Public Institutional Reference Standard — Version 1.0
ADA defines the minimum structural, governance, contractual, and capital-readiness requirements for enterprises deploying autonomous or semi-autonomous AI agents into production environments.
ADA addresses the institutional architecture necessary for agentic enterprises to be contractable, investable, and insurable under enterprise and institutional scrutiny. It does not address product design, engineering implementation, or operational matters outside the governance perimeter.
Where a domain requirement refers to 'autonomous action,' this includes any agent behaviour that executes without contemporaneous human approval, whether initiated by system logic, model inference, or workflow trigger.
ADA is a proprietary institutional reference framework developed by Venture Bench Pty Ltd. It is published for informational and educational purposes.
ADA is not: (a) a regulatory standard, code, or instrument issued by any governmental authority; (b) a certification, accreditation, or compliance verification regime; (c) endorsed, approved, or recognised by any regulator or standards body; (d) a guarantee of operational performance, regulatory compliance, insurability, or commercial success.
The framework is provided without warranty as to completeness, accuracy, or fitness for any particular purpose. Venture Bench has no obligation to update ADA to reflect regulatory, market, or technological developments.
Application of ADA to specific organisational circumstances requires independent professional assessment. Nothing in this document constitutes legal, financial, or professional advice.
| Term | Interpretation |
|---|---|
| MUST | An absolute requirement. Failure to satisfy any MUST requirement precludes ADA Conformance. |
| MUST NOT | An absolute prohibition. |
| SHOULD | Recommended practice. Departure requires documented rationale. |
| MAY | Optional provision. Included for completeness. |
Normative language in this document describes the structural requirements of the ADA framework. It does not create legal obligations, contractual duties, or regulatory compliance requirements. Whether an enterprise chooses to implement ADA, and to what extent, is a matter of independent commercial and professional judgement.
MUST Maintain a documented autonomy classification for each production agent or agent class.
MUST Classification MUST distinguish between: advisory (recommendations only), semi-autonomous (executes within defined parameters with human override), and fully autonomous (executes without contemporaneous human approval).
SHOULD Classification methodology SHOULD be reviewed at least annually or upon material change to agent capabilities.
MUST Define and document the control architecture governing each agent's operational boundaries.
MUST Control architecture MUST include: scope boundaries (what the agent is permitted to do), escalation triggers (conditions under which human review is required), and override mechanisms (how human operators can intervene).
MUST NOT Deploy agents with commitment authority (ability to create, modify, or discharge legal or financial obligations) without documented control architecture that specifically addresses commitment scope.
SHOULD Implement monitoring to detect autonomy drift: expansion of agent behaviour beyond documented scope.
MAY Use automated tooling to support drift detection, provided such tooling does not itself operate outside documented control architecture.
MUST Maintain contractual liability provisions that are proportionate to the agent's autonomy classification and operational scope.
MUST Liability architecture MUST distinguish between: errors in agent execution (the agent did what it was supposed to do, but the outcome was adverse), errors in agent scope (the agent exceeded its documented operational boundaries), and errors in agent governance (control, escalation, or override failures).
MUST NOT Rely on generic SaaS limitation of liability provisions for agents operating at semi-autonomous or fully autonomous classification levels.
MUST Customer-facing agreements MUST accurately reflect the agent's autonomy classification, data handling practices, and governance commitments.
SHOULD Agreements SHOULD include governance exhibits or schedules documenting control architecture, escalation pathways, and incident classification discipline.
SHOULD Review upstream model provider agreements for provisions that may constrain or conflict with downstream customer commitments.
SHOULD Identify and document any upstream dependency that could affect service continuity, data handling, or liability allocation.
MUST Maintain documented data provenance for all training data used in production agent models.
MUST Provenance documentation MUST be sufficient to substantiate: lawful basis for collection and use, licensing and intellectual property status, and whether customer or third-party data has been used in training.
MUST NOT Use customer data for model training without explicit, informed consent that is separate from general terms of service acceptance.
MUST Maintain a model governance framework that documents: model versioning and change management, retraining triggers and approval processes, and performance monitoring for production models.
SHOULD Model governance framework SHOULD be reviewed by a cross-functional body (such as an AIOC) rather than solely by engineering or product teams.
MUST Data handling practices MUST comply with applicable privacy and data protection laws.
SHOULD Where data is processed across jurisdictions, maintain documented cross-border data transfer mechanisms.
MUST Maintain governance documentation sufficient for institutional due diligence review, including: board or equivalent governance structure, risk management framework, and material contract register.
SHOULD Governance documentation SHOULD be structured for procurement and investor legibility, not solely for internal use.
MUST Identify and document material concentration risks, including: revenue concentration (customer, sector, geography), upstream dependency concentration (model providers, infrastructure), and data source concentration.
SHOULD Maintain a documented plan for concentration risk mitigation where concentration exceeds structural resilience tolerance.
SHOULD Prepare procurement-ready governance artefacts including: AIOC Operating Card (or equivalent), agent autonomy classification register, incident classification and response framework, and data provenance summary.
MAY Engage independent assessment (such as a formal ARAF audit) to produce definitive classification and remediation roadmap for institutional use.
ADA Conformance requires documentary evidence sufficient to demonstrate satisfaction of all mandatory (MUST) requirements across Domains I through IV.
Evidence may include: board or governance body minutes and resolutions, documented policies, procedures, and frameworks, contract extracts or summaries (appropriately redacted), audit reports and assessment outputs, training data provenance registers, and incident response records and post-incident reviews.
ADA does not prescribe specific evidence formats. Enterprises should maintain evidence in whatever form is proportionate to their scale, complexity, and governance maturity.
Documentary evidence reflects organisational posture at the time of assessment. ADA alignment is not a permanent status. Material changes to autonomy deployment, governance structures, contractual arrangements, or capital posture may affect alignment and should trigger reassessment.
ADA defines five maturity levels to provide a progression pathway for enterprises building toward full conformance.
No formal governance structure. Agent deployment governed by informal practices.
Some governance elements in place. Documentation incomplete. Gaps in one or more mandatory domains.
All mandatory requirements addressed. Documentation substantially complete. Governance processes operational. Minimum for ADA Conformance.
Governance processes embedded operationally. Evidence maintained continuously. External assessment confirms conformance.
Governance architecture is a competitive differentiator. Proactive risk management. Continuous improvement discipline.
An enterprise that has implemented all mandatory requirements across Domains I through IV may state:
Such statements:
Venture Bench does not monitor, validate, or enforce third-party alignment claims unless formally engaged. Venture Bench reserves the right to publicly clarify, correct, or challenge alignment statements it reasonably believes to be materially false or misleading.
ADA v1.0 is a proprietary framework developed and published by Venture Bench Pty Ltd. "Founding Steward" reflects initial authorship and ongoing calibration responsibility. Venture Bench is a private commercial entity, not a regulator, standards body, or certification authority. The stated intention to transition stewardship to an independent governance body is aspirational and subject to ecosystem development.
| Parameter | Detail |
|---|---|
| Current version | v1.0, February 2026 |
| Review cycle | Annual minimum; interim updates for material regulatory or market developments |
| Calibration inputs | ARAF assessment cohort data (anonymised); enterprise procurement feedback; institutional investor diligence feedback |
| Amendment process | Material amendments published with version increment, change summary, and reasonable notice period |
ADA addresses institutional architecture: the structural, governance, contractual, and capital-readiness requirements that must be in place before deployment.
ADA is complementary to, and does not replace, runtime safety standards, technical AI safety frameworks, or operational monitoring requirements. Enterprises should implement appropriate runtime controls alongside ADA institutional architecture.
ADA does not address jurisdiction-specific legal requirements, which vary by location and sector. Enterprises should obtain independent legal advice regarding regulatory compliance obligations applicable to their AI deployments.
ADA is the intellectual property of Venture Bench Pty Ltd. You may cite or reference ADA for internal governance purposes with appropriate attribution identifying the version number and date. Reproduction, adaptation, commercialisation, creation of derivative frameworks, or extraction of methodology is prohibited without prior written consent. All rights reserved.