Section navigation
LIFRecord LifecycleCUSCustody SurfaceTAXRecord TaxonomyOPBOperator BoundaryPUBPublish BoundaryNCRNon-Creation PosturePVPreservation and Legal HoldVERVerification and AuditAGTAgent RuntimeDELDelegation and Memory

ARCS-TAX: Record Taxonomy

Foundation Profile

The ARCS-TAX family addresses the need to distinguish among different classes of records. The controls in this family govern categorization, classification logic, and the assignment of policy-relevant attributes that determine how a record must be handled. These controls are grouped together because governance is category-dependent. Records that are treated as equivalent when they are not will accumulate the wrong obligations, the wrong retention periods, and the wrong disclosure posture.

The formal definition and scope of this family are maintained in the Standard.

ControlDescription
TAX-01The operator SHALL define all required record categories for the operator's system.
TAX-02The operator SHALL classify deliberative records: prompts, instructions, reasoning traces, authorization parameters.
TAX-03The operator SHALL classify exported outputs: records delivered outside the custody surface.
TAX-04The operator SHALL classify telemetry: operational logs, timing, success/fail indicators, resource usage.
TAX-05The operator SHALL classify system logs: audit records, access logs, error logs.
TAX-06The operator SHALL classify safety and review records: moderation, content classification, trust-and-safety artifacts.
TAX-07The operator SHALL classify derived artifacts: embeddings, vectors, summaries, evaluation outputs, training feedback.
TAX-08The operator SHALL classify metadata: timestamps, identifiers, routing data.
TAX-09The operator SHALL define lifecycle rules per category; document retention period and deletion behavior for each.
TAX-10The operator SHALL produce taxonomy documentation sufficient for audit and procurement.
TAX-11Agent runtime artifacts SHALL be classified into at minimum: planning traces (deliberative), tool call content (deliberative or operational per AGT-05), tool call metadata (operational), intermediate results (deliberative), agent memory (governed-persistent), authentication context (ephemeral/security), error recovery content (deliberative), error metadata (operational), security-context deliverables (persistent/security), and security-context intermediates (deliberative).