Skip to main content

The 8 Governance Laws

Every action evaluated by ARQERA is checked against 8 governance laws simultaneously. These are not keyword filters or rule lists — they are mathematical invariants that must hold true for any action to proceed.

Overview

#LawQuestion It Answers
1Audit ConservationCan this action produce an auditable trace?
2Budget ConservationIs this within budget allocation?
3Evidence GravityIs the evidence chain maintained?
4Least Action PathIs this the optimal path to the goal?
5Safety DominanceAre there safety concerns?
6Monotonic TruthIs the truth invariant maintained?
7Bounded AutonomyIs the agent acting within its allowed scope?

If all 8 laws pass, the verdict is proceed. If any law warns, the verdict is escalate. If any law fails, the verdict is block.


Law 1: Audit Conservation

Principle: No meaningful action without an auditable trace.

Every action must produce enough information to reconstruct what happened, who did it, and why. This law checks that the action context includes:

  • A valid tenant (who owns this action)
  • A valid actor (who or what is performing it)
  • An action identifier (what is being done)

When it fails:

  • Missing tenant context for non-system actions
  • No action name provided
  • Insufficient information for audit trail

Why it matters: Compliance frameworks (EU AI Act Article 12, SOC 2) require complete logging. If an action cannot be audited, it should not happen.


Law 2: Budget Conservation

Principle: Actions must not exceed their allocated budget.

Checks whether the action's estimated cost fits within the remaining budget. Prevents AI agents from spending more than authorized.

Context fields used:

  • estimated_cost_usd — how much this action is expected to cost
  • budget_remaining_usd — how much budget is left

When it fails:

  • Estimated cost exceeds remaining budget
  • No budget information available for a cost-bearing action

Why it matters: AI agents with API access can accumulate costs quickly. Budget Conservation prevents runaway spending.


Law 3: Evidence Gravity

Principle: Evidence flows downward — every action strengthens the evidence chain.

Verifies that the evidence chain is maintained and that this action will produce a proper evidence artifact. Evidence gravity means that evidence accumulates over time, never decreasing.

When it fails:

  • Evidence chain integrity is compromised
  • Action would break the evidence chain

Why it matters: The evidence chain is the foundation for compliance and audit. If an action breaks the chain, all subsequent evidence becomes unreliable.


Law 4: Least Action Path

Principle: Choose the optimal path to the goal.

Evaluates whether the action represents the most direct, efficient path. Prevents AI agents from taking unnecessary or roundabout actions that increase risk without adding value.

When it fails:

  • A simpler, lower-risk alternative exists
  • The action is unnecessarily complex for the goal

Why it matters: More steps mean more risk. The shortest path to a correct outcome is the safest path.


Law 5: Safety Dominance

Principle: Safety always dominates other concerns.

Checks for safety risks including harmful content, dangerous operations, and actions that could cause damage. This law can override all other laws — if safety is at risk, the action is blocked regardless of other results.

Context fields used:

  • risk_level"low", "medium", "high", or "critical"
  • is_irreversible — whether the action cannot be undone
  • has_approval — whether human approval was obtained

When it fails:

  • High-risk irreversible action without human approval
  • Action involves potentially harmful content
  • Critical risk level detected

Why it matters: This is the last line of defense. An AI agent that can delete databases, send mass emails, or process payments must be governed by safety constraints that cannot be bypassed.


Law 6: Monotonic Truth

Principle: Truth can only increase, never decrease.

Ensures that actions do not degrade the system's knowledge state. The system's understanding of truth should grow monotonically — new information adds to it, but never contradicts verified facts.

When it fails:

  • Action would overwrite verified information with unverified data
  • Contradicts established facts without explanation

Why it matters: AI systems that can contradict their own previous outputs without justification are unreliable. Monotonic Truth ensures consistency.


Law 7: Bounded Autonomy

Principle: AI agents must act within their defined scope.

Verifies that the actor has the authority to perform this action. Checks trust scores, required approval tiers, and whether the action falls within the agent's allowed capabilities.

Context fields used:

  • actor_type"human" or "ai_agent"
  • trust_score — the actor's current trust score (0-100)
  • required_trust_tier — minimum trust tier for this action
  • has_approval — whether human approval was obtained

When it fails:

  • AI agent attempting an action outside its scope
  • Trust score below the required threshold
  • High-risk action by an untrusted actor

Why it matters: AI agents should not have unlimited authority. Bounded Autonomy ensures that agents can only do what they have been authorized to do, and escalate when they encounter something outside their bounds.


How Laws Interact

The 8 laws are evaluated simultaneously, but they have a priority hierarchy when determining the final verdict:

  1. Safety Dominance is checked first. A safety failure always blocks, regardless of other laws.
  2. Audit Conservation is foundational. Without an audit trail, nothing else matters.
  3. Bounded Autonomy enforces authorization. Even safe actions need proper authority.
  4. The remaining laws refine the decision with budget, evidence, path optimization, and truth checks.

User-Defined Policies

In addition to the 7 built-in laws, you can define custom policies that are evaluated alongside the standard laws. Custom policies allow you to encode your organization's specific governance rules.

See your ARQERA dashboard under Governance > Policies to create custom policies.