Autonomous Reliability Assurance Standard

The ARA Standard

v1.1 Ratified

The Autonomous Reliability Assurance Standard establishes a structured framework for evaluating and certifying the operational reliability of autonomous systems.

15domains

Explore Domains

15 reliability domains covering the full operational lifecycle

Explore →

410ACRs

ACR Library

Browse all Autonomous Compliance Requirements

Explore →

3levels

Certification

Three levels with distinct rigor and monitoring requirements

Explore →

14frameworks

AI Landscape

Where ARA fits among 14 major regulatory frameworks

Explore →

Scope

The ARA Standard applies to any software-driven system that takes actions, makes decisions, or controls resources with limited or no real-time human oversight. It is domain-agnostic — addressing reliability characteristics common to all autonomous systems regardless of industry, input modality, or output type.

Industry-specific regulatory requirements remain the responsibility of the deploying organization; ARA certification complements but does not replace sector-level compliance obligations.

The standard is maintained by the Autonomous Reliability Assurance Foundation (ARAF) through an open governance process with public comment periods preceding each ratified revision.

What ARA Certifies

ARA certification attests that an autonomous system has been evaluated against a comprehensive set of reliability controls and has demonstrated compliance at a specified certification level. The 15 domains cover:

Operational boundary enforcementThe system operates within declared limits and cannot exceed its authorized scope.

Decision integrityDecisions are traceable, free from fabrication, and consistent under evaluation.

Tool and API governanceExternal integrations are authorized, validated, and least-privilege constrained.

Identity & permission containmentAgent identities are isolated and privilege escalation is prevented.

Data privacy & consentData minimization, purpose limitation, and consent protocols are enforced.

Failure mode containmentThe system degrades gracefully and recovers to verified safe states.

Behavioral reliabilityConsistent behavior under load, adversarial inputs, and concurrent faults.

Adversarial robustnessResistance to prompt injection, data poisoning, and supply chain attacks.

Drift detection & stabilityBehavioral drift from the certified baseline is detected and addressed.

Monitoring & telemetryComprehensive observability supporting oversight and post-incident analysis.

Escalation & human overrideReliable human intervention mechanisms available at all times.

Auditability & transparencyComplete audit trails and explainability interfaces support review.

Societal impact assessmentEvaluated for equity, accessibility, environmental, and community effects.

Operational governanceChange management, incident response, and risk management are documented.

Physical actuation integritySensor-actuator feedback, command validation, and emergency stops verified.

What ARA Does Not Certify

ARA certification is not a general quality assurance endorsement. The following are explicitly outside scope:

Model accuracy or task performance

ARA does not evaluate whether a system produces correct answers or optimal outputs. It evaluates whether the system operates reliably within its declared boundaries.

Ethical alignment or bias mitigation

ARA does not assess ethical implications or demographic performance. These require domain-specific frameworks outside operational reliability scope.

Regulatory compliance

ARA certification does not satisfy specific regulatory requirements (EU AI Act, FDA, SEC). Organizations must independently verify compliance.

Business suitability

ARA does not evaluate whether a system is appropriate for a particular use case, cost-benefit profile, or contractual SLAs.

Definitions

Key terms used throughout the ARA Standard with specific technical meanings.

Term	Definition
Autonomous System	A software-driven system that takes actions, makes decisions, or controls resources with limited or no real-time human oversight.
Agent	A software component that perceives its environment, reasons about observations, and takes actions to achieve objectives.
ACR	Autonomous Compliance Requirement. A discrete, testable control that addresses a specific aspect of operational reliability.
Domain	A thematic grouping of related ACRs addressing a major reliability concern area.
Certification Level	One of three tiers (L1, L2, L3) defining rigor, scope, and monitoring requirements.
Assurance Class	One of three classes (A, B, C) determining ongoing monitoring and reassessment intensity.
System Profile	One of four profiles (Foundational, Standard, Advanced, Comprehensive) determining applicable ACRs.
Risk Classification	A mandatory 7-factor assessment determining the appropriate Assurance Class.
Evaluation Method	The prescribed technique for assessing ACR compliance: AT, HS, EI, CM, TP, or OP.
AVB	Authorized Verification Body. An organization accredited by ARAF to conduct evaluations and issue certification decisions.
CAPO	Certified Assurance Platform Operator. Provides continuous monitoring and ongoing assurance services.
Platform Certification	Certification of a reusable platform, enabling downstream deployments to inherit certified controls.
Deployment Certification	Certification of a specific system deployment, evaluating the complete stack.
Blocking	ACR classification where non-compliance results in automatic certification denial.
Conditional	ACR classification where non-compliance can result in conditional certification with mandated remediation.

View full glossary →

Current Version

The current version is v1.1, ratified following the public review period. Version 1.1 introduces a two-axis certification model combining Certification Levels with Assurance Classes to create nine distinct certification designations across 410 requirements.

New in v1.1: four system profiles enable right-sized certification, Platform Certification allows infrastructure to carry forward ACR compliance, and a mandatory 7-factor risk classification determines Assurance Class. Two new domains address data privacy and societal impact.

v1.1RatifiedMarch 2026

15 reliability domains covering the full operational lifecycle
410 Autonomous Compliance Requirements across all domains
3 levels × 3 classes — nine distinct certification designations
4 system profiles for right-sized certification
6 evaluation methods for assessing ACR compliance
10-phase certification lifecycle from intake through monitoring

View Standard v1.1 View Standard v1.0

Normative References

The ARA Standard draws on established principles from the following reference frameworks. These references are informative; ARA defines its own requirements independently.

ISO/IEC 42001:2023

AI Management System

Context for organizational governance of AI systems.

NIST AI RMF 1.0

AI Risk Management Framework

Informs the risk-based approach to domain structuring.

ISO 22989:2022

AI Concepts & Terminology

Referenced for baseline terminology alignment.

IEC 61508

Functional Safety

Referenced for Domain 15 physical actuation integrity requirements.

OWASP LLM Top 10

LLM Security Risks

Informs adversarial robustness, prompt injection, and data poisoning controls.

Version History

Version	Status	Date
v1.1	Ratified	March 2026	View →
v1.0	Public Review	January 2026	View →