RFC-011: AIGP Vendor Trust Package — 3. Conformance Levels
AIGP Specification › RFC-011: AIGP Vendor Trust Package › 3. Conformance Levels
← 2. Motivation · Section index · 4. Vendor Trust Package Components →
3. Conformance Levels
Vendors declare one of three progressive conformance levels:
3.1 Level 1 — AIGP Observable
The vendor emits AI capability metadata and post-invocation evidence records.
Requirements:
- Publish a Vendor Manifest
- Publish an AI Capability Bill of Materials
- Emit VENDOR_RECORD for AI invocations
- Select a Disclosure Profile tier
3.2 Level 2 — AIGP Governable
The vendor accepts customer-specific policy bindings and maps them to tenant AI behavior.
Requirements (in addition to Level 1):
- Accept Customer Policy Bindings per tenant
- Enforce allowed/prohibited capabilities per binding
- Support configurable data boundaries
- Emit TRACE telemetry
3.3 Level 3 — AIGP Enforceable
The vendor supports runtime governance enforcement.
Requirements (in addition to Level 2):
- Runtime ALLOW/DENY decisions based on policy
- Human approval gates for specified action types
- Data boundary enforcement with auditable evidence
- Temporal Evidence Chaining with session-level observations
- Default-deny on timeout
← 2. Motivation · Section index · 4. Vendor Trust Package Components →