EDENA is not AI ethics as a statement. It is AI ethics as an operating system.
Twelve principles form the backbone of the framework. Each one is operational — written to govern a decision before it executes — and each is anchored in regulation, clinical evidence, and nursing ethics.
Static ethics asks whether a system was built responsibly. EDENA asks whether this action should be allowed right now.
Fairness, transparency, privacy, and accountability matter — but they are not enough once AI can act. The twelve principles add the missing operational question and turn it into runtime governance.
Human judgment is non-transferable
AI can generate, summarize, recommend, and route. It cannot own judgment, consent, accountability, or final clinical authority. Those remain with the human who is answerable for the outcome.
Tier the interaction, gate the action
Risk is not an abstract label. It is a property of what is about to happen: who is asking, what data is involved, what system is touched, how reversible the action is, and what harm could follow. The interaction is tiered; the action is gated.
Ambiguity escalates upward
When risk signals disagree, EDENA selects the higher tier. In clinical environments, uncertainty is not permission to proceed; it is a reason to get another set of eyes on the decision.
Reversibility determines risk
A reversible draft is different from an irreversible transmission, chart entry, medication action, discharge instruction, or payer submission. The cost of being wrong, and of undoing it, sets the posture.
Externality raises the floor
Anything crossing a boundary — a third-party agent, a non-certified tool, an outbound message, an external API, a payer portal, a public channel, or a cloud model — starts at a higher governance posture, regardless of how routine it appears.
The loop closes on a named human
A tier never authorizes itself. EDENA routes work to the responsible human — nurse, physician, pharmacist, allied clinician, compliance officer, privacy lead, or technical steward — who can understand, challenge, override, and own the action.
Refusal is a governance event
A safe refusal is not system failure. EDENA resolves every candidate action to one of five outcomes — ALLOW, DENY, REQUIRE_HUMAN, THROTTLE, CONSTRAIN — and a DENY is recorded, reasoned, and routed to a safer path with the same rigor as an approval.
Meaningful oversight must be protected
Human review is not meaningful if the reviewer is overloaded, deskilled, rushed, or reduced to rubber-stamping. EDENA designs against automation bias and protects the human's continued competence, not just their presence.
Evidence travels with the claim
A polished AI output is not trustworthy unless it is traceable. EDENA requires source grounding, provenance, timestamps, uncertainty, missing data, and contradictory evidence to move with every recommendation.
Privacy is dignity in operational form
PHI protection is not only compliance — it is respect for the person. EDENA treats consent, data minimization, access control, memory scope, and re-identification risk as ethical boundaries enforced at runtime.
Containment must be built before scale
Agent swarms, multi-agent coordination, persistent memory, recursive optimization, and long-horizon autonomy require safeguards before deployment, not after harm. This is precisely why the Orange tier exists.
Nurses steward the whole environment
EDENA's most distinctive contribution is nursing epistemology: whole-person, systems-aware stewardship. The nurse sees not only the output but the patient, family, workflow, unit culture, burden, and downstream consequences.
The twelve principles are not a creed. They resolve into the tier model and the standards.
Grouped into four clusters, each principle becomes a specific runtime behavior — a way to classify, a way to escalate, a way to record, or a way to steward.
Classification — how risk is read
Tiering, ambiguity escalation, reversibility, and externality define how an action is assigned to Green, Yellow, Orange, or Red. They are the logic of the EDENA tier model, where the posture rises with reversibility, externality, autonomy, and human consequence.
Accountability — how the loop closes
Non-transferable judgment, the named-human loop, refusal-as-event, and protected oversight govern who decides and how. They are operationalized by the Human Oversight Standard and the gate's five outcomes.
Evidence & privacy — what the record requires
Traceable evidence and operational privacy convert transparency into artifacts and PHI handling into gated events. They are codified by the Evidence Bundle Standard and the Florence X edge-PHI pattern.
Containment & stewardship — what scale demands
Containment-before-scale and whole-environment stewardship answer the agentic era. They are enforced through the Agentic Systems Standard, the Orange tier, and nurse-led oversight of the environment in which AI acts.
Principles classify. Tiers decide. Standards make it auditable.
See how the principles resolve into action-risk and capability-scale tiers — including the Orange zone — and how the EDENA standards turn each commitment into a normative requirement.