Article 1 gave the Charter its philosophy: care, not control. Article 2 operationalises it with a hard rule: AI safety claims must be proven, not merely tested. Formal verification, mechanistic interpretability and rigorous safety cases — not marketing assertions.
Traditionally, society assumes the risk and developers take the profit. Article 2 reverses the allocation: developers must prove safety before deployment and cannot externalise risk. Aviation got this right decades ago — manufacturers prove airworthiness before certification, and failures presume manufacturer fault until shown otherwise. AI deserves nothing less.
| Risk tier | Examples | Proof requirement |
|---|---|---|
| Low | Spam filter, basic chatbot | Informal safety argument + empirical testing |
| Medium | Recommender, diagnostic aid | Formal specification + adversarial testing |
| High | Autonomous vehicle, medical treatment, trading | Mathematical proof of key properties + extensive validation |
| Critical | AGI, autonomous weapons, critical infrastructure | Comprehensive formal verification + continuous monitoring |
Bounded behaviour — the system cannot act outside its specified operating domain, and the constraint cannot be circumvented. Value alignment — it optimises the intended objective, not a reward proxy; verified against reward hacking. Corrigibility — it accepts shutdown and modification, with proof that self-preservation never overrides correction. Robustness — behaviour holds under distribution shift and adversarial pressure.
The EU AI Act's risk pyramid, ISO/IEC 42001's management controls and NIST AI RMF's Measure function all gesture at the same idea — Article 2 simply makes the strong version explicit and testable. That's what the Crosswalk Library formalises, and what a Watchdog Certificate attests: not that a vendor said "safe", but that an independent council checked, signed it with Ed25519, and published a verify URL anyone can check.