Frequently asked questions.

Neither a product nor a vendor offering. EDENA is a governance framework and standards initiative of the NAIO Institute — a body of doctrine, principles, tier models, and normative standards that institutions adopt and implement. It defines what runtime governance of agentic AI must do; it is not software you buy. Organizations declare conformance to the EDENA standards and build the gate, oversight, and evidence capabilities those standards require, using their own systems and vendors.

No. EDENA does not diagnose, treat, triage, or decide care, and it is not a medical device. It governs the boundary between an AI proposal and a human-authorized action. When an AI system proposes a consequential action, EDENA classifies it by risk, determines the required posture, routes it to the responsible human, and records the decision. The clinical judgment remains with the accountable clinician. Agents propose; humans judge; nurses steward — EDENA enforces that separation rather than collapsing it.

No. Nurses are the stewardship layer — chosen because nursing brings whole-person, systems-aware judgment and the most sustained record of public trust of any profession — but the framework serves every role that touches AI in production. Physicians, pharmacists, allied clinicians, compliance and privacy officers, technical stewards, and engineering teams all operate within EDENA. The loop closes on whichever named human holds accountability for a given action, not exclusively on a nurse.

They operate at different altitudes and are complementary. The NIST AI Risk Management Framework provides lifecycle governance, organized around Govern, Map, Measure, and Manage. EDENA operationalizes that lifecycle at runtime — at the moment an AI action is about to execute. Govern becomes human authority, nurse stewardship, and policy ownership; Map becomes tiering the interaction and classifying action risk; Measure becomes tracking overrides, drift, incidents, and evidence quality; Manage becomes gate, escalate, block, contain, and kill-switch. NIST tells you to manage AI risk; EDENA is one concrete way to do it the instant it matters.

Most AI ethics is ethics as a statement — principles such as fairness, transparency, and accountability that describe how a system should have been built. EDENA is ethics as an operating system. Static principles answer "was this system developed responsibly?" EDENA answers the more immediate, operational question: "should this AI-generated action be allowed to happen right now — allowed, reviewed, escalated, contained, or blocked?" It turns ethics from a posture into a runtime decision with an audit trail.

Generative outputs are treated as claims that must carry their warrant. EDENA requires source grounding, provenance, timestamps, uncertainty, missing data, and contradictory evidence to travel with the output — a polished generation is not trustworthy unless it is traceable. This addresses the failure mode where text appears correct but is semantically unreliable or clinically unsafe. The approach aligns with the NIST Generative AI Profile, the companion to the AI RMF for managing risks specific to generative systems, and with healthcare transparency expectations for the data and performance behind a recommendation.

Through the EDENA-AS Agentic Systems Standard, which extends the doctrine to AI that uses tools, manages state, and hands off tasks. EDENA-AS requires capability boundaries, risk tiering, least-privilege tool access, registered owners, escalation paths, containment, and kill switches — so there are no orphaned agents and no agent acting beyond its authorized scope. The standard is written to answer the OWASP Top 10 for Agentic Applications, covering risks from agent goal hijack and tool misuse to memory poisoning, cascading failures, human–agent trust exploitation, and rogue agents.

EDENA treats data movement as a governance event, not an implementation detail — PHI movement, memory scope, tool access, external communication, and agent-to-agent exchange are all gated. This is realized concretely in the Florence X reference architecture, where PHI lives on the edge and cloud inference operates only on redacted, non-PHI prompts. Consent, data minimization, access control, memory scope, and re-identification risk are governed as ethical boundaries, consistent with the HIPAA Security Rule's requirement for ongoing risk analysis to protect electronic protected health information. Privacy, in EDENA's terms, is dignity in operational form.

Orange — Transformational — is EDENA's capability-scale tier for emergent systemic risk arising from agents, autonomy, persistent memory, scale, or coordination. It names the class of system that is "not yet catastrophic, no longer ordinary": more than a productivity tool, not yet an existential or sovereignty-level threat. Orange is what makes the framework contemporary, because it governs precisely the wave of multi-agent systems, long-horizon autonomy, and agent-to-agent coordination now reaching production — the systems that demand heightened governance and containment built before scale.

Yes. Healthcare is the proof environment, not the limit — chosen because it is the highest-trust, highest-liability, highest-consequence setting in which AI can act. The doctrine generalizes to any domain where intelligence meets action: agentic software through EDENA-AS, cyber-physical and robotic systems through EDENA-RS, and any process where an AI action must be allowed, reviewed, escalated, contained, or blocked. The question EDENA answers — should this action happen now, and under whose authority — is universal.