Ask any enterprise a simple question: "How do you know that?"
The answer is almost always the same: "It's in the system." Or: "So-and-so said it in a meeting." Or: "The vendor told us." Or, increasingly: "The AI generated it."
These are very different levels of confidence. A signed regulatory filing is not the same as a Slack message. An audited financial statement is not the same as an LLM summary. But in most enterprise systems, they're stored the same way, queried the same way, and trusted the same way.
OACIS fixes this with the seven-level trust hierarchy.
The Seven Levels
Every assertion that enters the OACIS knowledge graph carries a trust level — Level 1 is the highest trust, Level 7 the lowest:
Level 1: Natural Law. Mathematics, physics, logic, fundamental constants. These don't change because a legislature convenes or a board votes. The speed of light is the speed of light. A cryptographic hash verifies or it doesn't. Immutable.
Level 2: Constitutional & Foundational Law. Federal and state constitutions, corporate charter and bylaws. The foundational documents that define the entity's existence, authority, and structure. They change only through formal amendment processes.
Level 3: Statute & Regulation. Enacted law and regulatory requirements — federal statutes, state insurance codes, NAIC model laws. Authoritative within their jurisdiction. The Indiana Code says what it says — until the legislature amends it.
Level 4: Industry Standards & Administrative Rules. NAIC bulletins, ACORD standards, administrative implementing guidance. These operationalize the regulations above — binding within the industry but changeable by administrative action.
Level 5: Corporate Policy. SOPs, policy manuals, board decisions, organizational interpretation. How the company chooses to implement the requirements from levels above. A corporate policy must not contradict statute — and the graph enforces that.
Level 6: Observed Fact. System records, call logs, transaction data, monitoring metrics. Machine-generated from instrumented, trusted sources. The Prometheus metric says the server responded in 200ms — that's a measurement, not an opinion. Timestamped and immutable — but only as reliable as the system that produced it.
Level 7: AI-Generated. LLM outputs, statistical inferences, pattern-matched results. Useful for discovery, hypothesis generation, and initial triage. Never for decisions. Must be promoted through human review and validation before entering operational knowledge.
Why It Matters
The danger isn't that AI will generate wrong answers. The danger is that organizations will treat AI-generated answers the same way they treat audited facts.
Consider a compliance scenario. An auditor asks: "Show me evidence that your data retention policy complies with NAIC Model Law 668." In a typical enterprise, someone opens a file share, finds a Word document, and says "here's our policy." No one can tell you when it was last reviewed, whether it reflects current operations, or whether the systems it describes still exist.
In OACIS, the knowledge graph can answer that question computationally. The retention policy is a versioned entity. Its requirements are mapped to operational configurations. The regulatory text (Level 3) is linked to the corporate policy (Level 5), which is linked to the observed system data (Level 6) that proves compliance. Every link has a timestamp. Every assertion has a trust level.
That's the difference between "we think we're compliant" and "we can prove we're compliant."
Trust Is Not Static
Assertions can be promoted or demoted. An AI inference (Level 7) that gets validated by regulatory review becomes Level 3. A corporate policy (Level 5) that gets enacted into statute becomes Level 3. Observed system data (Level 6) that fails a compliance check gets flagged and its dependent assertions re-evaluated.
The knowledge graph doesn't just store what you know — it tracks how confident you are in what you know, and it updates that confidence as evidence changes.
This post draws from Chapter 12: Trust Hierarchy and Chapter 18: The Proof You Can Prove of Organizations as Code: The Intelligent System Revolution.
← Back to Blog