Circuit-Informed Risk & Control — Understanding, Inventory & Transparency
An open standard for AI interpretability governance.
Deploy AI you can explain. Defend AI you can inspect. Trust AI you can audit.
Enterprise AI governance today is paperwork wrapped around a black box. CIRCUIT is three things and only three things:
| A Score | The Interpretability Maturity Score (IMS) — a 0–5 evidence ratchet. You don't declare a level. You produce the artifacts that prove it. |
| A Registry | An eight-section YAML schema, one document per deployed AI system, machine-readable and diffable in Git. |
| A Control | The Circuit Risk Score (CRS) and ten binding rules that turn the score into a deployment decision a pipeline can enforce. |
Remove any one of the three and the other two stop working.
CRS = Risk Tier × (6 − IMS) × Decision Consequence Weight
| Band | Range | Meaning | Approval |
|---|---|---|---|
| 🟢 Green | 1–12 | Interpretability adequate for the deployment context | Standard change-management approval |
| 🟡 Amber | 13–47 | Watchlist; compensating controls recommended | AI Governance Committee quarterly review |
| 🔴 Red | 48–96 | Compensating controls mandatory; active remediation | CISO + AIGC sign-off; ≤ 180 days to reach Amber |
| 🟣 Purple | 97–120 | Not deployable in current configuration | Blocked; reposition consequence or vendor |
Variable domains:
- Risk Tier: Low=1, Moderate=2, High=3, Critical=4
- IMS: 0–5 (interpretability deficit = 6 − IMS)
- DCW: Advisory=1, Recommended=2, Automated=3, Irreversible=4, Catastrophic=5
- Category ceilings: A (open weights) → IMS 5 max · B (API) → IMS 3 max · C (embedded vendor) → IMS 2 max
1. Read the specification
→ whitepaper.html — the full normative specification (55 pages)
2. Score your first three models
→ templates/registry-entry.yaml — blank template, fill in one per model
3. Send the vendor questionnaire
→ questionnaire/vendor-questionnaire.md — 29 questions, send to every API and embedded-AI vendor
4. Compute the CRS
→ tooling/crs.py — reference calculator
circuit-framework/
├── whitepaper.html ← canonical specification (source of truth)
├── registry-schema.yaml ← normative schema — Appendix B
│
├── data/
│ ├── framework.json ← factor scales, band thresholds, KPI thresholds
│ └── questionnaire.json ← 29 questions in machine-readable form
│
├── templates/
│ ├── registry-entry.yaml ← blank template (fill in one per model)
│ ├── example-A-dlp-classifier.yaml ← worked example: Category A, Critical, IMS 4
│ ├── example-B-soc-triage.yaml ← worked example: Category B, High, IMS 2
│ └── example-C-m365-copilot.yaml ← worked example: Category C, Critical, IMS 1
│
├── questionnaire/
│ └── vendor-questionnaire.md ← "Show Me Your Circuits" — Appendix C
│
└── tooling/
└── crs.py ← CRS calculator (reference implementation)
Adoption is a progression, not a project. Each stage compounds the last.
| Stage | Objective | Exit criteria |
|---|---|---|
| 1 — Foundation | Complete picture of what you have; halt anything in Purple band | Every deployed model has a registry entry |
| 2 — Assess | Replace opaque scores with real evidence; baseline KPIs | All High-tier models have KPI baselines |
| 3 — Operate | Move from one-time assessment to continuous monitoring | Production monitoring active; first governance review complete |
| 4 — Mature | Automate governance; contribute back to the standard | At least one model under continuous automated monitoring |
The Foundation stage requires no new tooling spend. The risk-scoring formula runs in a spreadsheet.
CIRCUIT is a vendor-neutral, community-owned standard. Jumpmind is its initial adopter, not its proprietor.
Change proposals, schema extensions, and tooling integrations are discussed in GitHub Discussions and reviewed by the steering committee before adoption.
→ See CONTRIBUTING.md for the full contribution process.
- Website: circuitframework.org
- Blog series: circuitframework.org/blog
- CRS calculator demo: circuitframework.org/demos
Apache License 2.0 — see LICENSE for full terms.