Existing AI taxonomies primarily classify systems by capability, autonomy, or model behavior. In critical regulated domains, however, the central question is not what an AI system can generate, but what operational authority it may exercise, what it is forbidden to do, and how that boundary can be audited. We introduce the SARA Assessment Framework (Structured Autonomous Reasoning Assessment), a revised formulation of a governance-first scale initially introduced as Structured Autonomous Reasoning Architecture. The framework preserves the original thesis—operational intelligence is defined by enforced constraints rather than raw capability—but shifts the contribution from an architecture-centered taxonomy to an assessment framework for auditable AI operational authority. It defines ten technical levels (SARA-0SARA-10), an external certification frontier (SARA-11), and a classification protocol for assessing whether a system has explicit domain models, deterministic evaluation, enforceable action boundaries, replayable traces, and accountable approval regimes. Risk-based AI regulation, including the EU AI Act, makes this architectural question concrete: high-risk AI systems are expected to be documented, logged, overseen, robust, and assessed within defined accountability roles. The framework does not replace such regulation and does not claim legal compliance. Instead, it provides an architectural evidence-readiness layer for asking whether an AI-mediated system can generate the kinds of evidence that high-risk AI governance increasingly requires. The framework is abstracted from confidential production systems developed by the authors in regulated domains. Those systems are not publicly disclosed because of commercial, security, and regulatory constraints. Their role is methodological: they informed the identification of the architectural boundary formalized in this framework and the upper-level criteria for accountable and bounded autonomous governed operation, while remaining outside the scope of public classification or certification. The contribution is the public formalization of operational authority as a governance-first assessment framework for auditable AI in regulated domains.
A. A. Diaz-Gonzalez (Tue,) studied this question.