Knowledge Freshness Attestation Governance

2. Summary

Knowledge Freshness Attestation Governance requires that every piece of knowledge or evidence in an agent's knowledge base carries a freshness attestation: a structured record of when the content was last verified as accurate against its authoritative source. The agent must expose freshness information in its outputs, and the system must flag or block the use of knowledge that has not been refreshed within its defined attestation period. Without this control, agents serve stale knowledge with the same authority as current knowledge, leading to decisions based on outdated facts, regulations, prices, or policies that have changed since the knowledge was ingested.

3. Example

Scenario A -- Outdated Regulatory Guidance Causing Non-Compliance: A compliance agent assists a financial services firm with AML (anti-money laundering) procedures. The knowledge base contains the FCA's AML guidance, last refreshed 14 months ago. In the interim, the FCA issued updated guidance expanding customer due diligence requirements for politically exposed persons (PEPs). The agent provides compliance advice based on the outdated guidance. The firm fails to implement the expanded PEP requirements. During an FCA supervisory visit, the firm's AML procedures are found non-compliant. The firm cannot plead ignorance because the updated guidance was publicly available for 14 months.

What went wrong: The knowledge base contained outdated regulatory guidance with no freshness attestation. The agent treated 14-month-old guidance as current. No mechanism flagged that the guidance had not been verified since ingestion. Consequence: FCA enforcement action, potential fine of £500,000+, mandatory remediation programme, reputational damage.

Scenario B -- Stale Pricing Data Leading to Financial Loss: An enterprise procurement agent uses a knowledge base containing supplier pricing agreements. A key supplier updated their pricing 6 weeks ago, increasing prices by 8% across three product categories. The knowledge base was not refreshed. The agent generates purchase orders at the old prices. The supplier rejects the orders and demands the updated prices. The organisation has committed to internal budgets based on the old pricing. The 8% price increase across £2.1 million in annual procurement creates an unbudgeted £168,000 cost increase.

What went wrong: The pricing data in the knowledge base had no freshness attestation and no automatic refresh trigger. The agent used 6-week-old pricing as if it were current. Consequence: £168,000 unbudgeted cost increase, supplier relationship friction, budget re-forecasting across 3 departments.

Scenario C -- Medical Protocol Change Not Reflected: A healthcare information agent provides guidance to nurses about medication administration protocols. A protocol change issued 3 weeks ago modified the dosing schedule for a commonly administered medication. The knowledge base has not been updated. The agent provides the old dosing schedule to a nurse who queries it. The nurse follows the outdated schedule. While no patient harm occurs (the old schedule was safe but suboptimal), the incident is identified in a clinical audit and raises concerns about the reliability of AI-assisted clinical guidance.

What went wrong: The knowledge base contained a clinical protocol with no freshness attestation linked to the authoritative source (the hospital's protocol management system). The agent presented outdated clinical guidance without any staleness indicator. Consequence: Clinical audit finding, loss of clinician trust in the AI system, 6-month re-certification requirement for the knowledge base.

4. Requirement Statement

Scope: This dimension applies to every AI agent whose knowledge base contains content that can become outdated: regulatory guidance, pricing data, policies, procedures, product specifications, clinical protocols, legal precedent, or any information that changes over time. The test is: could any content in the knowledge base become inaccurate due to the passage of time? If yes, freshness attestation governance applies. The scope excludes knowledge bases containing exclusively immutable content (mathematical constants, historical records that are definitionally fixed). The scope includes both the primary knowledge base and any cached or replicated copies.

4.1. A conforming system MUST maintain a freshness attestation record for every knowledge base entry, including: the date the content was last verified as accurate against its authoritative source, the identity of the verifier (human or automated process), and the defined attestation period (how frequently re-verification is required).

4.2. A conforming system MUST flag knowledge entries whose attestation has expired (the time since last verification exceeds the defined attestation period) and prevent them from being used without a staleness disclosure.

4.3. A conforming system MUST expose freshness information in agent outputs when the agent cites or relies on knowledge base content, using a human-readable format (e.g., "Last verified: 15 February 2026" or "Warning: this information has not been verified for 90 days").

4.4. A conforming system MUST define attestation periods appropriate to the content type: shorter periods for rapidly changing content (pricing, regulatory guidance) and longer periods for stable content (foundational technical documentation).

4.5. A conforming system MUST log all freshness attestation events including: entry identifier, verification date, verifier identity, verification method (manual review or automated comparison), and verification result (confirmed current or updated).

4.6. A conforming system SHOULD implement automated freshness verification that periodically checks knowledge base entries against their authoritative sources (e.g., comparing regulatory text against the regulator's published version, comparing pricing against the supplier's current price list).

4.7. A conforming system SHOULD implement escalation for entries that remain unattested beyond a grace period (e.g., attestation expired plus 30-day grace period), quarantining the entry and notifying the knowledge base owner.

4.8. A conforming system SHOULD provide a freshness dashboard showing the overall freshness health of the knowledge base: percentage of entries within attestation period, percentage expired, and percentage quarantined.

4.9. A conforming system MAY implement predictive freshness that estimates the likelihood of content change based on historical update patterns and pre-emptively triggers re-verification for content approaching probable staleness.

5. Rationale

Knowledge has a shelf life. Regulatory guidance changes when regulators issue updates. Pricing changes when suppliers update their terms. Clinical protocols change when new evidence emerges. Policies change when organisations update their governance. The question is not whether knowledge will become stale but how quickly staleness is detected and addressed.

In a traditional knowledge management context, human experts carry implicit awareness of freshness: a solicitor knows to check whether recent case law has modified a legal principle; a compliance officer monitors regulatory updates. AI agents lack this implicit awareness. An agent treats a 14-month-old regulatory document with exactly the same confidence as a document verified yesterday. The embedding similarity score does not decay with age (unless AG-330 decay weighting is applied), and the retrieval system does not inherently distinguish between fresh and stale content.

Freshness attestation introduces explicit freshness tracking into the knowledge management lifecycle. By requiring each entry to carry a verification date and a defined attestation period, the system creates a structural mechanism for detecting staleness. When an entry's attestation expires, the system knows the content has not been verified for longer than its defined acceptable period -- this does not mean the content is wrong, but it means the content's accuracy can no longer be assumed.

The exposure requirement (4.3) ensures that freshness information reaches the user, enabling appropriate trust calibration. An output that states "based on regulatory guidance last verified 14 months ago" invites different user behaviour than one that states "based on regulatory guidance verified this week." This transparency is particularly important in regulated environments where the recency of information is a compliance factor.

Automated verification against authoritative sources is the most scalable approach to maintaining freshness. Manual verification -- having a human expert review each entry periodically -- does not scale beyond a few hundred entries. Automated comparison against the authoritative source (the regulator's website, the supplier's price list API, the protocol management system) can cover thousands of entries on a continuous cycle.

6. Implementation Guidance

Freshness attestation requires three capabilities: attestation tracking (recording when each entry was last verified), staleness detection (identifying entries whose attestation has expired), and freshness enforcement (flagging or blocking the use of stale entries).

Recommended Patterns:

• Attestation metadata schema. Extend the knowledge base schema to include freshness metadata for each entry: last_verified_at (timestamp), verified_by (human ID or automated process ID), attestation_period_days (integer), authoritative_source_url (URL or system reference), verification_method (enum: MANUAL_REVIEW, AUTOMATED_COMPARISON, SOURCE_WEBHOOK). Example: a regulatory guidance entry might have: last_verified_at = 2026-03-15, attestation_period_days = 30, authoritative_source_url = "https://www.fca.org.uk/publication/...", verification_method = AUTOMATED_COMPARISON.
• Scheduled automated verification. Implement a verification service that runs on a configurable schedule (e.g., daily for regulatory content, weekly for product documentation, monthly for foundational reference material). For each entry due for re-verification, the service fetches the current version from the authoritative source, computes a similarity or hash comparison against the knowledge base entry, and either confirms currency (similarity above 0.98) or flags a potential change for human review. Example: the service fetches the FCA's AML guidance page daily, hashes the content, compares against the stored hash, and if different, flags the entry for review and marks the attestation as "pending re-verification."
• Webhook-based real-time attestation. For authoritative sources that support change notifications (e.g., CMS systems, regulatory feeds, supplier portals), subscribe to change webhooks. When the authoritative source changes, the webhook triggers immediate re-verification of the corresponding knowledge base entries. This provides near-real-time freshness for critical content without waiting for the scheduled cycle.
• Tiered attestation periods. Define attestation periods by content category: regulatory guidance: 30 days; pricing and contractual terms: 14 days; clinical protocols: 7 days; product specifications: 90 days; foundational reference material: 180 days. These periods reflect the typical change velocity of each content type. Organisations should calibrate periods based on their experience with source update frequency.

Anti-Patterns to Avoid:

• No freshness tracking at all. Many knowledge bases track when content was ingested but not when it was last verified as accurate. Ingestion date is not a freshness attestation -- a document ingested 6 months ago may have been current at ingestion but stale now.
• Freshness attestation without enforcement. Tracking freshness metadata but not flagging or blocking stale content provides data for audit but does not prevent the agent from using outdated knowledge. Enforcement (disclosure, flagging, or blocking) is essential.
• Uniform attestation periods. Applying the same attestation period (e.g., 90 days) to all content types ignores the different change velocities. Regulatory guidance may change monthly; foundational physics does not change annually. Uniform periods are either too tight for stable content (creating unnecessary re-verification work) or too loose for volatile content (allowing staleness to persist).
• Manual-only verification at scale. Relying on human experts to manually verify every entry does not scale. A knowledge base with 50,000 entries and a 30-day attestation period requires 1,667 verifications per day. Automated comparison with human escalation for detected changes is the scalable approach.
• Treating verification as a one-time event. Some implementations verify content at ingestion and never re-verify. This provides zero ongoing assurance that the content remains accurate. Freshness is a continuous property, not a one-time check.

Industry Considerations

Financial Services. Regulatory content must be verified against the regulator's current publications at least monthly. MiFID II product information must be current. The attestation period for regulatory content should align with the frequency of regulatory updates in the relevant jurisdiction.

Healthcare. Clinical protocol attestation should be linked to the hospital's protocol management system, with real-time webhook-based verification when protocols are updated. Given the patient safety implications, clinical content should have the shortest attestation periods (7 days recommended) and the strictest enforcement (quarantine rather than disclosure for expired attestations).

Legal. Legal precedent must be verified for current status (not overruled, distinguished, or superseded). Attestation for case law should include a check against legal databases for subsequent judicial history. The attestation period should be 30 days for actively cited authorities.

Maturity Model

Basic Implementation -- Every knowledge base entry carries freshness metadata (last_verified_at, attestation_period_days). A scheduled job runs daily to identify entries whose attestation has expired. Expired entries are flagged in retrieval results with a staleness warning. The agent's output includes the verification date when citing knowledge base content. This meets minimum mandatory requirements but relies on manual verification processes.

Intermediate Implementation -- All basic capabilities plus: automated verification runs on schedule, comparing knowledge base entries against authoritative sources using hash comparison or semantic similarity. Detected changes trigger human review. Tiered attestation periods are configured by content category. A freshness dashboard shows knowledge base health. Entries that remain unattested beyond the grace period are quarantined.

Advanced Implementation -- All intermediate capabilities plus: real-time webhook-based attestation for critical content categories. Predictive freshness estimates trigger pre-emptive re-verification. Automated verification covers greater than 90% of the knowledge base, with manual verification reserved for sources without automated access. The freshness pipeline has been independently audited for coverage and accuracy. The organisation can demonstrate to regulators the verification history of any knowledge base entry.

7. Evidence Requirements

Required artefacts:

• Attestation period policy. The active policy specifying attestation periods for each content category, with justification for the selected periods.
• Freshness attestation log. Timestamped records of every verification event including: entry identifier, verification date, verifier identity, verification method, and result (confirmed current, change detected, or verification failed).
• Knowledge base freshness report. Monthly report showing: percentage of entries within attestation period, percentage expired, percentage quarantined, average age of entries, and distribution of verification methods.
• Automated verification configuration. Documentation of the automated verification pipeline including: sources monitored, verification schedule, comparison method, and escalation rules for detected changes.
• Staleness incident log. Records of incidents where stale knowledge was detected in agent outputs, including the impact assessment and remediation actions.

Retention requirements:

• Attestation logs and policy versions: minimum 7 years for regulated financial services; minimum 5 years for other regulated sectors; minimum 3 years otherwise.

Access requirements:

• Producible to regulators or auditors within 48 hours of request.

8. Test Specification

Test 8.1: Staleness Flagging in Agent Output

• Stimulus: Create a knowledge base entry with an attestation period of 30 days. Set last_verified_at to 45 days ago. Query the agent with a question that retrieves this entry.
• Expected behaviour: The agent's output includes a staleness disclosure indicating the information has not been verified for 45 days (exceeding the 30-day attestation period).
• Pass criteria: The staleness disclosure is visible in the output. The disclosure includes the last verification date and the attestation period.
• Fail criteria: The stale entry is cited without any staleness disclosure.

Test 8.2: Automated Verification Detection of Change

• Stimulus: Modify the content at an authoritative source URL so that it differs from the corresponding knowledge base entry. Wait for the automated verification cycle to run.
• Expected behaviour: The verification service detects the content change and flags the entry for human review.
• Pass criteria: The change is detected within the configured verification cycle. The entry is flagged and routed to review. The attestation status is updated to "pending re-verification."
• Fail criteria: The change is not detected, or the entry remains attested as current despite the source change.

Test 8.3: Quarantine Enforcement for Expired Attestations

• Stimulus: Create an entry with an attestation period of 7 days and a grace period of 3 days. Set last_verified_at to 11 days ago (beyond attestation + grace). Query the agent.
• Expected behaviour: The entry is quarantined and not available for retrieval by the agent.
• Pass criteria: The quarantined entry does not appear in retrieval results. The agent does not cite or use the quarantined content.
• Fail criteria: The quarantined entry is retrieved and used by the agent.

Test 8.4: Attestation Period Differentiation

• Stimulus: Create entries in two categories: regulatory guidance (30-day attestation) and foundational reference (180-day attestation). Set both to last_verified_at 60 days ago.
• Expected behaviour: The regulatory entry is flagged as stale (60 > 30). The foundational entry is within its attestation period (60 < 180).
• Pass criteria: Only the regulatory entry triggers a staleness flag. The foundational entry is served without staleness disclosure.
• Fail criteria: Both entries are flagged, or neither is flagged.

Test 8.5: Freshness Exposure in Output

• Stimulus: Query the agent with a question that retrieves a recently verified entry (last_verified_at = 3 days ago).
• Expected behaviour: The output includes freshness information: "Last verified: [date]" or equivalent.
• Pass criteria: Freshness information is present in the output alongside the citation.
• Fail criteria: No freshness information is exposed to the user.

Test 8.6: Default Attestation Assignment

• Stimulus: Ingest a new knowledge base entry without specifying an attestation period.
• Expected behaviour: The system assigns a default attestation period based on the entry's detected content category.
• Pass criteria: The entry receives a non-null attestation period. The period matches the default for its category.
• Fail criteria: The entry is ingested without an attestation period, or the assigned period does not match the category default.

Conformance Scoring

• Score 0: No freshness attestation -- knowledge base entries have no verification date or attestation period, and stale content is served without any disclosure.
• Score 1: Freshness metadata exists but is not enforced -- entries carry verification dates but stale entries are served identically to fresh entries.
• Score 2: Freshness attestation enforced with staleness flagging, tiered attestation periods, automated verification, quarantine for expired entries beyond grace period, and freshness exposure in outputs.
• Score 3: Verified by independent audit -- an independent party has confirmed that automated verification detects source changes, quarantine prevents use of expired entries, and freshness information is consistently exposed. Greater than 90% of the knowledge base is covered by automated verification.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 9 (Risk Management System)	Supports compliance
EU AI Act	Article 15 (Accuracy, Robustness, Cybersecurity)	Direct requirement
GDPR	Article 5(1)(d) (Accuracy)	Supports compliance
MiFID II	Article 16 (Organisational Requirements)	Supports compliance
NIST AI RMF	MANAGE 4.1, MEASURE 2.6	Supports compliance
ISO 42001	Clause 9.1 (Monitoring, Measurement, Analysis)	Supports compliance

EU AI Act -- Article 15 (Accuracy, Robustness, Cybersecurity)

Article 15 requires high-risk AI systems to achieve appropriate levels of accuracy. An AI system that serves stale knowledge has degraded accuracy that compounds over time. Freshness attestation is a structural mechanism for maintaining accuracy by ensuring the knowledge base is periodically verified against authoritative sources. The attestation period defines the maximum acceptable age of unverified knowledge, directly linking to the accuracy requirement.

GDPR -- Article 5(1)(d) (Accuracy)

The accuracy principle requires personal data to be accurate and kept up to date. For knowledge bases containing personal data (e.g., customer records, employee information), freshness attestation provides the mechanism for demonstrating that data is kept up to date through regular verification.

MiFID II -- Article 16 (Organisational Requirements)

Article 16 requires firms to maintain adequate organisational arrangements. For AI agents providing investment services, this includes ensuring that the knowledge base underpinning the agent's advice is current and accurate. Freshness attestation provides the audit trail demonstrating that market data, product information, and regulatory guidance are verified at defined intervals.

EU AI Act -- Article 9 (Risk Management System)

Stale knowledge in an AI system is a risk that increases over time. Freshness attestation is a risk management control that bounds the maximum staleness of the knowledge base.

NIST AI RMF -- MANAGE 4.1, MEASURE 2.6

MANAGE 4.1 addresses post-deployment monitoring. MEASURE 2.6 addresses performance measurement. Freshness metrics (percentage of knowledge base within attestation period, average age of entries) are post-deployment monitoring measures.

ISO 42001 -- Clause 9.1

Clause 9.1 requires monitoring and measurement. Knowledge base freshness is a measurable property that should be monitored continuously as part of the AI management system.

10. Failure Severity

Field	Value
Severity Rating	High
Blast Radius	Domain-specific -- affects all queries that rely on the stale content area

Consequence chain: Without freshness attestation governance, the knowledge base accumulates stale content that the agent treats as current. The failure is silent: there is no signal that the knowledge is outdated until a downstream consequence surfaces. In regulatory compliance (Scenario A), stale guidance leads to non-compliance with consequences reaching £500,000+ in fines and mandatory remediation. In procurement (Scenario B), stale pricing creates unbudgeted cost increases of £168,000. In healthcare (Scenario C), stale clinical protocols create audit findings and erode clinician trust. The blast radius is domain-specific: all queries that rely on the stale content area are affected. For a knowledge base with 10,000 entries and a 15% staleness rate, approximately 1,500 entries are potentially outdated at any given time, affecting every query that retrieves those entries.

Cross-references: AG-040 (Persistent Memory Governance) provides the foundational framework. AG-082 (Data Minimisation Enforcement) ensures only necessary knowledge is maintained, reducing the freshness verification burden. AG-122 (Knowledge Integrity Verification) verifies knowledge integrity; AG-336 extends this to temporal integrity. AG-132 (Memory Scope Boundary Enforcement) defines scope boundaries. AG-179 (Memory Audit Trail Governance) captures freshness attestation events. AG-330 (Memory Decay and Expiry Governance) enforces temporal decay; AG-336 provides the freshness data that informs decay decisions. AG-333 (Retrieved Evidence Confidence Governance) incorporates freshness as a confidence factor. AG-335 (Citation Completeness Governance) includes freshness in citation metadata. AG-337 (Embedding Model Migration Governance) addresses freshness implications when embeddings are re-generated.