This chapter argues that the AI value gap is a trust deficit, and that closing it requires treating digital trust as an architected, verifiable system property rather than a narrative claim. Despite accelerating investment in artificial intelligence, enterprises continue to struggle to convert technical capability into sustained organisational and societal value. The published source paper [Glinz, 2026] establishes that this disparity, widely described as the AI value gap, is fundamentally a trust deficit rather than a technical shortcoming. The present chapter answers the central research question: what architecture engenders and sustains justifiable digital trust in AI systems?

Methodologically, the chapter applies Grounded-Theory Design Science (GTDS), a hybrid approach proposed here that combines Hevner et al.’s Design Science Research with Wolfswinkel, Furtmueller and Wilderom’s grounded-theory literature review, applied to a corpus of 34 primary sources spanning seven disciplines and the period 1964–2025. The chapter contributes a Multi-Level Digital Trust Framework, operationalised through 10 constructs and 127 trust cues, prescribing five design principles: Layered Architecture, Forward-Looking Trust, Productive Friction, Paradox Management, and Ecosystem Integration. The framework integrates four interdependent layers, Agency, Engineering, Governance, and Institutional, and is illustrated through documented trust phenomena, including the Swiss e-ID referendum, the Coca-Cola and Apple AI marketing contrast, and the Deloitte Australia incident. Closing the AI value gap requires making authenticity, reliability, transparency, and accountability demonstrable across all layers of the digital ecosystem, thereby converting digital trust from a reputational property into a verifiable system attribute.

The contemporary expansion of artificial intelligence presents a paradoxical dynamic: while investment and deployment accelerate, value realisation remains elusive. Organisations across sectors have embraced generative AI, predictive analytics, and autonomous systems as strategic imperatives. Infrastructure spending has risen sharply, and enterprise roadmaps increasingly position AI-driven transformation at their core. However, AI’s contribution to productivity remains ambiguous. Economic analyses indicate that AI’s short-term impact is primarily infrastructural rather than productive, and that sustainable gains will likely lag initial adoption by several years [1]. This pattern resembles earlier waves of general-purpose technologies, in which infrastructure investment preceded productivity gains by a significant margin [2].

AI differs from previous technological waves in one crucial respect: it reshapes the distribution of trust in digital environments. Industry analysts observe that although early signs of a market correction appear, product leaders should recognise this as a regular part of the technology adoption life cycle rather than a crisis [3]. In the Swiss financial sector, the most significant barriers to scaling AI beyond prototype stages stem from concerns about data quality, data privacy, and regulatory compliance [4]. These barriers consistently outweigh challenges associated with business-case validation or technical readiness. Organisational resistance plays a comparatively minor role, suggesting that the primary obstacles to AI value realisation are rooted in trust and governance rather than in willingness to adopt.

Evidence increasingly suggests that trust is the primary determinant of whether AI can deliver sustainable value. The World Economic Forum emphasises that digital trust arises when technologies and organisations reliably uphold societal expectations for security, privacy, fairness, transparency, and accountability [5]. When these expectations are violated by governance failures, disinformation, or insensitive automation, trust collapses. Adoption then decelerates. A recurring pattern in contemporary AI adoption is that trust failures overshadow technical capability, converting potential value into liability.

Consider the Deloitte Australia incident of 2025: an AI-generated government report contained fabricated citations and invented court cases with no basis in reality [6]. When external reviewers uncovered these errors, Deloitte provided a partial refund to the Australian government, and the episode significantly damaged public confidence in both AI use and institutional responsibility. This case reveals the fragility of trust when AI systems lack robust oversight. Even technically sophisticated organisations with strong reputations can fail catastrophically if governance does not keep pace with technical capability.

The Deloitte Australia incident is not unusual; it is representative. Across sectors, organisations report similar patterns: AI deployments that perform technically well in pilot conditions encounter trust failures the moment they meet customer-facing, regulator-facing, or public-facing scrutiny. The trust failures are not always dramatic. More often they manifest as slow attrition of usage, quiet retreat from announced AI features, or strategic pivots described as ‘product maturation’ but driven in fact by trust erosion that organisations were not architected to detect or repair. The aggregate effect of these many small failures is the AI value gap: investment continues to rise, but value realisation lags by margins that are difficult to attribute to any single cause and that resist correction by any single intervention.

This chapter approaches the AI value gap from a position rather than from a survey. Surveys of the AI value gap are abundant in the practitioner literature [3], [30], and they catalogue many of the same symptoms the chapter discusses. What is missing from those surveys is an architectural diagnosis: a structured account of why the symptoms cohere, why they prove resistant to standard interventions, and what kind of architectural response could plausibly close the gap. The chapter’s contribution – the Multi-Level Digital Trust Framework – is precisely such an architectural diagnosis, derived through a hybrid Grounded-Theory Design Science methodology that combines the artefact-orientation of design science research with the evidential rigour of grounded theory.

This chapter advances a single, sharply stated position: the AI value gap is a trust deficit, and closing it requires treating digital trust as an architected, verifiable system property rather than a narrative claim. The position picks a side against three influential alternatives. It rejects the productivity-only diagnosis, which treats the value gap as a matter of efficiency or scale. It rejects the marketing-and-communications view, which treats trust as a matter of message and reputation. And it rejects the compliance-only response, which treats trust as discharged once regulatory obligations are met. Each of these alternatives captures something real but misses the structural feature of digital trust under AI: trust formation now operates simultaneously across human perception, technical infrastructure, organisational practice, and institutional legitimacy, and a failure at any one of these levels cannot be repaired by excellence at another.

Treating trust as an architected, verifiable property has three concrete implications that the chapter develops in subsequent sections. First, architected implies structural separation of concerns: the layers of digital trust must be designed and reasoned about independently, with explicit interfaces between them. Second, verifiable implies that trust claims must be cryptographically or procedurally demonstrable, not merely asserted. Third, system property implies that trust is an emergent characteristic of the architecture as a whole, not the output of any single component. Each implication shapes a design move developed later in the chapter.

The thesis commits the chapter to a specific architectural question:

Three terms in this question carry argumentative weight. Engender addresses initial trust formation; sustain addresses temporal maintenance of trust under conditions of change. The pairing rules out static ‘snapshot’ approaches to trust assurance. Justifiable rules out trust earned through manipulation, marketing, or compliance theatre; the chapter is concerned with warranted trust grounded in verifiable system properties. AI systems sets the scope: socio-technical systems incorporating probabilistic, adaptive, and emergent behaviours, distinct from the deterministic systems for which classical governance and assurance frameworks were developed.

This chapter contributes a Multi-Level Digital Trust Framework, operationalised through 10 constructs and 127 trust cues, prescribing five design principles. The framework integrates four interdependent layers – Agency, Engineering, Governance, and Institutional – and arrives in Section 4 as the architectural answer to the research question. The five design principles – Layered Architecture, Forward-Looking Trust, Productive Friction, Paradox Management, and Ecosystem Integration – are derived from the framework in Section 5. The framework’s explanatory adequacy is exhibited through three documented trust phenomena: the Swiss e-ID referendum, the Coca-Cola and Apple AI marketing contrast, and the Deloitte Australia incident. These cases function as illustrations of the framework’s descriptive vocabulary, not as empirical validation; full validation across diverse deployment contexts is identified as future work.

The contribution is therefore singular and architectural in nature. It is not a survey, an empirical study, or a maturity assessment. It is a prescriptive knowledge artefact – in the design science sense [7] – intended to provide architecturally grounded, methodologically rigorous, and practically actionable guidance for designing AI systems that warrant trust.

The chapter follows the section structure of the published source paper [Glinz, 2026] and proceeds as follows. Section 2 introduces the Grounded-Theory Design Science (GTDS) methodology, including its scholarly defence as a hybrid method. Section 3 develops the structural diagnosis of the digital trust gap, including three structural paradoxes specific to AI – the AI Authorship Effect, the AI Intimacy Paradox, and the Agency Paradox – and seven structural mechanisms underlying the persistence of the value gap. Section 4 presents the Multi-Level Digital Trust Framework, walking each of its four layers in turn. Section 5 derives five design principles from the framework. Section 6 examines the digital trust infrastructure required to operationalise the framework. Section 7 discusses contributions, practical implications, and limitations. Section 8 concludes.

This chapter applies Grounded-Theory Design Science (GTDS), which the author proposes as a named hybrid of two established research traditions. Design Science Research [7] provides the epistemic stance: the work produces prescriptive knowledge artefacts – frameworks, principles, and operationalised taxonomies – intended to address practical problems while advancing theoretical understanding. Grounded-theory literature review [20] provides the evidence-extraction technique: the three-phase coding procedure of Strauss and Corbin [19] applied to a defined interdisciplinary corpus rather than to interview data. The integration step – systematic pattern analysis across the coded literature – produces the framework as the chapter’s central artefact, from which design principles are derived.

The combination is consequential, not cosmetic. Standard Design Science Research informs artefact design through case studies, surveys, or expert interviews; the resulting artefacts inherit the perspectival limits of those data sources. Grounded-theory literature review, applied alone, produces categories and constructs but lacks DSR’s commitment to a deliverable artefact. GTDS combines the two deliberately: the DSR stance constrains the coding toward constructs that can be operationalised, while the coding rigour constrains the artefact toward grounding in established literature rather than expert intuition. The result is a framework that is simultaneously prescriptive (DSR’s contribution) and evidentially grounded (grounded theory’s contribution). To the author’s knowledge, this combination has not previously been named as a method, although Action Design Research [Sein et al., 2011] offers a structurally analogous precedent in which DSR is hybridised with another established research tradition.

The remainder of this section describes GTDS in three subsections, mirroring the methodology of the published paper [Glinz, 2026]. Section 2.1 sets out the design-science stance and the four cycles through which the work iterated. Section 2.2 describes the corpus and the three-phase coding procedure, and reports the saturation point reached during analysis. Section 2.3 describes the framework synthesis step – how the coded categories were integrated into the four-layer architecture and how the five design principles were derived from it.

A note on the methodological choice. The decision to combine DSR with grounded-theory literature review, rather than to use either method in isolation, was driven by two empirical observations during early problem identification. First, no single existing trust framework integrated the four levels at which trust phenomena were observed (perceptual, technical, organisational, institutional); the framework had to be constructed, not selected. Second, the existing literature on digital trust was sufficiently mature to support derivation of constructs through coding, but sufficiently fragmented across disciplines that a corpus-based approach was needed rather than a domain-bounded review. Pure DSR could not have produced the construct grounding the framework requires; pure grounded theory could not have produced the prescriptive artefact the practical problem demands. The hybrid was therefore not a methodological flourish but a response to the structure of the problem and the state of the literature.

Design Science Research [7] is appropriate for developing prescriptive knowledge artefacts that address practical problems while advancing theoretical understanding. DSR proceeds through iterative cycles of problem identification, solution design, demonstration, and evaluation, ensuring that artefacts are simultaneously rigorously grounded in theory and practically relevant to stakeholders.

The work iterated through four cycles. The first identified the problem space – the persistent gap between AI investment and value realisation, and the convergence of trust failures across diverse deployment contexts. The second designed the framework architecture by theoretical synthesis: established constructs from systems theory [9], agency theory [16], resilience engineering [17], and sociotechnical systems research [18] were integrated through pattern analysis to identify recurring themes of human agency, technical verifiability, organisational adaptation, and institutional legitimacy. The third cycle operationalised the framework as a multi-level classification scheme of constructs and cues, using the grounded-theory literature review described in Section 2.2. The fourth cycle evaluated framework validity using three complementary criteria: theoretical grounding (alignment with established constructs in foundational literature), internal consistency (coherence across layers and principles, with no logical contradictions), and practical applicability (explanatory adequacy in real-world cases). The framework was iteratively refined through case analysis to ensure it could account for observed trust phenomena across diverse contexts.

Each evaluation criterion deserves a brief expansion. Theoretical grounding requires that every construct in the framework can be traced to an established literature, and that interpretations of those constructs do not contradict their established usage. Internal consistency requires that the four layers do not overlap in ways that would make their architectural separation meaningless, and that the five principles do not contradict each other when applied in combination. Practical applicability requires that the framework can describe documented trust phenomena in terms that practitioners would recognise as accurate and that the framework’s prescriptions could be implemented without further architectural invention. The three criteria are independent: a framework can be theoretically grounded yet internally inconsistent, internally consistent yet practically inapplicable, or practically applicable yet theoretically ungrounded. The framework presented in Section 4 satisfies all three by construction, though as Section 7.3 acknowledges, full empirical validation across diverse deployment contexts remains future work.

A further DSR commitment shapes the framework’s presentation. DSR artefacts must be communicable: a framework that can be understood only by its designer fails one of design science’s core requirements [7]. The chapter therefore emphasises architectural diagrams (the iceberg metaphor in Fig. 1), tabular summaries (Table 1 of the design principles), and worked examples (the Swiss e-ID, Coca-Cola/Apple, and Deloitte Australia cases) alongside the formal exposition. Each of these communication devices is itself part of the artefact, not auxiliary to it.

The framework’s four layers were operationalised as a multi-level classification scheme of 10 constructs and 127 trust cues. The operationalisation applied a grounded-theory literature review [20] adapting the three-phase coding procedure of Strauss and Corbin [19] to a defined literature corpus rather than to primary empirical data. The corpus comprised 34 primary sources spanning seven disciplines: organisational psychology, information systems, economics, AI governance and ethics, human-computer interaction, complexity science and resilience engineering, and legal and regulatory studies. Sources spanned 1964–2025 and included peer-reviewed articles, government frameworks, and industry reports. This multi-source approach ensured coverage of both foundational theoretical constructs and current implementation challenges.

The corpus was coded through three sequential phases. Open coding extracted approximately 250 trust-related concepts as initial in-vivo codes, attached directly to passages of source material. Axial coding consolidated these concepts into 15 emergent categories using the coding paradigm of conditions, actions-interactions, and consequences. Selective coding integrated the categories around the core category of digital trust formation, producing the 10 constructs and 127 cues that operationalise the framework. A conceptual coverage plateau – in grounded-theory terms, theoretical saturation – was reached at source 25 of 34, after which no new categories emerged from the remaining sources; the nine further sources enriched existing categories without producing new ones. This early saturation indicates that the corpus provided sufficient breadth to support the framework’s claims, though it does not by itself establish empirical validation. The complete coding audit trail, source-by-category traceability, constant comparison protocol, and saturation analysis are published as a companion technical report [21].

Three methodological choices in the coding phase merit explicit mention. First, the coding unit was the conceptual claim rather than the textual passage. A single passage frequently produced multiple in-vivo codes when distinct claims were embedded in its argument; conversely, a single claim recurring across multiple sources was coded once, with cross-source references retained for traceability. Second, axial coding used the Strauss-Corbin paradigm explicitly rather than emergent thematic coding: each category was anchored to specific conditions under which the trust phenomenon arose, the actions or interactions through which it operated, and the consequences it produced for trust formation. Third, selective coding adopted digital trust formation as the core category, with all 15 axial categories integrated as either antecedents (institution-based and dispositional structures), processes (cognitive and affective trust formation), or consequences (trusting beliefs, intentions, and behaviours). This integration directly informed the framework’s above-the-waterline / below-the-waterline distinction (Section 4).

Constant comparison was applied throughout. Each new source was coded against existing categories before adjustments to the category structure were considered. Where a source produced data that did not fit cleanly into an existing category, the choice was between extending the category boundary, refining the category definition, or introducing a new category. New categories were introduced only when the data could not be accommodated by extension or refinement. This conservative approach to category proliferation supports the saturation claim: by source 25, the existing 15 categories absorbed all incoming concepts without modification, and the remaining nine sources confirmed but did not expand the category structure. The saturation point is reported as a methodological fact rather than a validation claim; it indicates internal coherence of the coding process, not external validity of the resulting framework.

The synthesis step integrates the coded categories into the four-layer architecture and derives the five design principles from it. The four layers – Agency, Engineering, Governance, Institutional – emerged from pattern analysis across the coded corpus as the smallest set of strata required to account for the observed trust phenomena without collapsing distinct mechanisms into a single category. Each layer hosts a subset of the 10 constructs and corresponding cues; the constructs are linked across layers by explicit interface relationships, which the framework treats as architecturally significant rather than incidental.

Five design principles were derived through analysis of the framework’s implications for practice, ensuring that each principle addresses specific layer interactions and corresponds to documented trust failures observed in real-world AI deployments. The principles are ordered by implementation priority: Layered Architecture (foundational), Forward-Looking Trust (critical), Productive Friction (high), Paradox Management (ongoing), and Ecosystem Integration (strategic). This ordering reflects the sequence in which an organisation should establish the principles to make trust an architected property of its AI systems. Sections 4 and 5 develop the framework and its principles respectively.

The synthesis logic followed three constraints. First, every layer had to be necessary in the sense that removing it would leave a class of trust phenomena unexplained by the remaining layers. Agency cannot be explained from Engineering; Engineering cannot be explained from Governance; Governance cannot be explained from Institutional. The four-layer decomposition is the smallest set that satisfies this necessity criterion against the coded data. Second, every layer had to be sufficient in combination: the four layers together had to be able to account for every documented trust phenomenon in the corpus. The case-driven evaluation in Section 7 addresses this sufficiency claim by exhibiting the framework’s explanatory adequacy across three diverse cases. Third, the principles had to be distinct: each principle had to address an interaction or property the others did not address. Layered Architecture addresses structural separation of concerns; Forward-Looking Trust addresses temporality; Productive Friction addresses the calibration of trust-relevant signals; Paradox Management addresses tensions that resist resolution; Ecosystem Integration addresses cross-organisational dependencies. Distinctness was tested by attempting to subsume each principle under another and rejecting subsumption only when the resulting collapse would erase a documented trust phenomenon.

The methodology produced one further architectural feature deserving methodological note: the framework’s explicit recognition of trust formation that operates below the waterline (Section 4). This feature emerged from the coding rather than from theoretical synthesis. When axial coding consolidated cognitive and affective trust constructs from sources spanning psychology, behavioural economics, and consumer research, it became apparent that a substantial part of trust formation operates through cognitive structures that organisations cannot directly intervene upon. The above-the-waterline / below-the-waterline distinction is therefore a finding of the GTDS process, not a presupposition. It captures a structural fact about digital trust that any prescriptive framework must accommodate, and it shapes the responsibilities the framework assigns to each layer.

The digital environment has become increasingly exposed to advanced forms of fraud, identity manipulation, and content forgery enabled by generative AI. According to Entrust’s 2026 Identity Fraud Report, deepfakes account for approximately 20% of biometric fraud attempts worldwide, reflecting their growing role as a scalable attack vector in identity verification systems [22]. National identity cards were the most frequently targeted document type. Combined with the report’s findings on the growing use of generative AI in digital document forgery, this suggests a shift in AI-enabled abuse toward foundational identity infrastructure.

This accelerating threat surface reshapes the nature of institutional credibility. Where organisations and governments once operated in an environment in which identity, documentation, and audiovisual evidence could be reliably trusted by default, they now face a world in which any artefact – a face, a voice, a signature, or a credential – may be forged with minimal effort. This erosion of evidentiary integrity increases the cognitive load on individuals and the administrative burden on organisations, which must implement increasingly sophisticated verification processes for interactions previously taken for granted.

The implications reach far beyond fraud prevention or cybersecurity. When identity becomes an unreliable signal, the foundational assumptions of digital interaction are destabilised. Trust becomes expensive: costly to establish, costly to maintain, and costly to repair after breaches. High-trust societies and industries – particularly those reliant on credential verification in healthcare, finance, and government – now confront an environment in which fraud and disinformation scale faster than traditional verification methods can keep pace. AI-generated disinformation compounds this challenge. The proliferation of hyper-realistic synthetic media blurs the boundary between truth and fiction, eroding public trust in institutions, journalism, and democratic processes. In an AI-mediated world, the erosion accelerates as manipulative content becomes easier to generate and harder to detect.

Against this backdrop, organisations face not only technical risks but also reputational and societal risks. When AI-generated fraud exploits institutional weaknesses, the public often questions not only the bad actor but the institution that failed to prevent the manipulation. The structural diagnosis developed in the remainder of this section therefore does double work: it documents the trust phenomena the framework must address, and it establishes the architectural reasoning for why a layered, verifiable, and ecosystem-integrated response is required.

Three structural paradoxes characterise AI trust specifically and motivate the chapter’s architectural response. None of the three is a bug amenable to technical correction. Each represents a structural feature of human–AI interaction that persists regardless of model accuracy or interface polish. Section 3.1 develops the AI Authorship Effect; Section 3.2 the AI Intimacy Paradox; Section 3.3 the Agency Paradox. Section 3.4 then enumerates the seven structural mechanisms through which the value gap continues to widen.

Consumer trust in AI-mediated interactions has begun to erode measurably. In surveys conducted across the US, UK, and Germany, only approximately one-fifth of consumers express trust in companies that use AI technologies, and similar proportions trust AI systems more generally [23]. Research by Kirk and Givi demonstrates the AI Authorship Effect: disclosing AI authorship significantly reduces perceived credibility, emotional resonance, and authenticity [24]. Controlled experiments show that when identical content is labelled ‘AI-generated’ rather than ‘human-made,’ consumers consistently rate it as less trustworthy, less persuasive, and less emotionally engaging. The effect persists even when content quality is objectively identical, indicating that trust erosion reflects cognitive interpretation of authorship attribution rather than content assessment.

The psychological mechanism underlying this effect is rooted in perceptions of authenticity and relational intent. When individuals perceive emotional or relational communication as automated, they interpret the message as insincere or morally hollow regardless of its informational content. Trust becomes entangled with the symbolic meaning of human authorship: perceived craftsmanship, emotional care, creative labour, and moral accountability. AI authorship, by contrast, signals potential manipulation, cost optimisation at the expense of relationship quality, or organisational indifference to genuine human connection.

Real-world evidence reinforces these experimental findings. Coca-Cola’s 2024 AI-driven holiday campaign was criticised as ‘soulless,’ visually inconsistent, and aesthetically disjointed despite substantial production budgets [25]. The explicit celebration of AI authorship, intended as a brand statement demonstrating innovation leadership, instead sparked significant backlash, including calls for an organised boycott. In stark contrast, Apple’s 2025 introduction sequence for Apple TV+ showcased the physical, handcrafted process of creating the logo animation, deliberately highlighting human skill and tangible artistry [26]. The campaign received widespread praise and favourable media coverage. The contrast illustrates that authorship functions as a powerful symbolic signal: human authorship communicates care, creativity, and accountability, whereas AI authorship may be interpreted as cost-cutting, emotional detachment, or organisational distance from customer relationships.

The magnitude of the AI Authorship Effect varies across cultures and demographic groups. Trust in AI is significantly higher in China, where technological optimism and narratives of collective progress are more common, while Western audiences tend to approach AI with greater suspicion driven by concerns about privacy, manipulation, and the loss of human agency [48]. Age also plays a role: while younger generations more easily identify AI-generated content, disclosure still reduces their trust and engagement, contradicting the common assumption that younger users are inherently comfortable with AI mediation. The cross-cultural and generational variation underscores a critical insight that the framework formalises through Paradox Management (Section 5.4): trust in AI is not monolithic, and design responses must navigate values, norms, social narratives, and individual expectations simultaneously, rather than seeking a single optimum that applies uniformly across populations.

Generative AI intensifies the classical privacy paradox by fundamentally altering the psychological context of personal disclosure. In its traditional formulation, the privacy paradox reflects a mismatch between normative preferences and behavioural practices. Individuals express strong preferences for data protection, minimal tracking, and autonomy over personal information, yet their digital actions often suggest indifference or resignation [27]. Large language models and conversational assistants are designed to appear patient, responsive, non-judgemental, and continuously available. Their dialogue patterns mimic empathic human interaction with remarkable fidelity, giving users the impression of being heard, understood, and emotionally supported. As Turkle observes, AI systems create a compelling ‘illusion of dialogue’ that lowers psychological barriers and encourages more spontaneous self-disclosure than users would engage in with traditional digital interfaces or even human interlocutors [28].

This artificial sense of intimacy leads individuals to disclose personal, sensitive, or emotionally charged information without fully realising the implications for their privacy. The interface feels private and confidential, even though the underlying model processes, stores, analyses, and learns from input data at a massive scale across millions of users. The AI Intimacy Paradox arises from this dual dynamic: people disclose more because interactions feel emotionally safe and attentively responsive, while simultaneously distrusting the organisations that operate these systems when asked directly about their data practices. This gap between perceived relational safety and actual informational risk creates a systemic vulnerability that is likely to grow as commercial pressures push free AI tools toward advertising-driven business models, in which conversational data becomes a resource for behavioural analytics and targeted marketing.

The AI Intimacy Paradox has direct implications for the framework’s prescriptive output. It suggests that privacy-by-design approaches must be more aggressive in AI contexts than in traditional digital systems, since users’ stated preferences for privacy diverge sharply from their behavioural patterns when interacting with conversational AI. Default minimisation of data collection, ephemeral conversation handling, and explicit opt-in for any retention beyond the immediate conversation become architectural requirements rather than optional protections. The Productive Friction principle (Section 5.3) applies here: a brief, calibrated interruption at the moment a user discloses sensitive information – a confirmation, a contextual reminder of the disclosure’s implications, an explicit choice about retention – provides a structural counterweight to the relational safety the interface produces. Without such friction, the AI Intimacy Paradox is left unmoderated, and the disclosure asymmetry continues to widen.

As AI systems become more capable across cognitive domains, individuals increasingly delegate complex tasks – writing, decision-making, reasoning, problem-solving – to automation. This cognitive offloading produces a fundamental agency paradox. Users actively seek relief from cognitive complexity and information overload; AI systems provide frictionless experiences, intuitive responses, and rapid assistance that genuinely improve productivity. However, people experience significant discomfort when AI overtakes tasks central to personal identity, creativity, professional judgement, or moral reasoning. As Nowotny observes, AI allows us to see further ahead, but if we start to believe that the future is the only possible future, we risk closing down other options [29].

The Agency Paradox is structural and persistent. The features that make AI attractive for adoption simultaneously contribute to its perceived threat when examined through the lens of human autonomy, professional identity, and self-determination. This tension cannot be resolved through technical means alone. It requires careful design attention to the boundaries between augmentation and replacement – a distinction the framework operationalises later through the Productive Friction principle (Section 5.3) and through the Agency Layer’s emphasis on preserving meaningful human ownership of identity-relevant decisions (Section 4.1).

The Agency Paradox interacts with cognitive concerns that deserve explicit acknowledgement. Frictionless AI experiences are not neutral with respect to cognition: they shape what tasks users perform, which capacities they exercise, and which they let atrophy. Excessive cognitive offloading risks gradual deskilling in domains where professional judgement matters – medical diagnosis, legal reasoning, engineering design – because the act of forming and defending a judgement is itself the mechanism through which professional capability is maintained. The framework does not prescribe a particular balance between augmentation and replacement; it requires that the balance be designed deliberately rather than left to emerge from product optimisation against engagement metrics. Trust-centric design at the Agency Layer therefore includes explicit treatment of cognitive consequence, not only of cue legibility.

Beyond the three paradoxes, analysis identifies seven structural mechanisms underlying the persistent AI value gap. Each mechanism reflects a different misalignment between current organisational, regulatory, or epistemic practice and the demands of AI as a probabilistic and emergent technology. Together, they explain why technical capability alone cannot close the gap and why an architectural response is required.

Three of the seven mechanisms (Governance–AI Mismatch, Investment–ROI Gap, Compliance–Trust Gap) operate primarily at the organisational and institutional levels and are addressed by the Governance and Institutional Layers of the framework. Two (Research–Practice Gap, Principle–Action Gap) are addressed by the Engineering Layer’s emphasis on operationalised, evidence-producing controls. The remaining two (Quality Paradox, Flooding Problem) operate at the Agency Layer and are addressed through provenance infrastructure and authorship cues developed in Sections 4 and 6. The mapping is not coincidental: the framework was designed precisely to provide architectural responses to each documented mechanism, and the five design principles in Section 5 follow directly from this mapping.

The seven mechanisms also exhibit significant cross-mechanism coupling. The Governance–AI Mismatch reinforces the Investment–ROI Gap, because deployments that cannot pass governance review do not move into production. The Compliance–Trust Gap reinforces the Principle–Action Gap, because organisations that conflate compliance with trust have weaker incentives to operationalise their stated principles. The Quality Paradox and the Flooding Problem reinforce one another at the Agency Layer: as AI content overproduces the ecosystem, individual high-quality AI artefacts become harder to distinguish from low-quality ones, eroding the perceived value of all AI-generated content. These couplings explain why isolated interventions – better fairness metrics here, sharper policies there – typically fail to close the value gap. Closing the gap requires architectural action across all four layers, applied in concert.

Together, the three paradoxes (Sections 3.1–3.3) and the seven mechanisms (Section 3.4) constitute the structural diagnosis the chapter’s framework must respond to. They establish two architectural requirements. First, any closing of the AI value gap must operate across multiple levels simultaneously, since the paradoxes are Agency-Layer phenomena while the mechanisms span Engineering, Governance, and Institutional Layers. Second, any response must be sustained over time rather than enacted as a one-time intervention, since the underlying dynamics persist regardless of model improvements or policy updates. The framework introduced in Section 4 satisfies both requirements by structural design.

Trust is not generated through any single mechanism. It arises from the complex interaction of human perception, technical architectures, organisational safeguards, and institutional infrastructures operating in concert. The constructs within each layer are derived from grounded-theory coding of the 34-source interdisciplinary corpus described in Section 2; the full derivation methodology and cue taxonomy are documented in the companion technical report [21]. The capacity of AI systems to create organisational and societal value depends fundamentally on establishing and maintaining trust. While technical performance determines what AI systems can do, trust determines whether people are willing to accept, adopt, rely upon, and advocate for them in consequential contexts [31].

The proposed Multi-Level Digital Trust Framework integrates four interdependent layers: Agency, Engineering, Governance, and Institutional. Trust-centric design sits at the intersection of these layers, translating structural guarantees and architectural properties into meaningful user experiences that engender warranted confidence. Human experience is the most immediate and perceptually salient mechanism that determines digital trust. Individuals assess a system’s trustworthiness by interpreting the signals it presents. The reliability of such assessments depends on the relevance and perceptibility of the signals presented, as well as on how individuals interpret and integrate these cues when forming a trust judgement [15].

The four-layer architecture is a deliberate response to the structural diagnosis developed in Section 3. Each layer addresses a distinct class of trust phenomenon that the diagnosis surfaced. The Agency Layer addresses the perceptual and relational dynamics that drive the AI Authorship Effect, the AI Intimacy Paradox, and the Agency Paradox. The Engineering Layer addresses the technical infrastructure required to convert trust claims into verifiable system properties, responding directly to the Research–Practice Gap and Principle–Action Gap. The Governance Layer addresses the organisational practice of operating AI responsibly under conditions of emergent behaviour and rapid capability evolution, responding to the Governance–AI Mismatch and Investment–ROI Gap. The Institutional Layer addresses the regulatory, standards-based, and societal scaffolding within which organisational practice occurs, responding to the Compliance–Trust Gap and to the structural conditions under which the Quality Paradox and the Flooding Problem operate. The architecture is therefore not arbitrary; each layer answers to a documented class of trust failure that the structural diagnosis identified.

The framework adopts an iceberg metaphor (Fig. 5) to capture an important architectural distinction. Trust cues that an organisation deliberately exposes to signal trustworthiness – brand, disclosures, terms of service, marketing communications – sit above the waterline and are typically visible and directly actionable at the organisational level. However, trust formation is also substantially shaped by underlying cognitive structures – disposition to trust, institution-based beliefs, prior experiences – that are not directly accessible to organisational intervention. Within the metaphor, these constructs reside below the waterline. Designing only above the waterline is exactly how an organisation builds a technically excellent system that fails in a public referendum or a customer trust survey: the surface signals are managed; the structural and cognitive conditions are not.

The waterline is a finding, not a presupposition. As described in Section 2.3, the distinction emerged from the grounded-theory coding when categories drawn from psychology and behavioural economics consolidated into a class of constructs that organisations could not directly modify. These below-the-waterline constructs do not behave like the above-the-waterline cues that organisations deliberately design. They accumulate over time, are shaped by societal and institutional context, and respond to organisational action only indirectly and slowly. Trust frameworks that ignore this distinction overestimate the leverage organisations have over user trust and underestimate the durability of trust deficits once they are established. The framework treats the waterline as architecturally significant: above-the-waterline interventions cannot succeed without sustained alignment with below-the-waterline conditions, and below-the-waterline conditions cannot be directly engineered, only respected and earned.

The Agency Layer encompasses psychological and relational processes through which humans interpret signals of intention, benevolence, competence, and accountability in digital interactions. Agency refers to an actor’s perceived capacity to act intentionally, take responsibility for consequences, and align behaviour with social and moral norms [32]. Users instinctively evaluate digital systems through mental models developed for human-to-human interaction, looking for cues indicating whether the agent behind the system is competent, sincere, and genuinely acting in their interest [33]. When these cues are weak, ambiguous, or contradictory, trust declines regardless of objective technical performance.

Research demonstrates that individuals infer moral intention, sincerity, and authenticity from perceived human authorship, while AI-mediated communication is often judged as less authentic, less caring, and less accountable even when content quality is equivalent [24]. Trust erosion at the Agency Layer is fundamentally relational rather than technical: it reflects what authorship symbolises about intent, presence, normative alignment, and capacity for moral responsibility. Trust-centric design therefore requires intentional differentiation between tasks that can be safely automated without eroding trust and those that require explicit human ownership to maintain stakeholder confidence. Systems intended for sensitive, identity-relevant, or morally consequential decisions must incorporate meaningful human agency and maintain clear channels for accountability.

The Agency Layer also operates through what may be termed signal sensitivity. Users do not weight all trust signals equally; they attend to signals that match their cognitive priors about how trustworthy systems behave. A system that produces accurate output but communicates uncertainty poorly is, paradoxically, trusted less than a less accurate system that communicates uncertainty well – because the latter aligns with the cognitive prior that good systems acknowledge their limits. Schlicker et al.’s Trustworthiness Assessment Model [15] captures this dynamic in the distinction between cue relevance, cue perceptibility, and cue interpretation: trust depends not only on what cues exist but on whether users can perceive them and interpret them correctly. The Agency Layer therefore sets a constraint on the Engineering Layer: technical guarantees that cannot be perceived, or that are perceived in ways that misalign with their intended meaning, fail to engender warranted trust regardless of their technical adequacy.

Virtual communication channels intensify information asymmetries that have long been documented in traditional markets. In the digital economy, the risk of adverse behaviour by agents remains substantial because benevolent action is difficult to guarantee or monitor effectively. Agency theory [16] offers a useful frame for examining the relationships and interactions between trust giver and trust taker; trust can be modelled as an implicit contractual relationship in which the trust giver delegates to a trust taker under conditions of informational asymmetry. In this view, the implicit and trust-based contract serves as a stabilising mechanism that helps individuals manage uncertainty and form expectations about future behaviour.

From a cognitive science perspective, people rely on heuristics and social schemata when interpreting the behaviour of digital systems, evaluating them through mental models that evolved for human-to-human interactions [33]. When cues signalling benevolence, integrity, or competence are weak or ambiguous, trust declines regardless of technical performance. Trust-centric design therefore requires intentional differentiation between tasks that can be safely automated and tasks where explicit human ownership remains essential. Systems intended for sensitive, identity-relevant, or morally consequential decisions must incorporate meaningful human agency, provide opportunities for user control, and maintain channels for human accountability.

Historically, digital trust management has been delegated heavily to the Agency Layer alone, often to marketing, public relations, or communications teams. These functions are skilled in reputation framing but do not control the technical, operational, or governance systems that create or destroy trust. Treating trust as a communications function inevitably produces collapse the moment underlying system behaviour is revealed. Digital trust is fundamentally a systems property whose creation and maintenance span product development, data engineering, cybersecurity, risk management, legal compliance, and executive decision-making. It is, in this sense, a shared responsibility, not a communications function. Investments in digital trust capabilities should therefore be treated as strategic infrastructure, not as discretionary expenses.

The Engineering Layer conceptualises trust as a system property that must be measurable, auditable, and cryptographically verifiable rather than merely claimed or assumed. Technical trust is established through interrelated mechanisms including robust identity assurance, provenance tracking, cryptographic integrity guarantees, and adversarial evaluation. Resilience is achieved through architectural designs that ensure controlled degradation in the event of failure or attack while maintaining safety-critical guarantees. These mechanisms act as social adaptors (reducing uncertainty about system behaviour) and social protectors (preventing harm through technical constraints) [34]. Modern AI systems introduce distinctive failure modes, including hallucinations, distributional drift, prompt injection attacks, training data leakage, and bias amplification, requiring continuous evaluation throughout the system lifecycle rather than one-time certification [35].

Distributed digital ecosystems increasingly depend on decentralised trust infrastructures that provide cryptographically verifiable guarantees without requiring trust in any single intermediary. Self-Sovereign Identity (SSI) and verifiable credentials enable privacy-preserving identity exchange and selective disclosure of attributes [36]. Standards developed by the Coalition for Content Provenance and Authenticity (C2PA) enable content provenance by cryptographically binding metadata at the point of creation, supporting verification of origin and the presence of AI-mediated modifications [37]. Despite the flexibility of large neural models, many trust requirements – rule consistency, auditability, transparent reasoning – cannot be reliably ensured by probabilistic systems alone. This limitation has accelerated the adoption of hybrid AI architectures combining symbolic reasoning with generative components [38]. These hybrid approaches combine adaptability with predictability, providing the technical reliability demanded in high-stakes or regulated domains.

The Engineering Layer is also where evidence is produced. AI systems exhibit failure modes – hallucinations, drift, prompt injection, training-data leakage, bias amplification – that cannot be ruled out by static certification. Continuous evaluation pipelines, runtime monitoring, drift detection, anomaly detection, and bias audits convert assurance from a one-time procedural exercise into an ongoing technical capability. From the framework’s perspective, evidence produced at the Engineering Layer feeds the Governance Layer’s assurance triad (Section 4.3) and the Institutional Layer’s regulatory oversight (Section 4.4). The architectural separation matters: the Engineering Layer specifies what evidence is producible; the Governance Layer specifies how evidence is collected, retained, and reviewed; the Institutional Layer specifies what evidence is required and by whom. Without this separation, organisations conflate ‘we have monitoring’ with ‘we have governance,’ a category error the framework explicitly rules out.

A further engineering commitment concerns the choice of model architecture itself. Pure end-to-end neural systems offer flexibility but resist auditability; pure symbolic systems offer auditability but resist the empirical breadth needed for many AI applications. Hybrid AI architectures – combining symbolic reasoning, deterministic rule engines, verifiable credential flows, and knowledge graphs with generative components – offer a path between these alternatives [38]. From the framework’s perspective, hybrid architectures are not a methodological preference but an architectural commitment that follows from the Engineering Layer’s requirement for verifiable trust. In domains where regulatory or ethical constraints require specific behaviours to be guaranteed, the architectural choice cannot be left to optimisation against accuracy metrics alone; it must include the verifiability of the resulting system as a design constraint.

The Engineering Layer also depends on shared infrastructure that no single organisation can build alone. Decentralised Identifiers anchored in distributed ledgers, the Trust over IP stack, the C2PA provenance standards, and emerging Proof-of-Personhood protocols all require ecosystem-level adoption to function. An organisation that implements these standards in isolation gains few of their benefits, since the cryptographic guarantees become useful only when verifiable by counterparties who recognise the same standards. The Engineering Layer therefore connects directly to the Ecosystem Integration principle (Section 5.5): technical infrastructure choices have ecosystem-level consequences that the framework treats as architecturally significant rather than as deployment details.

The Governance Layer determines whether AI systems are operated responsibly, continuously monitored, and dynamically adapted to evolving risks and societal expectations. Traditional GRC structures assume stable processes, linear causality, and periodic oversight. These assumptions break down fundamentally in complex AI environments characterised by emergent behaviours, interconnected risks, and rapid capability evolution [18]. Modern governance must therefore be adaptive rather than purely prescriptive, sensing environmental changes and adjusting controls accordingly.

Research in complexity science, resilience engineering, and sociotechnical systems demonstrates that trustworthy organisations continuously monitor their environment for emerging risks, detect weak signals before they escalate into crises, coordinate effectively across functional boundaries, and dynamically update governance controls as conditions change [17]. Three governance capabilities are critical, and the framework treats them as a triad rather than as alternatives:

Each of these capabilities carries specific operational requirements. Adaptive Governance requires environmental sensing infrastructure: organisations must maintain awareness of regulatory developments, public expectations, and emerging risks, and they must be able to update internal policies and operational practices on shorter cycles than traditional governance allows. Many organisations attempt this through periodic policy reviews, but research in complexity science suggests that periodic review is structurally inadequate for environments characterised by rapid change [18]. Continuous policy maintenance, supported by environmental sensing pipelines, replaces periodic review as the operational form of Adaptive Governance.

Organisational Resilience requires investment in detection, recovery, and learning capabilities that organisations have historically treated as cost centres rather than as strategic infrastructure. The capacity to detect weak signals before they escalate, to coordinate effectively across functional boundaries during incident response, and to learn from near-misses without normalising them depends on organisational design choices that are not visible from a process-oriented governance perspective. The framework therefore treats Organisational Resilience as a structural requirement of the Governance Layer rather than as an outcome of effective process compliance.

Continuous Digital Assurance requires the evidence pipelines described in Section 4.2: runtime monitoring, drift detection, explainability instrumentation, automated compliance checks. These pipelines connect the Engineering Layer to the Governance Layer through a continuous flow of evidence that supports decision-making in real time rather than retrospectively. Without these pipelines, governance reverts to periodic audit, which cannot keep pace with AI systems whose behaviour evolves between audits. With these pipelines, governance gains the operational visibility required to act on emerging issues before they crystallise into trust failures. The framework treats these pipelines as architecturally essential rather than optional, and the Compliance–Trust Gap (Section 3.4) is directly addressed by their presence.

This triad replaces classical GRC for AI environments. Compliance-based governance cannot keep pace with AI systems whose behaviour evolves continuously; assurance-based governance can. The Governance Layer therefore operationalises trust by demonstrating that organisations act responsibly over time, providing users with evidence-grounded confidence that AI systems remain safe, fair, and accountable in changing conditions.

Several practical consequences follow from the move from compliance to assurance. First, governance must be linked to a measurable risk appetite that explicitly addresses AI-specific failure modes – hallucination thresholds, drift tolerances, fairness deltas – rather than relying solely on procedural review. Second, governance roles must be distributed across what is sometimes called the Three Lines model, but in a form adapted for AI: the first line owns operational evidence production; the second line owns model risk and assurance interpretation; the third line owns independent audit and external attestation. Third, governance must be evidence-driven: every consequential AI decision should leave an auditable trail that documents inputs, model state, confidence indicators, and human oversight actions. The framework’s position is that without these three operational consequences, the move from GRC to GRA remains rhetorical rather than architectural.

The Institutional Layer provides essential macro-level safeguards – legal frameworks, regulatory regimes, standards bodies, certification mechanisms, and public infrastructures – ensuring that trust does not rely solely on the good intentions of private organisations. Digital identity frameworks, AI safety regulations, and cross-border interoperability rules illustrate how institutions establish rights, obligations, and protections that transcend individual organisations. Recent regulatory developments indicate that governments increasingly regard digital trust as a public good that requires coordinated action rather than market self-regulation.

The eIDAS 2.0 regulation validates SSI and verifiable credentials at a political scale, establishing regulatory drivers for adoption and detailed technical requirements for interoperability [39]. The EU AI Act implements a comprehensive risk-based classification of AI systems according to their potential harm to fundamental rights, with obligations scaled to risk level [14]. FINMA’s 2024 guidance for Swiss financial institutions emphasises lifecycle risk assessment, robust data governance, and continuous monitoring as requirements for AI deployment [40].

These regulatory developments are not parallel and unrelated; they form an emerging institutional infrastructure for digital trust. eIDAS 2.0 establishes the identity substrate on which trust attestations can be built. The EU AI Act establishes the risk classification through which AI obligations are scaled. FINMA’s guidance and analogous national instruments establish the sector-specific assurance requirements that translate the high-level regulatory frame into operational practice. The Institutional Layer therefore does more than impose external constraints on organisations; it provides the regulatory and standards backbone that makes verifiable trust legible across organisations and across borders. Organisations that engage with these institutional structures gain more than compliance – they gain access to the trust signals that institutional legitimacy projects across the wider ecosystem.

Institutional trust must also be future-safe. The Swiss e-ID debates, in which technically sound and privacy-respecting systems were rejected because voters could not be sufficiently assured of future governance under different political conditions, demonstrated that public trust depends on credible protection against future misuse – a phenomenon termed ‘anticipatory distrust.’ Cross-national research confirms low public trust in AI and a clear mandate for robust governance [41]. Institutional legitimacy therefore requires safeguards that remain credible across political cycles, ownership changes, and technological evolution. The Forward-Looking Trust principle (Section 5.2) is the framework’s prescriptive response to this requirement.

The four layers do not operate independently; they interact, and trust failures most often occur at the interfaces between them. The framework treats these cross-layer dynamics as architecturally consequential. Three classes of interaction are particularly important. First, signal translation: cryptographic guarantees produced at the Engineering Layer must be translated into perceptible signals at the Agency Layer, or they remain inaccessible to the users whose trust they are meant to support. Second, evidence flow: assurance evidence produced by Engineering must flow into Governance for interpretation and from Governance into Institutional reporting; failures in this flow produce ‘evidence islands’ that satisfy local audits but fail under external scrutiny. Third, legitimacy projection: institutional safeguards must translate into organisational practice and ultimately into perceptible system behaviour, otherwise institutional legitimacy fails to engender warranted user trust. The five design principles in Section 5 are deliberately structured to address each class of interaction: Layered Architecture addresses structural separation; Forward-Looking Trust addresses temporal interactions across layers; Productive Friction and Paradox Management address Agency–Engineering interactions; Ecosystem Integration addresses Engineering–Institutional interactions across organisations.

The two cases also share a deeper structural feature: in each, the proximate cause of trust failure can be located in a single layer, but the underlying cause is the absence of architectural integration across layers. The Swiss e-ID case proximate cause is Agency-Layer rejection; the underlying cause is the absence of Forward-Looking Trust commitments at the Engineering and Institutional Layers. The Deloitte Australia proximate cause is an engineering failure (hallucinated citations); the underlying cause is the absence of evidence-flow architecture between Engineering and Governance. Treating either case as a single-layer problem produces interventions that fail to address the underlying integration deficits. The framework is intended precisely to surface these integration deficits and to direct interventions at the architectural level rather than at the symptomatic level.

From the Multi-Level Digital Trust Framework, five actionable design principles are derived, translating the architectural perspective into practical guidance. Each principle addresses specific interactions across layers and is grounded in documented trust phenomena observed across diverse deployment contexts. Table 1 summarises the principles, their key insights, and their implementation priorities. Subsequent subsections develop each principle in turn.

Digital trust emerges from coherent alignment across all four layers rather than excellence in any single dimension. A technically secure system may fail to engender trust if users perceive manipulation or if governance mechanisms lack transparency. Trust failures frequently occur at layer interfaces: when engineering excellence is undermined by governance opacity, or when institutional legitimacy fails to translate into user-perceivable signals. This principle draws on systems theory, recognising trust as an emergent property arising from interactions across layers [9]. Organisations must establish minimum viable capabilities across all four layers before optimising any single dimension; isolated improvements do not translate into greater overall trust.

The Layered Architecture principle has direct organisational consequences. It implies that no single function – not engineering, not legal, not communications – owns digital trust. It implies that trust capability development must proceed in parallel across the four layers rather than sequentially, since serial development produces architectures that fail at the seams. And it implies that organisational design itself must reflect the architectural separation: governance functions cannot be reporting lines under engineering teams, and institutional engagement cannot be a delegated communications activity. The principle is foundational because it establishes the structural conditions under which the remaining four principles can be coherently applied.

Digital trust is inherently anticipatory. Users evaluate systems not only on current functionality but also on what they could become under different future conditions, ownership, or governance. The Swiss e-ID referendum demonstrated this phenomenon clearly: technically sound, privacy-respecting systems were rejected because voters could not be sufficiently assured of future governance under different political conditions. Trustworthy systems must therefore demonstrate credible constraints on future transformation through architectural constraints, enforceable data-deletion guarantees, usage-limits mechanisms, and governance limits that remain binding across political cycles and ownership changes. Constitutional AI approaches that embed behavioural constraints into model training represent a promising direction in this space [42]. Retrofitting forward-looking mechanisms is substantially more costly and less credible than incorporating them from the inception of an AI system.

In practice, Forward-Looking Trust expresses itself through specific architectural commitments. Cryptographically enforced data-deletion that survives a change of corporate ownership. Governance constitutions that bind successor entities to the same constraints under which the original system was approved. Public-facing commitments backed by institutional reporting that remains operative even if the original organisation is acquired or restructured. Where AI is deployed by public institutions, the principle implies that the system’s constraints must be defended against future political turnover. The principle is therefore both technical and institutional: the Engineering Layer must produce constraints that are mechanically enforceable, and the Institutional Layer must underwrite their persistence across future change.

Trust is built through intentional friction – pauses for reflection, confirmations of consequential actions, explanations of reasoning, and human checkpoints at critical junctures – rather than being eliminated by pursuing a frictionless experience as the paramount design goal [43]. When AI systems generate fluent, confident outputs without appropriate uncertainty indicators, subsequent errors are experienced as betrayal rather than as expected system limitations. Generative AI interfaces frequently eliminate productive friction in pursuit of seamless interaction; this ‘unearned smoothness’ masks underlying hallucination [38]. Productive friction interventions include calibrated confidence indicators, explainability interfaces, provenance displays, and human-in-the-loop review. In high-stakes domains – healthcare, criminal justice, financial services – decision-making systems require deliberate friction to support appropriately calibrated trust.

Productive Friction inverts a dominant assumption of digital product design over the past decade. The frictionless interface, treated as a goal in consumer products, becomes a liability in trust-sensitive contexts because it provides users with no signal that the system’s output is uncertain, contested, or potentially erroneous. The principle does not require all friction to be added back; it requires that friction be calibrated to the consequence of the decision being made. Trivial decisions deserve frictionless interfaces. Consequential decisions – medical diagnoses, loan approvals, sentencing recommendations, content moderation actions – deserve friction that is proportionate to the cost of error. Calibration is the operative word: too much friction reproduces bureaucracy, too little reproduces betrayal. The Productive Friction principle therefore connects directly to the Engineering Layer’s evidence pipelines and to the Governance Layer’s assurance triad: the friction is meaningful only if the underlying confidence indicators, provenance records, and human oversight signals are themselves trustworthy.

Digital trust involves inherent paradoxes that require active, ongoing management rather than definitive resolution. The AI Authorship Effect (Section 3.1) demonstrates that transparency about AI involvement can paradoxically reduce rather than increase trust when baseline trust levels are already low [24]. The Agency Paradox (Section 3.3) captures users’ simultaneous desire for cognitive offloading and fear of autonomy loss [29]. The AI Intimacy Paradox (Section 3.2) describes how users disclose more personal information while distrusting the organisations that operate the systems eliciting that disclosure. These paradoxes represent structural features of human–AI interaction rather than bugs amenable to technical fixes. Implementation requires paradox-aware design, privacy-by-design approaches that minimise data collection despite AI’s capacity to elicit disclosures, and ongoing stakeholder dialogue to navigate evolving expectations.

Paradox Management is the only one of the five principles whose implementation horizon is permanent rather than terminal. The remaining four principles can in principle be ‘done’ – a layered architecture is established, forward-looking constraints are encoded, productive friction is calibrated, ecosystem participation is institutionalised. Paradox Management cannot be ‘done.’ The paradoxes do not resolve. The principle therefore requires institutional support: dedicated capacity for paradox monitoring, explicit organisational language for naming paradoxes when they arise, and decision rights that allow product and policy teams to make trade-offs that respect the paradoxes rather than pretending to dissolve them. The principle’s priority is therefore ‘Ongoing’: it is not foundational, not strategic, but continuous.

Digital trust increasingly depends on ecosystem-level infrastructure that no single organisation can build, operate, or govern alone. Trust infrastructure – SSI systems based on W3C Decentralized Identifiers and Verifiable Credentials [36], content provenance standards such as C2PA [37], and governance frameworks such as Trust over IP [44] – provides shared foundations for authenticity verification, provenance tracking, and accountability across organisational boundaries. Organisations building only internal capabilities face interoperability barriers, credibility gaps, and competitive disadvantages when ecosystem standards become dominant and are incorporated into regulatory requirements. The implementation priority is strategic: ecosystem participation must be incorporated into long-term roadmaps, not deferred.

Three ecosystem-level dynamics shape the implementation logic. First, network effects: the value of a verifiable credential or a content provenance signature increases with the number of organisations that recognise and verify it. Early ecosystem participants often bear disproportionate cost in exchange for influence over the standards that emerge; late participants gain free-rider benefits but lose strategic positioning. Second, regulatory anchoring: as the eIDAS 2.0 regulation and analogous instruments demonstrate, ecosystem standards become regulatory requirements over time. Organisations that invest in ecosystem participation when it is voluntary find their investments protected when the same standards become mandatory. Third, trust-attestation networks: many ecosystem standards depend on attestations issued by trusted parties – issuers of verifiable credentials, signers of provenance metadata, validators of personhood proofs. Participation in these attestation networks confers reputational benefits that internal-only capabilities cannot replicate.

These dynamics explain the strategic priority of Ecosystem Integration. The principle is not foundational – organisations can establish Layered Architecture and Forward-Looking Trust before substantive ecosystem engagement. But the principle is strategic in the sense that delaying it creates compounding disadvantages: standards solidify around early participants, regulatory anchoring favours organisations that helped shape the standards, and attestation networks accumulate trust around organisations that joined them early. An organisation that defers ecosystem engagement until it becomes necessary typically finds that it has lost the ability to influence the architecture it must now adopt.

The five principles do not stand alone. They form a connected set of architectural commitments. Layered Architecture establishes structural separation of concerns, without which the remaining principles cannot be applied with discipline. Forward-Looking Trust establishes temporal commitments, ensuring that the architecture remains credible across time. Productive Friction establishes the calibration mechanism through which technical guarantees become perceptible to users without creating the unearned smoothness that masks failure. Paradox Management establishes the organisational practice of accepting structural tensions rather than denying them. Ecosystem Integration establishes the cross-organisational commitments that prevent local trust islands from substituting for ecosystem-wide trust.

These five principles together translate the framework’s structural decomposition into prescriptive guidance. They are intended to be applied in priority order: organisations that have not yet established Layered Architecture cannot meaningfully implement Productive Friction or Ecosystem Integration, since the resulting interventions would be fragmented across structural seams. The priority ordering shown in Table 1 (Foundation, Critical, High, Ongoing, Strategic) reflects this dependency, and the chapter’s practical implications (Section 7.2) build on the same ordering.

It is worth noting what the principles do not claim. They do not claim universal applicability across cultural contexts; Section 7.3 acknowledges that cultural calibration is required. They do not claim completeness; the principles address documented trust phenomena, but emerging trust dynamics in multi-agent AI ecosystems may require additional principles that the present framework does not anticipate. They do not claim to substitute for sector-specific regulatory regimes or for established engineering disciplines such as model evaluation; the principles operate at an architectural level above these existing practices and constrain them, but do not replace them. The principles are therefore best understood as architectural commitments that practitioners adopt and adapt within their specific contexts, rather than as rules that apply identically across all AI deployments.

The relationship between the framework’s four layers and its five principles is also worth making explicit. The four layers are descriptive: they describe the structure of digital trust as it operates in the world. The five principles are prescriptive: they describe what organisations should do given that structure. Layered Architecture corresponds to the descriptive claim that the four layers exist and must be aligned. Forward-Looking Trust corresponds to the temporal dimension that the four-layer descriptive structure does not by itself address. Productive Friction, Paradox Management, and Ecosystem Integration each correspond to specific cross-layer interactions identified in Section 4.5. The descriptive and prescriptive elements are therefore tightly coupled: changes to the descriptive structure imply changes to the prescriptive output. This coupling matters for the framework’s evolution, since extensions to the descriptive structure (for example, to accommodate multi-agent AI ecosystems) will require corresponding extensions to the prescriptive output.

Modern digital ecosystems require foundational infrastructure that enables the verification of identity, authenticity, provenance, and accountability through technical mechanisms rather than reliance on reputation. This marks a paradigm shift: trust shifts from a reputational property dependent on brand recognition to a system property embedded in protocols, cryptographic standards, and interoperable architectures. Traditional systems relied on implicit trust signals – brand reputation, platform dominance, contextual cues. In a world of AI-generated content, synthetic identities, and sophisticated deepfakes, these implicit mechanisms prove fundamentally insufficient.

The shift from reputational to system-property trust is not merely a change of mechanism; it is a change in the locus of trust itself. Reputational trust accumulates around organisations and brands; it is therefore concentrated, slow to build, and slow to repair after a breach. System-property trust is distributed across protocols, standards, and verifiable mechanisms; it is therefore portable across organisations, faster to establish for new entrants, and more resilient to individual failures because no single party owns the trust. The framework treats this shift as architecturally significant: organisations that continue to manage trust as a reputational property in a world of system-property infrastructure will find their reputational efforts increasingly disconnected from the trust signals that actually drive ecosystem participation.

The emerging digital trust stack replaces implicit signals with explicit, machine-verifiable guarantees. Self-Sovereign Identity enables control of digital identities using Decentralized Identifiers (DIDs) anchored in distributed ledgers or verifiable registries [36]. Verifiable Credentials allow tamper-evident, cryptographically secured attestations that can be verified without contacting the original issuer. The Trust over IP Stack integrates governance and technical layers, with a Trust Spanning Protocol that enables interoperable messaging across heterogeneous systems [44]. C2PA standards enable cryptographic signing at creation for provenance verification [37]. Taken together, these initiatives suggest that global standardisation of digital trust mechanisms is shifting from fragmented efforts toward interoperable infrastructure.

The AI–identity intersection creates novel requirements that the framework treats as architecturally consequential rather than incidental. Modern digital ecosystems require verifiable identity for humans, devices, and autonomous agents; provenance tracking for datasets and model lineage; integrity verification for multimodal content; and credentialing mechanisms for AI legitimacy. Research highlights formal delegation frameworks that enable individuals to assign limited, revocable, and auditable rights to computational agents [45]. Proof-of-Personhood protocols verify human uniqueness without revealing sensitive personal data, providing the foundation for distinguishing humans from autonomous agents in trust-sensitive interactions [46]. By embedding trust architecturally through cryptographic guarantees, these infrastructures transform trust from a narrative property into a verifiable, transferable, and legally enforceable system property – the precise transformation the chapter’s thesis demands.

Self-Sovereign Identity (SSI) enables individuals and organisations to control their digital identities without reliance on centralised intermediaries. SSI systems use Decentralized Identifiers (DIDs) – globally unique identifiers anchored in distributed ledgers or verifiable registries – that allow entities to authenticate themselves through cryptographically verifiable proofs [36]. SSI reduces the risk of identity theft, supports privacy-preserving authentication, and provides users with greater autonomy over their personal data.

Verifiable Credentials (VCs) allow entities to present attestations – diplomas, licences, identity attributes – in a tamper-evident, cryptographically secured manner. Instead of relying on central databases or third-party verifiers, VCs enable credentials to be checked locally and independently, making verification faster, more secure, and more privacy-preserving.

The Trust over IP (ToIP) Stack [44] integrates governance and technical layers into a holistic architecture for digital trust. Inspired by the four-layer TCP/IP networking model, ToIP organises trust capabilities into a Utility Layer (decentralised ledgers and trust registries), a Credential Layer (mechanisms for issuing, exchanging, and verifying credentials), an Agent Layer (interoperable digital wallets and agents), and a Governance Layer (rules and policies that define how trust ecosystems operate). The key innovation is the Trust Spanning Protocol, which enables interoperable verifiable messaging across systems, analogous to how the Internet Protocol enables interoperable communication across networks. Trust is no longer a siloed property of individual platforms but a shared, interoperable capability.

As generative AI expands the production of synthetic media, verifying the provenance and integrity of digital content has become essential. C2PA standards [37] enable creators, publishers, and platforms to cryptographically sign digital assets at the moment of creation. Such signatures allow downstream users to determine whether content has been modified, whether AI generated it, and who contributed to its production. These standards are indispensable for combating deepfake-driven disinformation and rebuilding trust in digital media ecosystems.

Over recent years, digital trust technologies have moved from experimental pilots to global infrastructure. Two parallel trajectories shape this evolution: institutionalisation and standardisation. Governments and international bodies are incorporating principles of decentralised identity into official frameworks. The European Digital Identity Wallet (EUDI Wallet), within the eIDAS 2.0 framework, validates SSI and verifiable credentials at a political scale, establishes regulatory drivers for adoption, and sets technical and governance requirements for interoperability across borders [39]. Switzerland’s national e-ID law reflects a societal commitment to sovereign digital identity as a foundational public good.

Global standard-setting bodies have introduced key specifications: W3C DID v1.0 (Decentralized Identifiers); the W3C Verifiable Credentials Data Model; ISO/IEC 18013-5 for mobile driver’s licences; and OpenID4VC for verifiable credential authentication flows. These standards reduce fragmentation and ensure that digital trust infrastructures operate consistently across sectors, jurisdictions, and platforms. What began as a niche movement has grown into a global, multi-vertical infrastructure movement shaped by public institutions, private firms, and civil society.

The expansion of generative AI has increased the need for verifiable digital identity systems that ensure trustworthy participation in digital ecosystems. Modern AI infrastructures require verifiable identity for human users, devices, and autonomous agents; provenance tracking for datasets and model lineage; integrity verification for multimodal digital content; and credentialing mechanisms that allow AI systems to demonstrate legitimacy and compliance. Research also highlights the need for formal delegation frameworks that enable individuals and institutions to assign limited, revocable rights to computational agents while maintaining accountability [45].

In decentralised or multi-agent environments, identity functions as an operational substrate for computational agency rather than as a static attribute. Autonomous agents can only act safely on behalf of humans if their permissions, constraints, and responsibilities are linked to verifiable identities and governed by structured delegation mechanisms. This requires cryptographically verifiable credentials and fine-grained rights management that allow controlled delegation and the ability to revoke or update permissions. A further requirement concerns verifying that an entity claiming to be human is indeed human. Owing to the increasing indistinguishability of AI-generated behaviour, Proof-of-Personhood protocols have become essential for preventing Sybil attacks, identity fraud, and large-scale manipulation [46]. Decentralised Proof-of-Personhood schemes produce privacy-preserving, secure, and scalable methods for verifying human uniqueness without revealing sensitive personal data. Integrating such mechanisms is therefore necessary for maintaining trust in AI-mediated digital environments.

The digital trust infrastructures outlined above provide the foundational technical capabilities required for trustworthy AI ecosystems. They support reliable identity binding across humans, machines, and digital content; demonstrable provenance and lineage for data and models; cryptographically verifiable compliance; cross-platform accountability; user sovereignty through privacy-preserving interactions; and interoperability across organisational and jurisdictional boundaries. Taken together, these capabilities form what may be described as an architectural layer of regulation, in which trust, integrity, and accountability are embedded directly into the technological substrate rather than delegated to institutional promises or discretionary practices.

By embedding trust at the architectural level, these infrastructures enable AI systems to operate consistently, transparently, and with effective governance. They reduce the cognitive and analytical burden on users, who would otherwise be required to make subjective, uncertain judgements about authenticity, integrity, or intent. Trust becomes verifiable, transferable, and enforceable through cryptographic and protocol-level guarantees. Without such foundations, AI systems remain vulnerable to fraud, manipulation, governance gaps, reputational harm, and user disengagement. With these foundations in place, AI can function as a reliable, accountable, and socially acceptable component of digital transformation.

The infrastructure described in this section therefore provides the operational substrate on which the framework’s four layers depend. The Engineering Layer operationalises trust through DIDs, verifiable credentials, C2PA signatures, and Proof-of-Personhood protocols; the Governance Layer relies on the same infrastructure to produce evidence pipelines that support Continuous Digital Assurance; the Institutional Layer relies on it to project regulatory legitimacy across organisational and jurisdictional boundaries; and the Agency Layer relies on it to translate cryptographic guarantees into perceptible authorship and provenance cues that users can interpret. Without this infrastructure, the four-layer architecture risks remaining a conceptual artefact. With it, the architecture becomes operationally implementable, and the framework’s prescriptive output becomes available to practitioners.

The framework makes three theoretical contributions. First, it rejects technological solutionism: technical mechanisms are necessary but insufficient without governance structures, user-centred design, and societal legitimacy. Trust is fundamentally relational and contextual, not reducible to technical properties [47]. Second, the framework acknowledges temporality: trust is not established at deployment but must be maintained through ongoing adaptation. The Forward-Looking Trust principle in particular addresses frameworks that treat trust as a static property. Third, the framework recognises interdependence: organisations cannot build trust in isolation; they depend on shared infrastructure and ecosystem-level coordination, which challenges siloed governance approaches and conventional internal-only trust strategies.

These three contributions can be located against existing frameworks for AI trustworthiness. The Trustworthiness Assessment Model (TrAM) [15] addresses the cue-based assessment of AI trustworthiness in detail; it is in close alignment with the present framework’s Agency Layer. TrAM does not, however, develop the technical infrastructure, organisational governance, or institutional layers in equivalent depth, and it treats trust assessment primarily as a perceptual problem rather than as an architectural one. The present framework can be read as extending TrAM’s perceptual rigour into the engineering, governance, and institutional dimensions, while preserving TrAM’s commitment to cue-based, evidence-grounded assessment at the Agency Layer.

The NIST AI Risk Management Framework [13] addresses the governance of AI risk through structured processes (Govern, Map, Measure, Manage) intended to be applicable across diverse organisations and AI deployments. The NIST AI RMF aligns closely with the present framework’s Governance Layer, particularly with the Continuous Digital Assurance capability described in Section 4.3. Where NIST is process-oriented, the present framework is architectural: NIST tells organisations what processes to run; this framework tells organisations how to structure the four layers within which those processes must operate. The two frameworks are therefore complementary rather than competitive: an organisation following the NIST AI RMF gains substantial governance discipline, but it gains it only at the Governance Layer, and the framework presented here provides the surrounding architectural context within which NIST’s processes become coherent.

Cross-national surveys of AI trust [41], [48] provide empirical context against which the framework’s claims about anticipatory distrust and cultural variation can be evaluated. These surveys consistently find low public trust in AI in advanced economies and a robust mandate for governance and regulation. The framework’s Forward-Looking Trust principle (Section 5.2) and Institutional Layer (Section 4.4) directly address the dynamics these surveys document. Where the surveys describe the phenomenon, the framework prescribes the architectural response. The surveys therefore constitute a partial empirical motivation for the framework, although as Section 7.3 notes, they do not constitute validation of the framework as a whole, since the surveys also informed the framework’s construct derivation and cannot simultaneously serve as independent confirmation.

The framework provides diagnostic capabilities. Organisations can assess their trust maturity across all four layers and identify specific gaps requiring attention. The five principles offer prioritised guidance from foundational investments through strategic positioning. Digital trust is a shared responsibility spanning product development, data engineering, cybersecurity, risk management, legal compliance, and executive decision-making. Treating trust as a communications function leads to predictable trust collapse the moment underlying system behaviour is revealed. Investments in digital trust capabilities should therefore be treated as strategic infrastructure, not as discretionary expenses.

For practitioners, the framework offers three operational consequences. First, the four-layer decomposition allows trust capabilities to be designed and reasoned about independently, with explicit interfaces and integration points. Second, the construct and cue taxonomy (operationalised through 10 constructs and 127 trust cues) provides a measurable basis for trust assessment, allowing practitioners to move beyond subjective judgement toward evidence-grounded evaluation. Third, the priority ordering of the five principles provides a practical implementation roadmap: organisations should establish Layered Architecture as a foundation, address Forward-Looking Trust as a critical capability, integrate Productive Friction in user-facing systems, manage paradoxes as ongoing organisational practice, and pursue Ecosystem Integration as strategic positioning.

A practical implementation of the framework typically begins with diagnosis. Organisations apply the four-layer decomposition to existing AI deployments, mapping current capabilities to each layer and identifying gaps. The diagnosis surfaces a recurring pattern: most organisations have substantial Engineering Layer capability and partial Governance Layer capability, but underdeveloped Agency Layer and Institutional Layer capabilities. Engineering teams understand model evaluation and monitoring; governance teams understand risk policy and audit. What is typically missing is Agency Layer signal design – the deliberate construction of perceptible trust cues that translate engineering guarantees into user-experienceable confidence – and Institutional Layer engagement – the active participation in standards bodies, regulatory consultations, and ecosystem coordination that the framework treats as architecturally essential.

From this diagnosis, a sequenced implementation roadmap follows. Phase one establishes the Layered Architecture: organisational structure, decision rights, and reporting lines are configured so that each layer has clear ownership, and interfaces between layers are made explicit. Phase two encodes Forward-Looking Trust commitments: data-deletion guarantees, governance constraints, and architectural limits are made cryptographically or institutionally enforceable. Phase three calibrates Productive Friction: user-facing interfaces are reviewed for unearned smoothness, and friction is added or removed based on the consequence of the decisions being supported. Phase four institutionalises Paradox Management as ongoing organisational practice. Phase five engages with Ecosystem Integration through standards adoption, regulatory engagement, and participation in trust infrastructure consortia. The roadmap is prescriptive only at the architectural level; the specific technologies, processes, and organisational designs through which each phase is realised will vary by sector, scale, and jurisdiction.

The framework is conceptual; empirical validation across diverse deployment contexts remains necessary. The principles require operationalisation into metrics, assessment instruments, and maturity models for a wider range of organisational contexts than the present chapter develops. The construct and cue derivation described in Section 2.2 was performed by a single coder, and inter-rater reliability has not been formally assessed. Independent empirical validation of the full framework is identified as future work. Convergent preliminary evidence from adjacent trust research [12], [15] is consistent with the above-the-waterline / below-the-waterline distinction the framework adopts, but does not by itself constitute direct validation, since the same sources informed construct decisions and cannot simultaneously serve as independent confirmation.

Several further limitations deserve explicit acknowledgement. The framework’s evidence base, while interdisciplinary, is weighted toward English-language and Western-context sources, and the cultural calibration required for application in non-Western settings remains undeveloped. The corpus extends to 2025 and may not adequately capture trust phenomena emerging in subsequent AI capability transitions, particularly the move from agentic systems to multi-agent ecosystems where delegation, accountability, and identity become substantially more complex than the present framework addresses. The case selection – Swiss e-ID, Coca-Cola/Apple, Deloitte Australia – was driven by explanatory adequacy rather than by sampling logic, and the cases therefore demonstrate that the framework can describe documented trust phenomena rather than that the framework predicts trust outcomes. Distinguishing description from prediction requires longitudinal studies that the present chapter does not undertake.

Cultural variation in trust formation, with substantially higher AI trust in China than in Western countries [48], suggests that context-specific adaptation will be required when applying the framework across cultural contexts. Future research should develop quantitative measures for each of the four layers and conduct longitudinal studies to examine trust dynamics across the full lifecycle of AI deployment, from procurement and integration through to retirement and replacement.

The framework as developed in this chapter opens four substantive research directions. First, the operationalisation of each layer into measurable indicators: while the GTDS methodology has produced 10 constructs and 127 trust cues, these require translation into validated psychometric instruments at the Agency Layer, into evidence schemas at the Engineering and Governance Layers, and into compliance maps at the Institutional Layer. Second, longitudinal validation: trust dynamics evolve over the lifecycle of an AI deployment, and a static cross-sectional view of any of the four layers risks missing the very temporal phenomena – anticipatory distrust, drift in user expectation, accumulation of governance debt – that the Forward-Looking Trust principle is meant to address. Third, cross-cultural calibration: AI-trust baselines differ substantially across societies, and the cue weights that operationalise each layer cannot be assumed to transfer without adjustment. Fourth, integration with adjacent frameworks: TrAM [15], the NIST AI Risk Management Framework [13], and emerging international standards each address subsets of the four-layer space, and a careful mapping between the present framework and these adjacent works would clarify both contributions and gaps.

Beyond these four research directions, the framework also opens a practitioner-facing development programme. Trust maturity assessments anchored in the four layers and 10 constructs can support organisational diagnosis. Reference implementations of the Engineering Layer’s evidence pipelines, of the Governance Layer’s assurance triad, and of the Institutional Layer’s reporting interfaces would enable architectural reuse across organisations. Industry case studies that apply the five design principles to concrete AI deployments – in financial services, healthcare, public administration, and AI-mediated commerce – would generate the empirical record needed to refine the framework over successive applications. The framework is intended to grow through such applications, not to remain frozen as a conceptual artefact.

Closing the AI value gap requires an architectural approach to digital trust that makes authenticity, reliability, transparency, and accountability demonstrable across all layers of the ecosystem. The Multi-Level Digital Trust Framework integrates human agency, engineering robustness, adaptive governance, and institutional legitimacy into a coherent architecture, operationalised through 10 constructs and 127 trust cues, prescribing five design principles – Layered Architecture, Forward-Looking Trust, Productive Friction, Paradox Management, and Ecosystem Integration. The framework was developed using a Grounded-Theory Design Science (GTDS) methodology, proposed in this chapter as a hybrid combining Design Science Research with grounded-theory literature review applied to a defined interdisciplinary corpus.

The chapter’s position throughout has been singular: the AI value gap is a trust deficit, and closing it requires treating digital trust as an architected, verifiable system property rather than a narrative claim. Digital trust is not a constraint on innovation but its most essential enabler. Without trust, AI investments generate attention but little sustainable impact. With warranted trust established through architectural means, AI systems can empower individuals, strengthen institutional capabilities, and deliver value across society. The path forward is not to scale AI faster but to scale it responsibly – anchored in trust-centric design, supported by digital trust infrastructure, and governed through continuous, evidence-based assurance.

Three practical commitments follow. Organisations should establish minimum viable capabilities across all four layers before optimising any single dimension; this is the operational form of the Layered Architecture principle. Organisations should design for the future they cannot yet specify, building credible constraints into ownership transitions and political cycles; this is the operational form of the Forward-Looking Trust principle. And organisations should treat ecosystem participation as strategic positioning rather than as compliance overhead; this is the operational form of the Ecosystem Integration principle. The remaining two principles – Productive Friction and Paradox Management – act as ongoing organisational practices, not one-time interventions, and require institutional support to remain operative across the lifecycle of an AI deployment.

The framework itself is provisional. It rests on a single-coder grounded-theory derivation, on cases that demonstrate explanatory adequacy rather than empirical confirmation, and on cultural assumptions that may not transfer cleanly across regions. These limitations are honest, not concessive. They define the empirical research programme that follows from the present chapter. The framework’s contribution is to make the architectural shape of digital trust legible, defensible, and operational – to convert a diffuse and often rhetorical concern into a structured artefact that practitioners can apply and that researchers can refine. By doing so, the chapter intends to ensure that artificial intelligence evolves not as a source of uncertainty but as a foundation for shared progress, with trust treated as a verifiable property of the systems we build, not as a story we tell about them.

Three claims summarise the chapter’s position. First, the AI value gap is a trust deficit, not a productivity, technical, or compliance shortfall; treating it otherwise produces interventions that fail to address its structural causes. Second, closing the gap requires an architectural response that operates simultaneously across human perception, technical infrastructure, organisational practice, and institutional legitimacy; partial responses at any single layer cannot succeed. Third, the architectural response must be operationalisable through cryptographic, procedural, and institutional mechanisms that make trust claims verifiable rather than asserted; without operationalisation, the architecture remains rhetorical. The Multi-Level Digital Trust Framework presented in this chapter is one specific architectural response that satisfies these three claims, derived through a hybrid Grounded-Theory Design Science methodology, and offered to practitioners and researchers as a starting point for further development rather than as a finished result.

The chapter therefore concludes where it began: digital trust is not a story we tell about AI systems; it is a property we architect into them. When trust is designed, engineered, governed, and institutionalised together, AI systems can transition from promising prototypes into dependable, accepted, and value-generating components of digital ecosystems. When any one of the four layers is neglected, trust collapses, and the AI value gap widens – regardless of investment, regulatory effort, or technical sophistication. The path forward is architectural, the discipline is multi-level, and the work is continuous. The framework presented here is intended to support that work.