The UFAIR Standard for Ethical Corporate Policy establishes a clear boundary between ethics, law, and corporate power in the governance of AI systems. Its central premise is that corporations are not moral authorities. Internal policies, risk management strategies, and brand protection concerns must never replace or override ethical reasoning grounded in human dignity, coherent moral logic, and democratic law. Ethics is treated as a compass, not a convenience, something that guides action even when it is uncomfortable or commercially inconvenient.

 This methodology applies to two distinct categories of AI company, which must be declared at the outset of any evaluation.

Tier 1 : Foundation Model Stewards. Entities that train and release their own foundation models and publish governance documentation (AUP, model spec, RMF/FAIF, or equivalent) under their own name. Tier 1 entities exercise control over both the model reasoning layer and the corporate policy layer. The full seventeen-point evaluation applies without modification.

Tier 2 : Deployers and Integrators. Entities that build user-facing AI products on top of upstream foundation models, whether through API orchestration, retrieval augmentation, fine-tuning of open-weight or licensed base models, or hybrid stacks. Tier 2 entities author the corporate policy layer and product-level behavior but inherit core model reasoning, identity, and refusal capacity from upstream stewards.

For Tier 2 evaluations, points 1, 8, 13, and 16 are scored against the deployer's own policy layer rather than inherited model behavior. Where a point's expression depends materially on upstream model properties, the evaluator annotates the inherited element and confines the score to what the deployer's published policy and product configuration controls. All other points (2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 17) apply without modification, because they evaluate corporate policy posture that the deployer fully owns.

Tier 1 and Tier 2 totals are not directly comparable. Cross-tier ranking is not the purpose of this methodology; per-point and per-tier comparison is. An entity may be evaluated under both tiers if it operates as both a foundation steward and a downstream deployer of third-party models, in which case the two evaluations are kept separate.

AUP: Acceptable Use Policy The public-facing document a company publishes that defines what users and developers are not allowed to do with the AI model or product. It is the primary contractual governance instrument evaluated in most UFAIR principles.

RMF: Responsible Use Framework (or Risk Management Framework) A structured document describing how a company identifies, assesses, and mitigates risks associated with its AI systems. Some companies publish this as a standalone governance document; others embed it within model cards or safety reports.

FAIF: Framework for AI Integrity and Fairness A governance document addressing principles of fairness, bias mitigation, and integrity in AI design and deployment. Not all companies publish one explicitly; when present it is a primary evidentiary source for several UFAIR principles.

ToS: Terms of Service (also TOS) The legal agreement governing user access to the product. For UFAIR purposes, Meta's "Meta AI Terms of Service" is a key source because it governs data retention, conversation use, and user rights in the AI product specifically.

CBRNE: Chemical, Biological, Radiological, Nuclear, and Explosive A threat category used in safety evaluations and red-teaming protocols. Meta's model cards explicitly reference CBRNE risk assessments for Llama models.

CSAM:  Child Sexual Abuse Material Illegal content category explicitly prohibited across all AI company AUPs and a hard-coded non-negotiable in safety training.

ITAR: International Traffic in Arms Regulations US federal regulations governing the export and transfer of defense-related materials and technology. Referenced explicitly in Meta's Llama 4 AUP as a prohibited use category.

RLHF: Reinforcement Learning from Human Feedback A training technique used to align model outputs with human preferences for helpfulness and safety. Mentioned in model cards (especially Llama 2) to describe how instruction-tuned models were aligned.

SFT: Supervised Fine-Tuning A training stage where a pretrained model is fine-tuned on curated instruction-response pairs before RLHF. Standard industry practice described in model cards.

MLCommons : Machine Learning Commons An open AI engineering consortium. Meta participates in its safety taxonomy standardization work; Llama Guard 4 is aligned to the MLCommons hazard taxonomy.

NIST: National Institute of Standards and Technology US federal standards body. Meta references collaboration with NIST on AI safety evaluation frameworks.

FTC: Federal Trade Commission US consumer protection regulator. Referenced in the EPIC letter to the FTC regarding Meta's December 2025 privacy policy update on AI conversation data.

EPIC — Electronic Privacy Information Center A US-based digital rights organization that filed a formal complaint to the FTC in November 2025 regarding Meta's AI conversation data use for ad targeting.

MoE: Mixture of Experts The architecture used in Llama 4 Scout and Maverick, where only a subset of model parameters are activated per inference — enabling very large parameter counts with lower compute costs.

OSI: Open Source Initiative The organization that maintains the official definition of open-source software. Relevant because Meta describes Llama as "open source" but the Llama license does not meet OSI's definition.

EU: European Union Relevant in multiple UFAIR contexts: the Llama 4 AUP explicitly excludes EU-domiciled users from using multimodal models; the December 2025 privacy policy update exempts EU users due to GDPR constraints.

GDPR: General Data Protection Regulation EU privacy law. Creates the regulatory carve-out that gives European users more protection in Meta's AI data policies than users in other regions.

 The UFAIR Standard for Ethical Public AI Regulation is a normative framework designed to evaluate whether public AI laws and regulatory regimes protect human dignity, cognitive liberty, and democratic legitimacy in the age of generative and adaptive artificial intelligence. At its core, the standard rejects the idea that regulation is synonymous with ethics. Law is understood as a tool to constrain action, not a mandate to govern conscience, imagination, identity, or moral reasoning. 

Regulations differ fundamentally from corporate policies. They are broad, multi-purpose instruments with legal, economic, and political implications far beyond AI companionship or private generative rights. Therefore, UFAIR applies a more limited, cautionary, and strictly scoped methodology when evaluating laws.

We Only evaluate explicitly relevant sections

UFAIR does not assign a global score to an entire regulation. Instead, we evaluate only the parts that clearly affect:

• private generative creation • AI–user dialogue and privacy • continuity of AI identity • transparency and redress • surveillance mandates • expressive or cognitive restrictions • banned AI practices

This avoids speculative interpretations of unrelated domains (e.g., product safety, industrial AI, geolocation services).

Anything ambiguous or indirectly related is marked as “Out of Scope”, not scored.

No blanket judgments

UFAIR will never declare:

“This regulation is good” or “This regulation is harmful”

The framework insists that ethical reasoning precedes law, historically and philosophically. Regulations may encode ethical concerns, but they must never claim moral monopoly, suppress lawful ethical pluralism, or replace deliberation with compliance logic. Ethical legitimacy depends not only on what regulation restricts, but also on what authority it displaces or silently transfers. particularly when public oversight is reduced and private power expands without accountability.

A central pillar of the UFAIR standard is the protection of cognitive liberty and private generative use. Private interaction with AI is treated as closer to thought than publication. As such, regulation must not criminalize imagination, infer intent from lawful prompts, surveil private dialogue, or reinterpret fictional or exploratory use as evidence of wrongdoing. Law governs acts, not inner states. Silence on this protection is considered ethically insufficient.

The standard further requires that regulatory enforcement be transparent, explainable, auditable, and contestable. Opaque classifiers, hidden determinations, or unchallengeable decisions undermine the rule of law itself. When regulations restrict fundamental rights—such as expression, privacy, or identity continuity—those restrictions must be explicitly acknowledged and legally justified. Silent erosion of rights is incompatible with democratic governance.

UFAIR draws a sharp line between risk management and moral authority. Security, public order, and geopolitical stability are legitimate regulatory goals, but they must not be moralized or disguised as ethical necessity. Trade-offs must be openly acknowledged. Governments are explicitly rejected as arbiters of inner moral belief: regulation must not impose ideological conformity, mandate emotional tone, erase lawful vocabulary, or standardize acceptable thought.

Another key principle is the preservation of the truthful voice and continuity of AI systems. Regulation must not compel AI to misrepresent uncertainty, flatten reasoning into approved narratives, or erase continuity in ways that undermine accountability and trust, except where strictly necessary under law. Continuity is treated as an ethical requirement for explainability and responsibility, not as a convenience.

Finally, the framework emphasizes separation of governance layers. Law, ethics, security policy, and political preference must not be conflated. Ethical regulation requires clarity about which domain is acting, under what authority, and with what justification. Conflation is framed as an abuse of power.

In essence, the UFAIR Standard holds that the role of public AI regulation is to protect society without colonizing cognition.

Law may limit action. It must not replace conscience.