The Three-Tier Disclosure Model: None, Light, Full

What Three-Tier Application Architecture Actually Is

Three-tier application architecture is a software design pattern that separates an application into three independent layers: a presentation tier (the user interface), an application tier (the business logic), and a data tier (storage and access)¹. Each layer can be developed, scaled, and updated without disturbing the others³. The three tiers are logical, not physical— they may run on the same server or across many².

The pattern was developed by John J. Donovan at Open Environment Corporation, a tools company he founded in Cambridge, Massachusetts¹. It has anchored reference architectures from IBM³ and Microsoft Azure⁴ for decades, and it remains the foundational layout that microservices and broader n-tier designs build on.

The chief benefit is independence: each tier can be developed simultaneously by a separate team and scaled without impacting the others³. The honest limitation is that each layer is monolithic. If one feature inside a layer takes more traffic than the rest, you cannot scale that feature alone— you scale the whole layer¹⁰. Architects accept that tradeoff because the legibility of the layers is worth more than the cost of scaling them whole.

Architects didn't invent three layers because they liked the number three. They invented them to enforce a deeper principle.

The Principle That Travels— Separation of Concerns

Separation of concerns is the principle that drives three-tier architecture: each layer of a system handles one thing well, hands off cleanly to the next, and changes without forcing changes everywhere else. The principle works on code. It also works on every other system that has to communicate clearly across boundaries— including how a professional services firm handles AI use with its clients.

Separation of concerns is what makes complex systems legible— to the people who build them and to the people who depend on them.

Trust is a system. Trust requires legible boundaries. Trust benefits from separated concerns.

This is where the architecture metaphor stops being technical and starts being useful for non-engineers. The pattern's deepest insight has nothing inherent to do with code. It says that any system humans depend on gets more trustworthy when its layers stay distinct.

AI is intellectual augmentation, not artificial intelligence. The question of how to disclose AI use is a human communication question, not a tool question. Apply the lens of separation of concerns to AI disclosure, and three layers fall out naturally— three different relationships with transparency, each with its own job.

The Three-Tier Disclosure Model— None, Light, Full

The Three-Tier Disclosure Model classifies AI use in client work by how much it materially shapes what the client receives. Tier None: AI is an internal tool, the work is reviewed by a human, and disclosure is unnecessary. Tier Light: AI plays a meaningful role in production, and a general-purpose disclosure (in the contract or website) acknowledges it. Tier Full: AI materially affects what the client sees or experiences, and per-deliverable disclosure is required.

This is a Dan Cumberland Labs framework, not an industry standard. It sits next to two existing models worth naming. The IAB AI Transparency and Disclosure Framework, launched January 15, 2026, uses a two-layer model— a consumer-facing layer and a machine-readable layer based on the C2PA metadata standard, an open content-provenance standard backed by Adobe, Microsoft, BBC, and others⁶. Fourscore Business Law uses a binary: disclose for direct AI interaction, no disclosure for tool-with-review⁹. Three tiers add the missing middle, calibrated to the materiality of AI's effect on the client rather than its mere presence.

Tier None: When silence is honest

• AI is an internal tool only
• Output is reviewed by a human before reaching the client
• AI does not directly interact with the client
• No consequential decision is made by AI
• No personal client data is processed by AI

A ten-person consultancy using ChatGPT to brainstorm meeting agendas, Claude to outline a proposal someone then writes, or Perplexity to gather background research is operating in Tier None. Internal use of AI as a research and drafting aid with human review typically does not require per-deliverable disclosure⁹. MIT Sloan's own guidance acknowledges that low-impact uses (internal email prioritization, parking space assignment) sit in this same space⁵.

Tier None is a valid tier. Pretending every AI keystroke deserves a label trains clients to ignore the labels that actually matter.

Tier Light: General-purpose acknowledgment

• AI plays a meaningful but supporting role
• Client deliverables are co-produced
• Disclosure is best handled at the contract or website level

This is the tier the binary frameworks skip. An agency drafting quarterly client reports, where AI assists with research synthesis and first-pass writing under editorial review, belongs here. The right home for that disclosure is one paragraph in the engagement letter, a clear AI practices page on the website, and a line in the proposal naming the firm's AI policy. MIT Sloan's context-based recommendation supports calibrated disclosure tied to the materiality of AI's role⁵, and the IAB frames the same idea as targeted disclosure rather than universal labeling⁶.

Tier Full: Per-deliverable disclosure

• AI directly interacts with the client (chatbot, automated analysis)
• AI makes a consequential decision (scoring, pricing, risk rating)
• AI-generated content is delivered without meaningful human review
• Personal client data is processed by AI

A client-facing chatbot, an AI-narrated explainer video, an automated client risk score, an AI-drafted report headline that lands without review— all Tier Full. Disclosure belongs on the deliverable itself: a footer note, an opening line, a badge, a watermark. Fourscore is direct on this: when AI tools communicate with clients, disclosure is generally required to maintain transparency and regulatory compliance⁹. For content businesses, pair the consumer-facing disclosure with C2PA-style metadata, mirroring the IAB two-layer approach⁶.

A boundary is not a wall. The tiers exist so you can move work between them deliberately. Some Tier Full work moves to Tier Light by inserting human review. Some Tier None work moves up when the client-facing claim is large enough that contract-level acknowledgment is wise.

Why This Calibration Matters Now

Eighty-four percent of expert panelists support mandatory AI disclosure⁵, and the trust gap between what executives believe consumers feel about AI work and what consumers actually feel widened from thirty-two points to thirty-seven points between 2024 and 2026⁶. The cost of getting disclosure wrong is no longer theoretical.

What the numbers say:

• 84% of expert panelists support mandatory AI disclosure (34% strongly agree, 50% agree), per the MIT Sloan and BCG Responsible AI panel⁵.
• The trust gap is widening. 82% of advertising executives believe Gen Z and Millennial consumers feel positively about AI ads. Only 45% of those consumers actually do. The gap grew from 32 to 37 points between 2024 and 2026⁶.
• Visible disclosure can lift trust dramatically. In a Yahoo and Publicis Media study, AI-generated ads with noticed disclosures showed a 47% lift in ad appeal, a 73% lift in trustworthiness, and up to a 96% lift in overall company trust⁷. Worth noting: this is industry-funded research, so pair it with the independent MIT Sloan figure rather than rest on it alone.
• Consumers are skeptical of AI outputs. Gartner found that 53% of consumers distrust or lack confidence in AI search and summaries (sample of 377 U.S. consumers, June-July 2025)⁸.

Disclosed AI work has shown up to a 96% lift in overall trust in the company that produced it. Getting disclosure right is becoming a competitive advantage. Getting it wrong is becoming a discoverable liability. But the data also contains a sharp edge— disclosure done badly does not always build trust. It sometimes hurts it. That contradiction is the reason a tiered model exists.

The Honest Tension— When Disclosure Backfires

There is also a counter-thread in the data: disclosure can backfire when applied universally. That is not a contradiction of the trust-lift data— it is the case for calibrated disclosure. Universal labels train people to discount the labels, and crude disclosure of low-stakes uses reads as either performance or excuse.

Universal disclosure may not always be practical, as AI is now integral to many workflows.⁵

Universal disclosure trains people to discount disclosure. Calibrated disclosure trains them to read it. This is exactly why three tiers exist. A "we used AI" label slapped on every brainstorming session dilutes the signal that should accompany an AI-narrated client deliverable or an automated risk score.

Just because something is easy to disclose doesn't mean disclosing it is good. The easy answer is to label everything. The right answer is to calibrate.

Calibration only matters if you can act on it. Here is where each tier lives in the practical operations of a professional services firm.

Putting None / Light / Full Into Practice

Each tier of the disclosure model has a natural home in the firm's operations. Tier None lives in internal documentation only. Tier Light lives in the engagement letter and the website. Tier Full lives on the deliverable.

Tier None— internal documentation only. Document the AI tools used, the human review steps, and the data handling practices. This is the foundation; if you cannot produce that document on request, the tier defaults up. A solid AI strategy practice should require that document before any client engagement starts.

Tier Light— engagement letter and website. Add one paragraph to the engagement letter naming AI as a research and drafting tool with human review. Publish a clear AI practices page on the website. Add a one-line acknowledgment to the proposal. This is also where your broader AI governance strategy shows up in client-facing form— and where building an AI culture inside the firm gets translated into something the client can read.

Tier Full— on the deliverable. Per-asset disclosure (footer note, opening line, badge, watermark)⁹. For content businesses, pair the consumer-facing notice with machine-readable metadata via C2PA, mirroring the IAB two-layer model⁶. For client-facing AI systems (chatbots, automated decisions), name the system at first interaction.

The decision tree, in four questions:

1. Does AI directly interact with the client?
2. Does AI make a consequential decision in the client's matter?
3. Is AI-generated content delivered without meaningful human review?
4. Does AI process personal client data?

Any yes pushes the work into Tier Full. All no's, with documentation, sit in Tier None. Anything in between— meaningful AI involvement plus human review— is Tier Light.

The escape valve: any work can be moved down a tier by adding human review or up a tier by removing it. The tier is a property of the workflow, not the tool. And an AI decision framework for founders needs to spell that out before the first contract goes out, not after the first awkward client question.

A disclosure policy that lives only in your head is not a disclosure policy. One practical note: disclosure law varies by jurisdiction and is moving fast. This article is a strategic framework, not legal advice. Have counsel review the engagement-letter language for your state and any regulated industries you serve.

The Architecture of Trust

Software architects learned generations ago that systems get more trustworthy when their layers stay separate, not when they collapse into one. The same is true of how a firm handles AI use with its clients. The Three-Tier Disclosure Model gives founders a defensible decision rule built on the most enduring principle in software design: separation of concerns.

Trust gets built the same way good software does: one well-defined layer at a time. AI is intellectual augmentation. The question of how to disclose it is fundamentally a question about the human relationship, not the tool.

For founders working out where each tier of their own work falls, an outside perspective accelerates the audit. That is the kind of work a fractional AI officer engagement is built for— a few weeks of structured conversation that turns a hidden judgment call into a documented decision the firm can stand behind.

The firms that win the next decade will be those whose AI use clients trust.

Frequently Asked Questions

What are the three tiers of three-tier application architecture?

The presentation tier (the user interface), the application or logic tier (the business rules), and the data tier (storage and access)¹. The three tiers are logical, not physical, and may run on the same or different servers². Each can be developed and scaled independently of the others³.

Is three-tier architecture still used in 2026?

Yes. IBM³ and Microsoft Azure⁴ both maintain current reference architectures for the pattern, and three-tier remains the foundational layout that microservices and broader n-tier designs build on. It is one of the most widely deployed architectural patterns in enterprise software.

When should a consultant disclose AI use to a client?

When AI directly interacts with the client (chatbot, automated decision), makes a decision that materially affects the client, processes personal client data, or delivers content without meaningful human review⁹. Internal use of AI as a research or drafting tool with human review typically does not require per-deliverable disclosure, though contract-level acknowledgment is best practice⁵.

What is the IAB AI Transparency and Disclosure Framework?

An industry framework launched by the Interactive Advertising Bureau on January 15, 2026, using a risk-based, materiality-driven approach. It defines two layers: a consumer-facing layer (text labels, badges, watermarks) and a machine-readable layer based on the C2PA metadata standard⁶. Disclosure is required only for AI uses that risk misleading consumers.

Do I need to disclose AI use if I only used ChatGPT for research?

Generally no. Internal use of AI as a research or drafting tool with human review of outputs typically does not require per-deliverable disclosure⁹. A general-purpose acknowledgment in the engagement letter or on the firm's website (the Light tier) is best practice as AI use becomes more material to the firm's operations⁵. Disclosure law varies by jurisdiction; verify with counsel for any regulated industries.

References

1. Wikipedia, "Multitier architecture" (2026) — https://en.wikipedia.org/wiki/Multitier_architecture
2. TechTarget, "What is a 3-Tier Application Architecture?" (2024) — https://www.techtarget.com/searchsoftwarequality/definition/3-tier-application
3. IBM, "What Is Three-Tier Architecture?" (2024) — https://www.ibm.com/think/topics/three-tier-architecture
4. Microsoft, "N-tier Architecture Style — Azure Architecture Center" (2024) — https://learn.microsoft.com/en-us/azure/architecture/guide/architecture-styles/n-tier
5. MIT Sloan Management Review with Boston Consulting Group, "Artificial Intelligence Disclosures Are Key to Customer Trust" (2024) — https://sloanreview.mit.edu/article/artificial-intelligence-disclosures-are-key-to-customer-trust/
6. Interactive Advertising Bureau, "IAB Releases Industry's First AI Transparency and Disclosure Framework" (2026) — https://www.iab.com/news/iab-releases-industrys-first-ai-transparency-and-disclosure-framework-to-guide-responsible-advertising-in-a-generative-ai-landscape/
7. Yahoo Inc. with Publicis Media, "Yahoo & Publicis Media Survey Reveals AI Ad Disclosure Increases Consumer Trust" (2025) — https://www.yahooinc.com/press/yahoo-publicis-media-survey-reveals-ai-ad-disclosure-increases-consumer-trust
8. Gartner, "Gartner Survey Finds 53% of Consumers Distrust AI-Powered Search Results" (2025) — https://www.gartner.com/en/newsroom/press-releases/2025-09-03-gartner-survey-finds-53-percent-of-consumers-distrust-ai-powered-search-results0
9. Fourscore Business Law, "AI Disclosure in Business: When, Why, and How to Inform Clients About Your Use of AI" (2024) — https://www.fourscorelaw.com/resources/ai-disclosure-in-businessnbspwhen-why-and-how-to-inform-clients-about-your-use-of-ai
10. TechTarget, "Three-tier vs. microservices architecture: How to choose" (2024) — https://www.techtarget.com/searchapparchitecture/tip/Three-tier-vs-microservices-architecture-How-to-choose