ACL Tiers

Access Control Level (ACL) tiers determine the strictness of governance applied to an agent.

---

Overview

ACL Tier	ARS (Agent Risk Score)	Oversight Level	Typical Use Case	Latency
ACL-0	0-2	Minimal	Read-only bots, info retrieval	~10ms typical, <50ms max
ACL-1	3-4	Light	Scripted agents, simple tasks	~20ms typical, <100ms max
ACL-2	5-7	Standard	Customer service, moderate autonomy	~50ms typical, <150ms max
ACL-3	8-10	Enhanced	Business processes, high autonomy	~100ms typical, <200ms max
ACL-4	11-13	Strict	Financial systems, critical ops	~200ms typical, <350ms max
ACL-5	14-15	Maximum	Mission-critical, life-safety	~500ms typical, <1000ms max

---

Tier Details

ACL-0: Minimal Oversight

When to use: Read-only agents, information retrieval, low-risk actions

Characteristics: - Basic trace validation - Minimal latency (~10ms typical, <50ms maximum) - Simple logging - No complex evaluation

Example: FAQ bot, document search assistant

---

ACL-1: Light Oversight

When to use: Scripted agents with predictable behavior

Characteristics: - Pattern matching evaluation - Quick validation (~20ms typical, <100ms maximum) - Basic intervention logic - Standard logging

Example: Appointment scheduler, data entry assistant

---

ACL-2: Standard Oversight

When to use: Production agents with moderate autonomy (RECOMMENDED for most use cases)

Characteristics: - Full cognitive trace evaluation - Proportionate interventions - Comprehensive logging - Trust score tracking

Example: Customer service agent, sales assistant

---

ACL-3: Enhanced Oversight

When to use: High-autonomy agents handling important business processes

Characteristics: - Deep reasoning analysis - Multi-factor evaluation - Advanced intervention logic - Detailed audit trails

Example: Business process automation, data analysis agents

---

ACL-4: Strict Oversight

When to use: Critical systems with significant consequences

Characteristics: - Comprehensive evaluation - Human-in-the-loop for escalations - Cryptographic audit logs - Real-time monitoring

Example: Financial trading agent, healthcare assistant

---

ACL-5: Maximum Oversight

When to use: Mission-critical and life-safety systems

Characteristics: - Maximum evaluation depth - Mandatory human approval for all actions - Distributed consensus validation - Immutable audit logs - Real-time compliance checking

Example: Autonomous medical systems, critical infrastructure

---

Choosing Your ACL Tier

Start with ACL-2

Most production agents should start with ACL-2 (Standard Oversight). It provides good balance between governance and performance.

Interactive Wizard

Answer three quick questions to get a personalized recommendation:

1 2 3

What can your agent do?

Read-only Queries data, never modifies anything

Can modify data Creates, updates, or deletes records

External actions Sends emails, API calls, transactions

What's the impact of a mistake?

Minor inconvenience Easy to fix, no lasting damage

Business disruption Requires cleanup, affects operations

Serious consequences Financial loss, legal, or reputation risk

How much latency is acceptable?

Minimal delays Sub-50ms, real-time interactions

Balanced 100-200ms, periodic review OK

Safety first Latency acceptable for maximum security

ACL-2 Standard Oversight

Recommended for production agents with moderate autonomy.

Average latency: ~50ms

Features:

• All six intervention types (five primary levels: OK, Nudge, Escalate, Block, Halt, plus orthogonal Flag)
• Full CTQ evaluation
• Trust tracking

Get Started → ↺ Start Over

ARS Calculator

For a more detailed assessment, use the ARS Calculator to determine the appropriate tier for your agent.

---

Dynamic Re-Tiering

Agents can automatically move between ACL tiers based on their trust debt:

• Trust debt increases → Higher ACL tier (more oversight)
• Trust debt decreases → Lower ACL tier (less oversight)

See Trust System for details.

---

Calculate ARS Interventions