CIRCUIT Framework · v1.1.0 · §4.4

The Ten Rules

The rules in this section translate the framework's scoring into concrete obligations. Where the IMS measures what you know about a model and the CRS determines how much governance it requires, the rules define the actions and boundaries that make the governance real. They are designed to be clear and unambiguous — not to be punitive, but because vague governance is no governance at all. An organization that follows them has a defensible, auditable AI program. One that does not has identified where its gaps are.

Reproduced verbatim from the CIRCUIT Framework v1.1.0 specification. The wording below is the plain-language form; the formal, normative wording in the specification governs in case of any difference.

01
Log Before Launch
No AI system enters production as an unknown. Before it handles a single real request, it must have a registry entry that records what it is, who owns it, what it is permitted to do, and what evidence exists about how it works. Discovery after the fact is not governance.
02
Prove It, Don't Claim It
Saying a model is safe or well-understood is not the same as demonstrating it. Every maturity and safety claim must be backed by a named, dated artifact on file. If the evidence does not exist, the claim does not count. This is the rule that separates a governance program from a governance document.
03
The Score Decides Approval
The CRS is not advisory. It determines the approval path the deployment must follow. Low scores clear standard change management. Higher scores require progressively more senior review and sign-off. The highest-consequence deployments, those where a wrong decision cannot be undone, require the most senior oversight your organization can provide, regardless of how favorable the score looks.
04
Measure Before and After
Governance is not a one-time gate. Seven program health metrics are baselined before a model enters production, and every material update resets the clock and requires fresh measurement. A model that passed its intake check six months ago and has since been updated has not been re-checked.
05
Version Every Change
Every material update to a model is a new deployment decision, not a continuation of the old one. Each change creates a new registry version and triggers a stability review. If the internal structure of the model has shifted, the evidence that supported the previous version may no longer apply.
06
Test Like an Adversary
Monitoring tells you what the model does under normal conditions. Red teaming tells you what it does under attack. Independent teams must actively try to break the model's safety controls (not just probe its outputs) but stress the internal mechanisms that govern its behavior. High and Critical-tier models are tested at least twice a year.
07
One Failure Triggers Escalation
A single confirmed incident where a monitored safety control was bypassed is not a metrics footnote. It forces an immediate band escalation, a mandatory governance review, and a documented remediation plan. Safety controls that have failed once cannot be trusted until they have been examined and restored.
08
Demand Vendor Transparency
If a vendor cannot or will not explain how their AI works, that silence is itself a risk signal. The vendor transparency questionnaire is mandatory for any model you do not host yourself. A vendor that does not respond within 60 days is treated as fully opaque and scored accordingly. Partial answers only earn credit for what the evidence actually supports.
09
Limit Black-Box Autonomy
An AI system you cannot inspect should not be the system making decisions that cannot be undone. If you have no visibility into how a model works, it cannot be trusted to act autonomously in high-stakes situations without a human in the loop. Visibility is a precondition for delegating consequential decisions to a machine.
10
Keep the Record
Governance that cannot be audited did not happen. Every registry entry is retained for a minimum of three years, or longer where regulation requires it. When a regulator, auditor, or incident investigator asks what you knew about a model and when you knew it, the registry is the answer.

The Ten Rules are the binding part of CIRCUIT. The full specification is in the white paper §4.4, or download the complete v1.1.0 specification (PDF).