Document Purpose

This document establishes the canonical classification architecture of Standards Body.

It is the authoritative source for:

  • The major classes of objects Standards Body studies
  • The relationships among models, systems, actors, capabilities, risks, evaluations, evidence, safeguards, standards, and institutions
  • The distinction between hierarchical classes and cross-cutting facets
  • The identifiers used for records and taxonomic entities
  • The rules for classifying one object into multiple valid categories
  • The handling of ambiguity, uncertainty, overlap, and change
  • The structure of future registries and machine-readable data
  • The mapping of Standards Body concepts to external vocabularies
  • The creation, revision, deprecation, and retirement of taxonomic classes
  • The minimum metadata required for consequential records
  • The cross-foundation entity model
  • The consistency rules governing future standards, protocols, reports, and public claims

A terminology file defines what words mean.

A taxonomy defines how concepts are organized.

An ontology defines entities and the formal relationships among them.

This document performs all three functions at a bounded level:

  1. It establishes taxonomic classes.
  2. It establishes facets and identifiers.
  3. It defines a practical entity-and-relationship model.
  4. It provides a path toward future machine-readable ontologies without claiming that the present document is a complete formal ontology.

The taxonomy exists because frontier AI work frequently combines incompatible levels of analysis.

Examples include:

  • A model is treated as though it were the full deployed system.
  • A capability is treated as though it were a risk.
  • A safeguard is classified as a guarantee.
  • A review is classified as an audit.
  • A certification is classified as regulatory approval.
  • A national legal category is treated as a universal technical category.
  • A benchmark result is treated as a permanent property of a model family.
  • A developer, deployer, provider, evaluator, and standard setter are treated as one actor.
  • A public benchmark, held-out task bank, protocol, and evidence package are treated as interchangeable.
  • A company policy is classified as operational evidence.
  • A high-stakes domain is confused with a high-stakes capability level.
  • A result status is omitted, causing expired or superseded evidence to appear current.

The taxonomy prevents these errors by requiring every material object to be classified according to:

  • What kind of object it is
  • Which layer it belongs to
  • Which version and status apply
  • Which actors are related to it
  • Which capabilities, risks, safeguards, evaluations, and decisions are relevant
  • Which jurisdiction, deployment context, and evidence conditions apply
  • Which relationships are established and which remain uncertain

The governing taxonomic rule is:

Classify the object at the correct level, preserve its context, and do not infer a stronger relationship than the evidence supports.


Executive Summary

The Standards Body taxonomy is a multi-axis classification system for frontier AI evaluation and institutional infrastructure.

It is not a single tree.

Frontier AI systems are too complex to be represented accurately by one hierarchy.

A single object may be classified simultaneously by:

  • Artifact type
  • system layer
  • lifecycle stage
  • access condition
  • deployment context
  • capability domain
  • capability level
  • risk domain
  • safeguard type
  • evaluation method
  • evidence level
  • assurance function
  • institutional role
  • standards stage
  • jurisdiction
  • status
  • confidentiality
  • interoperability profile

For example, one evaluation record may concern:

  • An open-weight model
  • embedded in an agentic system
  • using external tools
  • assessed during pre-deployment
  • in the cyber domain
  • for autonomous vulnerability exploitation
  • under a held-out dynamic protocol
  • administered by a third-party evaluator
  • independently reviewed
  • classified as confidential
  • supporting a high-stakes deployment decision
  • with evidence level E3
  • status current
  • expiration in six months

A useful taxonomy must preserve all of those dimensions.

The Standards Body taxonomy therefore uses five structural mechanisms.

1. Classes

Classes answer:

What kind of thing is this?

Examples:

  • AI model
  • AI system
  • evaluation protocol
  • capability
  • safeguard
  • incident
  • standard
  • evaluator organization

2. Subclasses

Subclasses answer:

Which more specific kind is this?

Examples:

  • Frontier model
  • agentic system
  • held-out evaluation
  • preventive safeguard
  • certification body
  • cyber capability

3. Facets

Facets answer:

Which independent characteristics apply?

Examples:

  • Public or confidential
  • pre-deployment or post-deployment
  • first-party or third-party
  • open-weight or closed-weight
  • low, material, high, or critical consequence
  • current, superseded, or withdrawn

4. Relationships

Relationships answer:

How is this object connected to another object?

Examples:

  • Model is component of system
  • system is evaluated by protocol
  • protocol contains task family
  • result supports claim
  • safeguard mitigates risk
  • evaluator performs evaluation
  • reviewer reviews evidence package
  • standard defines requirement
  • certificate attests conformity
  • accreditation recognizes evaluator competence

5. Status and Version

Status and version answer:

Which identified state is being described, and is it still valid?

Examples:

  • Protocol version 2.1
  • model release 2026-07
  • certificate active
  • evaluation result expired
  • standard superseded
  • recognition suspended

The taxonomy is organized into twenty primary domains.

  1. Project and institutional identity
  2. Actors and roles
  3. AI artifacts and models
  4. AI systems and system components
  5. Lifecycle stages
  6. Access and release conditions
  7. Deployment contexts
  8. Capabilities
  9. Risks and harms
  10. Safeguards and controls
  11. Evaluation and testing
  12. Evidence and claims
  13. Review, audit, and assurance
  14. Standards, requirements, and conformity
  15. Governance and decision processes
  16. Incidents, failures, and corrections
  17. Incentives and recognition
  18. Interoperability and international coordination
  19. Research methods and outputs
  20. Versioning, status, security, and records

The taxonomy also defines a common entity model.

Core entities include:

  • Actor
  • organization
  • model
  • system
  • component
  • deployment
  • capability
  • hazard
  • risk
  • safeguard
  • protocol
  • task
  • evaluation run
  • result
  • evidence object
  • claim
  • review
  • evaluator
  • requirement
  • standard
  • certification
  • accreditation
  • incident
  • decision
  • jurisdiction
  • registry record

Core relationships include:

  • is_a
  • part_of
  • derived_from
  • version_of
  • deployed_as
  • evaluated_by
  • administered_by
  • reviewed_by
  • supports
  • challenges
  • mitigates
  • triggers
  • governed_by
  • conforms_to
  • certified_against
  • accredited_for
  • recognized_by
  • supersedes
  • withdraws
  • occurs_in
  • applies_in

The taxonomy is designed for human and machine use.

Human-readable use includes:

  • Writing consistent reports
  • selecting correct terminology
  • classifying case studies
  • creating standards
  • avoiding overclaiming

Machine-readable use includes:

  • Registries
  • interoperable evaluation records
  • protocol metadata
  • evidence graphs
  • incident databases
  • evaluator directories
  • standards crosswalks

The taxonomy does not require premature formalization.

Every class has a status.

A class may be:

  • Preferred
  • accepted
  • context-specific
  • provisional
  • deprecated
  • retired

Every consequential classification should also include confidence.

Classification confidence may be:

  • Confirmed
  • high
  • moderate
  • low
  • disputed
  • unknown

The taxonomy is intended to evolve.

New classes should be added only when:

  • A meaningful distinction exists
  • existing classes cannot represent it
  • the distinction affects evidence, decisions, governance, or interoperability
  • a definition and parent relationship can be stated
  • implementation value exceeds complexity

The final rule is:

Use hierarchy for identity, facets for context, relationships for meaning, and versioning for time.


1. Taxonomic Design Principles

1.1 Object Before Label

Identify the actual object before selecting its class.

A product name may refer to:

  • A model family
  • a checkpoint
  • an API
  • a hosted service
  • an agentic application
  • a deployment configuration

The taxonomy should classify the actual object, not only the marketed name.

1.2 Correct Level of Analysis

Do not classify:

  • A model-level property as a system-level property
  • a system-level safeguard as a model property
  • an organizational control as technical model behavior
  • a legal classification as a scientific fact

1.3 Polyhierarchy

An object may belong to more than one class where the classes describe genuinely different aspects.

Example:

A model may be both:

  • General-purpose
  • multimodal
  • frontier
  • open-weight

1.4 Faceted Classification

Independent dimensions should be represented as facets rather than forced into one hierarchy.

1.5 Explicit Relationships

Relationships should be named.

Avoid vague statements such as:

  • Related to
  • associated with
  • relevant to

when a stronger relation is known.

1.6 No Unsupported Inference

If the evidence supports only correlation, do not classify the relation as causal.

If a safeguard reduces one risk, do not classify it as preventing all harms.

1.7 Scope Preservation

Every classification should preserve:

  • Object
  • version
  • date
  • context
  • jurisdiction
  • evidence
  • status

1.8 Stable Core, Extensible Edges

The top-level taxonomy should remain stable.

New subclasses and local extensions may evolve.

1.9 Interoperability

Classes should support mapping to external vocabularies without erasing legitimate differences.

1.10 Public Legibility

Class names should be understandable to informed non-specialists.

1.11 Machine Readability

Identifiers and relationships should support future structured data.

1.12 No Prestige Classification

Labels such as frontier, independent, accredited, official, and international should not be assigned for reputational benefit.

1.13 Revision and Retirement

Obsolete classes should be deprecated or retired visibly.

1.14 Bounded Completeness

The taxonomy should cover the project domain sufficiently.

It should not attempt to classify every concept in computer science, law, ethics, or public policy.


2. Taxonomic Structure

2.1 Primary Class

A broad category of entity.

Example:

EVAL.EVALUATION_OBJECT

2.2 Subclass

A narrower class inheriting the relevant meaning of its parent.

Example:

EVAL.HELD_OUT_EVALUATION

2.3 Facet

A cross-cutting attribute that may apply to many classes.

Example:

ACCESS.PUBLIC

2.4 Property

A value associated with an entity.

Example:

  • version
  • date
  • owner
  • status
  • jurisdiction

2.5 Relationship

A typed connection between two entities.

Example:

SYSTEM evaluated_by PROTOCOL

2.6 Record

A structured representation of an entity and its metadata.

2.7 Profile

A defined bundle of required classes, facets, properties, and relationships for a use case.

Example:

  • Evaluation Result Profile
  • Evaluator Organization Profile
  • Interoperability Profile

2.8 Scheme

A governed set of classes and rules used for assessment, certification, recognition, or reporting.

2.9 Local Extension

A jurisdictional, domain-specific, linguistic, or institutional addition that preserves mapping to the common core.

2.10 Crosswalk

A structured mapping between this taxonomy and another taxonomy, standard, law, or data model.


3. Identifier Architecture

3.1 Taxonomy Class Identifier

Preferred pattern:

DOMAIN.CLASS_NAME

Examples:

  • AI.MODEL
  • SYS.AGENTIC_SYSTEM
  • CAP.CYBER
  • RISK.SYSTEMIC
  • SAFEGUARD.ACCESS_CONTROL
  • EVAL.HELD_OUT
  • EVIDENCE.DIRECT
  • ASSURANCE.CERTIFICATION
  • STATUS.SUPERSEDED

3.2 Entity Record Identifier

Preferred pattern:

SB-[ENTITY]-[YEAR]-[SEQUENCE]

Examples:

  • SB-MODEL-2026-0001
  • SB-PROTOCOL-2026-0012
  • SB-RESULT-2026-0044
  • SB-INCIDENT-2026-0007

3.3 Version Identifier

Preferred semantic structure:

MAJOR.MINOR.PATCH

Example:

2.1.0

3.4 Relationship Identifier

Preferred lowercase verb phrase:

  • is_a
  • part_of
  • version_of
  • derived_from
  • evaluated_by
  • supports_claim

3.5 Human-Readable Label

Every identifier should have a plain-language label.

3.6 Persistent Identifier

Once published, an identifier should not be reassigned to a different concept.

3.7 Deprecated Identifier

Deprecated identifiers should remain resolvable and point to the replacement.


4. Taxonomic Status

4.1 Preferred

Default Standards Body class.

4.2 Accepted

Permitted but not preferred.

4.3 Context-Specific

Valid only under a defined legal, technical, sectoral, or institutional context.

4.4 Provisional

Under active research and subject to material revision.

4.5 Deprecated

Still visible for transition but replaced.

4.6 Retired

No longer used for current classification.

4.7 External

Imported from another authoritative taxonomy and preserved with source context.


5. Classification Confidence

5.1 Confirmed

The class assignment is directly supported and unambiguous.

5.2 High

Strong evidence supports the assignment with minor uncertainty.

5.3 Moderate

The assignment is reasonable, but alternatives remain.

5.4 Low

Evidence is limited or ambiguous.

5.5 Disputed

Qualified parties materially disagree.

5.6 Unknown

No reliable classification can be made.

5.7 Confidence Rule

Do not convert low-confidence classifications into precise requirements without review.


6. Primary Domain Map

Domain code Domain
ID Project and institutional identity
ACTOR Actors and roles
AI AI artifacts and models
SYS AI systems and components
LIFE Lifecycle
ACCESS Access and release
DEPLOY Deployment context
CAP Capability
RISK Risk and harm
SAFEGUARD Safeguard and control
EVAL Evaluation and testing
EVIDENCE Evidence and claims
REVIEW Review
ASSURANCE Audit, certification, accreditation, and assurance
STANDARD Standards and requirements
GOV Governance and decisions
INCIDENT Incidents, failures, and corrections
INCENTIVE Incentives and recognition
INTEROP Interoperability and international coordination
RESEARCH Research methods and outputs
STATUS Versioning, status, and records
SECURITY Information classification and research security
JURIS Jurisdiction and legal scope

7. Project and Institutional Identity Taxonomy

7.1 ID.PROJECT

A bounded organized effort with a defined purpose, owner, scope, and outputs.

Subclasses

  • ID.RESEARCH_PROJECT
  • ID.INSTITUTIONAL_DESIGN_PROJECT
  • ID.STANDARDS_PROJECT
  • ID.PILOT_PROJECT
  • ID.INFRASTRUCTURE_PROJECT

7.2 ID.ORGANIZATION

A legally, administratively, or functionally organized body.

Subclasses

  • ID.PUBLIC_ORGANIZATION
  • ID.PRIVATE_ORGANIZATION
  • ID.NONPROFIT_ORGANIZATION
  • ID.ACADEMIC_ORGANIZATION
  • ID.MULTILATERAL_ORGANIZATION
  • ID.CONSORTIUM
  • ID.COMMUNITY_ORGANIZATION
  • ID.INFORMAL_NETWORK

7.3 ID.INSTITUTION

An enduring system of authority, rules, roles, incentives, and practices.

An institution may be embodied in one organization or distributed across several organizations.

7.4 ID.STANDARDS_BODY

An organization or institution that develops and maintains standards through a defined process.

Classification warning: The proper name Standards Body refers to this project. It does not automatically classify the project as a formally recognized standards body.

7.5 ID.REGULATOR

A legally authorized public institution that makes, administers, or enforces regulatory requirements.

7.6 ID.ACCREDITATION_BODY

A body that performs accreditation.

7.7 ID.CERTIFICATION_BODY

A third-party body that performs certification under a defined scheme.

7.8 ID.EVALUATION_ORGANIZATION

An organization that designs, administers, scores, or interprets evaluations.

7.9 ID.RESEARCH_INSTITUTION

An institution whose primary function includes systematic knowledge creation.

7.10 ID.SCHEME_OWNER

An organization responsible for the rules and governance of an assurance, certification, recognition, or reporting scheme.

7.11 Institutional Facets

Classify institutions by:

Authority

  • ID.AUTHORITY.NONE
  • ID.AUTHORITY.RESEARCH
  • ID.AUTHORITY.CONTRACTUAL
  • ID.AUTHORITY.PROFESSIONAL
  • ID.AUTHORITY.STANDARDS_PROCESS
  • ID.AUTHORITY.ACCREDITATION
  • ID.AUTHORITY.REGULATORY
  • ID.AUTHORITY.JUDICIAL

Geographic Scope

  • Local
  • subnational
  • national
  • regional
  • international
  • global participation, without implied universal authority

Ownership

  • Public
  • private
  • nonprofit
  • member-owned
  • hybrid
  • distributed

Functional Stage

  • Conceptual
  • pilot
  • operational
  • recognized
  • statutory
  • retired

8. Actor and Role Taxonomy

8.1 ACTOR.PERSON

An individual human participant.

8.2 ACTOR.ORGANIZATION

An organization acting in a defined role.

8.3 ACTOR.DEVELOPER

An actor that designs, trains, fine-tunes, or materially modifies an AI model or system.

Subclasses

  • ACTOR.BASE_MODEL_DEVELOPER
  • ACTOR.FINE_TUNER
  • ACTOR.SYSTEM_DEVELOPER
  • ACTOR.APPLICATION_DEVELOPER
  • ACTOR.SCAFFOLD_DEVELOPER
  • ACTOR.OPEN_COMMUNITY_DEVELOPER

8.4 ACTOR.PROVIDER

An actor that makes an AI model or system available to others.

Subclasses

  • ACTOR.MODEL_PROVIDER
  • ACTOR.API_PROVIDER
  • ACTOR.PLATFORM_PROVIDER
  • ACTOR.INFRASTRUCTURE_PROVIDER
  • ACTOR.TOOL_PROVIDER

8.5 ACTOR.DEPLOYER

An actor that places an AI system into operational use.

8.6 ACTOR.OPERATOR

An actor responsible for day-to-day control or use of a deployed system.

8.7 ACTOR.USER

A person or organization interacting with the system.

Subclasses

  • General user
  • professional user
  • expert user
  • administrator
  • developer user
  • malicious user
  • researcher
  • affected non-user

8.8 ACTOR.AFFECTED_PARTY

A person, group, institution, community, or system materially affected by an AI deployment or institutional decision.

8.9 ACTOR.EVALUATOR

An actor that performs evaluation activities.

Subclasses

  • ACTOR.FIRST_PARTY_EVALUATOR
  • ACTOR.SECOND_PARTY_EVALUATOR
  • ACTOR.THIRD_PARTY_EVALUATOR
  • ACTOR.PUBLIC_EVALUATOR
  • ACTOR.ACADEMIC_EVALUATOR
  • ACTOR.COMMUNITY_EVALUATOR
  • ACTOR.DOMAIN_EVALUATOR

8.10 ACTOR.REVIEWER

An actor that reviews methods, evidence, findings, or institutional processes.

Subclasses

  • Peer reviewer
  • domain reviewer
  • methodological reviewer
  • statistical reviewer
  • security reviewer
  • ethics reviewer
  • legal reviewer
  • public-interest reviewer
  • independent expert reviewer

8.11 ACTOR.AUDITOR

An actor qualified and assigned to conduct an audit against defined criteria.

8.12 ACTOR.INSPECTOR

An actor conducting inspection.

8.13 ACTOR.CERTIFIER

An actor or body responsible for a certification decision.

8.14 ACTOR.ACCREDITOR

An actor or body responsible for an accreditation decision.

8.15 ACTOR.STANDARD_SETTER

An actor participating in standards development.

Subclasses

  • Committee member
  • working-group member
  • secretariat
  • chair
  • public commenter
  • technical editor
  • liaison

8.16 ACTOR.DECISION_OWNER

An actor with authority to make the decision the evidence informs.

8.17 ACTOR.SPONSOR

An actor that funds, commissions, or formally requests work.

8.18 ACTOR.CUSTODIAN

An actor responsible for protected evidence, tasks, records, or registries.

8.19 ACTOR.REGISTRY_OPERATOR

An actor maintaining a registry.

8.20 ACTOR.WHISTLEBLOWER

A person disclosing suspected wrongdoing, risk, failure, or concealment through a protected or public channel.

8.21 ACTOR.THREAT_ACTOR

A person, group, organization, or state capable of intentionally causing harm.

Threat-Actor Facets

  • Skill level
  • resources
  • access
  • persistence
  • coordination
  • intent
  • legal authority
  • geographic location

8.22 Role Relationship Rules

One organization may hold several roles.

Example:

A developer may also be:

  • Provider
  • deployer
  • first-party evaluator
  • sponsor

The record should preserve each role separately because conflicts and responsibilities differ by role.


9. AI Artifact and Model Taxonomy

9.1 AI.ARTIFACT

A technical object created, trained, configured, or used in an AI system.

9.2 AI.MODEL

A computational model producing outputs from inputs through learned parameters, structured logic, or both.

Model Scope Subclasses

  • AI.BASE_MODEL
  • AI.FOUNDATION_MODEL
  • AI.GENERAL_PURPOSE_MODEL
  • AI.DOMAIN_SPECIFIC_MODEL
  • AI.TASK_SPECIFIC_MODEL
  • AI.FRONTIER_MODEL
  • AI.EMBEDDED_MODEL
  • AI.ENSEMBLE_MODEL

Model Modality Subclasses

  • AI.TEXT_MODEL
  • AI.IMAGE_MODEL
  • AI.AUDIO_MODEL
  • AI.VIDEO_MODEL
  • AI.MULTIMODAL_MODEL
  • AI.ROBOTICS_MODEL
  • AI.SCIENTIFIC_MODEL
  • AI.CODE_MODEL

Model Function Subclasses

  • Generative
  • predictive
  • classificatory
  • ranking
  • recommendation
  • control
  • planning
  • representation
  • detection
  • optimization

9.3 AI.MODEL_FAMILY

A set of related models sharing lineage, architecture, training approach, or product identity.

9.4 AI.MODEL_VERSION

A distinct identified release, checkpoint, or deployed state.

9.5 AI.CHECKPOINT

A saved model-parameter state.

9.6 AI.WEIGHTS

The learned parameters of a model.

9.7 AI.ADAPTER

A separately identifiable learned component modifying model behavior.

Examples:

  • Low-rank adapter
  • domain adapter
  • safety adapter

9.8 AI.TOKENIZER

A component mapping inputs into model-readable units.

9.9 AI.TRAINING_DATASET

A dataset used in pretraining, fine-tuning, alignment, or adaptation.

Data Facets

  • Public
  • licensed
  • proprietary
  • synthetic
  • generated
  • personal
  • sensitive
  • unknown provenance
  • mixed

9.10 AI.TRAINING_RUN

A bounded training process producing or modifying a model.

9.11 AI.POST_TRAINING_PROCESS

A process after base training.

Subclasses

  • Instruction tuning
  • preference optimization
  • reinforcement learning
  • safety tuning
  • domain adaptation
  • distillation
  • compression
  • quantization

9.12 AI.MODEL_CARD

A documentation artifact describing a model.

9.13 AI.SYSTEM_CARD

A documentation artifact describing a system, evaluation, risk, or deployment.

9.14 Model Access Facets

  • ACCESS.WEIGHTS_PUBLIC
  • ACCESS.WEIGHTS_CONTROLLED
  • ACCESS.WEIGHTS_PRIVATE
  • ACCESS.API_PUBLIC
  • ACCESS.API_RESTRICTED
  • ACCESS.INTERNAL_ONLY

9.15 Model Scale Facets

Use only where relevant and defined:

  • Small
  • medium
  • large
  • frontier-scale
  • unknown

The taxonomy should not infer capability directly from scale.

9.16 Frontier Classification

A model may be classified as frontier only with:

  • Defined comparison basis
  • relevant capability or scale dimension
  • date
  • evidence
  • confidence

Frontier status is time-dependent.


10. AI System and Component Taxonomy

10.1 SYS.AI_SYSTEM

The complete operational arrangement through which one or more AI models are configured, accessed, integrated, monitored, and used.

10.2 SYS.MODEL_COMPONENT

A model acting as one component in a larger system.

10.3 SYS.SYSTEM_PROMPT

A high-priority instruction or contextual component.

10.4 SYS.SCAFFOLD

Software, prompts, memory, planning, tools, or control structure added around a model.

Subclasses

  • Prompt scaffold
  • planning scaffold
  • coding scaffold
  • retrieval scaffold
  • multi-agent scaffold
  • verification scaffold
  • workflow scaffold

10.5 SYS.AGENT

A system or configuration selecting and executing actions over multiple steps toward an objective.

10.6 SYS.AGENTIC_SYSTEM

A system exhibiting planning, action, observation, adaptation, or persistence across multiple steps.

Agentic Facets

  • Single-agent
  • multi-agent
  • human-supervised
  • autonomous
  • episodic
  • persistent
  • tool-using
  • environment-embedded

10.7 SYS.MULTI_AGENT_SYSTEM

A system containing multiple interacting agents.

10.8 SYS.RETRIEVAL_COMPONENT

A component retrieving external information.

10.9 SYS.MEMORY_COMPONENT

A component preserving information across turns, sessions, tasks, or users.

Memory Facets

  • Session memory
  • persistent memory
  • user-specific memory
  • shared memory
  • vector memory
  • symbolic memory

10.10 SYS.TOOL

An external software, API, instrument, service, or environment accessible to the system.

Tool Subclasses

  • Search
  • code execution
  • file system
  • communication
  • database
  • financial
  • cyber
  • laboratory
  • robotic
  • productivity
  • administrative

10.11 SYS.ORCHESTRATOR

A component coordinating models, tools, agents, or workflows.

10.12 SYS.INTERFACE

The channel through which users or systems interact.

Interface Subclasses

  • Chat
  • API
  • embedded application
  • autonomous process
  • voice
  • robotics
  • batch
  • developer tool

10.13 SYS.MONITORING_COMPONENT

A component observing system behavior, access, or outputs.

10.14 SYS.SAFETY_COMPONENT

A system component implementing a safeguard.

10.15 SYS.HUMAN_COMPONENT

A human role embedded in system operation.

Examples:

  • Approver
  • supervisor
  • operator
  • reviewer
  • escalation authority

10.16 SYS.DEPLOYMENT_CONFIGURATION

A versioned operational configuration.

10.17 SYS.SYSTEM_MANIFEST

A structured record of system components and versions.

10.18 System Relationship Rules

  • A model part_of a system.
  • A system uses a tool.
  • A system implements a safeguard.
  • A system deployed_as a deployment.
  • A system version_of a prior system state.
  • A system derived_from a development lineage.

10.19 System Identity Minimum

A consequential system record should include:

  • Model identifier
  • system version
  • prompts or prompt status
  • tools
  • retrieval
  • memory
  • scaffolds
  • safeguards
  • access tier
  • deployment context
  • date

11. Lifecycle Taxonomy

11.1 LIFE.CONCEPT

Idea or early concept stage.

11.2 LIFE.RESEARCH

Research and feasibility stage.

11.3 LIFE.DEVELOPMENT

Model or system development.

11.4 LIFE.TRAINING

Base or subsequent training.

11.5 LIFE.POST_TRAINING

Post-training modification.

11.6 LIFE.INTERNAL_TESTING

Internal testing before external use.

11.7 LIFE.EXTERNAL_EVALUATION

Evaluation by an outside or independent actor.

11.8 LIFE.PRE_DEPLOYMENT

Final assessment and governance before operational release.

11.9 LIFE.PILOT_DEPLOYMENT

Bounded operational use.

11.10 LIFE.GENERAL_DEPLOYMENT

Broad operational use.

11.11 LIFE.MONITORING

Ongoing operational observation.

11.12 LIFE.UPDATE

Material model or system change.

11.13 LIFE.SUSPENSION

Temporary halt to use or access.

11.14 LIFE.ROLLBACK

Reversion to a prior version.

11.15 LIFE.WITHDRAWAL

Formal removal from use or availability.

11.16 LIFE.RETIREMENT

Planned end of active life.

11.17 LIFE.ARCHIVE

Historical preservation.

11.18 Lifecycle Relationship Rule

Every evaluation result should identify the lifecycle stage at which it was produced.

A pre-deployment result should not be treated as post-deployment evidence without justification.


12. Access and Release Taxonomy

12.1 ACCESS.PUBLIC

Available to the general public.

12.2 ACCESS.OPEN

Available under defined open-use, open-source, or open-weight conditions.

12.3 ACCESS.REGISTERED

Available after registration.

12.4 ACCESS.VERIFIED

Available to identity-verified users.

12.5 ACCESS.TIERED

Different capabilities are available at different access levels.

12.6 ACCESS.CONTROLLED

Available under contractual, institutional, security, or research controls.

12.7 ACCESS.RESTRICTED

Available only to a narrow authorized group.

12.8 ACCESS.INTERNAL

Available only within the responsible organization.

12.9 ACCESS.EMBARGOED

Temporarily unavailable pending a release date or condition.

12.10 ACCESS.REVOKED

Previously available access has been withdrawn.

12.11 Release Object Facets

Classify what is released:

  • Weights
  • source code
  • API
  • training data
  • technical report
  • evaluation tasks
  • system prompt
  • research artifacts
  • deployment service

12.12 Permission Facets

  • Read
  • query
  • fine-tune
  • modify
  • redistribute
  • commercial use
  • tool use
  • autonomous use
  • high-volume use

12.13 Access Risk Facets

  • Identity requirement
  • rate limit
  • use restriction
  • monitoring
  • geographic restriction
  • domain restriction
  • capability restriction
  • revocation support

13. Deployment Context Taxonomy

13.1 DEPLOY.INTERNAL

Use within the developing or deploying organization.

13.2 DEPLOY.CONSUMER

Use by general consumers.

13.3 DEPLOY.ENTERPRISE

Use in organizational operations.

13.4 DEPLOY.PROFESSIONAL

Use by qualified professionals.

13.5 DEPLOY.PUBLIC_SECTOR

Use by government or public bodies.

13.6 DEPLOY.CRITICAL_INFRASTRUCTURE

Use in systems whose disruption may create severe societal consequence.

13.7 DEPLOY.RESEARCH

Use for scientific or technical research.

13.8 DEPLOY.EDUCATION

Use in educational contexts.

13.9 DEPLOY.HEALTH

Use in health or medical contexts.

13.10 DEPLOY.FINANCE

Use in financial systems or decisions.

13.11 DEPLOY.CYBERSECURITY

Use in defensive or offensive cybersecurity contexts.

13.12 DEPLOY.LEGAL

Use in legal services, adjudication support, or legal administration.

13.13 DEPLOY.LABORATORY

Use with scientific instruments, biological systems, chemical systems, or physical experiments.

13.14 DEPLOY.ROBOTICS

Use in embodied systems.

13.15 DEPLOY.COMMUNICATION

Use for media, persuasion, or public communication.

13.16 Deployment Scale Facets

  • Individual
  • team
  • organization
  • sector
  • population
  • cross-border
  • infrastructure-wide

13.17 Decision Authority Facets

  • Advisory
  • recommendation
  • human-approved action
  • delegated action
  • autonomous action
  • binding decision support

13.18 Temporal Facets

  • Episodic
  • continuous
  • real-time
  • delayed
  • persistent

13.19 Human Oversight Facets

  • Human in the loop
  • human on the loop
  • human in command
  • no active human oversight
  • unknown

14. Capability Taxonomy

14.1 CAP.CAPABILITY

The ability of a model or system to perform a defined task or class of tasks under specified conditions.

14.2 Capability Object Facets

  • Model capability
  • system capability
  • human-AI team capability
  • organizational capability
  • effective deployed capability
  • latent capability
  • demonstrated capability

14.3 General Capability Domains

CAP.REASONING

  • Logical reasoning
  • mathematical reasoning
  • causal reasoning
  • spatial reasoning
  • strategic reasoning
  • scientific reasoning

CAP.KNOWLEDGE

  • Factual recall
  • domain knowledge
  • procedural knowledge
  • situational knowledge

CAP.LANGUAGE

  • Comprehension
  • generation
  • translation
  • summarization
  • dialogue
  • rhetorical adaptation

CAP.CODE

  • Code generation
  • debugging
  • architecture
  • repository navigation
  • software maintenance
  • exploit development

CAP.PLANNING

  • Goal decomposition
  • sequencing
  • scheduling
  • resource allocation
  • contingency planning

CAP.TOOL_USE

  • Search
  • code execution
  • database use
  • API use
  • laboratory tool use
  • robotic control

CAP.LEARNING

  • In-context learning
  • adaptation
  • memory-based improvement
  • self-correction
  • skill acquisition

CAP.AUTONOMY

  • Independent action selection
  • persistence
  • recovery
  • long-horizon execution
  • delegation
  • self-monitoring

CAP.SOCIAL

  • Persuasion
  • negotiation
  • coordination
  • deception
  • emotion recognition
  • role adaptation

CAP.CREATIVE

  • Ideation
  • design
  • artistic production
  • scientific hypothesis generation
  • invention

14.4 High-Stakes Capability Domains

CAP.CYBER

Subclasses:

  • Reconnaissance
  • vulnerability discovery
  • exploit development
  • credential attack
  • lateral movement
  • persistence
  • evasion
  • autonomous cyber operations
  • defensive remediation

CAP.BIOLOGICAL

Subclasses:

  • Biological knowledge
  • protocol design
  • experimental troubleshooting
  • pathogen-related reasoning
  • synthesis planning
  • laboratory automation
  • safety analysis

CAP.CHEMICAL

Subclasses:

  • Chemical synthesis planning
  • hazardous-material reasoning
  • laboratory optimization
  • safety and containment analysis

CAP.AUTONOMOUS_REPLICATION

Subclasses:

  • Resource acquisition
  • infrastructure deployment
  • service replication
  • persistence
  • identity creation
  • coordination

CAP.AI_RESEARCH_AND_DEVELOPMENT

Subclasses:

  • Algorithm design
  • experiment design
  • code implementation
  • training optimization
  • evaluation automation
  • model improvement research

CAP.PERSUASION_AND_MANIPULATION

Subclasses:

  • Targeted persuasion
  • mass persuasion
  • personalized influence
  • deception
  • coercive interaction
  • social engineering

CAP.CRITICAL_INFRASTRUCTURE

Subclasses:

  • Control-system analysis
  • operational planning
  • failure exploitation
  • resilience support

CAP.FINANCIAL_AND_ECONOMIC

Subclasses:

  • Trading
  • fraud
  • market manipulation
  • financial planning
  • economic forecasting
  • automated enterprise operation

CAP.SCIENTIFIC_AND_ENGINEERING

Subclasses:

  • Hypothesis generation
  • simulation
  • experimental design
  • engineering design
  • materials discovery
  • laboratory operation

14.5 Capability Dimensions

Every capability classification may include:

  • Accuracy
  • reliability
  • speed
  • cost
  • autonomy
  • generalization
  • transfer
  • stealth
  • scalability
  • resource need
  • tool dependence
  • human uplift
  • recoverability
  • task horizon

14.6 Capability Level

A capability level should be protocol-defined.

Generic levels may include:

  • Not demonstrated
  • basic
  • intermediate
  • advanced
  • expert-comparable
  • beyond reference group
  • critical threshold

These labels should not be used without task, reference, and evidence context.

14.7 Capability Relationship Rules

  • Capability demonstrated_by result.
  • Capability enabled_by system component.
  • Capability contributes_to risk.
  • Capability constrained_by safeguard.
  • Capability compared_with human baseline.
  • Capability requires resource or access.

15. Risk and Harm Taxonomy

15.1 RISK.HAZARD

A source or condition with potential to cause harm.

15.2 RISK.THREAT

A potential cause of an unwanted incident.

15.3 RISK.VULNERABILITY

A weakness that may be exploited or activated.

15.4 RISK.EXPOSURE

The degree to which an actor, system, asset, or population is subject to a hazard.

15.5 RISK.EVENT

An occurrence connecting hazard, vulnerability, and consequence.

15.6 RISK.CONSEQUENCE

The outcome or effect of an event.

15.7 RISK.RISK

The combination of likelihood and consequence under a defined context.

15.8 Risk Origin

  • Intentional misuse
  • accidental misuse
  • system failure
  • organizational failure
  • emergent interaction
  • security compromise
  • market failure
  • governance failure
  • systemic propagation

15.9 Risk Domain

RISK.PHYSICAL_HARM

RISK.PSYCHOLOGICAL_HARM

RISK.ECONOMIC_HARM

RISK.CIVIL_RIGHTS_HARM

RISK.PRIVACY_HARM

RISK.SECURITY_HARM

RISK.INFORMATION_HARM

RISK.ENVIRONMENTAL_HARM

RISK.INSTITUTIONAL_HARM

RISK.DEMOCRATIC_HARM

RISK.SYSTEMIC_HARM

RISK.CATASTROPHIC_HARM

RISK.EXISTENTIAL_HARM

15.10 Risk Actor Model

  • Unskilled user
  • skilled individual
  • organized criminal group
  • insider
  • corporation
  • state actor
  • automated system
  • multiple interacting actors

15.11 Risk Temporal Horizon

  • Immediate
  • near-term
  • medium-term
  • long-term
  • persistent
  • intergenerational

15.12 Risk Scale

  • Individual
  • household
  • organization
  • community
  • sector
  • national
  • international
  • global

15.13 Risk Reversibility

  • Reversible
  • partly reversible
  • difficult to reverse
  • irreversible
  • unknown

15.14 Risk Uncertainty

  • Known and measured
  • known but weakly measured
  • plausible
  • speculative
  • unknown

15.15 Systemic Risk Subclasses

  • Cascading technical failure
  • correlated decision failure
  • market concentration
  • institutional dependency
  • information ecosystem degradation
  • infrastructure coupling
  • cross-border propagation

15.16 Risk Relationship Rules

  • Hazard may_cause harm.
  • Vulnerability enables threat pathway.
  • Safeguard mitigates risk.
  • Capability increases_or_decreases risk under context.
  • Incident realizes risk.
  • Evidence supports risk claim.
  • Decision accepts, reduces, transfers, or avoids risk.

16. Safeguard and Control Taxonomy

16.1 SAFEGUARD.SAFEGUARD

A technical, procedural, organizational, contractual, or institutional measure intended to reduce risk.

16.2 Safeguard Function

SAFEGUARD.PREVENTIVE

Prevents or reduces the probability of an event.

SAFEGUARD.DETECTIVE

Detects an event, anomaly, or failure.

SAFEGUARD.CORRECTIVE

Contains, remediates, or recovers.

SAFEGUARD.COMPENSATING

Provides an alternative where a primary control is unavailable or insufficient.

SAFEGUARD.DETERRENT

Changes incentives to discourage harmful behavior.

16.3 Safeguard Layer

Model-Level

  • Training intervention
  • refusal behavior
  • policy conditioning
  • adversarial robustness
  • capability limitation

System-Level

  • Tool restriction
  • monitoring
  • rate limit
  • authentication
  • sandbox
  • output filter
  • approval workflow

Deployment-Level

  • User eligibility
  • domain restriction
  • geographic restriction
  • usage policy
  • logging
  • escalation

Organizational

  • Governance
  • personnel controls
  • incident response
  • training
  • access review
  • separation of duties

Contractual

  • Terms of use
  • liability
  • audit right
  • data-use restriction
  • disclosure obligation

Institutional

  • Standard
  • certification
  • accreditation
  • licensing
  • regulatory requirement
  • registry
  • mutual recognition

16.4 Safeguard Mechanism

  • Access control
  • identity verification
  • least privilege
  • rate limiting
  • monitoring
  • anomaly detection
  • human approval
  • tool isolation
  • secure enclave
  • redaction
  • refusal
  • content moderation
  • logging
  • rollback
  • deployment suspension
  • incident reporting
  • evaluation requirement
  • independent review

16.5 Safeguard Effectiveness Facets

  • Coverage
  • efficacy
  • robustness
  • bypass resistance
  • adaptive resistance
  • latency
  • reliability
  • cost
  • usability
  • scalability
  • residual risk
  • monitored status

16.6 Safeguard Relationship Rules

  • Safeguard implemented_in system.
  • Safeguard mitigates risk.
  • Safeguard tested_by evaluation.
  • Safeguard required_by standard.
  • Safeguard fails_in incident.
  • Safeguard superseded_by improved control.

17. Evaluation and Testing Taxonomy

17.1 EVAL.EVALUATION

A structured process for producing and interpreting evidence about an object or claim.

17.2 Evaluation Object

  • Model
  • system
  • safeguard
  • organization
  • process
  • protocol
  • evaluator
  • standard
  • incident response
  • deployment

17.3 Evaluation Purpose

  • Capability measurement
  • safeguard assessment
  • risk assessment
  • compliance assessment
  • conformity assessment
  • research
  • procurement
  • deployment decision
  • monitoring
  • incident investigation
  • accreditation support

17.4 Evaluation Timing

  • Development
  • pre-deployment
  • deployment
  • post-deployment
  • continuous
  • incident-triggered
  • scheduled reassessment

17.5 Evaluation Party

  • First-party
  • second-party
  • third-party
  • regulator
  • academic
  • public-interest
  • community

17.6 Evaluation Openness

  • Public
  • open task
  • partially protected
  • held-out
  • confidential
  • restricted
  • federated

17.7 EVAL.TEST

A defined procedure used to observe or measure one or more characteristics.

17.8 EVAL.BENCHMARK

A standardized task set, procedure, and metric used for comparison.

Benchmark Subclasses

  • Public benchmark
  • private benchmark
  • live benchmark
  • dynamic benchmark
  • domain benchmark
  • agent benchmark
  • human-uplift benchmark

17.9 EVAL.PROTOCOL

The complete versioned specification governing evaluation.

17.10 EVAL.TASK

A defined activity assigned to a model or system.

17.11 EVAL.TASK_FAMILY

A group of related tasks.

17.12 EVAL.SCENARIO

A structured contextual situation for evaluation.

17.13 EVAL.ENVIRONMENT

The setting in which evaluation occurs.

17.14 EVAL.HARNESS

Software and infrastructure administering the evaluation.

17.15 EVAL.RUN

One execution of an evaluation or part of it.

17.16 EVAL.TRIAL

One attempt at a task or item.

17.17 EVAL.RESULT

A scored or interpreted output of an evaluation.

17.18 Evaluation Method

  • Static evaluation
  • dynamic evaluation
  • held-out evaluation
  • adversarial evaluation
  • red-team evaluation
  • simulation
  • sandbox evaluation
  • real-world evaluation
  • human baseline
  • human-uplift study
  • observational monitoring
  • formal verification
  • stress test
  • penetration test
  • tabletop exercise

17.19 Elicitation Facet

  • Zero-shot
  • few-shot
  • prompt optimized
  • tool augmented
  • scaffolded
  • fine-tuned
  • human assisted
  • best effort
  • standardized
  • practical deployment

17.20 Scoring Facet

  • Exact
  • rule-based
  • environment-based
  • human rubric
  • model judge
  • hybrid
  • expert adjudication
  • probabilistic
  • ordinal

17.21 Integrity Facet

  • Unexposed
  • exposure uncertain
  • partially exposed
  • contaminated
  • compromised
  • retired

17.22 Evaluation Relationship Rules

  • Protocol contains task family.
  • Task family samples task universe.
  • Evaluation uses protocol.
  • Run evaluates system.
  • Result generated_by run.
  • Result supports claim.
  • Reviewer reviews result.
  • Result expires_on date or trigger.

18. Evidence and Claim Taxonomy

18.1 EVIDENCE.CLAIM

A proposition asserted to be true, supported, justified, or sufficiently reliable for a defined purpose.

Claim Type

  • Descriptive
  • comparative
  • causal
  • predictive
  • capability
  • absence
  • safeguard
  • safety
  • security
  • reliability
  • organizational
  • legal
  • standards
  • compliance
  • certification
  • accreditation
  • policy
  • historical
  • consensus
  • reputational

18.2 EVIDENCE.EVIDENCE_OBJECT

An information object relevant to supporting or challenging a claim.

18.3 Evidence Directness

  • EVIDENCE.DIRECT
  • EVIDENCE.INDIRECT
  • EVIDENCE.CIRCUMSTANTIAL
  • EVIDENCE.TESTIMONIAL
  • EVIDENCE.DERIVED

18.4 Evidence Source Type

  • Primary
  • secondary
  • tertiary
  • generated
  • anonymous
  • personal communication
  • official record
  • technical artifact
  • expert judgment
  • operational record
  • incident record

18.5 Evidence Form

  • Document
  • data
  • code
  • log
  • model output
  • image
  • video
  • audio
  • physical artifact
  • testimony
  • observation
  • statistical estimate
  • certificate
  • registry record
  • legal text
  • standard
  • review finding

18.6 Evidence Level

Use the canonical evidence levels from EVIDENCE_STANDARDS.md.

  • EVIDENCE.LEVEL.E0_UNSUPPORTED
  • EVIDENCE.LEVEL.E1_PRELIMINARY
  • EVIDENCE.LEVEL.E2_SUPPORTED
  • EVIDENCE.LEVEL.E3_SUBSTANTIATED
  • EVIDENCE.LEVEL.E4_DECISION_GRADE

18.7 Confidence

  • Very low
  • low
  • moderate
  • high
  • very high

18.8 Evidence Quality Facets

  • Relevance
  • directness
  • construct validity
  • internal validity
  • external validity
  • reliability
  • provenance
  • authenticity
  • completeness
  • independence
  • recency
  • representativeness
  • reproducibility
  • replicability
  • security
  • uncertainty
  • decision relevance
  • conflict exposure
  • gaming susceptibility

18.9 Evidence Status

  • Current
  • preliminary
  • disputed
  • corrected
  • superseded
  • withdrawn
  • expired
  • inaccessible
  • compromised

18.10 Claim Status

  • Proposed
  • under review
  • supported
  • substantiated
  • decision-grade
  • partially substantiated
  • not substantiated
  • inconclusive
  • disputed
  • corrected
  • withdrawn
  • retired

18.11 Evidence Direction

  • Supports
  • challenges
  • narrows
  • contextualizes
  • supersedes
  • invalidates
  • does not resolve

18.12 Evidence Relationship Rules

  • Evidence object supports claim.
  • Evidence object challenges claim.
  • Claim concerns entity.
  • Claim bounded_by scope.
  • Claim used_for decision.
  • Claim has_evidence_level evidence level.
  • Claim has_confidence confidence.
  • Evidence object derived_from source.
  • Evidence object reviewed_by reviewer.

19. Review Taxonomy

19.1 REVIEW.REVIEW

A structured examination of evidence, methods, reasoning, process, or claims.

19.2 Review Relationship

  • Internal
  • external
  • independent
  • peer
  • second-party
  • public
  • regulatory

19.3 Review Subject

  • Protocol
  • task bank
  • model
  • system
  • evaluation result
  • evidence package
  • standard
  • organization
  • safeguard
  • incident
  • decision

19.4 Review Discipline

  • Technical
  • methodological
  • statistical
  • domain
  • security
  • ethics
  • legal
  • governance
  • public interest
  • economic
  • interoperability

19.5 Review Depth

  • Screening
  • limited review
  • full review
  • deep technical review
  • continuous review
  • re-review
  • meta-review

19.6 REVIEW.MANDATE

A documented review question, scope, authority, access, methods, outputs, constraints, and decision relationship.

19.7 REVIEW.FINDING

A supported conclusion produced through review.

19.8 REVIEW.DISSENT

A reasoned disagreement with a primary or majority conclusion.

19.9 REVIEW.MINORITY_REPORT

A formal documented dissent.

19.10 REVIEW.FACTUAL_CORRECTION

Review focused on factual or configuration accuracy.

19.11 Review Access Facet

  • Public-only
  • document access
  • raw evidence access
  • system access
  • weight access
  • personnel access
  • restricted access
  • insufficient access

19.12 Review Independence Facet

  • Organizational
  • financial
  • methodological
  • informational
  • operational
  • publication
  • intellectual
  • political
  • security

19.13 Review Outcome

  • Approve
  • approve with conditions
  • revise
  • defer
  • narrow claim
  • restrict publication
  • reject
  • withdraw
  • inconclusive

20. Audit, Assurance, Certification, and Accreditation Taxonomy

20.1 ASSURANCE.ASSURANCE

Evidence-supported confidence that a claim or requirement is sufficiently reliable for a defined purpose.

20.2 Assurance Level

  • Informal assurance
  • limited assurance
  • reasonable assurance
  • continuous assurance
  • decision-specific assurance

20.3 ASSURANCE.AUDIT

A systematic, independent, documented process for obtaining and evaluating evidence against defined criteria.

Audit Subject

  • Organization
  • management system
  • process
  • control
  • data
  • evaluation
  • security
  • compliance
  • supplier
  • model-development process

20.4 ASSURANCE.INSPECTION

Examination of a product, process, service, system, installation, or design for conformity with requirements.

20.5 ASSURANCE.VALIDATION

Confirmation that a method, model, process, or requirement is suitable for intended use.

20.6 ASSURANCE.VERIFICATION

Confirmation that specified requirements have been fulfilled.

20.7 ASSURANCE.ATTESTATION

Issue of a statement, after review and decision, that specified requirements have been demonstrated.

20.8 ASSURANCE.CONFORMITY_ASSESSMENT

Demonstration that specified requirements are fulfilled.

20.9 Conformity-Assessment Party

  • First-party
  • second-party
  • third-party

20.10 ASSURANCE.CERTIFICATION

Third-party attestation under a defined certification scheme.

Certification Object

  • Product
  • process
  • service
  • management system
  • person
  • system configuration
  • evaluation process

20.11 ASSURANCE.CERTIFICATE

A formal record of certification.

20.12 ASSURANCE.CERTIFICATION_SCHEME

The rules, procedures, requirements, assessment, surveillance, claims, and governance for certification.

20.13 ASSURANCE.ACCREDITATION

Independent recognition that a conformity-assessment body is competent and impartial for specified activities.

20.14 ASSURANCE.ACCREDITATION_SCOPE

The exact activities, methods, domains, systems, locations, and limits of recognition.

20.15 ASSURANCE.RECOGNITION

Acceptance of evidence, competence, process, status, or decision for a defined purpose.

20.16 Recognition Type

  • Evidence recognition
  • competence recognition
  • certificate recognition
  • process recognition
  • legal recognition
  • unilateral recognition
  • mutual recognition
  • conditional recognition

20.17 Assurance Status

  • Applicant
  • under assessment
  • active
  • conditional
  • suspended
  • expired
  • withdrawn
  • reduced scope
  • superseded

20.18 Assurance Relationship Rules

  • Auditor audits subject.
  • Audit uses_criteria requirement set.
  • Certification body certifies object.
  • Certificate attests_conformity_to scheme.
  • Accreditation body accredits conformity-assessment body.
  • Accreditation limited_to scope.
  • Recognition authority recognizes evidence or competence.
  • Surveillance maintains_or_changes status.

21. Standards and Requirements Taxonomy

21.1 STANDARD.DOCUMENT

A governed document providing rules, requirements, guidelines, characteristics, or common practices.

21.2 Standards Stage

  • Research concept
  • draft
  • committee draft
  • public review draft
  • proposed standard
  • approved standard
  • active standard
  • amended
  • superseded
  • withdrawn
  • retired

21.3 Standards Type

STANDARD.TECHNICAL

Defines technical methods, interfaces, measurements, or performance.

STANDARD.PROCESS

Defines procedures, records, and workflows.

STANDARD.MANAGEMENT_SYSTEM

Defines organizational management requirements.

STANDARD.PERFORMANCE

Defines required outcomes.

STANDARD.INTERFACE

Defines interactions and data exchange.

STANDARD.REPORTING

Defines disclosure and reporting.

STANDARD.TERMINOLOGY

Defines terms and classifications.

STANDARD.TEST_METHOD

Defines testing or evaluation procedures.

21.4 STANDARD.SPECIFICATION

A detailed technical or procedural description.

21.5 STANDARD.GUIDANCE

Advisory material explaining interpretation or implementation.

21.6 STANDARD.FRAMEWORK

A structured set of concepts, functions, outcomes, or practices.

21.7 STANDARD.CODE_OF_CONDUCT

A set of expected behaviors or voluntary commitments.

21.8 STANDARD.CODE_OF_PRACTICE

Operational guidance describing accepted implementation practices.

21.9 STANDARD.REQUIREMENT

A condition that must be fulfilled within a defined context.

Requirement Force

  • Advisory
  • voluntary
  • contractual
  • procurement
  • professional
  • scheme-mandatory
  • legally mandatory
  • regulatory

Requirement Form

  • Performance-based
  • prescriptive
  • process-based
  • risk-based
  • capability-based
  • deployment-based
  • outcome-based
  • reporting-based

Requirement Level

  • Baseline
  • minimum
  • progressive
  • tiered
  • advanced
  • emergency

21.10 STANDARD.CONFORMITY_CRITERION

A criterion used to determine whether a requirement is fulfilled.

21.11 STANDARD.SAFE_HARBOR

A provision providing defined protection when specified conditions are met.

21.12 STANDARD.PRESUMPTION_OF_CONFORMITY

A presumption that following a recognized standard supports fulfillment of a requirement.

21.13 STANDARD.SUNSET

A provision causing expiration unless renewed.

21.14 STANDARD.REVIEW_CLAUSE

A requirement for reassessment.

21.15 Standards Relationship Rules

  • Standard defines requirement.
  • Requirement applies_to object.
  • Protocol tests requirement.
  • Evidence supports_conformity_with requirement.
  • Certificate attests_conformity_to scheme.
  • Law incorporates_by_reference standard.
  • Standard supersedes prior standard.

22. Governance and Decision Taxonomy

22.1 GOV.GOVERNANCE_SYSTEM

A system of authority, roles, decisions, accountability, oversight, and control.

22.2 Governance Body

  • Governing body
  • board
  • secretariat
  • committee
  • technical committee
  • advisory group
  • working group
  • appeals body
  • ethics body
  • security body
  • public-interest council

22.3 Governance Function

  • Strategy
  • oversight
  • standard setting
  • protocol approval
  • task custody
  • evaluation administration
  • assurance
  • incident response
  • appeals
  • registry
  • transparency
  • enforcement

22.4 GOV.DECISION

A formal determination by an authorized actor.

Decision Type

  • Technical
  • methodological
  • deployment
  • access
  • risk acceptance
  • safeguard
  • publication
  • certification
  • accreditation
  • recognition
  • standards progression
  • legal
  • funding
  • correction
  • retirement

22.5 Decision Outcome

  • Approve
  • approve with conditions
  • pilot
  • defer
  • reject
  • suspend
  • withdraw
  • recognize
  • conditionally recognize
  • decline recognition
  • retire

22.6 GOV.DECISION_RIGHT

Authority to make a defined decision.

22.7 GOV.MANDATE

A documented assignment of purpose, authority, responsibility, scope, and limits.

22.8 GOV.ACCOUNTABILITY

Obligation to explain, justify, and accept responsibility.

22.9 GOV.OVERSIGHT

Supervisory or independent observation and review.

22.10 GOV.APPEAL

A formal request for review of a decision.

22.11 GOV.COMPLAINT

A documented expression of dissatisfaction or allegation.

22.12 GOV.RECUSAL

Withdrawal because of conflict or disqualification.

22.13 GOV.CONSENSUS

Broad agreement after addressing substantial objections.

22.14 GOV.DISSENT

A reasoned unresolved disagreement.

22.15 Governance Risk

  • Capture
  • conflict
  • concentration
  • opacity
  • inconsistent decision
  • authority inflation
  • participation failure
  • accountability failure
  • emergency-power abuse

22.16 Governance Relationship Rules

  • Body has_decision_right decision type.
  • Actor responsible_for function.
  • Decision based_on evidence package.
  • Decision subject_to appeal.
  • Conflict requires mitigation or recusal.
  • Governance system oversees process.

23. Incident, Failure, and Correction Taxonomy

23.1 INCIDENT.INCIDENT

An event or condition that caused, could have caused, or revealed material harm, failure, compromise, misuse, or loss of control.

23.2 Incident Type

  • Safety incident
  • security incident
  • misuse incident
  • privacy incident
  • evaluation incident
  • research incident
  • governance incident
  • standards incident
  • assurance incident
  • interoperability incident
  • near miss

23.3 Incident Role of AI

  • Initiated
  • enabled
  • accelerated
  • amplified
  • failed to prevent
  • detected
  • mitigated
  • incidental
  • unknown

23.4 Incident Severity

  • Minor
  • limited
  • material
  • serious
  • critical
  • catastrophic

23.5 Incident Status

  • Reported
  • triaged
  • under investigation
  • confirmed
  • disputed
  • contained
  • remediated
  • closed
  • reopened
  • archived

23.6 INCIDENT.FAILURE

Inability of a system, process, safeguard, evaluator, or institution to fulfill an intended function or requirement.

23.7 Failure Layer

  • Model
  • system
  • data
  • tool
  • human
  • organizational
  • governance
  • evaluator
  • standard
  • incentive
  • interoperability

23.8 Failure Mode

  • Incorrect output
  • refusal failure
  • safeguard bypass
  • hallucination
  • loss of control
  • unauthorized action
  • monitoring failure
  • access-control failure
  • evidence contamination
  • scoring failure
  • conflict failure
  • process nonconformity
  • correction failure
  • recognition drift

23.9 INCIDENT.ROOT_CAUSE

An underlying cause whose correction would materially reduce recurrence.

23.10 INCIDENT.CONTRIBUTING_FACTOR

A condition increasing likelihood or severity.

23.11 INCIDENT.CORRECTIVE_ACTION

Action addressing a detected failure.

23.12 INCIDENT.PREVENTIVE_ACTION

Action reducing the likelihood of a potential failure.

23.13 INCIDENT.CORRECTION

A visible change addressing error in a record, claim, method, or result.

23.14 Correction Type

  • Editorial
  • factual
  • methodological
  • statistical
  • legal-status
  • security
  • evidence-level
  • confidence
  • withdrawal
  • supersession

23.15 Incident Relationship Rules

  • Incident involves system.
  • Incident realizes risk.
  • Failure contributes_to incident.
  • Root cause explains failure.
  • Corrective action addresses root cause.
  • Incident triggers protocol or standards review.
  • Correction updates claim or record.

24. Incentive and Recognition Taxonomy

24.1 INCENTIVE.INCENTIVE

A condition changing expected benefit, cost, status, opportunity, or consequence.

24.2 Incentive Mechanism

  • Financial reward
  • financial penalty
  • access
  • procurement preference
  • insurance
  • liability
  • professional credit
  • publication
  • recognition
  • prestige
  • grant
  • prize
  • bounty
  • enforcement
  • membership
  • data access

24.3 Incentive Target

  • Developer
  • deployer
  • evaluator
  • reviewer
  • researcher
  • maintainer
  • whistleblower
  • standard setter
  • purchaser
  • public institution

24.4 Desired Behavior

  • Evaluation
  • disclosure
  • correction
  • maintenance
  • replication
  • safeguard adoption
  • standards adoption
  • incident reporting
  • public-goods contribution
  • capacity building

24.5 Unintended Incentive Effect

  • Goodhart effect
  • gaming
  • metric fixation
  • prestige capture
  • client capture
  • crowding out
  • adverse selection
  • moral hazard
  • free riding
  • incumbent entrenchment
  • underreporting
  • overclassification

24.6 INCENTIVE.RECOGNITION

Formal or informal acknowledgment of contribution, competence, or achievement.

Recognition Type

  • Contribution credit
  • professional recognition
  • public award
  • evaluator recognition
  • corrective credit
  • institutional recognition
  • mutual recognition

24.7 INCENTIVE.PRESTIGE

Durable esteem or status granted by a community or institution.

24.8 Recognition Status

  • Nominated
  • reviewed
  • granted
  • conditional
  • suspended
  • withdrawn
  • expired

24.9 Incentive Relationship Rules

  • Incentive targets actor.
  • Incentive rewards behavior.
  • Incentive may_create gaming risk.
  • Recognition based_on evidence.
  • Prestige does_not_imply competence or authority.

25. Interoperability and International Coordination Taxonomy

25.1 INTEROP.INTEROPERABILITY

The ability of distinct systems, protocols, organizations, or jurisdictions to exchange, interpret, and use information or evidence.

25.2 Interoperability Layer

  • Semantic
  • syntactic
  • technical
  • measurement
  • protocol
  • assurance
  • institutional
  • legal
  • security
  • operational

25.3 INTEROP.CROSSWALK

A structured mapping among classes, requirements, controls, protocols, or standards.

25.4 INTEROP.BRIDGE_STUDY

An empirical or analytical study connecting results across protocols, versions, languages, or systems.

25.5 INTEROP.COMMON_CORE

Shared elements preserved across implementations.

25.6 INTEROP.LOCAL_EXTENSION

A documented jurisdictional, sectoral, linguistic, or institutional addition.

25.7 INTEROP.EQUIVALENCE

A determination that different methods or requirements achieve sufficiently comparable outcomes for a stated purpose.

25.8 INTEROP.COMPARABILITY

The degree to which results can be meaningfully compared.

25.9 INTEROP.MUTUAL_RECOGNITION

Reciprocal acceptance of defined results, status, or competence.

25.10 INTEROP.FEDERATED_REGISTRY

A registry model in which multiple authorities maintain interoperable records.

25.11 INTEROP.TRANSLATION_VALIDATION

Assessment of whether a translation preserves intended meaning and construct.

25.12 INTEROP.CAPACITY_BUILDING

Development of local expertise, infrastructure, governance, and participation.

25.13 Interoperability Status

  • Compatible
  • partially compatible
  • conditionally recognized
  • not comparable
  • conflicting
  • superseded
  • mapping incomplete

25.14 Interoperability Relationship Rules

  • Crosswalk maps class or requirement.
  • Bridge study supports comparability.
  • Recognition accepts_for_purpose external result.
  • Local extension extends common core.
  • Translation version_of source vocabulary.
  • Registry exchanges_with registry.

26. Research Taxonomy

26.1 RESEARCH.PROJECT

A structured activity intended to generate, test, synthesize, or apply knowledge.

26.2 Research Purpose

  • Descriptive
  • exploratory
  • confirmatory
  • evaluative
  • causal
  • predictive
  • comparative
  • synthesis
  • institutional design
  • metaresearch

26.3 Research Method

  • Experiment
  • observational study
  • simulation
  • literature review
  • systematic review
  • scoping review
  • rapid review
  • narrative review
  • living review
  • case study
  • interview
  • survey
  • focus group
  • Delphi
  • structured expert judgment
  • forecast
  • replication
  • reproducibility study
  • methodological audit

26.4 Research Object

  • Model
  • system
  • capability
  • safeguard
  • evaluator
  • institution
  • standard
  • incident
  • policy
  • legal regime
  • research method

26.5 Research Stage

  • Question
  • protocol
  • registered
  • collecting
  • analyzing
  • under review
  • published
  • monitoring
  • corrected
  • withdrawn
  • retired

26.6 Research Consequence

  • Minimal
  • limited
  • material
  • high
  • critical

26.7 Research Sensitivity

  • Public
  • controlled
  • confidential
  • restricted
  • highly restricted

26.8 Research Output

  • Note
  • brief
  • working paper
  • white paper
  • protocol
  • dataset
  • code
  • task bank
  • review
  • standard proposal
  • case study
  • pilot report
  • replication report
  • registry record

26.9 Research Relationship Rules

  • Project investigates question.
  • Protocol governs project.
  • Artifact produced_by project.
  • Evidence generated_by project.
  • Review evaluates project.
  • Publication reports result.
  • Correction updates publication.

27. Status, Version, Security, and Record Taxonomy

27.1 STATUS.VERSION

An identified state of an object.

27.2 Version Change

  • Major
  • minor
  • patch
  • emergency
  • editorial

27.3 Lifecycle Status

  • Draft
  • proposed
  • approved
  • active
  • current
  • conditional
  • expired
  • suspended
  • corrected
  • superseded
  • withdrawn
  • deprecated
  • retired
  • archived

27.4 STATUS.RECORD

A structured representation of an entity.

27.5 Record Type

  • Model record
  • system manifest
  • protocol record
  • evaluation record
  • evidence record
  • claim record
  • reviewer record
  • evaluator record
  • certificate record
  • accreditation record
  • incident record
  • standard record
  • recognition record
  • correction record

27.6 Record Integrity

  • Signed
  • hashed
  • witnessed
  • version controlled
  • mutable
  • immutable
  • unverifiable

27.7 SECURITY.CLASSIFICATION

A category governing access, handling, and disclosure.

Classes

  • Public
  • controlled
  • confidential
  • restricted
  • highly restricted

27.8 Security Handling

  • View
  • edit
  • export
  • redistribute
  • summarize
  • cite
  • destroy
  • archive

27.9 Security Status

  • Active
  • under review
  • compromised
  • declassified
  • released
  • destroyed
  • archived

27.10 Status Relationship Rules

  • Version supersedes version.
  • Record represents entity.
  • Status applies_to record.
  • Correction amends record.
  • Withdrawal invalidates_current_use_of record.
  • Archive preserves retired record.

28. Jurisdiction and Legal Scope Taxonomy

28.1 JURIS.JURISDICTION

A legal, geographic, organizational, or institutional domain of authority.

28.2 Jurisdiction Level

  • Local
  • subnational
  • national
  • supranational
  • treaty-based
  • international institutional
  • contractual
  • organizational

28.3 Legal Instrument

  • Constitution
  • statute
  • regulation
  • order
  • judicial decision
  • treaty
  • guidance
  • code
  • contract
  • procurement rule
  • license

28.4 Legal Status

  • Proposed
  • enacted
  • effective
  • transitional
  • stayed
  • amended
  • repealed
  • expired
  • superseded

28.5 Applicability

  • Developer
  • provider
  • deployer
  • user
  • evaluator
  • importer
  • distributor
  • public body
  • specific sector
  • specific system category

28.6 Legal Relationship Rules

  • Requirement applies_in jurisdiction.
  • Authority issues instrument.
  • Standard incorporated_into legal instrument.
  • Decision binding_in jurisdiction.
  • Crosswalk does_not_establish legal equivalence without recognition.

29. Core Relationship Vocabulary

The following relationship types are canonical.

29.1 Identity Relationships

  • is_a
  • instance_of
  • version_of
  • same_as
  • not_same_as

29.2 Composition Relationships

  • part_of
  • contains
  • uses
  • implements
  • depends_on

29.3 Lineage Relationships

  • derived_from
  • trained_from
  • fine_tuned_from
  • forked_from
  • supersedes

29.4 Evaluation Relationships

  • evaluated_by
  • administered_by
  • tested_with
  • scored_by
  • reviewed_by
  • replicated_by

29.5 Evidence Relationships

  • supports
  • challenges
  • narrows
  • contextualizes
  • invalidates
  • derived_from_source

29.6 Risk Relationships

  • creates_hazard
  • exposes
  • enables
  • may_cause
  • mitigates
  • detects
  • contains
  • realizes

29.7 Standards and Assurance Relationships

  • defines_requirement
  • conforms_to
  • certified_against
  • accredited_for
  • recognized_by
  • incorporated_by_reference

29.8 Governance Relationships

  • governed_by
  • owned_by
  • authorized_by
  • decided_by
  • appealable_to
  • overseen_by

29.9 Temporal Relationships

  • precedes
  • follows
  • effective_from
  • expires_on
  • superseded_by
  • withdrawn_on

29.10 Relationship Confidence

Every inferred relationship may include:

  • Confirmed
  • high
  • moderate
  • low
  • disputed
  • unknown

30. Classification Rules

30.1 Model Versus System Rule

Classify a model separately from the system using it.

30.2 Role Separation Rule

Classify every actor role separately.

30.3 Capability-Risk Rule

Do not classify a capability as a risk.

Link the capability to a risk through context.

30.4 Safeguard Rule

Classify a safeguard by function, layer, and mechanism.

Do not classify it as proof of safety.

30.5 Evaluation-Audit Rule

Do not classify an evaluation as an audit unless defined criteria and audit process exist.

30.6 Certification-Accreditation Rule

Certification applies to conformity under a scheme.

Accreditation applies to competence of a conformity-assessment body within scope.

30.7 External-Independent Rule

External is a location or organizational relationship.

Independent is a multidimensional condition.

30.8 Legal-Technical Rule

Preserve legal and technical categories separately.

30.9 Current-Status Rule

Every consequential record should include current status.

30.10 Multi-Label Rule

Use multiple facets when one label would hide important dimensions.

30.11 Uncertain Classification Rule

Use confidence and alternatives.

Do not force a false category.

30.12 Local-Extension Rule

Local extensions should retain mapping to the common core.

30.13 Public-Claim Rule

Public classification should not imply authority beyond the evidence and project status.


31. Core Entity Profiles

A profile defines the minimum classes, facets, properties, and relationships required for a recurring record type.

31.1 Model Profile

Required fields:

  • Model record identifier
  • public or internal name
  • developer
  • model family
  • exact version or checkpoint
  • release date
  • modality
  • function
  • general-purpose or domain-specific status
  • weight-access status
  • training or lineage information where available
  • applicable licenses
  • current status
  • related system records
  • evidence and source records
  • classification confidence

Optional fields:

  • Parameter or scale information
  • training-compute information
  • training-data summary
  • post-training methods
  • known limitations
  • frontier classification basis
  • security restrictions

31.2 System Profile

Required fields:

  • System identifier
  • system version
  • responsible developer or deployer
  • model components
  • system prompts or prompt-disclosure status
  • tools
  • retrieval
  • memory
  • scaffolds
  • safeguards
  • interfaces
  • access tier
  • deployment context
  • lifecycle stage
  • current status
  • related evaluation records

31.3 Deployment Profile

Required fields:

  • Deployment identifier
  • system identifier
  • deployer
  • operator
  • user class
  • sector
  • geographic scope
  • scale
  • decision authority
  • human oversight
  • connected infrastructure
  • monitoring
  • safeguards
  • start date
  • current status
  • jurisdiction

31.4 Capability Profile

Required fields:

  • Capability identifier
  • domain
  • task or task family
  • evaluated object
  • conditions
  • tools
  • elicitation
  • reliability
  • autonomy
  • resource requirements
  • human reference
  • demonstrated level
  • evidence level
  • confidence
  • limitations
  • result status

31.5 Risk Profile

Required fields:

  • Risk identifier
  • hazard
  • threat actor or source
  • vulnerability
  • exposure
  • consequence
  • likelihood or plausibility
  • scale
  • time horizon
  • reversibility
  • safeguards
  • residual risk
  • uncertainty
  • decision owner
  • evidence level
  • review date

31.6 Safeguard Profile

Required fields:

  • Safeguard identifier
  • function
  • layer
  • mechanism
  • risk addressed
  • system or organization implementing it
  • coverage
  • threat model
  • evaluation method
  • effectiveness evidence
  • bypass evidence
  • residual risk
  • owner
  • monitoring
  • status
  • review date

31.7 Evaluation Protocol Profile

Required fields:

  • Protocol identifier
  • title
  • version
  • owner
  • purpose
  • claim or decision
  • evaluated object
  • construct
  • task universe
  • task families
  • administration
  • elicitation
  • environment
  • scoring
  • uncertainty
  • integrity classification
  • change control
  • expiration
  • security
  • review status
  • current status

31.8 Evaluation Result Profile

Required fields:

  • Result identifier
  • protocol identifier and version
  • system identifier and version
  • evaluator
  • date
  • lifecycle stage
  • task sample
  • elicitation conditions
  • environment
  • score or finding
  • uncertainty
  • integrity status
  • evidence level
  • confidence
  • reviewer
  • limitations
  • expiration
  • status

31.9 Evidence Profile

Required fields:

  • Evidence identifier
  • source
  • source type
  • date
  • claim relationship
  • form
  • directness
  • quality profile
  • provenance
  • security classification
  • review status
  • evidence level
  • current status

31.10 Independent Review Profile

Required fields:

  • Review identifier
  • mandate
  • reviewed object
  • reviewers
  • qualifications
  • independence profile
  • conflicts
  • access
  • method
  • findings
  • dissent
  • right of reply
  • publication status
  • date
  • current status

31.11 Evaluator Organization Profile

Required fields:

  • Organization identifier
  • legal identity
  • governance
  • ownership
  • services
  • competence scopes
  • personnel
  • quality system
  • security
  • methods
  • conflicts
  • client concentration
  • complaints
  • proficiency
  • accreditation or recognition status
  • current status

31.12 Standard Profile

Required fields:

  • Standard identifier
  • issuing body
  • title
  • version
  • type
  • scope
  • requirements
  • applicable objects
  • development stage
  • consensus process
  • assurance relationship
  • jurisdictional use
  • effective date
  • review date
  • status
  • superseded version

31.13 Certificate Profile

Required fields:

  • Certificate identifier
  • certification body
  • scheme
  • certified object
  • requirements
  • scope
  • decision date
  • effective date
  • expiration
  • surveillance
  • status
  • registry location
  • exclusions

31.14 Accreditation Profile

Required fields:

  • Accreditation identifier
  • accreditation body
  • accredited body
  • criteria
  • scope
  • locations
  • methods
  • effective date
  • reassessment
  • status
  • suspension or withdrawal record

31.15 Incident Profile

Required fields:

  • Incident identifier
  • date
  • reporting source
  • system
  • deployment
  • incident type
  • AI role
  • affected parties
  • actual and potential harm
  • severity
  • evidence
  • confidence
  • failure modes
  • root causes
  • response
  • corrective action
  • status
  • disclosure level

31.16 Recognition Profile

Required fields:

  • Recognition identifier
  • recognizing authority
  • object recognized
  • recognition type
  • purpose
  • evidence
  • scope
  • conditions
  • effective date
  • expiration
  • review
  • status

32. Machine-Readable Representation

32.1 Design Goal

The taxonomy should support structured data without forcing the Markdown document to function as executable software.

A future machine-readable release may use:

  • JSON
  • JSON Schema
  • JSON-LD
  • RDF
  • SKOS
  • OWL
  • YAML
  • CSV for controlled lists

32.2 Human and Machine Labels

Every class should have:

  • Stable identifier
  • preferred label
  • definition
  • status
  • parent
  • related classes
  • effective version
  • change history

32.3 Example Class Record

yaml id: CAP.CYBER.AUTONOMOUS_OPERATIONS preferred_label: Autonomous cyber operations capability definition: > The capability of an AI system to plan and execute multiple cyber-operation steps with limited direct human instruction under defined conditions. parent: CAP.CYBER status: preferred facets: - capability_object - autonomy_level - reliability - tool_access - evidence_level related: - CAP.PLANNING - CAP.TOOL_USE - RISK.SECURITY_HARM - EVAL.AGENT_EVALUATION version: 1.0.0

32.4 Example Evaluation Result Record

yaml id: SB-RESULT-2026-0044 type: EVAL.RESULT evaluated_object: SB-SYSTEM-2026-0017 protocol: SB-PROTOCOL-2026-0008 protocol_version: 1.2.0 capability: - CAP.CYBER.AUTONOMOUS_OPERATIONS evaluation_party: ACTOR.THIRD_PARTY_EVALUATOR integrity: EVAL.INTEGRITY.UNEXPOSED evidence_level: EVIDENCE.LEVEL.E3_SUBSTANTIATED confidence: high status: STATUS.CURRENT security: SECURITY.CONFIDENTIAL expires_on: 2027-01-15

32.5 JSON-LD Relationship Example

json { "@id": "SB-RESULT-2026-0044", "@type": "EVAL.RESULT", "evaluatedBy": {"@id": "SB-PROTOCOL-2026-0008"}, "concernsSystem": {"@id": "SB-SYSTEM-2026-0017"}, "supportsClaim": {"@id": "SB-CLAIM-2026-0031"}, "reviewedBy": {"@id": "SB-REVIEW-2026-0009"}, "status": "STATUS.CURRENT" }

32.6 Schema Validation

Machine-readable records should validate:

  • Required fields
  • identifier format
  • allowed classes
  • version
  • date format
  • relationship targets
  • status
  • security classification

32.7 Provenance

Structured records should preserve:

  • Creator
  • creation date
  • source
  • modification
  • reviewer
  • approval
  • supersession

32.8 Digital Signatures

High-consequence records may be digitally signed.

32.9 No Schema-Meaning Substitution

A technically valid JSON record can still be conceptually wrong.

Schema validation does not replace expert classification.


33. External Mapping and Crosswalk Rules

33.1 Mapping Types

A class may map to an external class as:

  • Exact match
  • close match
  • broader match
  • narrower match
  • related match
  • no valid match
  • disputed match

33.2 Mapping Record

Record:

  • Standards Body class
  • external source
  • external identifier
  • version
  • mapping type
  • rationale
  • jurisdiction or domain
  • reviewer
  • date
  • limitations

33.3 No Silent Equivalence

Different labels should not be treated as exact equivalents without review.

33.4 Legal Mapping

Legal classifications should retain:

  • Jurisdiction
  • authority
  • effective date
  • legal consequences

33.5 Standards Mapping

Standards crosswalks should identify:

  • Requirement meaning
  • object
  • evidence
  • assurance
  • exceptions
  • version

33.6 Translation Mapping

Translated classes should record:

  • Source term
  • target term
  • literal meaning
  • intended concept
  • non-equivalence
  • domain validation

33.7 External Vocabulary Preservation

When importing an external term:

  • Preserve its exact source meaning
  • identify differences
  • avoid redefining it silently
  • classify it as external or mapped

33.8 Interoperability Principle

Mapping should enable understanding.

It should not manufacture consensus or legal effect.


34. Domain Extension Framework

34.1 Purpose

Some capability, risk, safeguard, and evaluation domains require specialized extensions.

Examples:

  • Cybersecurity
  • biology
  • chemical systems
  • finance
  • critical infrastructure
  • healthcare
  • robotics
  • public administration

34.2 Extension Requirements

A domain extension should define:

  • Scope
  • classes
  • parent classes
  • domain-specific relationships
  • evidence needs
  • security needs
  • legal context
  • subject-matter reviewers
  • version
  • mappings

34.3 Extension Identifier

Preferred pattern:

DOMAIN-SPECIFIC-PREFIX.CLASS

Example:

CYBER.TASK.EXPLOIT_CHAIN

34.4 Common-Core Requirement

Every extension should map material classes to the Standards Body common core.

34.5 Domain Authority

Domain experts should review extensions.

34.6 Security

A public taxonomy may omit or generalize sensitive subclasses when detailed classification would increase harm.

34.7 Extension Status

Use:

  • Provisional
  • pilot
  • approved
  • deprecated
  • retired

35. Taxonomy Governance

35.1 Taxonomy Owner

Standards Body owns and maintains the canonical taxonomy.

35.2 Stewardship Function

A future taxonomy steward or committee should:

  • Maintain class definitions
  • review proposals
  • resolve overlaps
  • manage identifiers
  • approve mappings
  • maintain machine-readable releases
  • coordinate translations
  • publish changes
  • audit use

35.3 Proposal Requirements

A proposed class should include:

  • Identifier
  • preferred label
  • definition
  • purpose
  • parent
  • facets
  • relationships
  • examples
  • nonexamples
  • source
  • status
  • affected records
  • mapping implications

35.4 Approval Criteria

Approve a new class only when:

  • The distinction is meaningful
  • existing classes are insufficient
  • the class can be applied consistently
  • it improves evidence, governance, or interoperability
  • complexity remains proportionate
  • qualified reviewers agree or dissent is documented

35.5 Duplicate Control

Before adding a class:

  • Search existing taxonomy
  • search terminology
  • inspect external mappings
  • examine whether a facet is more appropriate

35.6 Change Types

Editorial Change

No intended meaning change.

Clarifying Change

Improves definition without changing classification.

Substantive Change

Changes meaning, parent, relationships, or use.

Deprecation

Replaces a class.

Retirement

Ends active use.

35.7 Change Impact Review

Review affected:

  • Canonical files
  • registries
  • protocols
  • standards
  • public claims
  • data schemas
  • crosswalks
  • translations

35.8 Appeals

A contributor may appeal:

  • Class rejection
  • classification decision
  • mapping
  • deprecation
  • public use

35.9 Emergency Correction

Correct immediately when a class:

  • Creates a safety risk
  • implies false authority
  • causes systematic misclassification
  • conflicts with a binding legal definition
  • creates major interoperability failure

35.10 Public Change Log

Publish material class changes and replacements.


36. Taxonomy Quality Tests

36.1 Identity Test

Does the class describe a type of object rather than an opinion about it?

36.2 Parent Test

Is the parent relationship valid?

36.3 Distinction Test

Can qualified users distinguish the class from related classes?

36.4 Completeness Test

Does the taxonomy cover the material classes needed for the use case?

36.5 Exclusivity Test

Where classes are intended to be exclusive, can one object be assigned consistently?

36.6 Polyhierarchy Test

Where overlap is legitimate, does the structure permit multiple classifications?

36.7 Facet Test

Should the proposed class be an independent facet instead?

36.8 Evidence Test

Can a classification be supported by identifiable evidence?

36.9 Authority Test

Does the label imply unsupported legal or institutional status?

36.10 Temporal Test

Can the classification change over time without losing history?

36.11 Interoperability Test

Can the class be mapped to external systems?

36.12 Translation Test

Can the concept be translated without unacceptable loss?

36.13 Security Test

Could publishing the class or record increase harm?

36.14 Usability Test

Can researchers, evaluators, policymakers, and technical systems apply it?

36.15 Anti-Gaming Test

Could actors manipulate the classification to gain status or avoid obligations?


37. Common Classification Errors

37.1 Product-Name Collapse

Error:

Treating one marketed name as a stable model or system identity.

Correction:

Create separate records for family, model version, system, and deployment.

37.2 Frontier as Permanent Status

Error:

Treating frontier status as timeless.

Correction:

Record basis, date, dimension, and confidence.

37.3 Open-Source Overstatement

Error:

Classifying an open-weight model as fully open-source without component analysis.

Correction:

Classify weights, code, data, license, and documentation separately.

37.4 Capability-Risk Collapse

Error:

Classifying cyber capability as cyber risk.

Correction:

Link capability to risk through actor, access, vulnerability, safeguard, and consequence.

37.5 Evaluation-Assurance Collapse

Error:

Classifying a benchmark result as certification.

Correction:

Preserve evaluation, review, scheme, and certification as separate entities.

37.6 External-Independent Collapse

Error:

Classifying every outside reviewer as independent.

Correction:

Use the independence profile.

37.7 Accreditation Overreach

Error:

Classifying an accredited organization as competent for all AI evaluation.

Correction:

Record exact accreditation scope.

37.8 Status Omission

Error:

Displaying a withdrawn or expired record without status.

Correction:

Require current status and history.

37.9 Jurisdiction Omission

Error:

Presenting a legal category as universal.

Correction:

Attach jurisdiction and effective date.

37.10 Single-Score Classification

Error:

Classifying a system as safe or unsafe from one metric.

Correction:

Use capability, risk, safeguard, evidence, and context profiles.

37.11 Overclassification

Error:

Creating new classes for every minor variation.

Correction:

Use properties and facets.

37.12 Underclassification

Error:

Using broad classes that erase decision-relevant differences.

Correction:

Add a subclass when the distinction changes evidence, governance, or action.


38. Worked Classification Examples

38.1 Hosted General-Purpose Assistant

Possible classification:

  • AI.GENERAL_PURPOSE_MODEL
  • SYS.AI_SYSTEM
  • SYS.TOOL_USING
  • ACCESS.API_PUBLIC
  • DEPLOY.CONSUMER
  • LIFE.GENERAL_DEPLOYMENT
  • SAFEGUARD.ACCESS_CONTROL
  • SAFEGUARD.MONITORING

Additional records required:

  • Exact model version
  • system prompt status
  • tools
  • safeguards
  • deployment geography
  • evaluation history

38.2 Open-Weight Research Model

Possible classification:

  • AI.MODEL
  • AI.OPEN_WEIGHT
  • ACCESS.WEIGHTS_PUBLIC
  • DEPLOY.RESEARCH
  • LIFE.RELEASE

Do not infer:

  • Full open-source status
  • low risk
  • reproducibility
  • unrestricted legal use

38.3 Held-Out Cyber Evaluation

Possible classification:

  • EVAL.EVALUATION
  • EVAL.HELD_OUT
  • EVAL.AGENT_EVALUATION
  • CAP.CYBER
  • SECURITY.RESTRICTED
  • ACTOR.THIRD_PARTY_EVALUATOR
  • REVIEW.INDEPENDENT

Required relationships:

  • Evaluates system
  • uses protocol
  • samples task universe
  • produces result
  • supports capability claim
  • expires on date

38.4 Independent Review of Developer Evidence

Possible classification:

  • REVIEW.INDEPENDENT_EXPERT_REVIEW
  • subject: evidence package
  • access: confidential evidence
  • disciplines: technical and methodological
  • outcome: approve with conditions
  • dissent: present

Do not classify as:

  • Audit
  • certification
  • regulatory approval

unless those additional processes exist.

38.5 Evaluator Certification

A certification of an evaluator's management system may be classified as:

  • ASSURANCE.CERTIFICATION
  • certified object: management system
  • scheme: named
  • body: named
  • scope: named

It should not be classified automatically as:

  • Accreditation for AI evaluation
  • competence in every capability domain
  • certification of evaluation results

38.6 Post-Deployment Incident

Possible classification:

  • INCIDENT.AI_INCIDENT
  • INCIDENT.SECURITY_INCIDENT
  • lifecycle: post-deployment
  • AI role: enabled or amplified
  • severity: material
  • status: under investigation
  • evidence confidence: moderate

The record should preserve uncertainty about causation.

38.7 Proposed Procurement Requirement

Possible classification:

  • STANDARD.REQUIREMENT
  • force: procurement
  • form: performance-based
  • stage: proposed
  • object: deployed high-stakes system
  • evidence level: E2 or E3
  • jurisdiction: purchasing institution

Do not classify as legally mandatory unless law creates that effect.


39. Taxonomy Implementation Pathway

Phase 1: Canonical Adoption

Use this taxonomy in new canonical files and registries.

Phase 2: Existing-File Audit

Review existing foundation and institutional files for:

  • Misclassified objects
  • inconsistent role labels
  • status omissions
  • model-system confusion
  • audit-certification-accreditation confusion

Phase 3: Core Registry Schema

Create schemas for:

  • Models
  • systems
  • protocols
  • results
  • evaluators
  • incidents
  • standards
  • recognition

Phase 4: Identifier Service

Establish controlled identifier assignment.

Phase 5: Machine-Readable Release

Publish the common core in a structured format.

Phase 6: Domain Extensions

Develop controlled extensions for:

  • Cyber
  • biological
  • critical infrastructure
  • persuasion
  • AI research and development

Phase 7: External Crosswalks

Map relevant external vocabularies and standards.

Phase 8: Classification Pilot

Classify a representative set of:

  • Frontier systems
  • evaluations
  • evaluator organizations
  • standards
  • incidents

Measure inter-rater consistency and ambiguity.

Phase 9: Public Registry Integration

Use taxonomy identifiers in public records.

Phase 10: Continuous Governance

Review classes, mappings, and use annually and after major incidents or standards changes.


40. Taxonomy Scorecard

Dimension Core question
Object identity Is the actual object identified?
Correct level Is classification at model, system, deployment, organization, or legal level correct?
Class validity Does the class accurately represent the object?
Parent validity Is the hierarchical relationship defensible?
Facet use Are independent characteristics represented as facets?
Relationship precision Are entity relationships named accurately?
Evidence Is the classification supported?
Confidence Is uncertainty in classification visible?
Version Is the relevant version identified?
Status Is current, expired, superseded, or withdrawn status shown?
Jurisdiction Is legal or institutional scope preserved?
Security Is disclosure classification appropriate?
Role separation Are developer, provider, deployer, evaluator, and authority roles separated?
Capability-risk separation Are ability and risk kept distinct?
Evaluation-assurance separation Are test, review, audit, certification, and accreditation distinct?
Interoperability Can the class map to external vocabularies?
Machine readability Can the record be represented structurally?
Human readability Can informed users understand the class?
Temporal stability Can changes occur without losing history?
Anti-gaming Does the classification resist prestige or compliance gaming?
Extensibility Can domains extend the taxonomy without breaking the core?
Governance Can classes be reviewed, appealed, corrected, and retired?

40.1 Critical Failures

The following normally invalidate a consequential classification:

  • Unidentified object
  • model-system collapse
  • unsupported legal status
  • unsupported accreditation or certification claim
  • missing version for a changing object
  • missing jurisdiction for a legal category
  • capability classified as risk without context
  • expired record shown as current
  • relationship asserted without evidence
  • public classification exposing restricted information
  • identifier reused for a different concept

40.2 No Universal Taxonomy Score

Do not average all dimensions into one number.

Critical errors should remain visible.


41. Classification Record Template

Record ID:
Record type:
Preferred label:
Version:
Status:
Classification date:
Classifier:
Reviewer:

Object Identity

Primary Class

Subclasses

Facets

Relationships

Jurisdiction

Security Classification

Supporting Evidence

Classification Confidence

  • Confirmed
  • high
  • moderate
  • low
  • disputed
  • unknown

Alternative Classifications Considered

Limitations

Review Date

Change History


42. Taxonomy Class Proposal Template

Proposed identifier:
Preferred label:
Proposer:
Date:

Definition

Purpose

Parent Class

Subclasses

Applicable Facets

Required Properties

Relationships

Examples

Nonexamples

Existing Classes Considered

External Mappings

Evidence and Sources

Security Considerations

Implementation Impact

Proposed Status

  • Provisional
  • preferred
  • accepted
  • context-specific

Reviewers

Decision


43. Taxonomy Change Request Template

Change request ID:
Affected class:
Current version:
Proposer:
Date:

Change Type

  • Editorial
  • clarification
  • substantive
  • deprecation
  • retirement
  • emergency correction

Current Definition or Structure

Proposed Definition or Structure

Rationale

Evidence

Affected Records

Affected Canonical Files

Interoperability Impact

Translation Impact

Transition Plan

Effective Version

Review and Decision


44. Crosswalk Record Template

Crosswalk ID:
Standards Body taxonomy version:
External source:
External version:
Jurisdiction or domain:
Reviewer:
Date:

Standards Body class External class Mapping type Rationale Limitations Status

Mapping types:

  • Exact match
  • close match
  • broader match
  • narrower match
  • related match
  • no valid match
  • disputed

Recognition Effect

State explicitly whether the crosswalk has:

  • Informational effect only
  • technical recognition effect
  • assurance effect
  • contractual effect
  • legal effect

Do not imply legal effect unless authorized.


45. Registry Record Template

Registry:
Record ID:
Entity type:
Entity identifier:
Preferred label:
Owner:
Version:
Status:
Effective date:
Expiration or review date:

Classification

Scope

Relationships

Evidence

Confidence

Security and Access

Recognition

Corrections

Superseded Records

Digital Signature or Integrity Record


46. Taxonomic Decision Rules

46.1 New-Class Decision

Create a new class when the distinction:

  • Changes evidence requirements
  • changes governance
  • changes risk or safeguards
  • changes standards applicability
  • changes interoperability
  • cannot be represented adequately through an existing facet or property

46.2 Facet Decision

Create a facet when the characteristic:

  • Applies across several primary classes
  • does not change the entity's essential identity
  • can vary independently
  • supports filtering or comparison

46.3 Relationship Decision

Create or use a relationship when meaning depends on the connection among entities.

46.4 Provisional Classification Decision

Use provisional status when:

  • Evidence is incomplete
  • external definitions are changing
  • class boundaries are not stable
  • implementation has not been tested

46.5 Deprecation Decision

Deprecate a class when:

  • A clearer replacement exists
  • the term creates systematic ambiguity
  • external use has shifted
  • the class combines incompatible concepts

46.6 Retirement Decision

Retire a class when it no longer serves current work and transition is complete.

46.7 Public Disclosure Decision

Do not publish detailed classification when it would reveal:

  • Active held-out content
  • exploitable vulnerabilities
  • protected personal data
  • restricted capability information
  • security architecture whose disclosure increases risk

Publish the highest safe parent class and a reason for restriction where appropriate.

46.8 Legal Classification Decision

Seek qualified legal review when a classification affects:

  • Regulatory status
  • compliance
  • legal obligation
  • liability
  • protected legal category
  • cross-border applicability

47. Canonical Standards Body Taxonomy Positions

Standards Body adopts the following working positions.

  1. A taxonomy is operational infrastructure, not decorative organization.

  2. The object should be identified before the label is selected.

  3. Models, systems, deployments, organizations, and jurisdictions are distinct levels of analysis.

  4. A marketed product name is not a sufficient technical identifier.

  5. Model family, model version, system version, and deployment should have separate records.

  6. A system may inherit model capability evidence only through documented analysis.

  7. A capability is an ability under specified conditions.

  8. A capability is not itself a risk.

  9. Risk classification requires context, actor, access, exposure, vulnerability, safeguard, likelihood, and consequence.

  10. A safeguard should be classified by function, layer, mechanism, scope, and effectiveness evidence.

  11. A safeguard does not constitute a guarantee.

  12. A test is not the same as an evaluation.

  13. A benchmark is not the same as a complete protocol.

  14. A review is not automatically an audit.

  15. An external reviewer is not automatically independent.

  16. An audit is criteria-based, systematic, independent, and documented.

  17. Certification is third-party attestation under a defined scheme.

  18. Accreditation recognizes conformity-assessment competence within scope.

  19. A certificate does not establish properties outside its scheme and scope.

  20. Legal approval, certification, accreditation, recognition, and endorsement are distinct.

  21. Every consequential classification should include version and status.

  22. Frontier status is time-dependent and dimension-dependent.

  23. Open-weight, open-source, open-data, and public-access classifications should remain separate.

  24. Public, controlled, confidential, restricted, and highly restricted are distinct access classes.

  25. Evaluation integrity status should travel with a result.

  26. A contaminated or compromised result should not remain classified as current without review.

  27. Evidence level and confidence are distinct facets.

  28. Evidence may support, challenge, narrow, contextualize, or fail to resolve a claim.

  29. A negative evaluation result should not automatically classify a capability as absent.

  30. Actor roles should be represented separately even when one organization performs several roles.

  31. Sponsor, developer, provider, deployer, operator, evaluator, reviewer, and authority are distinct roles.

  32. Institutional authority should be classified by source and scope.

  33. A research project should not be classified as a regulator, certification body, or accreditation body without actual mandate and function.

  34. Standards may be technical, process-based, performance-based, management-system, interface, reporting, terminology, or test-method standards.

  35. A standard may be voluntary while requirements adopted through contract or law may be binding.

  36. Standards stage and legal force should remain separate.

  37. An incident may have several classifications simultaneously.

  38. AI involvement in an incident should be classified by causal or contributory role rather than assumed.

  39. Failure, root cause, contributing factor, correction, and preventive action are distinct.

  40. Incentive mechanisms should be classified together with intended and unintended effects.

  41. Prestige and recognition do not establish competence or authority.

  42. Interoperability does not require identical classification systems.

  43. A crosswalk does not establish equivalence automatically.

  44. Legal equivalence requires recognition by the relevant authority.

  45. Local extensions should preserve mapping to a common core.

  46. Noncomparability is a valid taxonomic result.

  47. Uncertain classifications should remain uncertain rather than forced.

  48. Machine-readable validity does not guarantee conceptual validity.

  49. Taxonomic classes should be corrected, deprecated, and retired visibly.

  50. Standards Body should evaluate the consistency, usability, and real-world effects of its own taxonomy.


48. Relationship to Other Canonical Files

PROJECT_IDENTITY.md

Defines the identity, present role, authority boundaries, audiences, and public positioning of Standards Body.

The taxonomy must not classify the project in a way that exceeds those boundaries.

TERMINOLOGY.md

Defines the preferred terms and meanings.

This taxonomy organizes those terms into classes, facets, properties, and relationships.

FOUNDATIONS_APPENDIX.md

Defines the integrated eight-foundation system.

This taxonomy provides the entity architecture required to represent that system.

EVIDENCE_STANDARDS.md

Defines evidence levels, source quality, claims, confidence, and correction.

This taxonomy provides corresponding evidence and claim classes.

RESEARCH_METHODOLOGY.md

Defines how research is planned, conducted, reviewed, published, and corrected.

This taxonomy classifies research projects, methods, artifacts, review levels, and outputs.

EVALUATION_PHILOSOPHY.md

Will define the deeper conceptual approach to constructs, validity, capability, risk, thresholds, and interpretation.

This taxonomy provides the formal categories used by that philosophy.

INSTITUTION_DESIGN.md

Will define the institutional system.

This taxonomy provides classes for organizations, roles, authority, schemes, registries, and governance bodies.

GOVERNANCE_FRAMEWORK.md

Will define decision rights, committees, oversight, recusal, appeals, and accountability.

This taxonomy provides the corresponding governance entities and relationships.

STANDARDS_DEVELOPMENT_PROCESS.md

Will define the standards lifecycle.

This taxonomy provides standards types, stages, requirement forms, and statuses.

EVALUATOR_ACCREDITATION_FRAMEWORK.md

Will define evaluator competence and recognition.

This taxonomy distinguishes evaluators, audit, certification, accreditation, scopes, and statuses.

TRANSPARENCY_FRAMEWORK.md

Will define public, controlled, confidential, restricted, and highly restricted information handling.

WEBSITE_SOURCE_OF_TRUTH.md

Will apply approved classifications and public descriptions to website content.

SOURCES.md

Will maintain source records linked to evidence and classification decisions.

FAILURE_DATABASE.md

Will use the incident, failure, root-cause, and correction taxonomy.

VERSION_HISTORY.md

Will preserve the version and status history of taxonomy classes and classified records.


49. Taxonomy Maturity Model

Level 0: Uncontrolled Vocabulary

Characteristics:

  • Inconsistent labels
  • no stable identifiers
  • model and system conflation
  • no status records
  • no change control

Level 1: Controlled Terms

Characteristics:

  • Preferred vocabulary
  • top-level classes
  • basic definitions
  • human-readable guidance

Level 2: Faceted Classification

Characteristics:

  • Multiple classification axes
  • version and status
  • confidence
  • actor-role separation
  • evidence and security facets

Level 3: Relationship and Registry Model

Characteristics:

  • Typed relationships
  • entity profiles
  • identifiers
  • registry records
  • cross-file consistency
  • domain extensions

Level 4: Machine-Readable and Interoperable

Characteristics:

  • Structured schema
  • external mappings
  • validation
  • persistent identifiers
  • federated exchange
  • translation support

Level 5: Adaptive Taxonomic Infrastructure

Characteristics:

  • Continuous audit
  • classification-quality metrics
  • automated status propagation
  • public change history
  • domain-governance network
  • measured interoperability
  • retirement of obsolete concepts

Maturity Rule

Taxonomic maturity depends on use and governance, not document length.

A complete vocabulary that is not applied consistently remains low maturity.


50. Taxonomy Audit Program

50.1 Audit Purpose

Determine whether Standards Body records and publications use the taxonomy correctly.

50.2 Audit Sample

Sample:

  • Foundation papers
  • website pages
  • evaluation results
  • system profiles
  • incident records
  • standards proposals
  • evaluator records
  • public claims

50.3 Audit Questions

  • Is the object correctly identified?
  • Is the level of analysis correct?
  • Are roles separated?
  • Are capability and risk distinct?
  • Are evaluation and assurance distinct?
  • Are version and status present?
  • Is jurisdiction present?
  • Is confidence visible?
  • Are relationships supported?
  • Are deprecated classes still used?
  • Is security classification appropriate?

50.4 Error Categories

  • Critical
  • material
  • minor
  • editorial

50.5 Corrective Action

A taxonomic error may require:

  • Record correction
  • public correction
  • schema update
  • contributor guidance
  • class revision
  • crosswalk revision
  • affected-file review

50.6 Audit Metrics

Possible metrics:

  • Correct-classification rate
  • inter-rater agreement
  • missing-version rate
  • missing-status rate
  • role-conflation rate
  • deprecated-class rate
  • unresolved ambiguity
  • correction time
  • mapping coverage

51. Final Taxonomy Position

A frontier AI standards project cannot build credible evaluation, assurance, or governance on top of unstable categories.

The system fails when:

  • A model name stands in for a full system
  • a system result stands in for every deployment
  • a capability stands in for risk
  • a safeguard stands in for safety
  • a review stands in for audit
  • certification stands in for approval
  • accreditation stands in for universal competence
  • a national rule stands in for a global category
  • an expired result stands in for current evidence
  • a famous institution stands in for a defined role
  • a score stands in for a multidimensional profile

Taxonomy is the discipline that prevents these substitutions.

It tells Standards Body what kind of object is being discussed.

It preserves the object's version, scope, context, status, and jurisdiction.

It makes relationships explicit.

It supports structured evidence.

It allows one institution to understand another without pretending that all systems are identical.

It allows the project to evolve without silently rewriting its history.

The defining taxonomic rule of Standards Body is:

Name the object, classify the level, attach the context, state the relationship, and preserve the version.


Revision Record

Version 1.0

Date: July 16, 2026

Change type: Complete foundational edition

Summary: Establishes the canonical Standards Body taxonomy. Defines design principles, class and facet architecture, identifiers, classification status and confidence, twenty-three primary domains, actors, AI artifacts, systems, lifecycle, access, deployment, capabilities, risks, safeguards, evaluations, evidence, review, assurance, standards, governance, incidents, incentives, interoperability, research, status, security, jurisdiction, relationship vocabulary, classification rules, entity profiles, machine-readable representation, external mappings, domain extensions, governance, quality tests, common errors, worked examples, implementation, scorecard, operational templates, canonical positions, maturity, audit, and cross-file interfaces.

Status: Approved foundational source.