Skip to content
AI + Quantum Ethics Standards

Certification (Working Draft)

Purpose

Define a certification approach that provides credible assurance while avoiding “ethics washing.”

This document provides the baseline certification concept. The detailed labeling and certification-level scheme is defined in 05_audit_and_assurance/certification_and_labeling.md.

Ethical Mapping

  • A4 Trustworthiness
  • A3 Justice, Due Process, and Remedy

Principles

  • Certification is evidence-based and time-bounded.
  • Certification is not a guarantee of safety; it is a statement of verified controls and residual risks.
  • Higher tiers require stronger independence and transparency.

Requirements (Normative)

CE-1 (Scope of Certification). A certification claim MUST specify:

  • which system/version is certified
  • applicable tier and use context
  • standards covered and excluded
  • validity period and reassessment triggers

CE-2 (Tier Constraints).

  • Tier 2: certification SHOULD require at least one independent audit component.
  • Tier 3: certification MUST require independent audit and explicit dual-use governance review evidence.

CE-3 (Revocation). Certifications MUST be revocable upon:

  • material undisclosed system change
  • major incident indicating control failure
  • evidence of deceptive claims (AI-T-5 / Q-C-4)

Compliance Evidence

  • certification report with scope and exclusions
  • auditor attestations and evidence index
  • revocation policy and historical revocation log (if any)