The OVERT conformance ladder for AI conformity assessment
AI conformity assessment usually stops at a questionnaire. OVERT replaces the questionnaire with a ladder of evidence — each rung makes a stronger, machine-checkable claim about what your AI actually did.
The rungs
Section titled “The rungs”-
AAL-1 — Self-attestation. You declare your controls. Useful for internal alignment; not independently checkable. Most “AI governance” tooling stops here.
-
AAL-2 — Active enforcement. Controls actually run on the request path (deny-by-default tools, egress limits, PII checks). You can show enforcement is live, not just configured.
-
AAL-3 — Signed, operator-controlled proof. Every governed decision becomes an Ed25519-signed receipt over RFC 8785 canonical bytes, chained in an RFC 6962-shaped log. Tampering is detectable. The notary is co-resident with the operator, so this caps at AAL-3.
-
AAL-4 — Independent proof. The notary is operated outside the operator’s trust boundary, and a qualified, structurally independent assessor verifies the claim. This is the rung regulators and insurers can rely on.
What each rung needs
Section titled “What each rung needs”| Rung | Enforcement | Attestation | Independence |
|---|---|---|---|
| AAL-1 | declared | none required | none |
| AAL-2 | active | optional | none |
| AAL-3 | active | signed + chained | operator-controlled notary |
| AAL-4 | active | signed + chained | notary + assessor independent of the operator |
How Glacis products map to the ladder
Section titled “How Glacis products map to the ladder”- Declare your target level as code with OVERT-as-Code (
[policy.overt_level] target = 3). - Enforce + attest with the runtime product — honestly scoped to Level 1 Core / AAL-3 today (a single operator-controlled notary).
- Verify any receipt yourself with the verifier — independence of verification does not require trusting Glacis.