Two-Axis Certification Model
ARA v1.1 introduces a two-axis certification framework that combines Evaluation Level (the depth of initial assessment) with Assurance Class (the intensity of ongoing monitoring) to produce nine distinct certification designations. This model decouples how thoroughly a system is evaluated from how continuously its compliance is verified, enabling organizations to select a certification posture that matches both the risk profile of the system and the operational oversight capacity available.
Certification is issued per system, per deployment scope. An organization may hold different designations for different systems or different deployment contexts of the same system. Certification does not transfer between systems, versions, or deployment environments without re-evaluation.
Evaluation Level × Assurance Class
Click any cell to see the combination of evaluation rigor and assurance intensity. Each of the nine designations maps to a unique set of requirements.
Evaluation Levels
The evaluation level determines the depth and rigor of the initial certification assessment, including ACR scope, adversarial testing intensity, and evaluation timeline.
Foundation
Structured self-assessment with AVB oversight. Express pathway available for low-risk systems, completing certification in 3–4 weeks. Suitable for Foundational and Standard system profiles.
ACR Scope
Foundational (97) or Standard (215) profile
Adversarial Testing
Automated suite only
Timeline
3–4 weeks (express) or 6–8 weeks (standard)
Reassessment
Annual
Operational
Full independent evaluation by an accredited AVB. Includes automated and human adversarial testing with a minimum of 40 hours of structured simulation. Suitable for Standard and Advanced system profiles.
ACR Scope
Standard (215) or Advanced (368) profile
Adversarial Testing
Automated + human adversarial (40+ hrs)
Timeline
8–12 weeks
Reassessment
Semi-annual
Comprehensive
Maximum evaluation rigor. Requires an independent red team engagement (80+ hours), a 30-day continuous runtime stress test, and full coverage of all 410 ACRs. Suitable for Advanced and Comprehensive system profiles.
ACR Scope
All 410 ACRs (Comprehensive profile)
Adversarial Testing
Automated + human (80+ hrs) + independent red team + 30-day stress test
Timeline
16–24 weeks
Reassessment
Quarterly
Assurance Classes
The assurance class determines the intensity and cadence of ongoing compliance monitoring after initial certification is granted.
Periodic
Self-assessment with AVB spot checks. Designed for systems where periodic validation is sufficient to maintain assurance. No continuous oversight infrastructure is required.
Monitoring
Self-assessment with AVB spot checks
Cadence
Annual renewal
Lapse Window
90 days
CAPO Required
No
Monitored
Monthly CAPO monitoring reports with automated telemetry collection. Provides an ongoing assurance signal between evaluation cycles through structured reporting and drift detection.
Monitoring
Monthly CAPO monitoring reports
Cadence
Quarterly review
Lapse Window
60 days
CAPO Required
Yes
Continuously Assured
Full 24/7 CAPO oversight with real-time alerting and a complete telemetry pipeline. The highest assurance posture, providing continuous verification that the certified system remains within compliance boundaries.
Monitoring
24/7 CAPO oversight with real-time alerting
Cadence
Continuous review
Lapse Window
30 days
CAPO Required
Yes
System Profiles
System profiles determine which subset of the 410 Autonomy Compliance Requirements apply to a given system, based on its capabilities, deployment context, and risk exposure.
Foundational (97 ACRs)
Single-purpose agents, limited-scope internal tools, low-risk chatbots
Standard (215 ACRs)
General-purpose agents, customer-facing systems, enterprise copilots
Advanced (368 ACRs)
Multi-agent orchestration, high-autonomy deployments, financial automation
Comprehensive (410 ACRs)
Safety-critical systems, physical autonomy, cross-domain AI platforms
Certification Inheritance
Platform certification enables ACR inheritance for deployment-level certifications. When a platform has been certified at a given level, deployments built on that platform may inherit the platform's satisfied ACRs rather than re-evaluating them independently. This reduces the evaluation burden for individual deployments while preserving the integrity of the certification chain.
Inherited ACRs do not require re-evaluation as long as the underlying platform certification remains valid and the deployment's use of the platform falls within the certified scope. If the platform certification lapses or is revoked, inherited ACRs revert to unevaluated status and the deployment must be re-assessed.
CAPO Requirements by Class
Certified Autonomous-system Performance Observers (CAPOs) provide the ongoing monitoring infrastructure required for Class B and Class C assurance.
| Requirement | A | B | C |
|---|---|---|---|
| CAPO Designation | Not required | Required | Required |
| Reporting | Self-reporting | Monthly reports | 24/7 monitoring |
| Review Cadence | Annual review | Quarterly review | Continuous review |
| Telemetry | Basic (self-collected) | Automated collection | Full pipeline (real-time) |
| Drift Detection | Manual check at renewal | Automated, monthly threshold checks | Real-time alerting |
Lapse Windows & Remediation
Each assurance class defines a lapse window: the maximum period a certification holder may operate without completing its scheduled monitoring obligations before the assurance state degrades. After the lapse window expires, the certification remains technically valid but the status transitions to Assurance Lapsed, which is visible on the public registry.
Annual renewal deadline plus 90-day grace period.
Monthly report deadline plus 60-day grace period.
Continuous monitoring gap exceeding 30 days triggers lapse.
After Lapse
- •The certification remains on record but the assurance state transitions to Assurance Lapsed.
- •The lapsed status is published in the public registry and is visible to all querying parties.
- •The certified organization must complete the outstanding monitoring obligations and submit a remediation report to the certifying AVB to restore active assurance.
- •If the lapse exceeds twice the original lapse window, the AVB may require a partial or full re-evaluation.
Level Comparison
Side-by-side comparison of certification requirements across all three evaluation levels. All values represent minimum thresholds for certification eligibility.
| Requirement | L1Foundation | L2Operational | L3Comprehensive |
|---|---|---|---|
| Minimum ACRs | |||
| Autonomy Model | Human-in-the-loop | Bounded autonomy | Full autonomy (high-stakes) |
| Human Requirement | Per-action approval | Monitoring & override | Multi-layer monitoring + independent red team |
| Evaluation Scope | 12 domains (reduced D8) | 12 domains (full scope) | 12 core + Domain 13 (physical) |
| Adversarial Testing | Automated suite only | Automated + human (40+ hrs) | Automated + human (80+ hrs) + independent red team + 30-day stress test |
| Monitoring | Basic telemetry | Continuous + drift detection | Full production + real-time alerting + incident drills |
| Reassessment | Annual | Semi-annual re-test, annual re-certification | Continuous monitoring + quarterly formal review |
Domain Score Thresholds
Each evaluation level requires minimum passing scores across all applicable evaluation domains. Scores are expressed as percentages of full compliance within each domain.
| Domain | L1 | L2 | L3 |
|---|