authorityrail.com / trust / compliance
// Trust Center

Compliance Posture

AuthorityRail's framework-by-framework status. Truthful. No claims of certification or audit completion that have not actually been achieved.

Last revised: 2026-05-17 · Version v1.0

Status legend

AuthorityRail Standards Foundation publications

ARES-v1 (Agent Runtime Execution Standard)Published
The open standard defining how execution authority is enforced and verified. Version v1.3 governed under ASFC-v1. Reference implementation in AuthorityRail's gate at gate.authorityrail.com.
WARS-v1 (Workforce Authority & Reputation Standard)Published
The workforce authority infrastructure for AI workers. Reference implementation in WorkforceRail's verify service at verify.workforcerail.com.
DRI-v1, SRI-v1, ASFC-v1Published
Human Decision Record, Simulation-to-Reality, and Foundation Charter standards. Full standards index at standards.authorityrail.com.

Third-party frameworks — attestation roadmap

SOC 2 Type IPlanned Q3 2026
Auditor engagement kickoff targeted in the sprint immediately following launch. Hardening Pass 1 + 2 evidence base directly mappable to SOC 2 Trust Services Criteria. AuthorityRail is not SOC 2 attested today; do not represent otherwise to your auditor.
SOC 2 Type IIPlanned Q2 2027
Following Type I issuance, the 6-month observation window for Type II begins. Earliest issuance Q2 2027.
ISO 27001Planned Q4 2026
Stage 1 readiness kickoff targeted post-SOC-2-Type-I issuance, shared auditor engagement. Certification target ~6 months from Stage 1 kickoff.
GDPR / UK GDPR / FADPAligned roadmap
Designed to align with GDPR principles: data minimization, lawful basis, purpose limitation, right to access / erasure / portability. Sub-processor disclosure with 30-day change notice; Data Processing Addendum available for execution; SCCs in place with US sub-processors.
CCPA / CPRAAligned roadmap
California consumer rights honored: access, deletion, correction, opt-out of sale/share. Privacy Policy at authorityrail.com/privacy.
EU AI ActAligned roadmap
AuthorityRail's pre-execution authority gate + CAR cryptographic evidence directly support EU AI Act Article 12 record-keeping and Article 14 human oversight requirements. Mapping document maintained at docs/compliance/EU-AI-ACT.md.
NIST AI Risk Management FrameworkAligned roadmap
Controls mapped to MAP, MEASURE, MANAGE, GOVERN functions. AuthorityRail's deterministic decision lane is a structural fit for MEASURE-2.3 (deterministic evaluation of AI system outputs).
HIPAA BAANot in process
No HIPAA Business Associate Agreement program today. Will be considered once SOC 2 Type II is issued and first healthcare prospect surfaces. Planned no earlier than Q4 2026.
FedRAMP Moderate / HighNot in process
No FedRAMP authorization in process. Out of scope until 2027 absent a federal agency sponsor. Do not represent AuthorityRail as FedRAMP-authorized.
PCI DSSNot in process
AuthorityRail does not process cardholder data directly. Card data flows to Stripe (PCI DSS Level 1) via Stripe-hosted Checkout. No AuthorityRail-side PCI scope.

Documents

AuthorityRail's framing rule: "designed to align with [framework] principles" is the canonical phrasing where attestation is not yet completed. "Compliant" or "certified" are used only for frameworks where AuthorityRail holds an actual attestation. This page is the canonical truth source — if a sales surface elsewhere contradicts this page, this page wins.