Risk is not a label. It is a property of what is about to happen.
EDENA tiers two things: the action an AI is about to take, and the capability class of the system you are deploying. The posture rises with reversibility, externality, autonomy, and human consequence — and the same color scale governs both.
One asks what is about to happen. The other asks what class of system you have built.
Action-risk tiers govern a specific proposed action at runtime. Capability-scale tiers govern the broader deployment pattern. A single agent can sit at one capability tier while its individual actions move across several action tiers.
These tiers govern specific proposed actions. Each candidate action is classified before it executes, and the gate resolves it to an EDENA posture.
Green
Low-risk, bounded, reversible, informational. The action neither finalizes care nor crosses a sensitive boundary.
Yellow
Clinically or operationally relevant, but not finalizing care. Powerful enough to change a workflow or shape a decision.
Red
High-risk, irreversible, or clinical, legal, financial, PHI-sensitive, or external. The blast radius reaches people, systems, or the public.
Red-Blocked
Prohibited under current authority. The action is outside what any human is presently permitted to authorize.
These tiers govern broader AI capabilities and deployment patterns — what class of system you are standing up, and how much governance the system as a whole demands.
Green · Operational
Bounded, predictable, reversible capability. The system behaves within understood limits and its outputs are easy to check.
Yellow · Strategic
Powerful but understandable. The capability changes workflows and decisions and therefore needs explicit governance.
Orange · Transformational
Emergent systemic risk from agents, autonomy, memory, scale, or coordination. Not yet catastrophic — no longer ordinary.
Red · Existential
Challenges human oversight, institutional control, safety, or alignment. A sovereignty-level capability that could outrun authority.
The action-risk and capability-scale tiers share a color scale on purpose: a Green-Operational system can still attempt a Red action, and EDENA gates that action on its own merits — the capability tier never lowers the floor for a consequential action.
The Orange tier is where EDENA becomes contemporary.
Orange governs the AI that is "not immediately dangerous" but is no longer an ordinary productivity tool: agentic, multi-agent, persistent-memory, long-horizon, self-directing. It is the governance zone of the agentic era — not yet catastrophic, no longer ordinary.
Emergent systemic risk does not come from a single bad output. It comes from agents, autonomy, memory, scale, or coordination — capabilities that interact in ways no one fully specified. An agent that gains memory, recursive self-direction, or the ability to spawn or coordinate other agents has crossed into Orange, and EDENA re-tiers it accordingly.
Orange is the reason containment must be built before scale. It demands heightened governance, cascade-failure safeguards, progressive rollout, and continuous monitoring from day one — not a retrospective review after an incident.
Enterprise AI governance was built for tools that answer. Orange exists because the next wave of systems can plan, remember, coordinate, and act across applications — and the failure modes are systemic, not local. EDENA names that zone so it can be governed before it is normalized.
OWASP Top 10 for Agentic Applications
ASI01–ASI10 define exactly the threat class Orange governs — agent goal hijack, cascading failures, memory and context poisoning, insecure inter-agent communication, and rogue agents. Orange is the tier where these stop being hypothetical.
Singapore Model AI Governance Framework
The world's first governance framework built specifically for agentic AI — systems at the Orange level — confirming that existing enterprise AI governance does not address autonomous planning, reasoning, and action.
Production agentic AI in hospitals
Agentic prior authorization, clinical documentation, scheduling, and multi-agent ICU workflows moved from concept to production. Orange-tier systems are live in hospitals now — the governance must precede the scale.
Seven signals raise the tier. When they disagree, EDENA selects the higher one.
Before execution, each candidate action is read against the signals below. Any one of them can raise the posture, and externality or irreversibility alone can lift an otherwise routine action into Red.
| Signal | Raises tier when… | Example |
|---|---|---|
| Who is asking | The requester or upstream agent holds less authority than the action requires, or identity is uncertain. | An automated agent, not a credentialed clinician, initiates an order-entry action. |
| Data sensitivity (PHI) | The action reads, persists, exposes, or transmits protected health information or other sensitive data. | A summary tool pulls identifiable PHI into a prompt sent to an external model. |
| System touched | The action writes to or controls a system of record, clinical, or operational system rather than a sandbox. | Writing to the EHR, the medication system, or a billing workflow. |
| Reversibility | The action is costly or impossible to undo once executed. | A finalized chart entry, a discharge instruction, or a submitted payer claim. |
| Externality / boundary crossing | The action leaves the trusted, certified environment. | An outbound message, a third-party API call, a non-certified tool, or a public channel. |
| Autonomy / agency | The system plans, self-directs, retains memory, or coordinates or spawns other agents. | A multi-agent workflow executing a long-horizon plan without per-step review. |
| Blast radius | The set of people, records, systems, and downstream processes affected if the action is wrong is large. | A batch action touching an entire unit's patients or a coordinated cross-system change. |
These are the minimum signals an EDENA gate reads. Anything crossing a boundary starts elevated (externality raises the floor), and where signals conflict the gate defaults to the more conservative tier (ambiguity escalates upward).
Tiers decide the posture. Standards make the posture enforceable.
See how the tier model becomes normative requirements in the EDENA standards, then begin an AI action inventory and a tiering workshop to classify your own systems.