A3RA Foundations

The A3RA Foundations define the core principles, definitions, and constraints behind trustworthy action in autonomous and cyber-physical systems.

These documents establish what must be true for actions taken by such systems to be defensible in real-world operation — technically, legally, and organizationally.

If you are new to A3RA, this is the right place to begin.

The Foundations

  1. Accountability for Physical AI

    Introduces the core problem: why autonomy without accountability does not scale, and why trustworthy action is now a business, safety, and governance requirement.

  2. Defining a Trustworthy Action (A3RA)

    Defines what constitutes an action in a cyber-physical system and formalizes the A3RA criteria: Attributable, Admissible, Auditable, and Recoverable — within an explicit Authority Scope.

  3. The SCG Framework

    Introduces the Security, Compliance, and Governance (SCG) Framework as the architectural engine that makes A3RA operational and commercially viable at scale.

  4. The Responsibility Model

    Describes how responsibility is divided across system layers — the Actor, the Arbiter, and the Authority — to ensure clear accountability without centralizing control.

  5. The Security Posture Model

    Defines the data required for trustworthy action, including the Trust Anchor, the B-R-E Security Posture (Build, Run-time, Environment), and the local Manifest used for admissibility decisions.

How to use these documents

The Foundations are intended to be read sequentially, but they are also designed to stand on their own.

They focus on principles and constraints, not implementations. Models, Use Cases, and Examples elsewhere on the site build on these documents without redefining them.

For an overview of how Foundations relate to other material on the site, see How to Navigate A3RA.org .