Skip to content

RFC-011: AIGP Vendor Trust Package — 3. Conformance Levels

AIGP SpecificationRFC-011: AIGP Vendor Trust Package › 3. Conformance Levels

← 2. Motivation · Section index · 4. Vendor Trust Package Components →

3. Conformance Levels

Vendors declare one of three progressive conformance levels:

3.1 Level 1 — AIGP Observable

The vendor emits AI capability metadata and post-invocation evidence records.

Requirements:

  • Publish a Vendor Manifest
  • Publish an AI Capability Bill of Materials
  • Emit VENDOR_RECORD for AI invocations
  • Select a Disclosure Profile tier

3.2 Level 2 — AIGP Governable

The vendor accepts customer-specific policy bindings and maps them to tenant AI behavior.

Requirements (in addition to Level 1):

  • Accept Customer Policy Bindings per tenant
  • Enforce allowed/prohibited capabilities per binding
  • Support configurable data boundaries
  • Emit TRACE telemetry

3.3 Level 3 — AIGP Enforceable

The vendor supports runtime governance enforcement.

Requirements (in addition to Level 2):

  • Runtime ALLOW/DENY decisions based on policy
  • Human approval gates for specified action types
  • Data boundary enforcement with auditable evidence
  • Temporal Evidence Chaining with session-level observations
  • Default-deny on timeout


← 2. Motivation · Section index · 4. Vendor Trust Package Components →