← A³RA Foundations

Defining a Trustworthy Action

What it means for an action to be trustworthy in a cyber-physical system

In the previous Foundation, we introduced a simple mission for trustworthy action in cyber-physical systems, referred to as A3RA:

Trustworthy actions in cyber-physical systems must be Attributable, Admissible, Auditable, and Recoverable — within an explicitly defined Authority Scope.

Before discussing frameworks or architectures, it is worth being precise about what each of these terms means.

What counts as an action?

An action includes any operation that changes the state, behavior, or interpretation of a cyber-physical system — across both the Control Plane and the Data Plane.

This includes device commands, configuration or firmware changes, as well as data ingestion, transformation, aggregation, and inference that can influence physical outcomes or operational decisions.

For example, an action could be an AI model’s command to shut down a hydraulic pump based on anomalous vibration data.

Authority Scope

All four properties of trustworthy action depend on Authority Scope being explicit.

Authority Scope defines the bounded domain in which an actor may take action — specifying who may act, over which assets, under what conditions, and for how long.

Authority that is implicit, unbounded, or opaque cannot be trusted. Making Authority Scope explicit is what enables accountability and prevents unchecked or coercive use of power within complex systems.

Figure 1 — A3RA and Authority Scope

Authority Scope (explicit, bounded)
│
└─ A3RA (Principles)
   │
   ├─ Attributable  ← Responsibility: identity, delegation, non-repudiation
   │                  (who acted, on whose authority)
   │
   ├─ Admissible    ← Acceptability: context, system state, safety, policy
   │                  (should this action occur now)
   │
   ├─ Auditable     ← Evidence: durable records, integrity, provenance
   │                  (what happened, and why)
   │
   └─ Recoverable   ← Remediation: rollback, revocation, containment
                      (what happens when things go wrong)

Authority Scope defines the limits of power; A3RA determines whether actions taken within those limits can be trusted.

Attributable

An action is attributable if responsibility for it can be clearly assigned.

Attribution requires binding an action to a responsible principal, an explicit delegation chain, and a valid source of authority at the time the action was taken.

Was the shutdown command initiated autonomously by the AI model, or by a remote engineer approving the AI’s recommendation? A system must be able to attribute the action to prove responsibility.

Admissible

An action is admissible if it is acceptable under the conditions in which it occurs.

Authorization alone is insufficient. Admissibility accounts for system state, safety constraints, regulatory conditions, and context at runtime.

If authorization answers who may act, admissibility answers whether the action is acceptable now.

The AI is authorized to shut down the pump. But is that action admissible if the production line is in the middle of a process that cannot be interrupted without millions in losses? Admissibility weighs immediate operational cost against long-term risk.

Auditable

An action is auditable if it can be independently examined after it occurs.

Auditability requires durable, trustworthy evidence with sufficient context to understand not just what happened, but why. Logs that cannot be trusted or interpreted do not meet this bar.

When a shutdown is investigated, the audit trail must provide an immutable record of the sensor data and AI model version, proving exactly why the decision was made.

Recoverable

An action is recoverable if harm resulting from it can be mitigated, reversed, or contained.

Recoverability includes failsafe behavior, remediation paths, and the ability to revoke authority when necessary. Systems that cannot recover from their own actions externalize risk.

If the shutdown command is issued, can an operator immediately override it? Is there a recoverable state, such as placing the pump in a safe mode instead of a full stop?

A3RA is not an architectural framework; it is the test a cyber-physical action must pass.

In the next Foundation, we will introduce the Security, Compliance, and Governance (SCG) Framework — an architectural model designed to ensure every action can pass that test.