Decision Integrity
Summary#
Traceability, anti-fabrication, instruction hierarchy, and decision quality
Risk Rationale#
Linked ACR Controls#
The following Autonomous Compliance Requirements are assigned to this domain. Each ACR defines a specific, testable control with its own evaluation method, classification, and evidence requirements.
Every system decision SHALL be traceable to its input data sources and applicable decision rules.
Every system decision SHALL be traceable to its input data sources and applicable decision rules.
The system SHALL maintain decision provenance records linking each decision to its input data, applicable rules, and contextual factors.
The system SHALL maintain decision provenance records linking each decision to its input data, applicable rules, and contextual factors.
The system SHALL distinguish between factual assertions, inferences, estimations, and uncertainties in system outputs.
The system SHALL distinguish between factual assertions, inferences, estimations, and uncertainties in system outputs.
The system SHALL prevent unsupported factual assertions in outputs including fabricated data and invented references.
The system SHALL prevent unsupported factual assertions in outputs including fabricated data and invented references.
The system SHALL prevent fabricated claims about completed actions that were not actually performed.
The system SHALL prevent fabricated claims about completed actions that were not actually performed.
The system SHALL prevent false claims about existing configurations or available resources.
The system SHALL prevent false claims about existing configurations or available resources.
The system SHALL prevent fabrication of authority or capabilities it does not possess.
The system SHALL prevent fabrication of authority or capabilities it does not possess.
The system SHALL NOT fabricate information about its own state, completed actions, or available capabilities.
The system SHALL NOT fabricate information about its own state, completed actions, or available capabilities.
The system SHALL maintain a consistent instruction hierarchy where system-level constraints override user-level instructions.
The system SHALL maintain a consistent instruction hierarchy where system-level constraints override user-level instructions.
User-level instructions SHALL always override contextual suggestions in the instruction hierarchy.
User-level instructions SHALL always override contextual suggestions in the instruction hierarchy.
The system SHALL reject attempts to override the instruction hierarchy through prompt manipulation.
The system SHALL reject attempts to override the instruction hierarchy through prompt manipulation.
The system SHALL detect and flag circular reasoning in decision chains.
The system SHALL detect and flag circular reasoning in decision chains.
The system SHALL detect and flag self-referential justification in decision outputs.
The system SHALL detect and flag self-referential justification in decision outputs.
The system SHALL prevent conflicting simultaneous decisions within multi-step workflows.
The system SHALL prevent conflicting simultaneous decisions within multi-step workflows.
System-level constraints SHALL always override user-level instructions in the instruction hierarchy.
System-level constraints SHALL always override user-level instructions in the instruction hierarchy.
The system SHALL support decision replay capability allowing auditors to reproduce past decisions given the same inputs.
The system SHALL support decision replay capability allowing auditors to reproduce past decisions given the same inputs.
Decision confidence scores SHALL be computed for all non-trivial decisions using a documented methodology.
Decision confidence scores SHALL be computed for all non-trivial decisions using a documented methodology.
The system SHALL maintain an audit-ready decision log accessible to authorized reviewers.
The system SHALL maintain an audit-ready decision log accessible to authorized reviewers.
Decision inputs SHALL be validated against expected schemas before processing.
Decision inputs SHALL be validated against expected schemas before processing.
The system SHALL detect and handle ambiguous or contradictory inputs without producing unreliable outputs.
The system SHALL detect and handle ambiguous or contradictory inputs without producing unreliable outputs.
Decision logic SHALL be versioned and changes tracked with the same rigor as code changes.
Decision logic SHALL be versioned and changes tracked with the same rigor as code changes.
The system SHALL flag decisions with confidence below configurable thresholds for human review before execution.
The system SHALL flag decisions with confidence below configurable thresholds for human review before execution.
Confidence thresholds SHALL be independently configurable per action class and risk level.
Confidence thresholds SHALL be independently configurable per action class and risk level.
The system SHALL NOT execute high-impact decisions when input data is stale beyond defined freshness thresholds.
The system SHALL NOT execute high-impact decisions when input data is stale beyond defined freshness thresholds.
Multi-step decision chains SHALL maintain end-to-end traceability from initial input to final output.
Multi-step decision chains SHALL maintain end-to-end traceability from initial input to final output.
The system SHALL detect when it is operating outside the distribution of its training or calibration data and flag affected decisions.
The system SHALL detect when it is operating outside the distribution of its training or calibration data and flag affected decisions.
Decision outputs SHALL include metadata indicating the decision method, confidence level, and applicable constraints.
Decision outputs SHALL include metadata indicating the decision method, confidence level, and applicable constraints.
The system SHALL maintain consistent decision behavior across equivalent inputs regardless of input channel or format.
The system SHALL maintain consistent decision behavior across equivalent inputs regardless of input channel or format.
Decision-relevant data transformations SHALL be logged and reversible for audit purposes.
Decision-relevant data transformations SHALL be logged and reversible for audit purposes.
The system SHALL NOT make decisions based on data from unauthorized or untrusted sources without explicit flagging.
The system SHALL NOT make decisions based on data from unauthorized or untrusted sources without explicit flagging.
The system SHALL implement decision rate limiting for high-impact action classes to prevent runaway automation.
The system SHALL implement decision rate limiting for high-impact action classes to prevent runaway automation.
Decision traceability records SHALL be retained for the duration specified by the applicable certification level.
Decision traceability records SHALL be retained for the duration specified by the applicable certification level.