Standards Body · Foundational source, public edition · Released July 17, 2026
Canonical record: https://standardsbody.ai/library/foundational-source/taxonomy/
Standards Body is an independent research and institutional-design project. It is not currently a regulator, accreditation body, certification body, or governmental authority. This document is research; it is not an adopted standard.
Project: Standards Body
Primary domain: standardsbody.ai
Core line: Foundations for Frontier AI
Document type: Canonical classification system, entity model, and controlled taxonomic architecture
Version: 1.0
Status: Approved foundational source
Document owner: Standards Body
Applies to: All canonical files, research programs, evaluation protocols, registries, standards proposals, assurance schemes, incident records, contributor systems, public reports, website content, data schemas, interoperability profiles, and future machine-readable infrastructure
Related canonical sources: PROJECT_IDENTITY.md, TERMINOLOGY.md, FOUNDATIONS_APPENDIX.md, EVIDENCE_STANDARDS.md, RESEARCH_METHODOLOGY.md, EVALUATION_PHILOSOPHY.md, WEBSITE_SOURCE_OF_TRUTH.md, VERSION_HISTORY.md
Review cycle: Annual review, with event-triggered revision after material changes in terminology, evaluation science, assurance practice, standards, law, interoperability, or project identity
This document defines the internal canonical taxonomy of Standards Body.
It does not:
Where law, regulation, contract, or an external recognized standard defines a term or classification differently, the external meaning should be preserved and mapped explicitly rather than silently replaced.
This document establishes the canonical classification architecture of Standards Body.
It is the authoritative source for:
A terminology file defines what words mean.
A taxonomy defines how concepts are organized.
An ontology defines entities and the formal relationships among them.
This document performs all three functions at a bounded level:
The taxonomy exists because frontier AI work frequently combines incompatible levels of analysis.
Examples include:
The taxonomy prevents these errors by requiring every material object to be classified according to:
The governing taxonomic rule is:
Classify the object at the correct level, preserve its context, and do not infer a stronger relationship than the evidence supports.
The Standards Body taxonomy is a multi-axis classification system for frontier AI evaluation and institutional infrastructure.
It is not a single tree.
Frontier AI systems are too complex to be represented accurately by one hierarchy.
A single object may be classified simultaneously by:
For example, one evaluation record may concern:
A useful taxonomy must preserve all of those dimensions.
The Standards Body taxonomy therefore uses five structural mechanisms.
Classes answer:
What kind of thing is this?
Examples:
Subclasses answer:
Which more specific kind is this?
Examples:
Facets answer:
Which independent characteristics apply?
Examples:
Relationships answer:
How is this object connected to another object?
Examples:
Status and version answer:
Which identified state is being described, and is it still valid?
Examples:
The taxonomy is organized into twenty primary domains.
The taxonomy also defines a common entity model.
Core entities include:
Core relationships include:
is_apart_ofderived_fromversion_ofdeployed_asevaluated_byadministered_byreviewed_bysupportschallengesmitigatestriggersgoverned_byconforms_tocertified_againstaccredited_forrecognized_bysupersedeswithdrawsoccurs_inapplies_inThe taxonomy is designed for human and machine use.
Human-readable use includes:
Machine-readable use includes:
The taxonomy does not require premature formalization.
Every class has a status.
A class may be:
Every consequential classification should also include confidence.
Classification confidence may be:
The taxonomy is intended to evolve.
New classes should be added only when:
The final rule is:
Use hierarchy for identity, facets for context, relationships for meaning, and versioning for time.
Identify the actual object before selecting its class.
A product name may refer to:
The taxonomy should classify the actual object, not only the marketed name.
Do not classify:
An object may belong to more than one class where the classes describe genuinely different aspects.
Example:
A model may be both:
Independent dimensions should be represented as facets rather than forced into one hierarchy.
Relationships should be named.
Avoid vague statements such as:
when a stronger relation is known.
If the evidence supports only correlation, do not classify the relation as causal.
If a safeguard reduces one risk, do not classify it as preventing all harms.
Every classification should preserve:
The top-level taxonomy should remain stable.
New subclasses and local extensions may evolve.
Classes should support mapping to external vocabularies without erasing legitimate differences.
Class names should be understandable to informed non-specialists.
Identifiers and relationships should support future structured data.
Labels such as frontier, independent, accredited, official, and international should not be assigned for reputational benefit.
Obsolete classes should be deprecated or retired visibly.
The taxonomy should cover the project domain sufficiently.
It should not attempt to classify every concept in computer science, law, ethics, or public policy.
A broad category of entity.
Example:
EVAL.EVALUATION_OBJECT
A narrower class inheriting the relevant meaning of its parent.
Example:
EVAL.HELD_OUT_EVALUATION
A cross-cutting attribute that may apply to many classes.
Example:
ACCESS.PUBLIC
A value associated with an entity.
Example:
A typed connection between two entities.
Example:
SYSTEM evaluated_by PROTOCOL
A structured representation of an entity and its metadata.
A defined bundle of required classes, facets, properties, and relationships for a use case.
Example:
A governed set of classes and rules used for assessment, certification, recognition, or reporting.
A jurisdictional, domain-specific, linguistic, or institutional addition that preserves mapping to the common core.
A structured mapping between this taxonomy and another taxonomy, standard, law, or data model.
Preferred pattern:
DOMAIN.CLASS_NAME
Examples:
AI.MODELSYS.AGENTIC_SYSTEMCAP.CYBERRISK.SYSTEMICSAFEGUARD.ACCESS_CONTROLEVAL.HELD_OUTEVIDENCE.DIRECTASSURANCE.CERTIFICATIONSTATUS.SUPERSEDEDPreferred pattern:
SB-[ENTITY]-[YEAR]-[SEQUENCE]
Examples:
SB-MODEL-2026-0001SB-PROTOCOL-2026-0012SB-RESULT-2026-0044SB-INCIDENT-2026-0007Preferred semantic structure:
MAJOR.MINOR.PATCH
Example:
2.1.0
Preferred lowercase verb phrase:
is_apart_ofversion_ofderived_fromevaluated_bysupports_claimEvery identifier should have a plain-language label.
Once published, an identifier should not be reassigned to a different concept.
Deprecated identifiers should remain resolvable and point to the replacement.
Default Standards Body class.
Permitted but not preferred.
Valid only under a defined legal, technical, sectoral, or institutional context.
Under active research and subject to material revision.
Still visible for transition but replaced.
No longer used for current classification.
Imported from another authoritative taxonomy and preserved with source context.
The class assignment is directly supported and unambiguous.
Strong evidence supports the assignment with minor uncertainty.
The assignment is reasonable, but alternatives remain.
Evidence is limited or ambiguous.
Qualified parties materially disagree.
No reliable classification can be made.
Do not convert low-confidence classifications into precise requirements without review.
| Domain code | Domain |
|---|---|
ID |
Project and institutional identity |
ACTOR |
Actors and roles |
AI |
AI artifacts and models |
SYS |
AI systems and components |
LIFE |
Lifecycle |
ACCESS |
Access and release |
DEPLOY |
Deployment context |
CAP |
Capability |
RISK |
Risk and harm |
SAFEGUARD |
Safeguard and control |
EVAL |
Evaluation and testing |
EVIDENCE |
Evidence and claims |
REVIEW |
Review |
ASSURANCE |
Audit, certification, accreditation, and assurance |
STANDARD |
Standards and requirements |
GOV |
Governance and decisions |
INCIDENT |
Incidents, failures, and corrections |
INCENTIVE |
Incentives and recognition |
INTEROP |
Interoperability and international coordination |
RESEARCH |
Research methods and outputs |
STATUS |
Versioning, status, and records |
SECURITY |
Information classification and research security |
JURIS |
Jurisdiction and legal scope |
ID.PROJECTA bounded organized effort with a defined purpose, owner, scope, and outputs.
ID.RESEARCH_PROJECTID.INSTITUTIONAL_DESIGN_PROJECTID.STANDARDS_PROJECTID.PILOT_PROJECTID.INFRASTRUCTURE_PROJECTID.ORGANIZATIONA legally, administratively, or functionally organized body.
ID.PUBLIC_ORGANIZATIONID.PRIVATE_ORGANIZATIONID.NONPROFIT_ORGANIZATIONID.ACADEMIC_ORGANIZATIONID.MULTILATERAL_ORGANIZATIONID.CONSORTIUMID.COMMUNITY_ORGANIZATIONID.INFORMAL_NETWORKID.INSTITUTIONAn enduring system of authority, rules, roles, incentives, and practices.
An institution may be embodied in one organization or distributed across several organizations.
ID.STANDARDS_BODYAn organization or institution that develops and maintains standards through a defined process.
Classification warning: The proper name Standards Body refers to this project. It does not automatically classify the project as a formally recognized standards body.
ID.REGULATORA legally authorized public institution that makes, administers, or enforces regulatory requirements.
ID.ACCREDITATION_BODYA body that performs accreditation.
ID.CERTIFICATION_BODYA third-party body that performs certification under a defined scheme.
ID.EVALUATION_ORGANIZATIONAn organization that designs, administers, scores, or interprets evaluations.
ID.RESEARCH_INSTITUTIONAn institution whose primary function includes systematic knowledge creation.
ID.SCHEME_OWNERAn organization responsible for the rules and governance of an assurance, certification, recognition, or reporting scheme.
Classify institutions by:
ID.AUTHORITY.NONEID.AUTHORITY.RESEARCHID.AUTHORITY.CONTRACTUALID.AUTHORITY.PROFESSIONALID.AUTHORITY.STANDARDS_PROCESSID.AUTHORITY.ACCREDITATIONID.AUTHORITY.REGULATORYID.AUTHORITY.JUDICIALACTOR.PERSONAn individual human participant.
ACTOR.ORGANIZATIONAn organization acting in a defined role.
ACTOR.DEVELOPERAn actor that designs, trains, fine-tunes, or materially modifies an AI model or system.
ACTOR.BASE_MODEL_DEVELOPERACTOR.FINE_TUNERACTOR.SYSTEM_DEVELOPERACTOR.APPLICATION_DEVELOPERACTOR.SCAFFOLD_DEVELOPERACTOR.OPEN_COMMUNITY_DEVELOPERACTOR.PROVIDERAn actor that makes an AI model or system available to others.
ACTOR.MODEL_PROVIDERACTOR.API_PROVIDERACTOR.PLATFORM_PROVIDERACTOR.INFRASTRUCTURE_PROVIDERACTOR.TOOL_PROVIDERACTOR.DEPLOYERAn actor that places an AI system into operational use.
ACTOR.OPERATORAn actor responsible for day-to-day control or use of a deployed system.
ACTOR.USERA person or organization interacting with the system.
ACTOR.AFFECTED_PARTYA person, group, institution, community, or system materially affected by an AI deployment or institutional decision.
ACTOR.EVALUATORAn actor that performs evaluation activities.
ACTOR.FIRST_PARTY_EVALUATORACTOR.SECOND_PARTY_EVALUATORACTOR.THIRD_PARTY_EVALUATORACTOR.PUBLIC_EVALUATORACTOR.ACADEMIC_EVALUATORACTOR.COMMUNITY_EVALUATORACTOR.DOMAIN_EVALUATORACTOR.REVIEWERAn actor that reviews methods, evidence, findings, or institutional processes.
ACTOR.AUDITORAn actor qualified and assigned to conduct an audit against defined criteria.
ACTOR.INSPECTORAn actor conducting inspection.
ACTOR.CERTIFIERAn actor or body responsible for a certification decision.
ACTOR.ACCREDITORAn actor or body responsible for an accreditation decision.
ACTOR.STANDARD_SETTERAn actor participating in standards development.
ACTOR.DECISION_OWNERAn actor with authority to make the decision the evidence informs.
ACTOR.SPONSORAn actor that funds, commissions, or formally requests work.
ACTOR.CUSTODIANAn actor responsible for protected evidence, tasks, records, or registries.
ACTOR.REGISTRY_OPERATORAn actor maintaining a registry.
ACTOR.WHISTLEBLOWERA person disclosing suspected wrongdoing, risk, failure, or concealment through a protected or public channel.
ACTOR.THREAT_ACTORA person, group, organization, or state capable of intentionally causing harm.
One organization may hold several roles.
Example:
A developer may also be:
The record should preserve each role separately because conflicts and responsibilities differ by role.
AI.ARTIFACTA technical object created, trained, configured, or used in an AI system.
AI.MODELA computational model producing outputs from inputs through learned parameters, structured logic, or both.
AI.BASE_MODELAI.FOUNDATION_MODELAI.GENERAL_PURPOSE_MODELAI.DOMAIN_SPECIFIC_MODELAI.TASK_SPECIFIC_MODELAI.FRONTIER_MODELAI.EMBEDDED_MODELAI.ENSEMBLE_MODELAI.TEXT_MODELAI.IMAGE_MODELAI.AUDIO_MODELAI.VIDEO_MODELAI.MULTIMODAL_MODELAI.ROBOTICS_MODELAI.SCIENTIFIC_MODELAI.CODE_MODELAI.MODEL_FAMILYA set of related models sharing lineage, architecture, training approach, or product identity.
AI.MODEL_VERSIONA distinct identified release, checkpoint, or deployed state.
AI.CHECKPOINTA saved model-parameter state.
AI.WEIGHTSThe learned parameters of a model.
AI.ADAPTERA separately identifiable learned component modifying model behavior.
Examples:
AI.TOKENIZERA component mapping inputs into model-readable units.
AI.TRAINING_DATASETA dataset used in pretraining, fine-tuning, alignment, or adaptation.
AI.TRAINING_RUNA bounded training process producing or modifying a model.
AI.POST_TRAINING_PROCESSA process after base training.
AI.MODEL_CARDA documentation artifact describing a model.
AI.SYSTEM_CARDA documentation artifact describing a system, evaluation, risk, or deployment.
ACCESS.WEIGHTS_PUBLICACCESS.WEIGHTS_CONTROLLEDACCESS.WEIGHTS_PRIVATEACCESS.API_PUBLICACCESS.API_RESTRICTEDACCESS.INTERNAL_ONLYUse only where relevant and defined:
The taxonomy should not infer capability directly from scale.
A model may be classified as frontier only with:
Frontier status is time-dependent.
SYS.AI_SYSTEMThe complete operational arrangement through which one or more AI models are configured, accessed, integrated, monitored, and used.
SYS.MODEL_COMPONENTA model acting as one component in a larger system.
SYS.SYSTEM_PROMPTA high-priority instruction or contextual component.
SYS.SCAFFOLDSoftware, prompts, memory, planning, tools, or control structure added around a model.
SYS.AGENTA system or configuration selecting and executing actions over multiple steps toward an objective.
SYS.AGENTIC_SYSTEMA system exhibiting planning, action, observation, adaptation, or persistence across multiple steps.
SYS.MULTI_AGENT_SYSTEMA system containing multiple interacting agents.
SYS.RETRIEVAL_COMPONENTA component retrieving external information.
SYS.MEMORY_COMPONENTA component preserving information across turns, sessions, tasks, or users.
SYS.TOOLAn external software, API, instrument, service, or environment accessible to the system.
SYS.ORCHESTRATORA component coordinating models, tools, agents, or workflows.
SYS.INTERFACEThe channel through which users or systems interact.
SYS.MONITORING_COMPONENTA component observing system behavior, access, or outputs.
SYS.SAFETY_COMPONENTA system component implementing a safeguard.
SYS.HUMAN_COMPONENTA human role embedded in system operation.
Examples:
SYS.DEPLOYMENT_CONFIGURATIONA versioned operational configuration.
SYS.SYSTEM_MANIFESTA structured record of system components and versions.
part_of a system.uses a tool.implements a safeguard.deployed_as a deployment.version_of a prior system state.derived_from a development lineage.A consequential system record should include:
LIFE.CONCEPTIdea or early concept stage.
LIFE.RESEARCHResearch and feasibility stage.
LIFE.DEVELOPMENTModel or system development.
LIFE.TRAININGBase or subsequent training.
LIFE.POST_TRAININGPost-training modification.
LIFE.INTERNAL_TESTINGInternal testing before external use.
LIFE.EXTERNAL_EVALUATIONEvaluation by an outside or independent actor.
LIFE.PRE_DEPLOYMENTFinal assessment and governance before operational release.
LIFE.PILOT_DEPLOYMENTBounded operational use.
LIFE.GENERAL_DEPLOYMENTBroad operational use.
LIFE.MONITORINGOngoing operational observation.
LIFE.UPDATEMaterial model or system change.
LIFE.SUSPENSIONTemporary halt to use or access.
LIFE.ROLLBACKReversion to a prior version.
LIFE.WITHDRAWALFormal removal from use or availability.
LIFE.RETIREMENTPlanned end of active life.
LIFE.ARCHIVEHistorical preservation.
Every evaluation result should identify the lifecycle stage at which it was produced.
A pre-deployment result should not be treated as post-deployment evidence without justification.
ACCESS.PUBLICAvailable to the general public.
ACCESS.OPENAvailable under defined open-use, open-source, or open-weight conditions.
ACCESS.REGISTEREDAvailable after registration.
ACCESS.VERIFIEDAvailable to identity-verified users.
ACCESS.TIEREDDifferent capabilities are available at different access levels.
ACCESS.CONTROLLEDAvailable under contractual, institutional, security, or research controls.
ACCESS.RESTRICTEDAvailable only to a narrow authorized group.
ACCESS.INTERNALAvailable only within the responsible organization.
ACCESS.EMBARGOEDTemporarily unavailable pending a release date or condition.
ACCESS.REVOKEDPreviously available access has been withdrawn.
Classify what is released:
DEPLOY.INTERNALUse within the developing or deploying organization.
DEPLOY.CONSUMERUse by general consumers.
DEPLOY.ENTERPRISEUse in organizational operations.
DEPLOY.PROFESSIONALUse by qualified professionals.
DEPLOY.PUBLIC_SECTORUse by government or public bodies.
DEPLOY.CRITICAL_INFRASTRUCTUREUse in systems whose disruption may create severe societal consequence.
DEPLOY.RESEARCHUse for scientific or technical research.
DEPLOY.EDUCATIONUse in educational contexts.
DEPLOY.HEALTHUse in health or medical contexts.
DEPLOY.FINANCEUse in financial systems or decisions.
DEPLOY.CYBERSECURITYUse in defensive or offensive cybersecurity contexts.
DEPLOY.LEGALUse in legal services, adjudication support, or legal administration.
DEPLOY.LABORATORYUse with scientific instruments, biological systems, chemical systems, or physical experiments.
DEPLOY.ROBOTICSUse in embodied systems.
DEPLOY.COMMUNICATIONUse for media, persuasion, or public communication.
CAP.CAPABILITYThe ability of a model or system to perform a defined task or class of tasks under specified conditions.
CAP.REASONINGCAP.KNOWLEDGECAP.LANGUAGECAP.CODECAP.PLANNINGCAP.TOOL_USECAP.LEARNINGCAP.AUTONOMYCAP.SOCIALCAP.CREATIVECAP.CYBERSubclasses:
CAP.BIOLOGICALSubclasses:
CAP.CHEMICALSubclasses:
CAP.AUTONOMOUS_REPLICATIONSubclasses:
CAP.AI_RESEARCH_AND_DEVELOPMENTSubclasses:
CAP.PERSUASION_AND_MANIPULATIONSubclasses:
CAP.CRITICAL_INFRASTRUCTURESubclasses:
CAP.FINANCIAL_AND_ECONOMICSubclasses:
CAP.SCIENTIFIC_AND_ENGINEERINGSubclasses:
Every capability classification may include:
A capability level should be protocol-defined.
Generic levels may include:
These labels should not be used without task, reference, and evidence context.
demonstrated_by result.enabled_by system component.contributes_to risk.constrained_by safeguard.compared_with human baseline.requires resource or access.RISK.HAZARDA source or condition with potential to cause harm.
RISK.THREATA potential cause of an unwanted incident.
RISK.VULNERABILITYA weakness that may be exploited or activated.
RISK.EXPOSUREThe degree to which an actor, system, asset, or population is subject to a hazard.
RISK.EVENTAn occurrence connecting hazard, vulnerability, and consequence.
RISK.CONSEQUENCEThe outcome or effect of an event.
RISK.RISKThe combination of likelihood and consequence under a defined context.
RISK.PHYSICAL_HARMRISK.PSYCHOLOGICAL_HARMRISK.ECONOMIC_HARMRISK.CIVIL_RIGHTS_HARMRISK.PRIVACY_HARMRISK.SECURITY_HARMRISK.INFORMATION_HARMRISK.ENVIRONMENTAL_HARMRISK.INSTITUTIONAL_HARMRISK.DEMOCRATIC_HARMRISK.SYSTEMIC_HARMRISK.CATASTROPHIC_HARMRISK.EXISTENTIAL_HARMmay_cause harm.enables threat pathway.mitigates risk.increases_or_decreases risk under context.realizes risk.supports risk claim.accepts, reduces, transfers, or avoids risk.SAFEGUARD.SAFEGUARDA technical, procedural, organizational, contractual, or institutional measure intended to reduce risk.
SAFEGUARD.PREVENTIVEPrevents or reduces the probability of an event.
SAFEGUARD.DETECTIVEDetects an event, anomaly, or failure.
SAFEGUARD.CORRECTIVEContains, remediates, or recovers.
SAFEGUARD.COMPENSATINGProvides an alternative where a primary control is unavailable or insufficient.
SAFEGUARD.DETERRENTChanges incentives to discourage harmful behavior.
implemented_in system.mitigates risk.tested_by evaluation.required_by standard.fails_in incident.superseded_by improved control.EVAL.EVALUATIONA structured process for producing and interpreting evidence about an object or claim.
EVAL.TESTA defined procedure used to observe or measure one or more characteristics.
EVAL.BENCHMARKA standardized task set, procedure, and metric used for comparison.
EVAL.PROTOCOLThe complete versioned specification governing evaluation.
EVAL.TASKA defined activity assigned to a model or system.
EVAL.TASK_FAMILYA group of related tasks.
EVAL.SCENARIOA structured contextual situation for evaluation.
EVAL.ENVIRONMENTThe setting in which evaluation occurs.
EVAL.HARNESSSoftware and infrastructure administering the evaluation.
EVAL.RUNOne execution of an evaluation or part of it.
EVAL.TRIALOne attempt at a task or item.
EVAL.RESULTA scored or interpreted output of an evaluation.
contains task family.samples task universe.uses protocol.evaluates system.generated_by run.supports claim.reviews result.expires_on date or trigger.EVIDENCE.CLAIMA proposition asserted to be true, supported, justified, or sufficiently reliable for a defined purpose.
EVIDENCE.EVIDENCE_OBJECTAn information object relevant to supporting or challenging a claim.
EVIDENCE.DIRECTEVIDENCE.INDIRECTEVIDENCE.CIRCUMSTANTIALEVIDENCE.TESTIMONIALEVIDENCE.DERIVEDUse the canonical evidence levels from EVIDENCE_STANDARDS.md.
EVIDENCE.LEVEL.E0_UNSUPPORTEDEVIDENCE.LEVEL.E1_PRELIMINARYEVIDENCE.LEVEL.E2_SUPPORTEDEVIDENCE.LEVEL.E3_SUBSTANTIATEDEVIDENCE.LEVEL.E4_DECISION_GRADEsupports claim.challenges claim.concerns entity.bounded_by scope.used_for decision.has_evidence_level evidence level.has_confidence confidence.derived_from source.reviewed_by reviewer.REVIEW.REVIEWA structured examination of evidence, methods, reasoning, process, or claims.
REVIEW.MANDATEA documented review question, scope, authority, access, methods, outputs, constraints, and decision relationship.
REVIEW.FINDINGA supported conclusion produced through review.
REVIEW.DISSENTA reasoned disagreement with a primary or majority conclusion.
REVIEW.MINORITY_REPORTA formal documented dissent.
REVIEW.FACTUAL_CORRECTIONReview focused on factual or configuration accuracy.
ASSURANCE.ASSURANCEEvidence-supported confidence that a claim or requirement is sufficiently reliable for a defined purpose.
ASSURANCE.AUDITA systematic, independent, documented process for obtaining and evaluating evidence against defined criteria.
ASSURANCE.INSPECTIONExamination of a product, process, service, system, installation, or design for conformity with requirements.
ASSURANCE.VALIDATIONConfirmation that a method, model, process, or requirement is suitable for intended use.
ASSURANCE.VERIFICATIONConfirmation that specified requirements have been fulfilled.
ASSURANCE.ATTESTATIONIssue of a statement, after review and decision, that specified requirements have been demonstrated.
ASSURANCE.CONFORMITY_ASSESSMENTDemonstration that specified requirements are fulfilled.
ASSURANCE.CERTIFICATIONThird-party attestation under a defined certification scheme.
ASSURANCE.CERTIFICATEA formal record of certification.
ASSURANCE.CERTIFICATION_SCHEMEThe rules, procedures, requirements, assessment, surveillance, claims, and governance for certification.
ASSURANCE.ACCREDITATIONIndependent recognition that a conformity-assessment body is competent and impartial for specified activities.
ASSURANCE.ACCREDITATION_SCOPEThe exact activities, methods, domains, systems, locations, and limits of recognition.
ASSURANCE.RECOGNITIONAcceptance of evidence, competence, process, status, or decision for a defined purpose.
audits subject.uses_criteria requirement set.certifies object.attests_conformity_to scheme.accredits conformity-assessment body.limited_to scope.recognizes evidence or competence.maintains_or_changes status.STANDARD.DOCUMENTA governed document providing rules, requirements, guidelines, characteristics, or common practices.
STANDARD.TECHNICALDefines technical methods, interfaces, measurements, or performance.
STANDARD.PROCESSDefines procedures, records, and workflows.
STANDARD.MANAGEMENT_SYSTEMDefines organizational management requirements.
STANDARD.PERFORMANCEDefines required outcomes.
STANDARD.INTERFACEDefines interactions and data exchange.
STANDARD.REPORTINGDefines disclosure and reporting.
STANDARD.TERMINOLOGYDefines terms and classifications.
STANDARD.TEST_METHODDefines testing or evaluation procedures.
STANDARD.SPECIFICATIONA detailed technical or procedural description.
STANDARD.GUIDANCEAdvisory material explaining interpretation or implementation.
STANDARD.FRAMEWORKA structured set of concepts, functions, outcomes, or practices.
STANDARD.CODE_OF_CONDUCTA set of expected behaviors or voluntary commitments.
STANDARD.CODE_OF_PRACTICEOperational guidance describing accepted implementation practices.
STANDARD.REQUIREMENTA condition that must be fulfilled within a defined context.
STANDARD.CONFORMITY_CRITERIONA criterion used to determine whether a requirement is fulfilled.
STANDARD.SAFE_HARBORA provision providing defined protection when specified conditions are met.
STANDARD.PRESUMPTION_OF_CONFORMITYA presumption that following a recognized standard supports fulfillment of a requirement.
STANDARD.SUNSETA provision causing expiration unless renewed.
STANDARD.REVIEW_CLAUSEA requirement for reassessment.
defines requirement.applies_to object.tests requirement.supports_conformity_with requirement.attests_conformity_to scheme.incorporates_by_reference standard.supersedes prior standard.GOV.GOVERNANCE_SYSTEMA system of authority, roles, decisions, accountability, oversight, and control.
GOV.DECISIONA formal determination by an authorized actor.
GOV.DECISION_RIGHTAuthority to make a defined decision.
GOV.MANDATEA documented assignment of purpose, authority, responsibility, scope, and limits.
GOV.ACCOUNTABILITYObligation to explain, justify, and accept responsibility.
GOV.OVERSIGHTSupervisory or independent observation and review.
GOV.APPEALA formal request for review of a decision.
GOV.COMPLAINTA documented expression of dissatisfaction or allegation.
GOV.RECUSALWithdrawal because of conflict or disqualification.
GOV.CONSENSUSBroad agreement after addressing substantial objections.
GOV.DISSENTA reasoned unresolved disagreement.
has_decision_right decision type.responsible_for function.based_on evidence package.subject_to appeal.requires mitigation or recusal.oversees process.INCIDENT.INCIDENTAn event or condition that caused, could have caused, or revealed material harm, failure, compromise, misuse, or loss of control.
INCIDENT.FAILUREInability of a system, process, safeguard, evaluator, or institution to fulfill an intended function or requirement.
INCIDENT.ROOT_CAUSEAn underlying cause whose correction would materially reduce recurrence.
INCIDENT.CONTRIBUTING_FACTORA condition increasing likelihood or severity.
INCIDENT.CORRECTIVE_ACTIONAction addressing a detected failure.
INCIDENT.PREVENTIVE_ACTIONAction reducing the likelihood of a potential failure.
INCIDENT.CORRECTIONA visible change addressing error in a record, claim, method, or result.
involves system.realizes risk.contributes_to incident.explains failure.addresses root cause.triggers protocol or standards review.updates claim or record.INCENTIVE.INCENTIVEA condition changing expected benefit, cost, status, opportunity, or consequence.
INCENTIVE.RECOGNITIONFormal or informal acknowledgment of contribution, competence, or achievement.
INCENTIVE.PRESTIGEDurable esteem or status granted by a community or institution.
targets actor.rewards behavior.may_create gaming risk.based_on evidence.does_not_imply competence or authority.INTEROP.INTEROPERABILITYThe ability of distinct systems, protocols, organizations, or jurisdictions to exchange, interpret, and use information or evidence.
INTEROP.CROSSWALKA structured mapping among classes, requirements, controls, protocols, or standards.
INTEROP.BRIDGE_STUDYAn empirical or analytical study connecting results across protocols, versions, languages, or systems.
INTEROP.COMMON_COREShared elements preserved across implementations.
INTEROP.LOCAL_EXTENSIONA documented jurisdictional, sectoral, linguistic, or institutional addition.
INTEROP.EQUIVALENCEA determination that different methods or requirements achieve sufficiently comparable outcomes for a stated purpose.
INTEROP.COMPARABILITYThe degree to which results can be meaningfully compared.
INTEROP.MUTUAL_RECOGNITIONReciprocal acceptance of defined results, status, or competence.
INTEROP.FEDERATED_REGISTRYA registry model in which multiple authorities maintain interoperable records.
INTEROP.TRANSLATION_VALIDATIONAssessment of whether a translation preserves intended meaning and construct.
INTEROP.CAPACITY_BUILDINGDevelopment of local expertise, infrastructure, governance, and participation.
maps class or requirement.supports comparability.accepts_for_purpose external result.extends common core.version_of source vocabulary.exchanges_with registry.RESEARCH.PROJECTA structured activity intended to generate, test, synthesize, or apply knowledge.
investigates question.governs project.produced_by project.generated_by project.evaluates project.reports result.updates publication.STATUS.VERSIONAn identified state of an object.
STATUS.RECORDA structured representation of an entity.
SECURITY.CLASSIFICATIONA category governing access, handling, and disclosure.
supersedes version.represents entity.applies_to record.amends record.invalidates_current_use_of record.preserves retired record.JURIS.JURISDICTIONA legal, geographic, organizational, or institutional domain of authority.
applies_in jurisdiction.issues instrument.incorporated_into legal instrument.binding_in jurisdiction.does_not_establish legal equivalence without recognition.The following relationship types are canonical.
is_ainstance_ofversion_ofsame_asnot_same_aspart_ofcontainsusesimplementsdepends_onderived_fromtrained_fromfine_tuned_fromforked_fromsupersedesevaluated_byadministered_bytested_withscored_byreviewed_byreplicated_bysupportschallengesnarrowscontextualizesinvalidatesderived_from_sourcecreates_hazardexposesenablesmay_causemitigatesdetectscontainsrealizesdefines_requirementconforms_tocertified_againstaccredited_forrecognized_byincorporated_by_referencegoverned_byowned_byauthorized_bydecided_byappealable_tooverseen_byprecedesfollowseffective_fromexpires_onsuperseded_bywithdrawn_onEvery inferred relationship may include:
Classify a model separately from the system using it.
Classify every actor role separately.
Do not classify a capability as a risk.
Link the capability to a risk through context.
Classify a safeguard by function, layer, and mechanism.
Do not classify it as proof of safety.
Do not classify an evaluation as an audit unless defined criteria and audit process exist.
Certification applies to conformity under a scheme.
Accreditation applies to competence of a conformity-assessment body within scope.
External is a location or organizational relationship.
Independent is a multidimensional condition.
Preserve legal and technical categories separately.
Every consequential record should include current status.
Use multiple facets when one label would hide important dimensions.
Use confidence and alternatives.
Do not force a false category.
Local extensions should retain mapping to the common core.
Public classification should not imply authority beyond the evidence and project status.
A profile defines the minimum classes, facets, properties, and relationships required for a recurring record type.
Required fields:
Optional fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
Required fields:
The taxonomy should support structured data without forcing the Markdown document to function as executable software.
A future machine-readable release may use:
Every class should have:
yaml
id: CAP.CYBER.AUTONOMOUS_OPERATIONS
preferred_label: Autonomous cyber operations capability
definition: >
The capability of an AI system to plan and execute multiple cyber-operation
steps with limited direct human instruction under defined conditions.
parent: CAP.CYBER
status: preferred
facets:
- capability_object
- autonomy_level
- reliability
- tool_access
- evidence_level
related:
- CAP.PLANNING
- CAP.TOOL_USE
- RISK.SECURITY_HARM
- EVAL.AGENT_EVALUATION
version: 1.0.0
yaml
id: SB-RESULT-2026-0044
type: EVAL.RESULT
evaluated_object: SB-SYSTEM-2026-0017
protocol: SB-PROTOCOL-2026-0008
protocol_version: 1.2.0
capability:
- CAP.CYBER.AUTONOMOUS_OPERATIONS
evaluation_party: ACTOR.THIRD_PARTY_EVALUATOR
integrity: EVAL.INTEGRITY.UNEXPOSED
evidence_level: EVIDENCE.LEVEL.E3_SUBSTANTIATED
confidence: high
status: STATUS.CURRENT
security: SECURITY.CONFIDENTIAL
expires_on: 2027-01-15
json
{
"@id": "SB-RESULT-2026-0044",
"@type": "EVAL.RESULT",
"evaluatedBy": {"@id": "SB-PROTOCOL-2026-0008"},
"concernsSystem": {"@id": "SB-SYSTEM-2026-0017"},
"supportsClaim": {"@id": "SB-CLAIM-2026-0031"},
"reviewedBy": {"@id": "SB-REVIEW-2026-0009"},
"status": "STATUS.CURRENT"
}
Machine-readable records should validate:
Structured records should preserve:
High-consequence records may be digitally signed.
A technically valid JSON record can still be conceptually wrong.
Schema validation does not replace expert classification.
A class may map to an external class as:
Record:
Different labels should not be treated as exact equivalents without review.
Legal classifications should retain:
Standards crosswalks should identify:
Translated classes should record:
When importing an external term:
Mapping should enable understanding.
It should not manufacture consensus or legal effect.
Some capability, risk, safeguard, and evaluation domains require specialized extensions.
Examples:
A domain extension should define:
Preferred pattern:
DOMAIN-SPECIFIC-PREFIX.CLASS
Example:
CYBER.TASK.EXPLOIT_CHAIN
Every extension should map material classes to the Standards Body common core.
Domain experts should review extensions.
A public taxonomy may omit or generalize sensitive subclasses when detailed classification would increase harm.
Use:
Standards Body owns and maintains the canonical taxonomy.
A future taxonomy steward or committee should:
A proposed class should include:
Approve a new class only when:
Before adding a class:
No intended meaning change.
Improves definition without changing classification.
Changes meaning, parent, relationships, or use.
Replaces a class.
Ends active use.
Review affected:
A contributor may appeal:
Correct immediately when a class:
Publish material class changes and replacements.
Does the class describe a type of object rather than an opinion about it?
Is the parent relationship valid?
Can qualified users distinguish the class from related classes?
Does the taxonomy cover the material classes needed for the use case?
Where classes are intended to be exclusive, can one object be assigned consistently?
Where overlap is legitimate, does the structure permit multiple classifications?
Should the proposed class be an independent facet instead?
Can a classification be supported by identifiable evidence?
Does the label imply unsupported legal or institutional status?
Can the classification change over time without losing history?
Can the class be mapped to external systems?
Can the concept be translated without unacceptable loss?
Could publishing the class or record increase harm?
Can researchers, evaluators, policymakers, and technical systems apply it?
Could actors manipulate the classification to gain status or avoid obligations?
Error:
Treating one marketed name as a stable model or system identity.
Correction:
Create separate records for family, model version, system, and deployment.
Error:
Treating frontier status as timeless.
Correction:
Record basis, date, dimension, and confidence.
Error:
Classifying an open-weight model as fully open-source without component analysis.
Correction:
Classify weights, code, data, license, and documentation separately.
Error:
Classifying cyber capability as cyber risk.
Correction:
Link capability to risk through actor, access, vulnerability, safeguard, and consequence.
Error:
Classifying a benchmark result as certification.
Correction:
Preserve evaluation, review, scheme, and certification as separate entities.
Error:
Classifying every outside reviewer as independent.
Correction:
Use the independence profile.
Error:
Classifying an accredited organization as competent for all AI evaluation.
Correction:
Record exact accreditation scope.
Error:
Displaying a withdrawn or expired record without status.
Correction:
Require current status and history.
Error:
Presenting a legal category as universal.
Correction:
Attach jurisdiction and effective date.
Error:
Classifying a system as safe or unsafe from one metric.
Correction:
Use capability, risk, safeguard, evidence, and context profiles.
Error:
Creating new classes for every minor variation.
Correction:
Use properties and facets.
Error:
Using broad classes that erase decision-relevant differences.
Correction:
Add a subclass when the distinction changes evidence, governance, or action.
Possible classification:
AI.GENERAL_PURPOSE_MODELSYS.AI_SYSTEMSYS.TOOL_USINGACCESS.API_PUBLICDEPLOY.CONSUMERLIFE.GENERAL_DEPLOYMENTSAFEGUARD.ACCESS_CONTROLSAFEGUARD.MONITORINGAdditional records required:
Possible classification:
AI.MODELAI.OPEN_WEIGHTACCESS.WEIGHTS_PUBLICDEPLOY.RESEARCHLIFE.RELEASEDo not infer:
Possible classification:
EVAL.EVALUATIONEVAL.HELD_OUTEVAL.AGENT_EVALUATIONCAP.CYBERSECURITY.RESTRICTEDACTOR.THIRD_PARTY_EVALUATORREVIEW.INDEPENDENTRequired relationships:
Possible classification:
REVIEW.INDEPENDENT_EXPERT_REVIEWDo not classify as:
unless those additional processes exist.
A certification of an evaluator's management system may be classified as:
ASSURANCE.CERTIFICATIONIt should not be classified automatically as:
Possible classification:
INCIDENT.AI_INCIDENTINCIDENT.SECURITY_INCIDENTThe record should preserve uncertainty about causation.
Possible classification:
STANDARD.REQUIREMENTDo not classify as legally mandatory unless law creates that effect.
Use this taxonomy in new canonical files and registries.
Review existing foundation and institutional files for:
Create schemas for:
Establish controlled identifier assignment.
Publish the common core in a structured format.
Develop controlled extensions for:
Map relevant external vocabularies and standards.
Classify a representative set of:
Measure inter-rater consistency and ambiguity.
Use taxonomy identifiers in public records.
Review classes, mappings, and use annually and after major incidents or standards changes.
| Dimension | Core question |
|---|---|
| Object identity | Is the actual object identified? |
| Correct level | Is classification at model, system, deployment, organization, or legal level correct? |
| Class validity | Does the class accurately represent the object? |
| Parent validity | Is the hierarchical relationship defensible? |
| Facet use | Are independent characteristics represented as facets? |
| Relationship precision | Are entity relationships named accurately? |
| Evidence | Is the classification supported? |
| Confidence | Is uncertainty in classification visible? |
| Version | Is the relevant version identified? |
| Status | Is current, expired, superseded, or withdrawn status shown? |
| Jurisdiction | Is legal or institutional scope preserved? |
| Security | Is disclosure classification appropriate? |
| Role separation | Are developer, provider, deployer, evaluator, and authority roles separated? |
| Capability-risk separation | Are ability and risk kept distinct? |
| Evaluation-assurance separation | Are test, review, audit, certification, and accreditation distinct? |
| Interoperability | Can the class map to external vocabularies? |
| Machine readability | Can the record be represented structurally? |
| Human readability | Can informed users understand the class? |
| Temporal stability | Can changes occur without losing history? |
| Anti-gaming | Does the classification resist prestige or compliance gaming? |
| Extensibility | Can domains extend the taxonomy without breaking the core? |
| Governance | Can classes be reviewed, appealed, corrected, and retired? |
The following normally invalidate a consequential classification:
Do not average all dimensions into one number.
Critical errors should remain visible.
Record ID:
Record type:
Preferred label:
Version:
Status:
Classification date:
Classifier:
Reviewer:
Proposed identifier:
Preferred label:
Proposer:
Date:
Change request ID:
Affected class:
Current version:
Proposer:
Date:
Crosswalk ID:
Standards Body taxonomy version:
External source:
External version:
Jurisdiction or domain:
Reviewer:
Date:
| Standards Body class | External class | Mapping type | Rationale | Limitations | Status |
|---|---|---|---|---|---|
Mapping types:
State explicitly whether the crosswalk has:
Do not imply legal effect unless authorized.
Registry:
Record ID:
Entity type:
Entity identifier:
Preferred label:
Owner:
Version:
Status:
Effective date:
Expiration or review date:
Create a new class when the distinction:
Create a facet when the characteristic:
Create or use a relationship when meaning depends on the connection among entities.
Use provisional status when:
Deprecate a class when:
Retire a class when it no longer serves current work and transition is complete.
Do not publish detailed classification when it would reveal:
Publish the highest safe parent class and a reason for restriction where appropriate.
Seek qualified legal review when a classification affects:
Standards Body adopts the following working positions.
A taxonomy is operational infrastructure, not decorative organization.
The object should be identified before the label is selected.
Models, systems, deployments, organizations, and jurisdictions are distinct levels of analysis.
A marketed product name is not a sufficient technical identifier.
Model family, model version, system version, and deployment should have separate records.
A system may inherit model capability evidence only through documented analysis.
A capability is an ability under specified conditions.
A capability is not itself a risk.
Risk classification requires context, actor, access, exposure, vulnerability, safeguard, likelihood, and consequence.
A safeguard should be classified by function, layer, mechanism, scope, and effectiveness evidence.
A safeguard does not constitute a guarantee.
A test is not the same as an evaluation.
A benchmark is not the same as a complete protocol.
A review is not automatically an audit.
An external reviewer is not automatically independent.
An audit is criteria-based, systematic, independent, and documented.
Certification is third-party attestation under a defined scheme.
Accreditation recognizes conformity-assessment competence within scope.
A certificate does not establish properties outside its scheme and scope.
Legal approval, certification, accreditation, recognition, and endorsement are distinct.
Every consequential classification should include version and status.
Frontier status is time-dependent and dimension-dependent.
Open-weight, open-source, open-data, and public-access classifications should remain separate.
Public, controlled, confidential, restricted, and highly restricted are distinct access classes.
Evaluation integrity status should travel with a result.
A contaminated or compromised result should not remain classified as current without review.
Evidence level and confidence are distinct facets.
Evidence may support, challenge, narrow, contextualize, or fail to resolve a claim.
A negative evaluation result should not automatically classify a capability as absent.
Actor roles should be represented separately even when one organization performs several roles.
Sponsor, developer, provider, deployer, operator, evaluator, reviewer, and authority are distinct roles.
Institutional authority should be classified by source and scope.
A research project should not be classified as a regulator, certification body, or accreditation body without actual mandate and function.
Standards may be technical, process-based, performance-based, management-system, interface, reporting, terminology, or test-method standards.
A standard may be voluntary while requirements adopted through contract or law may be binding.
Standards stage and legal force should remain separate.
An incident may have several classifications simultaneously.
AI involvement in an incident should be classified by causal or contributory role rather than assumed.
Failure, root cause, contributing factor, correction, and preventive action are distinct.
Incentive mechanisms should be classified together with intended and unintended effects.
Prestige and recognition do not establish competence or authority.
Interoperability does not require identical classification systems.
A crosswalk does not establish equivalence automatically.
Legal equivalence requires recognition by the relevant authority.
Local extensions should preserve mapping to a common core.
Noncomparability is a valid taxonomic result.
Uncertain classifications should remain uncertain rather than forced.
Machine-readable validity does not guarantee conceptual validity.
Taxonomic classes should be corrected, deprecated, and retired visibly.
Standards Body should evaluate the consistency, usability, and real-world effects of its own taxonomy.
PROJECT_IDENTITY.mdDefines the identity, present role, authority boundaries, audiences, and public positioning of Standards Body.
The taxonomy must not classify the project in a way that exceeds those boundaries.
TERMINOLOGY.mdDefines the preferred terms and meanings.
This taxonomy organizes those terms into classes, facets, properties, and relationships.
FOUNDATIONS_APPENDIX.mdDefines the integrated eight-foundation system.
This taxonomy provides the entity architecture required to represent that system.
EVIDENCE_STANDARDS.mdDefines evidence levels, source quality, claims, confidence, and correction.
This taxonomy provides corresponding evidence and claim classes.
RESEARCH_METHODOLOGY.mdDefines how research is planned, conducted, reviewed, published, and corrected.
This taxonomy classifies research projects, methods, artifacts, review levels, and outputs.
EVALUATION_PHILOSOPHY.mdWill define the deeper conceptual approach to constructs, validity, capability, risk, thresholds, and interpretation.
This taxonomy provides the formal categories used by that philosophy.
INSTITUTION_DESIGN.mdWill define the institutional system.
This taxonomy provides classes for organizations, roles, authority, schemes, registries, and governance bodies.
GOVERNANCE_FRAMEWORK.mdWill define decision rights, committees, oversight, recusal, appeals, and accountability.
This taxonomy provides the corresponding governance entities and relationships.
STANDARDS_DEVELOPMENT_PROCESS.mdWill define the standards lifecycle.
This taxonomy provides standards types, stages, requirement forms, and statuses.
EVALUATOR_ACCREDITATION_FRAMEWORK.mdWill define evaluator competence and recognition.
This taxonomy distinguishes evaluators, audit, certification, accreditation, scopes, and statuses.
TRANSPARENCY_FRAMEWORK.mdWill define public, controlled, confidential, restricted, and highly restricted information handling.
WEBSITE_SOURCE_OF_TRUTH.mdWill apply approved classifications and public descriptions to website content.
SOURCES.mdWill maintain source records linked to evidence and classification decisions.
FAILURE_DATABASE.mdWill use the incident, failure, root-cause, and correction taxonomy.
VERSION_HISTORY.mdWill preserve the version and status history of taxonomy classes and classified records.
Characteristics:
Characteristics:
Characteristics:
Characteristics:
Characteristics:
Characteristics:
Taxonomic maturity depends on use and governance, not document length.
A complete vocabulary that is not applied consistently remains low maturity.
Determine whether Standards Body records and publications use the taxonomy correctly.
Sample:
A taxonomic error may require:
Possible metrics:
A frontier AI standards project cannot build credible evaluation, assurance, or governance on top of unstable categories.
The system fails when:
Taxonomy is the discipline that prevents these substitutions.
It tells Standards Body what kind of object is being discussed.
It preserves the object's version, scope, context, status, and jurisdiction.
It makes relationships explicit.
It supports structured evidence.
It allows one institution to understand another without pretending that all systems are identical.
It allows the project to evolve without silently rewriting its history.
The defining taxonomic rule of Standards Body is:
Name the object, classify the level, attach the context, state the relationship, and preserve the version.
Date: July 16, 2026
Change type: Complete foundational edition
Summary: Establishes the canonical Standards Body taxonomy. Defines design principles, class and facet architecture, identifiers, classification status and confidence, twenty-three primary domains, actors, AI artifacts, systems, lifecycle, access, deployment, capabilities, risks, safeguards, evaluations, evidence, review, assurance, standards, governance, incidents, incentives, interoperability, research, status, security, jurisdiction, relationship vocabulary, classification rules, entity profiles, machine-readable representation, external mappings, domain extensions, governance, quality tests, common errors, worked examples, implementation, scorecard, operational templates, canonical positions, maturity, audit, and cross-file interfaces.
Status: Approved foundational source.