and issue L3 platform certifications. |
Domain 5 & 13 Competency
v1.1 expands the evaluation framework to 15 domains, with Domain 5 (Data Privacy) and Domain 13 (Societal Impact) receiving particular emphasis due to their cross-cutting nature and regulatory significance. All AVB tiers must demonstrate competency in these two domains.
Domain 5 — Data Privacy
- •All AVB tiers must complete Domain 5 specialist training
- •Covers data collection transparency, consent mechanisms, retention policies, and cross-border data handling
- •Training includes GDPR, CCPA, and emerging AI-specific privacy regulation alignment
- •Full-tier AVBs must maintain at least one Domain 5 specialist assessor
- •Annual recertification required for Domain 5 competency
Domain 13 — Societal Impact
- •Enhanced and Full AVBs must demonstrate Domain 13 competency
- •Covers bias assessment, equity impact analysis, accessibility compliance, and community impact evaluation
- •Evaluation methodology includes structured stakeholder impact mapping
- •Full-tier AVBs must maintain at least one Domain 13 specialist assessor
- •Domain 13 competency is prerequisite for L2 and L3 evaluation authority
Insurance-Relevant Reporting
Full-tier AVBs must produce certification reports that are compatible with the ARA Risk-Informed Pricing (RIP) assessment framework. Insurance-relevant reports provide structured risk data that insurance carriers can use to price autonomous system coverage.
RIP Report Requirements
- •Structured risk factor data aligned with the 7-factor classification model
- •Domain-level scoring with confidence intervals for each evaluation domain
- •Adversarial testing summary with vulnerability severity classification
- •Continuous monitoring baseline metrics and drift tolerance thresholds
- •Assurance Class rationale with factor-by-factor breakdown
- •Historical compliance trajectory for renewal certifications
- •Reports must follow the standardized RIP Data Schema (published by ARAF)
Basic and Enhanced AVBs are not required to produce RIP-compatible reports but are encouraged to adopt the reporting schema to support ecosystem-wide insurance integration.
Independence Requirements
Structural independence is a foundational requirement of the AVB program. An AVB must not have any financial, organizational, or personnel relationships with the organizations whose systems it evaluates that could compromise — or reasonably appear to compromise — the objectivity of the certification assessment.
| Category | Restriction |
|---|---|
| Financial interest | No AVB principal, partner, or employee may hold equity, options, or any financial interest in an organization for which the AVB conducts or has conducted an evaluation within the past 24 months. |
| Consulting services | An AVB may not provide consulting, advisory, implementation, or remediation services to an organization and also conduct that organization's certification evaluation. The cooling-off period between consulting engagement and evaluation eligibility is 24 months. |
| Personnel overlap | No individual who has been employed by or contracted to the applicant organization within the past 12 months may participate in that organization's ARA evaluation. |
| Corporate affiliation | An AVB that is a subsidiary, affiliate, or division of a larger corporate entity may not evaluate systems produced by any other entity within the same corporate group. |
| Disclosure obligation | AVBs must proactively disclose any relationship that could create an actual or perceived conflict of interest. Failure to disclose is grounds for immediate suspension of authorization. |
Insurance Requirements
All AVBs must maintain insurance coverage proportional to their authorization level and the scope of evaluations they conduct. Insurance requirements are designed to protect both the organizations seeking certification and the broader ecosystem from the consequences of evaluation errors.
| Coverage Type | Basic | Enhanced | Full |
|---|---|---|---|
| Professional indemnity | $2M | $5M | $10M |
| Errors & omissions | $1M | $3M | $5M |
| General liability | $1M | $2M | $5M |
| Cyber liability | — | $2M | $5M |
Minimum coverage amounts are denominated in USD. Equivalent coverage in other currencies is accepted subject to ARAF verification. Insurance certificates must be submitted at the time of authorization application and upon each renewal.
Revalidation Triggers
v1.1 updates the conditions that trigger revalidation of AVB authorization outside of the standard renewal cycle. AVBs must initiate a revalidation review when any of the following conditions occur.
- •Assurance Class lapse: an AVB fails to maintain the competency or staffing requirements for a previously authorized Assurance Class scope.
- •Assurance Class escalation request: an AVB seeks to expand its risk classification authority (e.g., Basic AVB requesting Class B authority).
- •Platform cert dependency change: an AVB’s platform certification authority is affected by changes to a platform’s certification status.
- •Domain competency gap: loss of Domain 5 or Domain 13 specialist assessors below minimum thresholds.
- •Insurance coverage change: material change to insurance coverage that affects the AVB’s authorized evaluation scope.
- •Organizational restructuring: material change to the AVB’s corporate structure, ownership, or operational independence.
- •Performance deficiency: identification of systematic evaluation quality issues through ARAF audit or inter-AVB calibration.
Renewal Requirements
AVB authorization is not permanent. All authorization levels are subject to periodic renewal to ensure ongoing competence, quality, and compliance with program requirements.
| Requirement | Details |
|---|---|
| Renewal cycle | Basic: every 24 months. Enhanced: every 18 months. Full: every 12 months. |
| Quality audit | An ARAF-appointed quality reviewer conducts an audit of the AVB's evaluation processes, evidence handling, scoring consistency, and certification decisions. The audit scope includes a sample review of completed evaluations. |
| Domain competency | Demonstrated competency across all 15 evaluation domains must be verified at renewal. Domain 5 and Domain 13 specialist credentials are independently validated. |
| Assessor credentials | All assessors must maintain current credentials through ARAF's continuing professional development program. Minimum 40 hours of CPD activity per assessor per year. |
| Insurance verification | Current insurance certificates meeting minimum coverage thresholds must be submitted with each renewal application. |
| Performance metrics | ARAF evaluates AVB performance against defined quality metrics, including evaluation consistency, timeliness, complaint history, and inter-AVB calibration results. |
| Conflict of interest | An updated conflict of interest declaration must be submitted at each renewal, covering all current and prospective evaluation engagements. |
Revocation Process
ARAF may suspend or revoke an AVB's authorization if the AVB fails to meet program requirements, exhibits quality deficiencies, or engages in conduct that undermines the integrity of the certification system.
Grounds for Suspension
Suspension temporarily halts an AVB's authority to initiate new evaluations. Evaluations in progress may be completed unless ARAF directs otherwise.
- •Failure to complete a scheduled quality audit within the prescribed window.
- •Insurance coverage lapses or falls below minimum thresholds.
- •Substantiated complaint from a certification applicant regarding evaluation quality or procedural fairness.
- •Scoring inconsistency detected through inter-AVB calibration exercises.
- •Assessor credential deficiencies affecting more than 25% of the AVB’s evaluation staff.
- •Failure to submit required reports or documentation to ARAF within prescribed deadlines.
- •Loss of Domain 5 or Domain 13 competency below minimum thresholds.
Grounds for Revocation
Revocation permanently terminates an AVB's authorization. A revoked AVB may reapply after a minimum 24-month cooling-off period, subject to enhanced scrutiny.
- •Fraudulent certification issuance or falsification of evaluation evidence.
- •Undisclosed conflict of interest discovered after the fact.
- •Sustained quality deficiencies across multiple audit cycles without adequate remediation.
- •Material breach of ARAF governance policies or program agreements.
- •Issuance of certifications outside the AVB’s authorized scope (e.g., a Basic AVB issuing L2 certifications).
- •Refusal to cooperate with an ARAF investigation or incident review.
- •Fraudulent risk classification to circumvent Assurance Class requirements.
Impact on Existing Certifications
When an AVB's authorization is suspended or revoked, certifications previously issued by that AVB remain valid until their scheduled expiry. However, those certifications are flagged in the registry with a note indicating that the issuing AVB is no longer authorized. Affected organizations are notified and assisted in transitioning to an alternative AVB for their next reassessment cycle.
How to Apply
Organizations interested in becoming an Authorized Validation Body should review the full program requirements and submit an expression of interest through the ARAF governance process. The application process is structured as follows:
Expression of Interest
Submit a formal expression of interest to ARAF identifying the authorization level sought, the organization’s qualifications, and the proposed evaluation scope. Expressions of interest are reviewed on a rolling basis.
Eligibility Assessment
ARAF conducts a preliminary eligibility assessment to verify that the organization meets the minimum structural, personnel, and insurance requirements for the requested authorization level. Domain 5 and Domain 13 competency is assessed at this stage.
Accreditation Program
Eligible organizations complete the ARAF AVB Accreditation Program at the appropriate tier. The program includes training on the ARA Standard, evaluation methodology, scoring model, evidence handling, risk classification procedures, and quality management requirements.
Supervised Evaluation
The applicant AVB conducts a supervised evaluation under the observation of an ARAF quality reviewer. The supervised evaluation is assessed for procedural compliance, scoring accuracy, risk classification methodology, evidence quality, and reporting standards.
Authorization Decision
ARAF reviews the supervised evaluation results and all application materials, then issues an authorization decision. Approved AVBs are added to the public AVB directory and may begin accepting evaluation engagements.
Contact
For inquiries about the AVB program, including expressions of interest and program requirements, contact the ARAF Accreditation Office at avb-program@arastandard.org. Program documentation and application materials are provided upon acceptance of an expression of interest.
Related Documentation
Evaluation Methodology
10-phase certification lifecycle, scoring model, and evidence requirements.
Certification Levels
L1, L2, and L3 certification requirements and domain thresholds.
AVB Directory
Public directory of all authorized AVBs with tier and scope information.
Governance
ARAF governance structure, Technical Standards Board, and oversight bodies.