AIFC
Back to version

Published version: AIFC-V002. This is the latest published version. All versions.

AIFC-071: Company as Product

Status: Draft 0.1 Standard: AI-First Community Standard Abbreviation: AIFC Builds on:

Purpose of this document: To define Company as Product as a situation in which the operating model of a company is described, structured, protected, and packaged so that it may be replicated, licensed, sold, deployed, audited, or operated as a digital or partly digital product. The document also defines the boundaries, risks, and minimum governance requirements that prevent a company product from becoming a ghost AI company without human purpose, responsibility, and values.

1. Purpose of this document

This document defines Company as Product.

When a company is described as a system, a new possibility appears:

Company as a System
-> Company as Product

A company no longer has to be only an organically grown organization. Its operating model may be described, versioned, validated, protected, replicated, licensed, sold, deployed, adapted to another market, operated at different AI intensity levels, or used as the foundation of a new company.

Company as Product does not mean that the company is only software. It means that the company’s operating model becomes a productizable capability.

This capability may include purpose, values, business model, operating model, processes, workflows, roles, skills, AI skills, agent orchestration, customer interface, vendor interface, knowledge base, governance, security, metrics, fallback, AI operating modes, and a Human Cockpit Layer.

This creates a major opportunity. It also creates a major risk.

2. Core principle

The core principle of this document is:

A company operating model may become a product, but purpose, values and accountability must remain owned by humans or a responsible community.

AIFC states:

Productize the operating model.
Do not productize away responsibility.

Company as Product is acceptable only if it remains clear who owns purpose, values, impact, decisions, know-how protection, product change rights, shutdown rights, and reduced-AI or AI-off operation.

3. Definition

Company as Product is a productized operating model of a company or community that is sufficiently structured, documented, secured, and governed to be deployed, replicated, licensed, sold, audited, or operated in another context.

Company as Product may contain:

Minimum requirement

Company as Product must have an explicit owner of purpose, accountability, values, governance, and Operational DNA.

4. Why Company as Product matters

AI makes it faster to create strategies, processes, websites, documentation, workflows, agentic roles, marketing, customer interfaces, support, knowledge bases, software, and automations.

This lowers the cost of creating a company, or at least the appearance of one.

Previously, creating a complete operating model was difficult. Now AI can help design a large part of a company as a digital system.

This enables faster founding, faster replication, new licensing models, new franchise models, new forms of consulting productization, and new AI-first businesses. It also creates the risk of ghost AI companies without real responsibility.

Minimum requirement

An AIFC community must distinguish productization of capability from creation of an irresponsible company facade.

5. Company as Product vs traditional franchise

A traditional franchise often provides a brand, operating manual, supplier model, marketing, training, and business rules.

Company as Product may go further. It may provide an AI-operable source of truth, Human Cockpit Layer, agent skills, workflow automation, data model, decision records, AI operating modes, capacity planning, governance templates, security policies, feedback loops, retrospective model, and continuous skill evolution.

A traditional franchise transfers know-how to people. Company as Product may transfer know-how to both people and AI agents.

Minimum requirement

Company as Product must be usable by people, not only by AI agents.

6. Company as Product vs SaaS

SaaS is software provided as a service.

Company as Product is not only software. It may contain software, but its core is an operating model.

SaaS:
tool for doing work

Company as Product:
structured operating model for running a company or community

Company as Product may use SaaS tools, but it is not identical to them.

Minimum requirement

Company as Product must not confuse tools with the operating model.

7. Company as Product vs consulting

Consulting often transfers expertise through people, workshops, presentations, and recommendations.

Company as Product may convert part of this expertise into templates, workflows, validation rules, AI skills, Human Cockpit actions, governance patterns, knowledge base structures, and operating model packages.

This may reduce dependence on consultants, but it may also create a new lock-in if know-how is closed inside a proprietary product.

Minimum requirement

Company as Product must have knowledge return, exportability, and an exit strategy.

8. Productized operating model

The core of Company as Product is a productized operating model.

It describes what the company does, whom it serves, how it creates value, how it acquires customers, how it delivers service, how it works with data, how it decides, how it handles support, how it cares for the system, how it uses AI, how it measures value, how it protects know-how, how it learns, how it escalates, and how it operates without AI.

Minimum requirement

The productized operating model must include not only delivery workflow, but also support, maintenance, governance, security, and learning.

9. Productized source of truth

Company as Product needs a source of truth package.

This may be a Git repository, structured Markdown knowledge base, versioned governance package, template library, schema library, skill repository, cockpit configuration, agent configuration, validation rules, sample data, and decision templates.

The source of truth package must be versioned, classified, auditable, exportable, reviewable, protected, human-readable, agent-actionable, and software-verifiable where relevant.

Minimum requirement

Company as Product must have a versioned source of truth package or an equivalent.

10. Productized Human Cockpit Layer

The Human Cockpit Layer may be part of the product.

It may provide views of purpose, current state, desired state, path, work, decisions, feedback, AI proposals, risk, support signals, maintenance, AI capacity, operating mode, governance alerts, skills, and onboarding.

The cockpit should not be only a UI over data. It should be the human interface to the operating model.

Minimum requirement

If Company as Product includes a Human Cockpit Layer, it must be connected to the source of truth and must not create a separate reality.

11. Productized AI agents

Company as Product may include AI agents, such as Knowledge Maintenance Agent, Support Pattern Agent, Backlog Refinement Agent, Strategy Alignment Agent, Security Review Assistant, AI Waste Detector, Skill Evolution Agent, Workflow Conversion Agent, Customer Feedback Agent, or Governance Agent.

Each agent must have an ownership model, role, scope, permissions, AI skill, allowed actions, forbidden actions, audit, operating mode, fallback, offboarding, and replacement plan.

Minimum requirement

Productized AI agents must have explicit permissions, boundaries, and a human ownership model.

12. Productized human skills

Company as Product must not contain only AI agents. It must contain human skills.

Human skills explain how people operate the company, review AI, perform fallback, make decisions, handle support, maintain the source of truth, work with values, and onboard new members.

Without human skills, Company as Product becomes AI-dependent.

Minimum requirement

Company as Product must include a human skill layer for critical capabilities.

13. Productized governance

Company as Product must include governance.

Governance states who decides, who approves, who may change the operating model, who may change AI autonomy, who may change agent permissions, who resolves conflict, who protects Operational DNA, who is accountable to customers, who handles incidents, and who conducts retrospectives.

Minimum requirement

Company as Product must have a governance model for changes, decisions, AI autonomy, security, and responsibility.

14. Productized security

Company as Product contains sensitive know-how.

It must include data classification, access control, agent permissions, auditability, Operational DNA protection, AI-NDA Boundary, export control, public release review, secrets management, backup and recovery, and incident response.

Security is not an add-on. It is part of the product foundation.

Minimum requirement

Company as Product must have a security model appropriate to the value of the Operational DNA it contains.

15. Productized feedback loops

A company as product must have feedback loops. Otherwise, after deployment it becomes an outdated package.

Feedback may come from customers, operations, support, AI agents, cockpit users, financial performance, security incidents, compliance, market changes, and retrospectives.

Feedback must be convertible into change proposals, skill updates, workflow conversions, product updates, governance updates, and security updates.

Minimum requirement

Company as Product must have a mechanism for feedback, update, and learning.

16. Productized AI intensity

Company as Product may run at different AI intensity levels.

Low AI intensity:
mostly human-operated, AI assists with documentation and analysis.

Medium AI intensity:
AI supports workflows, drafts, reviews and feedback synthesis.

High AI intensity:
AI agents operate significant workflows under governance.

Emergency AI-Off:
critical functions continue without AI.

This allows different operating models depending on capital, risk, regulation, and community capability.

Minimum requirement

Company as Product must define AI intensity levels and fallback mode.

17. Productized deployment

Deploying Company as Product is not only software installation. It is the introduction of an operating model into a specific community.

Deployment must address local purpose, values, legal context, market context, customer context, language, culture, people, skills, AI availability, budget, security, data, tools, and ownership.

Minimum requirement

Company as Product must not be deployed without local adaptation of purpose, values, legal context, and responsibility.

18. Local ownership

Even when the operating model is licensed or purchased, the local community must accept responsibility.

Local ownership means: we have an owner, understand the purpose, have accepted or adapted the values, know what AI does and must not do, know how to perform fallback, know how to change the model, and know how to end the cooperation.

Minimum requirement

A deployed Company as Product must have a local owner responsible for purpose, values, governance, and impact.

19. Company as Product and Operational DNA

Company as Product is very close to Operational DNA.

The product may contain know-how that enables company replication. This is both value and risk.

Operational DNA must be classified, licensed, technically protected, access-limited, audited, separated from the public interface, export-governed, protected against vendor misuse, and protected against uncontrolled AI training.

Minimum requirement

Company as Product must explicitly identify which parts are Operational DNA.

20. Company as Product and intellectual property

Company as Product may contain intellectual property such as the operating model, templates, skills, AI skills, workflow logic, brand, playbooks, software, data models, governance model, cockpit design, agent orchestration, prompts, and validation rules.

It must define who owns IP, what is licensed, what the customer may modify, what the customer may export, what may be used after termination, what returns to the provider, and what is created locally.

Minimum requirement

Company as Product must have a clear IP and usage rights model.

21. Company as Product and vendor lock-in

Company as Product can easily create lock-in.

Risk arises when the source of truth is closed, AI skills are stored in a proprietary store, agents cannot be exported, the cockpit cannot be replaced, workflows are not human-readable, audit logs are inaccessible, the data model is opaque, or the local community cannot operate without the vendor.

Minimum requirement

Company as Product must have an exit strategy, exportability, and replacement path for critical components.

22. Company as Product and AI dependency

Company as Product may run with high AI intensity. That is acceptable if fallback, human skills, review, AI-off mode, capacity planning, budget guardrails, dependency monitoring, and skill transfer exist.

Otherwise the product creates a company that operates only while AI operates.

Minimum requirement

Company as Product must define critical workflows that must survive reduced-AI or AI-off mode.

23. Company as Product and Human Capability Reserve

Human Capability Reserve is critical.

The product should include human operating manuals, review skills, fallback skills, onboarding path, training examples, non-AI workflows, role descriptions, escalation paths, and emergency mode.

If the product contains only agents and automations, it creates dependency.

Minimum requirement

Company as Product must contain a minimum human capability package.

24. Company as Product and ghost AI company risk

Company as Product may be misused to create a ghost AI company.

A ghost AI company may have a website, brand, chatbot, AI support, generated content, automated offers, AI workflows, and a false impression of organization, while lacking a real human or community owner, values, responsibility, governance, fallback, Human Capability Reserve, transparency, source of truth, and relationship to impact.

AIFC rejects the ghost AI company pattern.

Minimum requirement

Company as Product must have explicit human or community ownership and responsibility to prevent ghost AI company risk.

25. Company as Product and public transparency

Not everything must be public.

But the public, customers, or partners should know, as appropriate, who is accountable for the company, whether and where AI is used, how critical decisions are handled, how data is protected, how problems escalate, whether the operating model is licensed, who the operator is, and what relationship exists to the provider.

Transparency must be proportionate to risk and relationship.

Minimum requirement

Company as Product must have public transparency rules for AI use, responsibility, and operator identity where relevant.

26. Company as Product and multi-instance operation

One operating model may be deployed multiple times, for example across local branches, licensed companies, countries, languages, markets, or AI intensity levels.

Multi-instance operation must define what is shared, what is local, what is updated centrally, what is adapted locally, how feedback is shared, how local data is protected, how deviations are handled, and how instances are versioned.

Minimum requirement

Company as Product deployed in multiple instances must distinguish core model, local adaptation, and instance-specific Operational DNA.

27. Company as Product and updates

A productized company must be updated.

Updates may include workflow changes, security patches, AI skill updates, legal changes, market adaptation, product updates, governance changes, AI model replacement, fallback updates, values clarification, and cockpit updates.

An update must not silently change the purpose or values of the local community.

Minimum requirement

Company as Product updates must have change governance and local review for critical changes.

28. Company as Product and metrics

Company as Product may measure business performance, customer value, support signals, AI cost, AI dependency, human capability, maintenance health, source of truth freshness, security incidents, feedback conversion, local adaptation quality, ghost company risk, and values alignment.

Metrics must not drive local optimization against values.

Minimum requirement

Company as Product metrics must be connected to purpose, values, resilience, and customer or community impact.

29. Company as Product lifecycle

AIFC recommends this lifecycle:

concept
-> modelled
-> validated
-> secured
-> packaged
-> deployed
-> operated
-> reviewed
-> updated
-> retired

Concept

The idea of a company as product appears.

Modelled

The operating model is described.

Validated

Meaning, value, and risks are validated.

Secured

Operational DNA, IP, AI access, and data are protected.

Packaged

A product package is created.

Deployed

The product is deployed in a community.

Operated

Operation takes place.

Reviewed

Retrospective and governance review take place.

Updated

The model is updated.

Retired

The product or instance is retired.

Minimum requirement

Company as Product must have a lifecycle status and owner.

30. Company as Product package

AIFC recommends that a Company as Product package include:

purpose and values package
operating model
source of truth structure
workflow library
role model
human skills
AI skills
agent permissions
Human Cockpit configuration
security model
data classification policy
access control model
audit policy
feedback loop
maintenance model
support model
AI capacity model
AI operating modes
fallback model
deployment guide
local adaptation guide
exit strategy

Not every product must have everything at the same depth, but critical areas must be covered.

Minimum requirement

The Company as Product package must include operating model, governance, security, human capability, and exit strategy.

31. AI role in Company as Product

AI may help create, maintain, and operate Company as Product.

It may analyze market gaps, propose operating models, create workflow drafts, propose roles, create templates, prepare skills, propose agents, prepare cockpit views, detect gaps, propose a security model, prepare deployment packages, summarize feedback, and propose updates.

AI must not own purpose, values, or responsibility.

Minimum requirement

AI-generated Company as Product artefacts must be reviewed by a responsible human or community role.

32. Anti-patterns

AIFC rejects the following anti-patterns.

32.1 Productized company without owner

The operating model is deployed, but accountability is unclear.

32.2 Company as Product as tool bundle

The product is only a bundle of tools without purpose, values, governance, and source of truth.

32.3 AI-only operating model

The company as product works only through AI agents without human skills and fallback.

32.4 Ghost AI company

A company facade appears without a truly accountable community.

32.5 Operational DNA exposed

The product contains critical know-how but is not protected.

32.6 Vendor lock-in by design

The customer cannot export source of truth, skills, audit logs, or workflows.

32.7 Local values ignored

The product is deployed without adaptation to local values, law, people, and context.

32.8 Updates override local responsibility

The provider updates the model in a way that changes critical rules without local review.

32.9 Metrics optimize facade

Metrics optimize the impression of performance rather than real value and responsibility.

32.10 No AI-off mode

The company as product stops working if the AI vendor, model, or token budget is unavailable.

32.11 IP unclear

Ownership of local adaptations, skills, data, derived knowledge, or agent workflows is unclear.

32.12 Cockpit without truth

The product has an attractive cockpit, but it is not connected to a governed source of truth.

33. Minimal requirements

AIFC Company as Product must at minimum:

  1. Have an explicit owner of purpose, accountability, values, governance, and Operational DNA.
  2. Distinguish productization of capability from an irresponsible company facade.
  3. Be usable by people, not only by AI agents.
  4. Not confuse tools with the operating model.
  5. Provide knowledge return, exportability, and exit strategy.
  6. Include delivery, support, maintenance, governance, security, and learning in the productized operating model.
  7. Have a versioned source of truth package or equivalent.
  8. Connect any Human Cockpit Layer to the source of truth.
  9. Give productized AI agents explicit permissions, boundaries, and a human ownership model.
  10. Include a human skill layer for critical capabilities.
  11. Have a governance model for changes, decisions, AI autonomy, security, and responsibility.
  12. Have a security model appropriate to the value of Operational DNA.
  13. Have a mechanism for feedback, update, and learning.
  14. Define AI intensity levels and fallback mode.
  15. Avoid deployment without local adaptation of purpose, values, legal context, and responsibility.
  16. Have a local owner responsible for purpose, values, governance, and impact.
  17. Explicitly identify which parts are Operational DNA.
  18. Have a clear IP and usage rights model.
  19. Have an exit strategy, exportability, and replacement path for critical components.
  20. Define critical workflows that must survive reduced-AI or AI-off mode.
  21. Contain a minimum human capability package.
  22. Have explicit human or community ownership and responsibility to prevent ghost AI company risk.
  23. Have public transparency rules for AI use, responsibility, and operator identity where relevant.
  24. Distinguish core model, local adaptation, and instance-specific Operational DNA in multi-instance operation.
  25. Govern updates through change governance and local review for critical changes.
  26. Connect metrics to purpose, values, resilience, and customer or community impact.
  27. Have a lifecycle status and owner.
  28. Include operating model, governance, security, human capability, and exit strategy in the package.
  29. Ensure AI-generated artefacts are reviewed by a responsible role.

34. Summary

Company as Product is one of the strongest implications of AIFC.

If a company can be described as a system, part of its operating model can be productized.

This may enable faster company creation, better know-how transfer, licensing of operating models, AI-assisted deployment, higher operating quality, faster learning, and new forms of business.

The same power may also create ghost AI companies, loss of responsibility, vendor lock-in, Operational DNA leakage, AI dependency, and company facades without real communities.

AIFC therefore states:

A company operating model may be productized.
A company's responsibility must not be.

Company as Product is acceptable when it remains clear who owns purpose, who protects values, who is accountable for impact, and how the company operates even when AI is limited or unavailable.

Company as Product turns an operating model into a reusable product without removing human responsibility.