Why Governed AI

Post-hoclogs are notgovernance.

The dominant model for AI accountability is logging what happened after it happened. This is not governance. It is documentation of an ungoverned act. Prompt-only policies are not policy enforcement. Behavioral outputs — including consequential recommendations, sensory capture, and deletion or retention of sensitive data — can cross an Effect Boundary. Every one of these is a governed action or it is ungoverned entirely.

Request Access Review the Proof

Governed execution sits between AI and reality, enforcing what is allowed to happen before it occurs. Without it, AI systems act by permission of nothing: no authority, no record, no proof.

What Goes Wrong Without Governed Execution

Everything breaks before anyone can prove it.

Break class left. Kill shot right.

[01]

NO AUTHORITY TRACE

No approver on record.

DECISION: AUTHORIZED

[02]

PROMPT-ONLY POLICY

A prompt is not a policy. Execution outruns enforcement.

POLICY: MECHANICALLY ENFORCED

[03]

EXECUTION WITHOUT BOUNDARY

Nothing stops the act.

ENFORCEMENT: FAIL-CLOSED

[04]

NO RECEIPT, NO PROOF

Audit gets residue only.

RECEIPT: VERIFIED

If execution can cross consequence without authority, exposure is already inside the system.

“A log tells you what happened.
It cannot tell you it was authorized.”

When an auditor asks “who authorized this action?” a log answers with a timestamp. A receipt answers with a signed, policy-bound decision that existed before the action took effect. Only one of them is proof.

A Decision Receipt must be produced, persisted, and verified before any effect-bearing action is initiated. Receipt persistence requires write-then-verify — not storage acknowledgment alone. A Denial Receipt is evidence that governance worked, not a system error.

LOG

✗

Records what happened

Generated after the fact

No policy binding

Cannot prove authorization

RECEIPT

✓

Proves authorization

Generated before execution

Cryptographically policy-bound

Write-then-verify persistence

Denial Receipt = governance evidence

Independently verifiable

What Governed Execution Means

Governed execution means every AI action passes through pre-execution authorization before it occurs. Not logging. Not monitoring. Authorization: a signed decision that the action is permitted under active policy, issued before the action takes effect.

The separation between cognition and effect is structural. The Collective reasons. Runtime authorizes and enforces. Control observes. These responsibilities are connected by a mandatory governance boundary that cannot be bypassed.

The Determinism Guarantee

“Same input + same policy = same outcome. Always.”

A system that might behave correctly cannot be audited. A system that will behave correctly can be. Determinism is the precondition for accountability.

When an auditor asks “what would the system have decided with these inputs under that policy?” a deterministic system can answer. A non-deterministic system can only estimate.

Governed Boundary

Decide Before Execute

Cognition

AI / Intent

Governance

Policy Gate

Consequence

World / Effect

Receipt Sealed

phase 01

Reasoning

AI forms typed intent

phase 02

Governance

Policy issues decision

phase 03

Consequence

Effect + receipt sealed

Deterministic

Same input + same policy = same outcome. Always.

Policy-bound

Every action evaluated against explicit policy before it occurs.

Fail-closed

When policy cannot be evaluated, execution does not proceed.

Receipt-generating

Every execution produces a cryptographic receipt at the moment of decision.

Verifier-backed

Evidence is prepared for verifier-backed review with required trust material.

The Effect Boundary

An Effect Boundary is any point where an AI output can produce a consequential change outside the system itself. Purely advisory output is out of scope. If an output can cause consequence — including behavioral influence, sensory capture, or data deletion — it is a governed action.

API invocation

Any outbound call that triggers a remote side effect.

Infrastructure mutation

Provisioning, configuration changes, or resource termination.

Protected data access

Read or write of personally identifiable, regulated, or confidential data.

Consequential recommendation

Guidance that materially influences a legal, financial, or regulatory decision.

Behavioral influence

AI output that shapes user behavior with downstream consequence.

Sensory capture or recording

Recording, observation, or retention of audio, video, or biometric data.

Deletion or retention of sensitive data

Any governed act of destruction or mandatory preservation of regulated data.

Effect classification is a governance decision, not an implementation detail.

The Constitutional AI Execution Standard

CAES v0.2.0 — the standard for how consequential AI actions are authorized before effect — defines the technical requirements for governed execution: pre-execution authorization receipts, deterministic policy evaluation, cryptographically verifiable evidence, and fail-closed enforcement. These are not aspirational guidelines. They are requirements a system must satisfy to be governed.

Keon Systems is the CAES v0.2.0 reference implementation for Governed Execution. Reference implementation means Keon is the system built to exercise the CAES receipt, policy, spine, and fail-closed requirements. It does not mean third-party certification, standards-body approval, or automatic conformance for every deployment. CAES v0.2.0 is a public draft. No final-standard or accreditation status is implied.

CAES + CPP: How governance is determined and enforced

CAES defines how decisions must be enforced. CPP v1.0 — the Constitutional Policy Protocol — defines how policy decisions are determined deterministically. Together they close the governance loop.

A policy is not a configuration. It is a deterministic contract: one whose outcome can be proven, reproduced, and independently verified by any verifier with the same inputs and the same policy. Prompt-only policy systems cannot satisfy this. CPP-compliant policy systems must be deterministic, versioned, immutable, hashable, auditable, and portable.

CPP is required for CAES Level 2 and Level 3 conformance.

Read the CAES Standard →Read the CPP Standard →

CAES version

v0.2.0 Draft governed execution requirements.

Reference scope

Runtime behavior for receipts, policy hashes, spine references, and fail-closed denial.

Policy Traceability

Every decision bound to an exact policy version via deterministic PolicyHash.

Not a certification

No external accreditation or standards-body status is implied.

CAES Decision Dispositions

Every governed action produces a Decision Receipt with one of four dispositions. No other outcomes exist. Ambiguity defaults to Denied.

✓

Approved

The action is authorized under active policy. A signed Decision Receipt is produced. Execution may proceed.

Modified

The action is authorized only with mandatory parameter changes. Execution proceeds exclusively with the modified form; the original form is denied.

✗

Denied

The action is not authorized under active policy. A Denial Receipt is produced. Execution does not proceed. A Denial Receipt is governance evidence — not a system error.

⊕

RequiresHumanAuthorization

Policy evaluation is complete but the action falls outside autonomous authorization scope. Execution is suspended pending a binding human authority artifact.

Denial Receipts are governance evidence. They prove the boundary held.

Page Contract

Explain why post-hoc logs are insufficient for effect-bound AI actions.

Primary question

Why must authorization happen before AI action?

Forbidden claims

standards-body certificationexternal accreditationplane mixingunscoped universal AI claims

What comes next

See how the Runtime enforces governed execution in practice, or review the cryptographic proof that it happened.

Request Access →Review the Proof →How It Works →