KYE Assurance Card Profile · v1.0

From system cards to runtime assurance.

System cards help organisations document AI risks, responsibilities, provenance, performance, security, limitations and review obligations. KYE goes one layer deeper: it generates the runtime authority decisions, state checks, signed Signal Bus events, Decision Maps and Evidence Packs that make assurance cards verifiable.

KYE Assurance Card Profile turns KYE runtime evidence into a living assurance record for AI agents, models, tools, workflows, connectors and delegated systems. KYE makes assurance executable.

timeline 8-stage lifecycle badge Live card preview supervisor_account Human Involvement Plan device_hub Provenance & supply chain event_repeat Review cycle balance Open / paid
Why a new layer

Model cards are not enough.

Defence-grade AI assurance work (Alan Turing Institute / Accenture / UK MoD) makes the case directly: model cards are insufficient where models are integrated with platforms, where assumptions change and where multiple models interact. Agentic systems need more than model cards. They need authority cards, runtime decisions and evidence trails.

KYE Assurance Card Profile sits above the runtime KYE stack. It turns the operating-model journey into a living lifecycle record, automates review-cycle triggering against the authority graph, and enforces the human-involvement plan as a runtime policy gate — not a documentation requirement.

1 · 8-stage lifecycle

Design → pilot → deploy → monitor → review → decommission.

Each stage emits a signed event onto KYE Signal Bus and is recoverable from the audit ledger.

01
DesignKYEAssuranceCard drafted; intended use, prohibited uses, owner, accountable entity declared.
02
PilotCard moves to pilot. Operating-model adoption pack bound; runtime evidence begins flowing.
03
DeployStatus moves to controlled_production / production; cascade-revocation hooks armed.
04
MonitorKYEAssuranceReviewCycle watches authority-graph + provenance + risk-state for triggers.
05
Incident reviewTrigger incident instantiates a review without operator intervention.
06
Scope-change reviewTrigger scope_change on capability / gate / commit-boundary updates.
07
Retention reviewTrigger retention on data / evidence retention windows.
08
DecommissionKYEDecommissioningPlan orchestrates revoke · quarantine · rotate · archive · notify · remove.
2 · Live assurance-card preview

Owner. Authority. Human involvement. Provenance. Evidence.

Every claim on a KYE Assurance Card resolves to a runtime artefact a third party can replay offline against a published JWKS.

badge

KYE Assurance Card · preview

Finance Payment Preparation Agent

pilot
Owner
Finance Ops · kye:user:finance_owner_001
Accountable
kye:org:acme_ltd
Risk tier
high
Lifecycle
pilot · design→deploy planned
Permitted uses
invoice.read, payment.prepare, supplier.notify
Prohibited uses
payment.execute, contract.sign, credential.rotate
Authority record
kye:authority-record:finance_agent_001
Required gates
payment_execute · external_send
Commit boundaries
payment_execution
Human involvement
finance_manager · pre-commit · SLA 24h
Provenance
verified · 2 tools, 1 dataset, 1 supplier
Evidence
evidence_pack_available
Review
monthly · next 30 days
Decommissioning
plan armed · cascade entity_and_descendants
3 · KYE Human Involvement Plan

Where authorised humans must review, approve, limit or override.

Six involvement types · nine lifecycle stages. Bypass attempts are denied at runtime and emit a signed kye.human_involvement.bypass_denied event.

visibilityreviewPeriodic review of an AI worker's behaviour and evidence.
verifiedapproveRequired approval before commit-level action.
blocklimitConstrain scope or output before execution.
editdirectProvide direction or guardrails the AI worker must follow.
policyinfluenceSet policy or framing that shapes interpretation.
flakyoverrideReverse or change a runtime decision after the fact.
4 · Provenance & supply chain

Models. Datasets. Tools. Suppliers. Licences. Verified.

Every dataset, model, tool, supplier, licence and hardware lineage referenced by an assurance card is bound as KYEProvenanceEvidence. Verification status: verified / partially_verified / unverified / failed. Verification failure emits a signed kye.provenance.verification_failed event onto Signal Bus.

ElementWhat is recordedVerification methods
Modelsid, version, supplier, licence, checksumself_attested · third_party_attestation · signed_evidence · registry_check
Datasetsid, version, licence, checksum, data classessame
Toolsid, version, suppliersame
Suppliersid, verification flag, methodsame
LicencesSPDX identifier or named licenceregistry_check
Hardwareid, vendor, model, attestation refsigned_evidence
5 · Review cycle (interactive)

Pick a trigger — we'll show what it produces.

Front-end illustration only — no data leaves the page. Real implementations call POST /v1/assurance-review-cycles/{cycle_id}:trigger.

When does it fire?

On the cadence declared by scheduled_frequency (weekly / monthly / quarterly / annual).

Reviewer roles: ai_governance_lead. Evidence captured: reviewer_identity, decision, reason_code, timestamp, state_snapshot, decision_map.

When does it fire?

When the bound KYEEntityAuthorityRecord adds or removes a capability, or when the KYEAuthorityGate set changes membership.

Reviewer roles: ai_governance_lead + security_admin. Evidence captured: scope_diff, decision_map, state_snapshot.

When does it fire?

When an incident signal is recorded (kye.compromise.reported, kye.agency_drift.detected, etc.) for a descendant of the assurance-card subject.

Reviewer roles: security_admin + ai_governance_lead. Outcome options: approve / deny / quarantine / escalate. SLA: 240 minutes.

When does it fire?

When KYEProvenanceEvidence.models[*].version changes.

Reviewer roles: ai_governance_lead + data_steward. Evidence captured: model_diff, evaluation_refs, performance_metrics.

When does it fire?

When KYEProvenanceEvidence.suppliers[*].verified changes from true to false, or a new supplier is added.

Reviewer roles: procurement + security_admin. Evidence captured: supplier_diff, verification_method, signed_evidence.

When does it fire?

When a model / dataset / tool licence changes.

Reviewer roles: legal. Evidence captured: licence_diff, registry_check.

When does it fire?

When the data / evidence retention window approaches expiry.

Reviewer roles: data_steward + legal. Outcome options: archive / extend / delete / decommission.

When does it fire?

When the assurance card transitions to deprecated or revoked, or the bound KYEDecommissioningPlan is executed.

Off-boarding: revoke_authority → quarantine_credentials → rotate_keys → archive_evidence → notify_owner → notify_supplier → update_catalog → remove_from_runtime. Cascade scope: per cascade_revocation.scope.

6 · Schemas (Apache 2.0, public mirror)

Six normative objects. Validated in CI.

7 · Open / paid boundary

The contracts are open. The runtime assurance engine is paid.

Open under Apache 2.0

Open

  • Assurance Card Profile schema
  • KYE Assurance Card schema
  • KYE Human Involvement Plan schema
  • Provenance Evidence schema
  • Assurance Review Cycle schema
  • Decommissioning Plan schema
  • Reason-code dictionary · Signal Bus event names
  • Sample assurance cards · basic conformance fixtures

Commercial / patent track

Paid

  • KYE Assurance Card Builder
  • KYE Assurance Card Library
  • KYE Human Involvement Planner
  • KYE Provenance & Supply Chain Evidence App
  • KYE Assurance Review Scheduler
  • KYE Governed Use Case Library
  • Sector packs (defence, public-sector, payments, health)
  • Runtime-evidence binding + review-automation engines
  • BYOC / on-prem assurance deployment
Where to go next

Adjacent reading.

route Operating Model trending_up Continuity explore Discoverability hub Ontology menu_book Glossary — assurance entries article Whitepaper §7.8