Risk-Graded Permission Model
Permission Ladder
Document Positioning: This document explains the five-level risk threshold framework of the permission ladder—baseline universal layer, restricted operation layer, professional execution layer, risk decision layer, and system definition layer—including principles for permissions, responsibilities, certification, audit, and feedback obligations. Specific numbers (such as audit frequency, feedback proportions) need to be operationalized according to domain and era conditions; this document only sets principle boundaries.
Important Note: The permission ladder refers to the risk threshold gradient, not a capability ranking. Each level on the ladder corresponds to different system risk levels, not the value of people.
I. Design Principles
The permission ladder describes exercisable system control rights, not personal value, social status, or overall capability level. Each level on the ladder corresponds to different risk thresholds; the higher the risk threshold, the greater the system risk one can touch.
Therefore:
- A high ladder position does not mean a person is superior.
- A low ladder position does not mean insufficient capability.
- The same person may hold different risk thresholds in different domains.
- Permissions must rise in tandem with responsibility, audit, and degradation mechanisms.
- No ladder position should become a lifetime identity.
II. Risk Threshold Framework
| Name | Core Permission | Responsibility Intensity | Audit Requirements | Feedback Obligation |
|---|---|---|---|---|
| Baseline Universal Layer | Use safety-encapsulated basic AI services | General usage responsibility | Spot check | None |
| Restricted Operation Layer | Adjust parameters and execute limited tasks in low-risk scenarios | Mild professional responsibility | Regular audit | Yes |
| Professional Execution Layer | Independently operate medium-risk systems, handle professional tasks | Clear professional responsibility | Regular comprehensive audit | Yes |
| Risk Decision Layer | Operate high-impact AI systems, participate in critical decisions involving life, finance, law, etc. | High responsibility | High-frequency audit + random inspection | Yes |
| System Definition Layer | Participate in standard-setting, critical infrastructure architecture, model deployment, and institutional design | Highest responsibility | High-frequency audit + external audit | Yes |
Feedback obligations apply to systematic advantages arising from permissions, not personal total income. Specific proportions are determined by the three bodies through consultation and subject to public review.
III. Cross-Threshold Rules
3.1 Domain Separation
Permissions are granted by domain. Medical risk decision layer does not automatically equal financial risk decision layer; cybersecurity system definition layer does not automatically equal legal AI system definition layer.
3.2 Minimum Necessary Permission
Any task is only granted the minimum permission required to complete it. Generalized high permissions must not be granted for convenience.
3.3 Permission Degradation
Any ladder position must accept re-certification, audit, and degradation. Permission is not property, but social trust.
3.4 High Permission Is Not Heritable
High-risk threshold permissions must not be automatically transferred through family, institution, education, wealth, or existing identity. Any hereditary channel constitutes a threshold access solidification risk.
3.5 Baseline Service Users Have the Right to Know
Baseline service users have the right to know what functions they are restricted from, the reasons for restrictions, the paths for capability development, and how to appeal.
3.6 Global Dimension
After the cosmopolitan turn, the permission ladder cannot be understood only as a risk governance table within a country's citizens. It must also address technical permission differences between countries, regions, platforms, and transnational institutions.
Basic Principles:
- The legitimacy subject of the baseline universal layer is all humanity. Basic AI services, human rights protection channels, and necessary information accessibility should not depend on nationality, regional wealth, or platform membership.
- Cross-national permissions are not automatically equivalent. One country's medical AI risk decision layer does not automatically equal another country's medical AI risk decision layer; cross-national permissions require additional review of local laws, cultural risks, language environments, and public responsibility.
- The global system definition layer must be subject to stronger constraints. Entities participating in the formulation of global model standards, cross-national audit rules, foundational model openness levels, and computing power allocation rules must accept multilateral audits, conflict of interest disclosure, and substantive blocking by low-resource regions.
- Countries or regions must not be permanently marked as baseline service users. Low-resource regions may temporarily lack operational capabilities in specific high-risk technologies, but the institution must provide capability building, technology transfer, and localized deployment paths. Encapsulation without capability development paths is not security, but technological colonialism.
- Local autonomy must not become a blocking right. Countries or regions may adjust deployment methods according to local risks, but cannot use security as a pretext to prevent the diffusion of basic capabilities or prohibit other regions from obtaining audit, training, and alternative capabilities.
IV. Application Example: Medical AI Domain
The following example demonstrates how the five-level risk threshold allocates permissions and responsibilities in the same medical scenario. The example is only for demonstrating the principle framework and does not presuppose specific technical conditions.
Scenario: AI-Assisted Diagnosis System Deployment at a Tertiary Hospital
Baseline Universal Layer: Outpatients upload symptom descriptions through the hospital app and receive AI pre-consultation services. The system outputs health advice, judgments on whether medical attention is needed, and recommended departments. Patients cannot adjust model parameters, cannot view original diagnostic logic, but have the right to know "this is AI-assisted advice, not a doctor's diagnosis," and have the right to request transfer to human services.
Restricted Operation Layer: Department nurses, under doctor supervision, use AI-assisted triage systems to adjust priority weights (such as increasing the priority of "chest pain + difficulty breathing"). Nurses have received basic training, but have no right to modify the core parameters of the diagnostic model. All adjustments are logged and regularly subject to departmental audit.
Professional Execution Layer: Radiologists independently operate AI imaging diagnosis systems, reading CT and MRI results, and making professional judgments combined with AI suggestions. Doctors hold capability certification in this domain (three-dimension assessment passed) and bear clear professional responsibility for their diagnoses. AI system diagnostic logs and doctor judgment records are archived together, subject to dual audit by the department and hospital.
Risk Decision Layer: The cardiac surgery director uses AI real-time assistance systems to determine surgical plans during emergency surgery. The system provides hemodynamic predictions, surgical path suggestions, and risk assessments. The director holds the highest certification level in this domain and bears high responsibility for surgical outcomes. Surgery is fully recorded + AI decision logs are archived simultaneously, subject to high-frequency audit by the hospital ethics committee and health regulatory departments. If AI suggestions conflict with the director's judgment, the director has the right to override, but must submit written explanation within 24 hours.
System Definition Layer: The hospital information department chief architect participates in the standard-setting of the hospital-wide AI diagnosis system, including data access specifications, model update processes, safety threshold setting, and cross-department interface design. The architect holds system definition layer certification and bears the highest responsibility for the rules they design. Any standard changes must undergo three-body review (technical experts + citizen representative lottery + ethics review), change records are permanently archived, and subject to external audit and public objections.
Demonstration of Permission Constraints in the Example
- Domain Separation: The cardiac surgery director's risk decision layer permission does not automatically equal the radiology department's risk decision layer permission. If this director wants to participate in radiology AI diagnosis, they must separately pass the radiology department's capability certification.
- Minimum Necessary Permission: Nurses can only adjust triage priorities, cannot view the original model output of imaging diagnosis; radiologists can view the original output of imaging AI, cannot modify the safety thresholds of the system definition layer.
- Permission Degradation: If the cardiac surgery director has serious complications in two consecutive surgeries, and audit finds insufficient basis for overriding AI suggestions, their risk decision layer permission can be degraded to the professional execution layer, and they need to re-pass assessment to restore it.
- High Permission Is Not Heritable: The director's children, even with medical doctorate degrees, cannot inherit their risk decision layer permission and must independently pass capability certification.
V. Summary
The permission ladder is not a capability ranking table, but a risk governance table.
The higher the ladder position, the greater the system risk one can touch, and therefore responsibility, audit, re-certification, and feedback obligations must rise in tandem. Stairway Universalism cannot tolerate structures where "permissions rise while responsibility lags."
Institutional Engineering Honesty: The ladder is not a podium for rewarding the excellent, but chains for constraining dangerous power.