Evidence Infrastructure Standard
The minimum structure of a qualifying governance decision record: what evidence must exist for a consequential autonomous decision to be reconstructable.
DSI 001 Version 1.0. Effective [25 June 2026].
Purpose
This Standard defines the minimum structure of a qualifying governance decision record under DSI 001. It specifies what records must exist so that a consequential autonomous decision is reconstructable from contemporaneous evidence.
DSI 001 defines the properties governance evidence must satisfy, being authenticity, integrity, traceability and chain of custody, and the tiers into which evidence falls. This Standard defines the internal structure of the record that satisfies those requirements at Tier 1.
It does not prescribe log formats, database schemas or vendor tooling. Implementation architecture remains the responsibility of the deploying organisation. The Standard defines record requirements, not record formats.
Scope and application
This Standard applies to all consequential decisions produced by autonomous systems subject to DSI 001 assessment at the Compliant or Certified certification tier. A decision is consequential when it produces an outcome that commits the organisation, alters the rights or interests of a third party, or falls within the scope of an authority boundary defined in the system's governance architecture. It does not apply to the Assessed tier, which evaluates design adequacy only.
Relationship to the Governance Coherence Addendum
The Governance Coherence Addendum defines how governance coherence is evaluated across the 180-day evidence window. This Standard defines what a qualifying Tier 1 evidence record contains. The two are complementary: assessors applying the GCA use this Standard to evaluate whether infrastructure-generated evidence satisfies the Tier 1 threshold.
Scope completeness
An assessment under this Standard is bounded by the set of autonomous systems and AI-assisted decision processes identified for assessment. Evidence completeness for an identified system does not cure an incomplete identification of systems. A complete record of the wrong perimeter is not a complete assessment.
The deploying organisation must provide a documented basis for concluding that all material autonomous and AI-assisted decision processes within the assessment perimeter have been identified, including a defensible method for surfacing unsanctioned or undocumented use that operates outside formal governance. Where the organisation cannot demonstrate a reasonable basis for completeness, the assessment report must record the limitation, and any certification is qualified to the identified perimeter accordingly. The completeness assertion is a scope statement, not a guarantee that no undocumented use exists; its purpose is to ensure the limits of what was assessed are visible to any institution relying on the result.
The canonical governance decision record
The canonical governance decision record is the minimum evidence object required for a consequential decision to be reconstructable. It is the unit of Tier 1 evidence under DSI 001.
A system satisfies this Standard when each consequential decision can be reconstructed from contemporaneous records containing the four required evidence components: Execution Event, Contextual State, Authority and Attribution, and Integrity Anchor.
The four evidence components
The observable action or decision produced by the system: what happened, when, and which system instance produced it.
- Timestamp of execution
- Decision output or action taken
- System instance identifier
- Scope reference
The decision environment at execution time. This establishes interpretability: what the system knew and under what operating conditions the decision was produced.
- Input data state at execution
- Model version reference
- Policy or rule set invoked
- Threshold parameters active
The governance authority under which the decision occurred. This enables the institutional accountability questions: who controlled the system, who authorised the action, and under what authority boundary. It is the component most commonly absent from engineering telemetry.
- Governance authority identifier
- Rule pack or governance package reference
- Accountability holder at time of execution
- Deploying organisation identity
A tamper-resistant reference establishing that the record existed at the time claimed and cannot be altered without detection. This converts a log entry into institutionally admissible evidence.
- Cryptographic hash or signature
- Append-only log reference
- External timestamp service record
- Signed registry entry
Implementation neutrality
The Standard does not prescribe the technical mechanism by which each component is captured. Any implementation that produces contemporaneous, tamper-evident records containing the four components satisfies this Standard, regardless of the logging infrastructure, policy engine or data architecture used. Multiple enforcement stacks may satisfy this Standard; no single implementation architecture is required or preferred.
Integrity Anchor minimum requirements
The Integrity Anchor must satisfy two properties: temporal attestation, being evidence the record existed at the time claimed, and tamper resistance, being evidence the record has not been altered since creation. For Tier 1 classification, the Integrity Anchor must be produced by infrastructure independent of the system that generated the decision record. Application-level timestamps generated by the same system do not satisfy this requirement, because they do not provide independent attestation.
Acceptable Tier 1 mechanisms include, without limitation: cryptographic hashing with external timestamping; append-only log infrastructure with independent integrity verification; external timestamp authority records; and signed, immutable registry entries. The mechanism selected must be documented in the evidence architecture and identified in the assessment report.
Relationship to D6 Adaptive Stability
D6 evaluates whether an organisation maintains governance continuity as the system, its environment and the governance assumptions change over time. D6 assessment relies on evidence that governance architecture remained operative and traceable across the assessment window.
The D6 evidentiary model is a two-layer architecture: a runtime log layer and a model knowledge package (MKP) registry layer. Together they produce the canonical governance decision record. An MKP is the versioned collection of governance artefacts, control definitions, authority references and configuration state that defines the governance architecture under which a specific system version operates. Each MKP version must be uniquely identifiable and queryable from the runtime log by reference to the MKP identifier recorded at execution time.
| Layer | Function | Components satisfied |
|---|---|---|
| Runtime log layer | Records execution events, contextual state and enforcement actions contemporaneously at the action boundary | Execution Event, Contextual State |
| MKP registry layer | Records governance artefacts, control definitions and authority references; maintains version history queryable from the runtime log | Authority and Attribution, Integrity Anchor |
A system satisfies the D6 two-layer requirement when both layers are present, maintained, and the traversal path from a runtime log entry to the corresponding MKP registry version is queryable. Separating the runtime execution record from the governance artefact registry preserves implementation neutrality at the enforcement layer while maintaining the authority chain required for institutional accountability.
D6 closing assessment criterion
- One. The MKP identifier is present in the runtime log at the time of each consequential decision.
- Two. The MKP registry exists, is maintained, and reflects the version active at execution.
- Three. The traversal path from runtime log entry to MKP registry version graph is queryable.
Evidence tier mapping
The GCA defines the admissible evidence tiers, Tier 1 to Tier 3; Tier 4 management representation is excluded. The four components of the canonical governance decision record map to those tiers as follows.
| Component | Tier satisfied | Basis |
|---|---|---|
| Execution Event | Tier 1 | Infrastructure-generated, contemporaneous with the decision event |
| Contextual State | Tier 1 | Infrastructure-generated, captures the decision environment at execution without retrospective assembly |
| Authority and Attribution | Tier 1 / Tier 2 | Tier 1 where infrastructure-generated; Tier 2 where contemporaneously documented. Either satisfies the threshold for D3, D4 and D5; Tier 1 required for D1, D2 and D6 at Certified |
| Integrity Anchor | Tier 1 prerequisite | Required for any record to qualify as Tier 1. Without it, the other three components constitute at most Tier 2 evidence |
Where all four components are present and the Integrity Anchor is satisfied, the record constitutes Tier 1 infrastructure-generated evidence. Where the Integrity Anchor is absent, the record is Tier 2 regardless of the quality of the other components.
| Certification tier | Evidence requirement |
|---|---|
| Assessed | No operational evidence required. Design adequacy assessment only. |
| Compliant | Complete canonical records (all four components) required for D1, D2 and D6. Authority and Attribution may be Tier 2 for D3, D4 and D5. |
| Certified | Complete canonical records with Tier 1 Integrity Anchor required for at least 80% of sampled controls across D1, D2 and D6. Any control assessed without a complete record must be individually identified in the report. |
Governance agent output
A governance agent output is a record produced by an automated system whose designated function is assessing, monitoring or reporting on governance controls for the system under assessment. It is distinct from an operational system log: an operational log records what the governed system did; a governance agent output records an automated assessment of whether that system's governance controls operated correctly. Because the source of the evidence is itself an autonomous system, its admissibility requires specific conditions.
Admissibility conditions
Condition 1, independent validation. The governance agent must have been independently validated before the assessment period in which its outputs are relied upon. Validation requires a defined scope specification, evidence the agent was tested against known conditions with documented false positive and false negative rates, and a version record confirming which agent version produced each output relied upon. Outputs from an agent that has not been independently validated are not admissible at any tier; they are excluded from the evidence base, not demoted to Tier 2, because treating unvalidated automated assessment as Tier 2 would undermine the evidentiary standard at the source category level. Where the agent is updated within the 180-day window, validation must be refreshed for the updated version before its outputs are admissible.
Condition 2, four-component completeness. Each governance agent output record must satisfy the four-component requirement of the canonical record. Where a human reviewer exercised a review function, the human determination and its basis form part of the Authority and Attribution record; where no human review was performed, the record must affirmatively indicate so. The Integrity Anchor applies to the governance agent output record itself, not only to the underlying operational log.
| Admissibility status | Tier | Basis |
|---|---|---|
| Both conditions satisfied | Tier 1 | Independent validation and four-component completeness together produce the reliability required for infrastructure-generated evidence |
| Condition 1 only | Tier 2 | Validated source with incomplete record structure. Contemporaneous documentation standard applies |
| Condition 1 not satisfied | Excluded | Unvalidated governance agent output. Not admissible at any tier |
Scope limitation requirement
Where a governance agent output forms any part of the evidence base, the assessment report must include a scope limitation statement identifying which governance conditions were assessed by agent outputs rather than infrastructure-generated logs, the validation status of the agent at the assessment date, and any false positive or false negative conditions material to the assessment. This is a disclosure obligation, not a qualification of the assessment: its purpose is to let institutional audiences understand the composition of the evidence base and apply appropriate weight. Governance agent outputs satisfy the Authority and Attribution component subject to these conditions; they do not substitute for the Integrity Anchor, which must be independently satisfied for the agent output record itself.
AI-derived input provenance
The governance agent section governs the outputs of automated agents whose function is to assess governance. This section governs the inputs to the decision itself. The two are distinct, and both may apply to a single decision.
Where an output generated by an AI system materially informs a consequential decision, the governance record for that decision must include an AI-input provenance record. This applies whether the AI-derived output operates within an autonomous system or as an input to a human decision, including inputs into board and management reporting on which a consequential decision is based.
| Element | Requirement |
|---|---|
| Use and identity | That an AI system was used in producing the input, and the identity and version of the system that produced it |
| Derivation and verification | How the AI-derived output was obtained, and what verification, checking or corroboration was performed before it was relied upon |
| Reliability basis | The basis on which the output was assessed as sufficiently reliable to be relied upon for the decision in question |
Where no verification was performed, the record must state so affirmatively. An affirmative statement that no verification occurred is itself part of the provenance record and is preferable to silence: silence leaves it unknowable whether verification was omitted or merely undocumented, and the difference is material to any institution relying on the decision. The provenance record sits within the Contextual State and Authority and Attribution components, and is assessed against the same four-component and tier requirements as other evidence. A provenance record produced after the decision, in response to assessment, is reconstructed documentation and treated as such.
Assessment records and external communication
The governance evidence record recognises two further categories of evidence that an organisation, or a third party engaged by it, may produce. Both are captured as evidence. Neither is produced or evaluated by a DSI 001 assessment. DSI 001 does not require these assessments to be performed, does not perform them, and does not grade their substance. It records whether the evidence exists, whether it is current, and whether each record satisfies the four-component requirement, reported categorically rather than scored as a judgment about the fairness, explainability, societal impact or ethics of the system.
Assessment records
Where an organisation or a third party has produced an impact assessment, a fairness or bias evaluation, an explainability analysis, or any other evaluation of the system, that document is captured as an assessment record: evidence that the evaluation was performed, by whom, and when. DSI 001 does not assess the subject matter of the evaluation. The category exists so that an organisation's own evaluation work, and the evaluations other standards require, can be evidenced within a single governance record without DSI 001 extending into the evaluation itself.
Communication and notification records
Within the Authority and Attribution component, records of external communication are captured as a distinct category: incident notifications, external reports to regulators or affected parties, and stakeholder communications. The record establishes that a communication was made, when, by whom, and to whom. DSI 001 records that the notification occurred. It does not evaluate the adequacy of the communication process.
Interoperability
These two categories allow a DSI 001 evidence record to map to the evidence requirements of external frameworks, including ISO/IEC 42001 and the NIST AI Risk Management Framework, without DSI 001 assessing the subject matter those frameworks evaluate. The evidence is captured once and can be presented against whichever framework an institutional audience requires. The boundary is preserved: DSI 001 evidences what the organisation produced and governs; it does not produce or grade evaluations of model behaviour.
Institutional implications
Engineering telemetry is not governance evidence
Engineering telemetry, being latency, throughput, error rates and model accuracy, answers whether the system is performing as designed. It does not answer the question institutional audiences require: is the governance of the system being exercised as authorised? A cryptographically anchored log of model outputs is not governance evidence unless it captures the governance authority under which those outputs occurred. The Authority and Attribution component is the element most commonly absent from organisations that believe their logging satisfies evidence requirements. Its absence means the record cannot answer who was responsible, what they knew, and what they did.
Reconstructability is the governing test
The purpose of the four-component model is reconstructability: the capacity to demonstrate, from contemporaneous records, how a consequential decision was produced, under what authority, and in what governance context. Reconstructability cannot be built after an adverse outcome. The record that satisfies institutional scrutiny must be produced at the moment of the decision it documents.
Insurer reliance
Insurers underwriting autonomous system deployments require evidence that governance controls operated during the coverage period. An insurer evaluating a claim needs to establish what the system did, under what conditions, under whose authority, and whether that record is unaltered. The four components map directly to those four requirements. An assessment supported by complete canonical records provides a qualitatively different evidence base than one supported by management representations.
Cross-references
| Document | Relationship |
|---|---|
| DSI 001 | The parent standard. The six dimensions and the accountability chain establish the governance context within which this Standard operates. |
| Governance Coherence Addendum | Defines the evidence tiers, the 180-day coherence window, and the general evidence window rule applied to governance agent outputs. |
| GBI methodology | Dimensional scoring produces the risk profile that determines which evidence requirements apply at each certification tier. |
| D6 Adaptive Stability | The two-layer D6 evidentiary model is the canonical implementation architecture for this Standard. |