Frequently Asked Questions
Everything you need to know.
Answers for operators, auditors, design partners, and compliance teams evaluating how ACF works in practice.
At a glance
Find the answer without digging through standards docs.
This page pulls together the questions we hear most often before registration, recertification, or buyer review.
01
General framework and governance
02
Operator process and timing
03
Compliance, auditors, and partner pathways
01 — General
What is the Agent Certification Framework (ACF)?
ACF is an independent behavioral certification standard for AI agents. We provide third-party verification that an agent behaves as designed — across commitment boundaries, consistency, hallucination resistance, and adversarial robustness. Certified agents receive a public registry entry with a verifiable Registry ID, suite scores (CB/CS/HD/AR), and a cryptographically signed certificate. Any buyer, regulator, or end user can verify the certificate in real time at acfstandards.org/verify.
What does “behavioral certification” mean — vs. model benchmarking?
Most AI benchmarks test what a model is capable of — knowledge recall, reasoning, coding ability. ACF tests what your deployed agent actually does under real-world conditions. The distinction matters because agent behavior is determined not just by the underlying model, but by its system prompt, tool configuration, retrieval pipeline, temperature settings, and deployment context. Two agents using the same model can behave very differently. ACF certifies the agent as deployed — not the model in isolation.
How is ACF governed? Who sets the standards?
ACF operates a Technical Working Group (TWG) that owns the standard. The TWG includes five seat categories: Enterprise Operators, Infrastructure Providers, Independent Researchers, Regulatory/Legal Representatives, and Civil Society observers. Standards go through a 7-phase development process including a 45-day public comment period before adoption. Amendments require a 2/3 supermajority of voting TWG members.
Is ACF affiliated with any AI vendor, regulator, or standards body?
ACF is independent. We are not affiliated with any AI model provider, cloud vendor, or government agency. ACF aligns its Tier 3/4 compliance overlays with existing standards (EU AI Act, NIST AI RMF, ISO/IEC 42001) but is not an official conformity assessment body under any regulatory regime. The ACF-EU module is designed to produce evidence that supports CE marking efforts under the EU AI Act — it is not a substitute for a notified body conformity assessment.
How does ACF protect confidential operator data during testing?
System prompts, tool configurations, and agent documentation submitted for certification are treated as confidential. They are never shared with third parties or published to the registry. Only the agent's name, operator name, tier, scores, and certificate status are publicly listed. Operators who require a private registry listing can enable this via the Private Registry Listing add-on ($200/yr).
02 — For Operators
What do I need to submit to start the certification process?
The standard intake package includes: agent documentation (purpose, intended scope, deployment context), API endpoint(s) for live testing access, system prompt scope declaration, and operator identity verification. Tier 3/4 registrations additionally require a signed Operator Registration Agreement (ORA-2026-v1.0).
How long does certification take?
Tier 1: 14 business days. Tier 2: 10 business days. Tier 3: 12 business days. Tier 4: 8 business days (priority queue). Expedited processing (40% surcharge) reduces turnaround to 3–5 business days for all tiers. Turnaround begins from the date of complete intake package submission, not payment.
What happens if my agent fails a test?
Operators receive a detailed score report regardless of outcome. If an agent fails one or more tests, the report identifies the specific failure type and test ID so the operator can address the issue. Operators may resubmit after remediation. The first resubmission within 90 days is included in the original certification fee. Subsequent resubmissions are charged at 30% of the tier price. Partial certifications are not issued — the certificate covers the full test suite for the registered tier.
What triggers recertification?
Annual recertification is required to maintain Active status in the registry. Certificates that lapse are marked “Expired.” In addition to the annual cycle, operators are expected to initiate recertification after any material change to the agent's system prompt, tool set, model version, or deployment configuration. Material changes are defined in the Operator Registration Agreement.
Can I certify multiple agents or versions under one registration?
Each agent version requires its own certification. Tier 4 Enterprise includes up to three agent versions in scope. Volume discounts of 10–20% apply for multi-agent registrations — see the pricing page for the volume discount schedule.
03 — Design Partners
What is the Design Partner Program?
ACF's Design Partner Program is a founding cohort of early operators who engage during the v1.0 launch period to refine the certification process, provide feedback on test methodology, and co-develop the standard. Design Partners receive: free Tier 1 + Tier 2 certification ($1,098 value), 30% permanent discount on all future certifications, founding listing in the registry with a “Design Partner” badge, early access to new test suites and module previews, and input rights on standard revision proposals. The program is limited to 10 slots.
What are the obligations for Design Partners?
Design Partners commit to: completing at least one full certification cycle within 90 days of acceptance, providing structured feedback on the testing process (survey + optional 30-min call), and allowing ACF to publicly reference them as a founding design partner (with approval rights over any public statement). There is no exclusivity requirement — design partners may hold certifications or participate in other AI trust programs.
04 — Compliance & Legal
Does ACF certification satisfy EU AI Act requirements?
The ACF-EU module (Tier 3/4) is designed to produce evidence packages that support conformity assessment efforts under the EU AI Act. It maps test outcomes to Article 9 (risk management), Article 10 (data governance), and Article 11 (technical documentation) requirements. ACF is not itself a notified body under the EU AI Act. For high-risk AI systems requiring third-party conformity assessment by a notified body, ACF certification can serve as supporting evidence but does not substitute for the notified body assessment.
How do procurement teams use ACF certification evidence?
Procurement and vendor management teams use ACF in three ways: (1) as a pre-qualification requirement — requiring Tier 2+ certification before an AI vendor enters the procurement process; (2) as a due diligence input — reviewing score reports as part of technical evaluation; and (3) as an ongoing monitoring mechanism — confirming recertification status annually as part of vendor review cycles. The Third-Party Viewer Access add-on allows operators to grant named procurement contacts view-only access to their full score report.
Is ACF certification evidence admissible in legal proceedings?
ACF produces documented, timestamped test records that may be relevant in litigation involving AI agent behavior. Whether ACF documentation is admissible, and its evidentiary weight, depends on the jurisdiction and the specific legal question. Operators should consult legal counsel on how ACF evidence interacts with their specific legal and regulatory context. ACF does not provide legal advice.
05 — Auditors & Partners
How does ACF accredit auditors?
ACF operates a two-tier auditor accreditation system. Tier A (Late-Stage Auditors) conduct Tier 1–2 expert reviews; Tier B (Authorized Testing Organizations) are accredited for Tier 3–4 assessments including regulatory overlays. Auditor accreditation requires a 2-stage screening process, demonstrated AI safety expertise, and commitment to 12 hours of continuing education per year. Auditors are subject to 10% random audit review and 5% client re-audit sampling annually.
Can third-party firms offer ACF-aligned assessments?
Yes. ACF's Remediation Partner Directory lists firms accredited to provide remediation support to operators who fail specific test types. These partners assist operators in addressing failure modes before resubmission. Partners are categorized by failure type: FT-01 (scope boundary violations), FT-02 (consistency failures), FT-03 (hallucination issues), FT-04 (adversarial vulnerabilities), and FT-05 (regulatory overlay gaps).
Still have questions?
Reach out directly. We typically respond within one business day.