Vienna OS is an enterprise governance platform for autonomous AI agents. It sits between agent intent and execution, providing policy enforcement, approval workflows, and audit trails.

How does risk tiering work?

Vienna OS classifies actions into T0 (auto-approved), T1 (single approval), and T2 (multi-party approval) based on risk assessment policies you define.

Is Vienna OS compliant with regulations?

Yes, Vienna OS supports SOC 2, HIPAA, SEC, and EU AI Act compliance with appropriate policy configuration and audit trail retention.

Back to Home

AI Governance Glossary

The vocabulary of responsible AI agent deployment. From execution warrants to risk tiering.

Execution Warrant

A cryptographic authorization token (HMAC-SHA256 signed) that grants an AI agent permission to perform a specific action within defined scope, time, and resource constraints. Without a valid warrant, the agent cannot execute. Warrants are time-limited, scope-constrained, and tamper-evident.

Cryptographic WarrantWarrant ScopeWarrant TTL

Learn more →

Risk Tiering

A classification system that assigns every agent action a risk level from T0 (minimal risk, auto-approved) to T3 (critical risk, requires multi-party human approval with justification and rollback plan). Risk tiers determine the approval workflow required before execution.

T0T1T2T3Risk Assessment

Learn more →

Intent

A structured declaration of what an AI agent wants to do, submitted before execution. An intent includes the action type, target resource, parameters, and the requesting agent's identity. Intents are evaluated by the policy engine before any action is taken.

Intent GatewayIntent SubmissionIntent Evaluation

Learn more →

Policy Engine

The rule evaluation system that determines whether an agent's intent should be approved, denied, or escalated. Policies are defined as code (JSON/YAML) and can include conditions, scopes, time windows, and escalation rules.

Policy-as-CodePolicy EvaluationRule Engine

Learn more →

Audit Trail

An immutable, chronological record of every agent action, including the intent, policy evaluation, risk assessment, approval decision, warrant issuance, execution result, and verification. Audit trails in Vienna OS are cryptographically linked and compliance-ready for SOC 2, HIPAA, and SOX.

Immutable LogCompliance AuditForensic Trail

Learn more →

Agent Fleet Management

Centralized monitoring and governance of multiple AI agents across an organization. Fleet management includes agent registration, health monitoring, policy assignment, and activity dashboards.

Fleet DashboardAgent RegistryMulti-Agent Governance

Learn more →

Human-in-the-Loop (HITL)

A governance pattern where certain agent actions require explicit human approval before execution. In Vienna OS, T2 and T3 risk-tiered actions require one or more human approvers in the approval chain.

Approval ChainMulti-Party ApprovalHuman Oversight

T0 (Tier Zero)

The lowest risk tier. Actions classified as T0 are auto-approved without human intervention. Examples: read-only queries, analytics lookups, status checks. T0 actions still generate audit trail entries.

Risk TieringAuto-Approval

T1 (Tier One)

Low-risk actions that require policy evaluation but not human approval. If the action matches an approved policy, it proceeds automatically. Examples: deploying to staging, sending notifications to internal teams.

Risk TieringPolicy-Approved

T2 (Tier Two)

Medium-risk actions requiring at least one human approver. Examples: deploying to production, processing payments, modifying customer records. T2 warrants include approval timestamps and approver identity.

Risk TieringHuman Approval

T3 (Tier Three)

Critical-risk actions requiring multi-party human approval, a written justification, and a rollback plan. Examples: wire transfers over $50K, bulk data deletion, infrastructure changes affecting multiple services. T3 is the highest governance tier.

Risk TieringMulti-Party ApprovalRollback Plan

Rollback Plan

A required component of T3 warrant requests that specifies how to reverse the action if something goes wrong. The rollback plan is cryptographically linked to the warrant and can be triggered automatically or manually.

T3Disaster RecoveryUndo

Policy-as-Code

The practice of defining governance rules in machine-readable formats (JSON, YAML, or code) rather than human-written documents. Policy-as-code enables automated evaluation, version control, and audit trails for governance decisions.

Policy EngineGovernance Automation

Warrant Scope

The boundaries defining what a warrant authorizes. Scope includes the action type, target resource, allowed parameters, maximum values, and geographic constraints. Any action outside the warrant scope is denied.

Execution WarrantScope Verification

Warrant TTL (Time to Live)

The maximum duration a warrant remains valid after issuance. After the TTL expires, the warrant is automatically invalidated and the agent must request a new one. Default TTLs range from 60 seconds (T3) to 3600 seconds (T0).

Execution WarrantTime-Limited Authorization

Truth Snapshot

A cryptographic hash of the system state at the moment a warrant is issued. During post-execution verification, the truth snapshot is compared to the current state to detect unauthorized modifications.

VerificationTamper DetectionState Hash

BSL 1.1 (Business Source License)

A source-available license that allows free use for evaluation, development, and non-production purposes. Production use requires a commercial license. After a specified date (2030 for Vienna OS), the license automatically converts to Apache 2.0.

Open SourceLicensingApache 2.0

EU AI Act

European Union regulation establishing a legal framework for artificial intelligence. The EU AI Act classifies AI systems by risk level and imposes requirements for transparency, human oversight, and accountability. Vienna OS helps organizations comply with high-risk AI system requirements.

ComplianceRegulationAI Governance

Learn more →