Framework

The physics of trustworthiness

One governing relationship. Every operating second. For any system that carries kinetic energy.

The Governing Constraint

Kinetic energy moving through a system should remain within what the surrounding system can tolerate. When it does, the system is forgiving. When it doesn't, harm becomes possible.

Kinetic Energy

The energy a vehicle carries is set by two variables: mass and speed. Mass scales linearly; speed scales by its square. Doubling a vehicle's speed quadruples the energy it carries. Doubling its mass only doubles it. This is why a 35 mph collision is meaningfully different from a 25 mph one even when the vehicle is the same — the energy gap is not 40%, it is nearly double.

What matters for safety is not the energy itself, but whether the human body can absorb what is delivered. Decades of biomechanical research have mapped survivable thresholds — the loads at which severe injury becomes likely. A pedestrian struck at 20 mph is in a substantially different injury regime than at 30 mph, and a different one again at 40 mph. The framework treats these thresholds as the human-side anchor for what tolerance ultimately has to cover.

Kinetic energy is the focal variable in safety because it is the agent of harm. Every other safety question depends on it.

The CCA Model of Tolerance

System tolerance is the maximum kinetic energy a system can handle without severe injury. It is a macroscopic property — infrastructure, behavior, vehicle design, operating policy, and post-crash response acting together.

Kinetic Logic breaks tolerance into three structured layers — Conflict, Containment, Absorption — the CCA model. The layers are ordinal in time: energy first encounters opportunities to be prevented, then to be contained, then to be absorbed. Each layer handles what it can; whatever passes through goes to the next.

Conflict  ·  keep energy out of collision paths
How well the system keeps kinetic energy from entering potential collision paths in the first place.
Protected bike lanes Access management Refuge islands Roundabouts Crossing guards
Containment  ·  slow, redirect, or stabilize energy
How well the system slows, redirects, or stabilizes energy before it reaches a body.
AEB Lighting Pavement friction Rumble strips Sober & attentive driving
Absorption  ·  dissipate energy before severe injury
How well the system dissipates transferred energy before severe injury occurs.
Seat belts Airbags Crashworthiness Guardrails Forgiving roadsides Helmets EMS

Severe injury occurs only when all three layers fail.

Upstream layers are worth more than downstream ones — preventing a conflict reduces the load on every layer behind it; absorption acts only after two have already failed.

More info about the three layers of CCA +

Every physical AI system that moves near humans faces the same governing constraint. An autonomous vehicle on a residential street. A warehouse robot in a busy aisle. A humanoid balancing beside a toddler. A delivery drone descending into a backyard. Each carries energy that could harm if delivered to the body uncontrolled.

The physics does not care about the platform. The three layers of tolerance are the same; only the inputs change.

Each domain has chosen — implicitly, through decades of engineering and regulation — where to place its bets across the three layers. Four archetypes emerge:

Prevention-dominant
Roller coasters, commercial aviation. Make the conflict physically impossible — the train cannot leave the track, aircraft cannot meet without catastrophic prior failures. Conflict engineered to near-perfection. Enormous energy carried safely.
Containment-heavy
Warehouse robots, delivery drones. Operational safety lives in the middle layer. Detection, governance, and redundancy slow or redirect energy once a hazardous state forms.
Absorption-dominant
Playgrounds, football pads. Accept that contact will occur; engineer it to be survivable. Surfaces and padding dissipate the energy of every event.
Balanced
Autonomous vehicles, humanoid robots. No single layer carries the load. All three contribute meaningfully because each has independent constraints, and no one of them is sufficient alone.

The same ruler measures all of them.

Why This Matters

Kinetic Logic does not try to predict every crash. It measures whether the system is operating within what the environment can tolerate — so when the unexpected happens, severe harm is less likely. That is the difference between an incident and a breakdown in trustworthiness.

Read the Gauge

The gauge expresses the framework as a single continuous visual: tolerance, kinetic energy, and the margin between them — read second by second.

The hex is system tolerance.
The arcs are kinetic energy.
The gap between them is the margin.

The margin is continuous. These states make it legible.

Competent Margin is positive and stable. Energy is governed with discipline.
Brittle Margin is narrow. The system is near its protective capacity.
Exposed Energy exceeds tolerance. The system cannot provide sufficient protection if a hazard appears.
Timid Margin is unnecessarily large. Conservatism replaces measured control.
Restricted Margin is low because flow demands it — congestion, signal control, queuing.

The gauge is normalized: the hex stays fixed as the reference frame while the values behind it shift with operating context and conditions.

Further Reading
Paper I — Conceptual Foundation
Kinetic Logic: A Macroscopic Framework for Measuring Autonomous System Trustworthiness
Available by request →
Paper II — Technical Methods
Kinetic Logic: Tolerance Estimation and Margin Classification for Autonomous Vehicle Systems
In preparation
← Back to Kinetic Logic