Certification

Trust requires a signal

Boards cannot oversee what they cannot compare. Insurers cannot price what they cannot classify. Investors cannot diligence what they cannot measure.

Governance that has been built, documented and independently assessed still cannot function as market infrastructure unless it can be communicated in a form that institutional audiences can use without conducting the full assessment themselves. Certification is the mechanism that produces that communication: the compressed, independently verified signal that allows governance quality to travel through markets.

The market is not waiting for perfect governance. It is waiting for measurable governance.

What certification does

DSI 001 certification performs three functions, on the same logic that an independent audit performs for financial statements: the assessor does not prepare the thing it assesses.

Information compression

A certification compresses the assessment of an autonomous system's governance posture across the six dimensions into a GBI score and a certification tier. Institutional audiences can read governance quality from that signal without repeating the full assessment.

Accountability transfer

When an accredited DSI 001 assessor issues a certification, it accepts professional responsibility for the quality of the assessment that produced it, in the way an auditor stands behind an audit opinion. That is what gives the signal credibility: it is not a claim by the organisation about itself, but a representation by an independent assessor operating under a defined methodology.

Market creation

Certification makes governance posture comparable across deployments. Without comparability, governance quality cannot be priced; without pricing, governance investment cannot produce a return. The pattern is consistent across adjacent infrastructure markets: SOC 2 became a prerequisite for enterprise software procurement, PCI DSS a condition of payment network participation, and ISO 27001 a procurement requirement for government-facing vendors. DSI 001 applies the same market-forming mechanism to autonomous system governance.

Classification states and certification tiers

DSI 001 defines three certification tiers based on the Governance Benchmark Index, on a 1.0 to 5.0 scale where lower is stronger. With the unclassified baseline they form four classification states.

The tiers create a governance progression institutions can track over time. An insurer can price conditional coverage during a remediation period and move to standard terms on Compliant certification. An investor can model the governance discount at one tier and the benefit of reaching the next.

Independence and assessor accreditation

Certification is only as credible as the assessors who produce it. The DSI 001 assessor accreditation standard sets four requirements.

• Demonstrated qualification. Assessors must demonstrate competence in the assessment methodology, including the six dimensions, the multiplier logic and the evidence requirements governance records must satisfy.
• Documented methodology adherence. Assessors must conduct assessments according to the published DSI 001 methodology, so that the basis of any assessment is reviewable against the standard by the institutional audiences that rely on the output.
• Independence. Assessors must be independent of the organisation being assessed. No assessor may certify a system it helped build, or an organisation with which it has a commercial relationship that could compromise assessment objectivity.
• Accountability. Assessors are accountable for the quality of the assessments they produce. The accreditation standard includes a review mechanism that can result in accreditation withdrawal where an assessor fails to meet the standard.

The accreditation architecture is designed with reference to a documented failure mode: the United States Federal Trade Commission's 2014 action against TRUSTe, where inadequate assessor oversight allowed certifications to be issued that did not reflect actual practice. DSI 001 addresses that directly. Assessors are subject to accountability review, and accreditation is contingent on maintaining assessment quality.

The certification lifecycle

Autonomous systems change faster than most governed assets. Models are retrained, deployment contexts expand and data sources evolve. A certification accurate at issuance may not describe the system operating six months later. The lifecycle follows the structural model aviation applies to airworthiness: initial certification, event-triggered reassessment and scheduled maintenance.

Initial assessment

The initial assessment evaluates governance posture across all six dimensions and produces a defined set of outputs: the GBI composite score, the full dimensional profile, the multiplier analysis, a remediation roadmap where required, the certification designation, and the assessment date and validity period.

Scheduled reassessment and surveillance

A Compliant certification is valid for 12 months. A Certified result runs a 24-month cycle with mandatory interim surveillance at 12 months. No certified system runs more than 12 months without a surveillance checkpoint that confirms governance posture has been maintained, or identifies where it has changed and what remediation is required.

Event-triggered reassessment

Material changes trigger reassessment regardless of the ordinary cycle. Where a triggering change occurs, the organisation must notify the assessor within 60 days.

• Significant model updates
• New deployment contexts
• Material changes to data sources
• Anomaly patterns suggesting governance scope drift
• Regulatory developments materially affecting governance obligations
• Adverse outcomes implicating governance architecture
• Material changes to contract infrastructure
• A government action, including a supply-chain risk designation, affecting the primary AI provider or any material component of the decision supply chain

Certification withdrawal

Certification may be withdrawn where material changes were not notified or addressed, where governance posture deteriorates below the certified threshold, or where the assessment was based on materially inaccurate or incomplete information.

Certification and the standard of care

An organisation that holds Certified or Compliant status from an accredited assessor holds contemporaneous, independently produced evidence that its governance architecture was assessed against a defined standard and found adequate at the time of assessment.

That evidence does not constitute a statutory safe harbour. It is the kind of contemporaneous evidence that courts assessing the standard of care, insurers evaluating coverage, and regulators conducting supervisory review will find relevant to whether reasonable precautions were taken.

The distinction matters because the relevant question on review is rarely whether the system functioned. It is whether the organisation that relied on it can show, from records made at the time, who held authority, what they knew and what they did.

Preparing for assessment

A DSI 001 assessment is a governance decision. Organisations preparing for assessment should work through a defined sequence: conduct a preliminary self-review against the six dimensions to identify the dimensional profile and likely remediation areas; prepare governance documentation across the four evidence categories of design, deployment, operational and outcome evidence; engage an accredited assessor; complete the structured assessment process, typically conducted over weeks and scaled to system complexity; review the GBI score, dimensional profile and remediation roadmap; and address remediation items before seeking a higher tier where necessary.