Section navigation
1Scope2Normative References3Terms and Definitions4Applicability5Control Family Structure6ARCS-LIF: Record Lifecycle7ARCS-CUS: Custody Surface8ARCS-TAX: Record Taxonomy9ARCS-OPB: Operator Boundary10ARCS-PUB: Publish Boundary11ARCS-NCR: Non-Creation12ARCS-PV: Preservation13ARCS-VER: Verification14ARCS-AGT: Agent Runtime15ARCS-DEL: Delegation and Memory16Conformance17Limitations and Non-Claims18Relationship to Other Frameworks19Versioning and Amendment Control

ARCS · Section 1

Scope

ARCS defines governance controls for the lifecycle, custody, retention, preservation, and deletion of interaction records generated by automated systems during human-directed operation.

1.1 Covered Systems

This standard applies to AI assistants and AI agents, AI-enabled productivity software, ambient AI features embedded in enterprise software, API-based automated systems, multi-step automated pipelines, conversational AI systems, agent and toolchain-integrated systems, review and feedback and evaluation pipelines, and any other system that generates, retains, or derives artifacts from human-directed interaction where those artifacts may be subject to legal compulsion, regulatory inquiry, or preservation demand.

1.2 Applicability

ARCS obligations arise when an operator uses an automated system that generates interaction records. Applicability includes any context in which interaction records may be subject to discovery, subpoena, preservation demand, regulatory inquiry, audit, or internal investigation. An operator need not be involved in active litigation for ARCS to apply.

1.3 Non-Scope

ARCS does not govern model safety, training data, algorithm design, output quality, bias, fairness, or system behavior. Those properties are governed by separate frameworks. ARCS governs only the lifecycle and custody of records created during system use. Compliance with ARCS does not substitute for compliance with applicable data protection, security, records management, or sector-specific regulations.