The 8 Governance Laws
Every action evaluated by ARQERA is checked against 8 governance laws simultaneously. These are not keyword filters or rule lists — they are mathematical invariants that must hold true for any action to proceed.
Overview
| # | Law | Question It Answers |
|---|---|---|
| 1 | Audit Conservation | Can this action produce an auditable trace? |
| 2 | Budget Conservation | Is this within budget allocation? |
| 3 | Evidence Gravity | Is the evidence chain maintained? |
| 4 | Least Action Path | Is this the optimal path to the goal? |
| 5 | Safety Dominance | Are there safety concerns? |
| 6 | Monotonic Truth | Is the truth invariant maintained? |
| 7 | Bounded Autonomy | Is the agent acting within its allowed scope? |
If all 8 laws pass, the verdict is proceed. If any law warns, the verdict is escalate. If any law fails, the verdict is block.
Law 1: Audit Conservation
Principle: No meaningful action without an auditable trace.
Every action must produce enough information to reconstruct what happened, who did it, and why. This law checks that the action context includes:
- A valid tenant (who owns this action)
- A valid actor (who or what is performing it)
- An action identifier (what is being done)
When it fails:
- Missing tenant context for non-system actions
- No action name provided
- Insufficient information for audit trail
Why it matters: Compliance frameworks (EU AI Act Article 12, SOC 2) require complete logging. If an action cannot be audited, it should not happen.
Law 2: Budget Conservation
Principle: Actions must not exceed their allocated budget.
Checks whether the action's estimated cost fits within the remaining budget. Prevents AI agents from spending more than authorized.
Context fields used:
estimated_cost_usd— how much this action is expected to costbudget_remaining_usd— how much budget is left
When it fails:
- Estimated cost exceeds remaining budget
- No budget information available for a cost-bearing action
Why it matters: AI agents with API access can accumulate costs quickly. Budget Conservation prevents runaway spending.
Law 3: Evidence Gravity
Principle: Evidence flows downward — every action strengthens the evidence chain.
Verifies that the evidence chain is maintained and that this action will produce a proper evidence artifact. Evidence gravity means that evidence accumulates over time, never decreasing.
When it fails:
- Evidence chain integrity is compromised
- Action would break the evidence chain
Why it matters: The evidence chain is the foundation for compliance and audit. If an action breaks the chain, all subsequent evidence becomes unreliable.
Law 4: Least Action Path
Principle: Choose the optimal path to the goal.
Evaluates whether the action represents the most direct, efficient path. Prevents AI agents from taking unnecessary or roundabout actions that increase risk without adding value.
When it fails:
- A simpler, lower-risk alternative exists
- The action is unnecessarily complex for the goal
Why it matters: More steps mean more risk. The shortest path to a correct outcome is the safest path.
Law 5: Safety Dominance
Principle: Safety always dominates other concerns.
Checks for safety risks including harmful content, dangerous operations, and actions that could cause damage. This law can override all other laws — if safety is at risk, the action is blocked regardless of other results.
Context fields used:
risk_level—"low","medium","high", or"critical"is_irreversible— whether the action cannot be undonehas_approval— whether human approval was obtained
When it fails:
- High-risk irreversible action without human approval
- Action involves potentially harmful content
- Critical risk level detected
Why it matters: This is the last line of defense. An AI agent that can delete databases, send mass emails, or process payments must be governed by safety constraints that cannot be bypassed.
Law 6: Monotonic Truth
Principle: Truth can only increase, never decrease.
Ensures that actions do not degrade the system's knowledge state. The system's understanding of truth should grow monotonically — new information adds to it, but never contradicts verified facts.
When it fails:
- Action would overwrite verified information with unverified data
- Contradicts established facts without explanation
Why it matters: AI systems that can contradict their own previous outputs without justification are unreliable. Monotonic Truth ensures consistency.
Law 7: Bounded Autonomy
Principle: AI agents must act within their defined scope.
Verifies that the actor has the authority to perform this action. Checks trust scores, required approval tiers, and whether the action falls within the agent's allowed capabilities.
Context fields used:
actor_type—"human"or"ai_agent"trust_score— the actor's current trust score (0-100)required_trust_tier— minimum trust tier for this actionhas_approval— whether human approval was obtained
When it fails:
- AI agent attempting an action outside its scope
- Trust score below the required threshold
- High-risk action by an untrusted actor
Why it matters: AI agents should not have unlimited authority. Bounded Autonomy ensures that agents can only do what they have been authorized to do, and escalate when they encounter something outside their bounds.
How Laws Interact
The 8 laws are evaluated simultaneously, but they have a priority hierarchy when determining the final verdict:
- Safety Dominance is checked first. A safety failure always blocks, regardless of other laws.
- Audit Conservation is foundational. Without an audit trail, nothing else matters.
- Bounded Autonomy enforces authorization. Even safe actions need proper authority.
- The remaining laws refine the decision with budget, evidence, path optimization, and truth checks.
User-Defined Policies
In addition to the 7 built-in laws, you can define custom policies that are evaluated alongside the standard laws. Custom policies allow you to encode your organization's specific governance rules.
See your ARQERA dashboard under Governance > Policies to create custom policies.