Full framework
    shield

    Layer L3

    Gatekeeping

    Trust, acceptance, approval. Can the system be allowed in?

    Why it matters

    Without the hallmark, no enterprise buyer touches it. L3 is the slowest moat to build and the hardest to replicate.

    The Hallmark & Assay Office

    Before gold enters the market, the assay office verifies purity and the hallmark guarantees quality. In AI: compliance, evals, safety, editorial taste, and distribution control are the gates. Without the hallmark, no enterprise, and no app store, lets you in.

    The 5 sublayers

    L3a

    Compliance & Export Controls

    Regulatory, legal, and policy filters (HIPAA, GDPR, SOC 2, EU AI Act), plus chip export controls, model sovereignty, and data-residency regimes that decide where the stack is allowed to run

    L3b

    Quality Gates

    Accuracy, hallucination detection, output grading, eval harnesses, regression suites

    L3c

    Safety, Security & Provenance

    Harmful-content filtering, adversarial defense, prompt-injection protection, and content provenance (C2PA, watermarking, deepfake attestation) that proves what was generated and by whom

    L3d

    Editorial Gates

    Tone, brand voice, style, taste, the human judgment layer

    L3e

    Distribution Gates

    App store approval, ranking, marketplace curation, discovery control

    , Layer diagnostic card · SCOI v1

    Is a company really at L3?

    Trust, acceptance, and approval, the gates a buyer or regulator must pass before the system is allowed in.

    Inclusion tests · include if ALL

    • Owns compliance posture (SOC 2, HIPAA, EU AI Act, FedRAMP) as a product, not a checkbox.
    • Sells the right to be trusted, evals, audits, attestations, editorial review, distribution approval.
    • Buyer's procurement team is the actual user.

    Exclusion tests · exclude if ANY

    • Treats compliance as a one-time signup. Real L3 is a continuous posture.
    • 'Responsible AI' marketing with no audit trail or third-party attestation.
    • An eval framework that is not enforced as a gate in any real workflow.

    The L3 removal test

    Remove L3 and the product cannot enter the buyer (enterprise, hospital, court, app store). The output may be correct, it still cannot ship.

    Economic work this layer does

    Converts model output into outputs an institution is willing to take legal and reputational responsibility for.

    Canonical examples

    • Vanta / Drata

      Continuous compliance posture sold as a product. Pure L3 fortress.

    • Harvey

      L3 (privilege, audit, legal-grade evals) is half the moat, not just L5 execution.

    • Apple App Store

      Distribution gate, the canonical L3e. Owning the gate owns the market.

    Anti-examples · look-alikes that fail

    • Generic 'AI safety' eval startups

      Evals that no buyer enforces. L3 in form, not in function.

    • Most chatbot 'guardrails'

      Prompt-level filters. Not an attestation, not a gate.

    • RAI consulting decks

      Advice without enforcement. L3 only if it ends in an audit signature.

    Disagree with a classification?Open the classification table →

    Who's playing here

    VantaDrataOneTrustApple App Store

    Verdict: Essential. More agents = more access control.

    Case studies touching L3