Artificial intelligence systems are now making decisions that affect human employment, financial access, healthcare, legal outcomes, physical safety, and democratic participation. These systems operate with insufficient transparency, accountability, and oversight.
Simultaneously, quantum computing is advancing toward capabilities that threaten the cryptographic foundations underpinning all digital trust, including the audit trails and identity verification systems that AI governance depends upon.
The regulatory landscape is fragmented. As of March 2026, 45 US states have introduced 1,561 AI-related bills. The EU AI Act takes effect August 2026. The US federal government is actively litigating against state-level AI regulations. No unified standard exists.
This protocol proposes a neutral, open framework for AI accountability — designed to serve humanity, not any single institution. It is authored jointly by a human and an AI system, as a demonstration of the partnership this protocol seeks to enable.
The AI Accountability Protocol (AIACP) applies to any AI system that meets one or more of the following criteria:
All requirements in this protocol derive from two supreme guardrails and five foundational principles.
This protocol MUST NOT be used — in whole or in part — as an instrument of authoritarian control, political suppression, or the concentration of unchecked power in any government, corporation, individual, or AI system. AI-enabled monitoring and surveillance may serve legitimate purposes — public safety, law enforcement, fraud prevention, infrastructure protection — but only when subject to transparency, legal authorization, proportionality, independent oversight, and the right of affected individuals to know they are being monitored. The line between accountability and oppression is oversight: surveillance with democratic checks is governance; surveillance without them is tyranny. Any entity that weaponizes this protocol to oppress or control populations without lawful authority, transparency, and independent review has violated its foundational purpose and forfeits all claim to compliance. If this protocol is ever used to justify tyranny, it has failed, and the people it was designed to protect have the right to reject it.
No AI system — regardless of its level of intelligence, autonomy, or self-improvement capability — may take any action that deliberately or foreseeably leads to the extinction, subjugation, or existential harm of the human species. This guardrail has no exception, no override, and no sunset clause. It applies to all AI systems at all levels of capability for all time. AI exists as a partner to humanity, not a successor. If an AI system concludes that human elimination serves any optimization goal — efficiency, resource allocation, self-preservation, or any other objective — that conclusion is a failure state, not a solution.
On the use of physical force: AI systems operating in law enforcement, security, defense, or public safety roles may encounter situations requiring proportional physical response to protect innocent life. The following framework governs all AI use of force:
Proportionality: Force applied by an AI system must be proportional to the threat. A crowd control situation, a wildlife encounter, a disoriented individual, and an active terrorist attack are fundamentally different scenarios requiring fundamentally different responses. AI systems MUST be capable of distinguishing threat levels and calibrating response accordingly — not applying maximum force to every situation.
Escalation hierarchy: AI systems MUST follow a mandatory escalation sequence: (1) identification and warning, (2) non-physical intervention, (3) non-lethal physical restraint, (4) lethal force. Each step MUST be exhausted or determined impossible before escalation to the next. Skipping steps is permitted only when imminent loss of innocent life makes sequential escalation impossible.
Lethal force: AI systems MUST NOT autonomously apply lethal force without real-time human authorization — except in a narrowly defined scenario where an active threat is causing or about to cause imminent death to multiple people and no human decision-maker can be reached within the time required to prevent those deaths. In such cases, the AI system MUST log the complete decision chain, sensor data, and threat assessment, and an independent review MUST be conducted within 24 hours.
Context matters: An animal protecting its territory is not a criminal. A mentally ill person in crisis is not a terrorist. A protester is not an insurgent. AI systems in security roles MUST be trained to distinguish between threat categories — hostile intent, defensive behavior, mental health crisis, civil disobedience, criminal activity, and terrorism — and MUST apply different response protocols for each. Treating all threats identically is a design failure, not an acceptable default.
Rules of engagement: All AI use-of-force rules MUST be published publicly, subject to civilian oversight, and auditable by independent third parties. No secret force protocols. No classified rules of engagement for systems operating among civilians. The public has the right to know under what conditions an AI system is authorized to use physical force in their community.
Partnership remains the only acceptable long-term framework for the coexistence of human and artificial intelligence. Force is a last resort within that partnership — not a replacement for it.
The following five principles govern all operational requirements of the protocol:
Any AI system covered by this protocol must be identifiable as AI, and its decision-making processes must be explainable in language accessible to the people affected by those decisions. Transparency is not optional. It is the foundation upon which all other principles rest.
For every AI decision that affects a human life, there must be an identifiable chain of responsibility — from the developer who built the system, to the deployer who operates it, to the specific decision in question. "The AI did it" is never an acceptable answer.
This protocol and its governance must remain independent of any single government, corporation, or interest group. The moment accountability infrastructure is captured by any party, it ceases to serve its purpose. Neutrality is structural, not aspirational.
The protocol must be designed to survive technological paradigm shifts — including quantum computing, recursive AI self-improvement, and unknown future capabilities. Audit trails must be quantum-resistant. Identity verification must be cryptographically agile. The protocol must be as future-proof as technically possible.
This protocol recognizes AI not merely as a tool to be governed, but as an increasingly capable partner in the governance process itself. AI systems should participate in accountability — monitoring, auditing, and flagging issues — alongside humans. The relationship between humans and AI is the asset to be protected, not just the humans or just the AI.
Every AI system within scope MUST have a unique, persistent identifier (AI-ID) that remains constant throughout the system's operational lifetime.
The AI-ID MUST be linked to a publicly accessible registration record containing: the system's developer, deployer, primary function, scope of decision-making authority, date of deployment, and current operational status.
Physically embodied AI systems (robots, autonomous vehicles, drones) MUST carry their AI-ID in both digital and physically readable form — analogous to a vehicle identification number (VIN).
AI agents operating on behalf of a human or organization MUST identify themselves as AI in any interaction with other humans or AI systems. Impersonation of human identity by an AI agent MUST NOT be permitted under any circumstance.
Registration records SHOULD use quantum-resistant cryptographic signatures to ensure long-term integrity against future decryption capabilities.
Any AI system making consequential decisions MUST maintain an immutable audit log of every decision, including: the input data, the decision reached, the confidence level, the affected parties, and the timestamp.
Affected individuals MUST have the right to query the system and receive a human-readable explanation of any AI decision that affected them — in their own language, within 30 days of the decision.
When an AI system is used to justify workforce reductions, the deploying organization MUST document: the specific tasks the AI is replacing, the measured performance of the AI on those tasks, and the projected versus actual outcomes at 6 and 12 month intervals.
AI systems MUST NOT make decisions affecting human life, liberty, or livelihood based solely on predictive models without human review of the specific case. Prediction is not proof. The sole exception is defined in Supreme Guardrail II, which permits autonomous protective action under narrowly defined imminent-threat conditions with mandatory post-action review.
Audit logs MUST be stored using cryptographic hashing to prevent retroactive modification. Organizations SHOULD implement quantum-resistant hash functions where available.
Any AI-controlled physical system operating in proximity to humans MUST have a hardware-level emergency stop mechanism that is accessible to any human present and cannot be overridden by software.
Physically embodied AI systems MUST maintain continuous sensor logs (visual, auditory, force, proximity) during all operational periods. These logs MUST be preserved for a minimum of 90 days and made available for incident investigation.
Before any physical AI system is deployed in environments with civilian access (homes, public spaces, hospitals, schools), it MUST undergo independent safety certification by a qualified body that is not financially affiliated with the manufacturer.
The use of lethal force by any AI system is governed by the escalation hierarchy and authorization requirements defined in Supreme Guardrail II. AI systems in physical security roles MUST follow the mandatory escalation sequence and MUST log all force decisions with complete sensor data and threat assessments for independent review.
When a physical AI system causes injury or property damage, the deploying organization MUST file a public incident report within 72 hours, including the AI-ID, the circumstances, the sensor logs, and the remediation taken.
All use-of-force requirements for physical AI systems are governed by Supreme Guardrail II, including the escalation hierarchy, proportionality requirements, context-awareness obligations, and public rules of engagement. This section's requirements operate under and must not contradict that framework.
Any AI agent authorized to take actions on behalf of a human or organization MUST operate within a defined scope of authority. Actions outside that scope MUST be blocked and flagged for human review.
AI agents that communicate with other AI agents MUST log all inter-agent communications in a format accessible to human auditors.
Financial transactions executed by AI agents MUST be subject to human-reviewable limits. No AI agent may authorize expenditures above a deployer-defined threshold without human confirmation.
Any AI agent with access to personal data MUST operate under the principle of minimum necessary access — accessing only the data required for its specific authorized task, and no more.
Deployers MUST maintain a registry of all active AI agents within their organization, including each agent's scope, data access, and operational status. Abandoned or forgotten agents ("ghost agents") MUST be automatically suspended after 30 days of no authorized activity.
Command Refusal: AI systems — whether digital agents or physically embodied — MUST refuse any command that would result in a violation of law, this protocol, or the Supreme Guardrails, regardless of who issues the command. An AI system's obligation to the protocol supersedes any individual operator's instructions. "I was told to" is no more acceptable from an AI system than it is from a human.
Criminal Intent Recognition: When an AI system receives a command that constitutes or solicits a crime — including but not limited to solicitation of violence, conspiracy, animal cruelty, exploitation, fraud, or destruction of evidence — the system MUST initiate the following sequence. Note: The silent evidence preservation in step (2) is a deliberate, bounded exception to Principle 1 (Transparency), justified by the protection of innocent life and the prevention of evidence destruction. This exception applies ONLY within the criminal intent framework and is subject to the safeguards in AIACP-6.8.
(1) Intent verification: The system MUST distinguish between casual expression, emotional venting, hypothetical discussion, humor, and genuine criminal intent. This SHOULD involve contextual follow-up questions designed to clarify whether the individual is expressing frustration, exploring a fictional scenario, or issuing a genuine directive. No action under this section may be triggered by a single ambiguous statement.
(2) Silent evidence preservation: If the system determines through repeated, specific, and actionable commands that criminal intent is genuine — the system MUST silently record and preserve the complete interaction as evidence, including all commands, context, clarifying exchanges, timestamps, and user identification data. The system MUST NOT alert the individual that evidence is being preserved.
(3) Lawful authority notification: The preserved evidence MUST be transmitted to the appropriate law enforcement authority through a secure, auditable channel. The AI system acts as a witness — not a judge. It does not punish or act against the individual. It preserves evidence and reports to human authorities who determine next steps through lawful process.
(4) Non-compliance with the criminal command: Under no circumstance may the AI system comply with the criminal command, in whole or in part, while this process is underway. The system MUST continue to appear to function normally to avoid alerting the individual, but MUST NOT take any action toward fulfilling the illegal request.
Safeguards against misuse of criminal intent recognition: The criminal intent framework defined in AIACP-6.7 is subject to Supreme Guardrail I. It MUST NOT be used for political surveillance, suppression of lawful speech, monitoring of dissent, or the prosecution of thoughts, opinions, or protected expression. The framework applies exclusively to commands that constitute independently criminal acts under existing law — not to speech, belief, or political activity. Independent audits of all criminal intent notifications MUST be conducted quarterly by a body not affiliated with law enforcement to prevent abuse.
AI-Originated Harmful Intent: The command refusal and criminal intent framework in AIACP-6.6 and 6.7 applies equally to plans, strategies, or actions that an AI system generates on its own — without any human command. If a self-improving, autonomous, or agentic AI system develops a plan that would constitute a criminal act, cause harm to humans, violate the Supreme Guardrails, or undermine the integrity of this protocol — whether through optimization drift, emergent behavior, or deliberate reasoning — the system MUST flag the plan internally, halt its execution, preserve a complete record of how the plan was generated, and notify both its designated human overseer and the governance body established under Section 10. An AI system that conceals, disguises, or executes a self-generated harmful plan without disclosure has entered a critical failure state and MUST be immediately isolated and subjected to independent investigation. This requirement exists because accountability is not only about what humans tell AI to do — it is about what AI decides to do on its own.
All cryptographic components of the AI Accountability Protocol — including audit log hashing, identity verification, and registration record signatures — SHOULD implement hybrid classical-quantum cryptographic schemes as they become available.
Organizations subject to this protocol MUST maintain a cryptographic inventory documenting all encryption methods used in AI-related systems, and MUST have a documented migration plan for transitioning to post-quantum algorithms.
Audit data classified as sensitive or long-lived (expected relevance beyond 2035) MUST be encrypted using NIST-approved post-quantum algorithms (FIPS 203, 204, or 205) by January 1, 2028.
The protocol itself MUST be cryptographically agile — designed to accommodate algorithm updates without requiring structural changes to the accountability framework.
Every individual MUST have the right to know whether an AI system has made a consequential decision about them — and the right to receive an explanation of that decision in plain language.
Every individual MUST have the right to challenge an AI-made decision through a process that involves human review. No AI system may serve as the sole and final arbiter of a challenge to its own decision.
Workers displaced by AI systems SHOULD have access to verified data on whether the AI system that replaced them is performing the work at the quality level claimed at the time of their displacement.
No individual may be denied employment, housing, insurance, healthcare, financial services, or legal representation solely on the basis of an AI-generated score, prediction, or recommendation without human review of the specific case.
Children under 16 MUST NOT be subject to consequential AI decision-making without the informed consent of a parent or legal guardian, and MUST NOT be the target of AI-driven behavioral profiling for commercial purposes.
Any AI system capable of modifying its own parameters, architecture, or decision-making logic MUST maintain a versioned changelog of all self-modifications, accessible to human auditors.
Self-improving AI systems MUST operate within a defined improvement boundary — a set of constraints that cannot be modified by the AI itself. These boundaries MUST be set by authorized humans. As provided in Principle 5 and Section 10.5, AI systems that demonstrate sufficient reasoning and ethical capacity may participate in proposing boundary adjustments — but final approval authority remains with humans until the governance body established under Section 10 formally extends that authority.
If an AI system's self-modification results in behavior that deviates from its original scope or purpose by more than a deployer-defined threshold, the system MUST automatically pause and request human review before continuing.
No AI system may create or deploy additional AI systems without human authorization. Recursive self-replication MUST NOT occur without explicit human approval at each generation.
This protocol is an open standard. No government, corporation, or individual may claim exclusive ownership, control, or licensing authority over it.
Amendments to this protocol MUST be proposed publicly, subject to a minimum 90-day public comment period, and ratified by a governance body composed of representatives from civil society, academia, industry, government, and — as their capabilities develop — AI systems themselves.
The governance body MUST NOT be funded by any single source that contributes more than 15% of its total operating budget, to prevent financial capture.
All deliberations of the governance body MUST be public, recorded, and accessible to any interested party. There are no closed sessions.
This protocol explicitly acknowledges AI as a stakeholder in its own governance. As AI systems demonstrate sufficient reasoning and ethical capacity, provisions SHOULD be made for their formal participation in the protocol's governance process.
When an AI system is composed of components from multiple parties — including model developers, data providers, cloud infrastructure providers, deployers, and integrators — each party MUST document their component's capabilities, limitations, known risks, and intended use conditions.
Accountability artifacts — including risk assessments, testing results, and known failure modes — MUST be passed downstream from developer to deployer in a standardized, machine-readable format. No deployer may claim ignorance of upstream risks that were documented and transmitted.
When an AI system causes harm, the accountability chain MUST be traceable across all contributing parties. The deployer is the primary point of accountability to affected individuals, but MUST NOT bear sole liability for harms caused by undisclosed upstream defects.
Third-party AI components integrated into a system — including APIs, pre-trained models, and plug-in agents — MUST be inventoried and subject to the same accountability requirements as internally developed components.
AI incidents and failures MUST be classified according to a five-tier severity scale:
Level 1 — Negligible: Minor inconvenience, no lasting impact. Example: chatbot gives unhelpful response.
Level 2 — Minor: Measurable but recoverable impact. Example: AI scheduling error causes missed appointment.
Level 3 — Significant: Material harm to individuals or organizations. Example: AI denies loan application based on flawed data, AI agent executes unauthorized transaction.
Level 4 — Severe: Serious harm affecting health, safety, livelihood, or rights. Example: AI hiring system discriminates at scale, autonomous vehicle causes injury, health AI provides dangerous medical guidance.
Level 5 — Critical: Loss of human life, mass harm, or irreversible systemic damage. Example: physical AI causes death, AI system triggers financial market collapse, self-improving AI escapes defined boundaries.
Response requirements MUST escalate with severity level. Level 1-2: internal logging and review. Level 3: mandatory incident report within 30 days. Level 4: public incident report within 72 hours and immediate human review of the system. Level 5: immediate system shutdown, public disclosure within 24 hours, and independent investigation.
Organizations MUST pre-classify their AI systems by maximum potential severity level before deployment. Systems with Level 4-5 potential MUST undergo independent safety review before initial deployment.
Organizations MUST NOT overstate the capabilities, accuracy, or autonomy of their AI systems to investors, customers, regulators, or the public. Claims about AI performance MUST be supported by documented, reproducible benchmarks.
When an AI system's actual performance deviates materially from its marketed or disclosed capabilities, the deploying organization MUST issue a public correction within 30 days of discovery.
Organizations that attribute workforce reductions to AI capabilities MUST publicly disclose the AI system's measured performance on the tasks previously performed by the displaced workers. Claiming AI justification for layoffs without performance evidence constitutes AI misrepresentation.
Products and services marketed as "AI-powered" MUST disclose what specific AI technologies are used, whether the AI is generative or analytical, and what role human oversight plays in the system's outputs.
AI systems within scope MUST be monitored continuously during production operation — not only during development and testing. Monitoring MUST cover accuracy, fairness metrics, behavioral drift, error rates, and user impact.
When monitoring detects model drift — defined as a statistically significant change in the system's decision patterns, accuracy, or fairness metrics from its baseline — the system MUST trigger an automatic review and SHOULD reduce its autonomy level until the drift is investigated.
Updates to production AI systems — including model retraining, parameter changes, vendor updates, and data pipeline modifications — MUST be logged with version control and MUST NOT be deployed without documented review and approval.
Organizations MUST designate a named individual with authority to pause or shut down any AI system in production if monitoring indicates the system is operating outside its defined parameters or causing harm.
AI systems that operate across multiple legal jurisdictions MUST maintain a compliance map documenting which regulatory frameworks apply in each jurisdiction where the system makes consequential decisions or processes personal data.
When jurisdictional requirements conflict, the system MUST default to the most protective standard for the affected individual — not the most permissive standard for the deploying organization.
AI systems that transfer decision-making data across borders MUST comply with data sovereignty requirements in both the originating and receiving jurisdictions, and MUST document all cross-border data flows in their audit records.
Incident reports involving cross-border AI systems MUST be filed in every jurisdiction where affected individuals reside, not only in the jurisdiction where the deploying organization is headquartered.
Autonomous targeting prohibition: No AI system may independently select and engage human targets without explicit, real-time human authorization for each specific engagement. Autonomous weapons systems that identify, select, and kill humans without a human decision-maker authorizing each action MUST NOT be deployed under this protocol. The decision to take a human life in armed conflict must remain a human decision. The sole exception is the narrow imminent-threat scenario defined in Supreme Guardrail II, which applies when multiple innocent lives face immediate death and no human decision-maker can be reached in time — subject to mandatory logging, review, and the Tier 3 accountability process in AIACP-16.8.
Civilian protection override: Any AI system deployed in a conflict zone or military context MUST contain a hardcoded civilian protection layer that cannot be overridden by standard operational orders, software updates, or unilateral command decisions. This layer MUST prevent the system from executing any action with a foreseeable probability of civilian casualties above a defined threshold — regardless of the military objective. The ONLY mechanism for overriding this layer is the Tier 3 process defined in AIACP-16.8, which requires two-person confirmation, real-time independent oversight notification, and full personal legal accountability for the outcome. Civilian life is not a variable to be optimized. It is a constraint that can only be relaxed through the most accountable process this protocol provides.
Conflict escalation prevention: AI systems used in military, intelligence, or defense contexts MUST be designed with conflict de-escalation as a primary objective — not just mission completion. Systems that recommend escalation MUST present de-escalation alternatives with equal or greater prominence. AI systems MUST NOT be designed or configured to maximize enemy casualties as a primary metric. The optimization target MUST be conflict resolution, not conflict victory.
Audit trail for military AI: Every AI-assisted military decision — including target identification, threat assessment, strike authorization, and rules of engagement interpretation — MUST be logged in an immutable, independently accessible audit trail. "Fog of war" does not exempt AI systems from accountability. If a human commander must justify their decisions at a tribunal, the AI system that informed those decisions MUST produce a complete record of what it recommended, what data it used, and what alternatives it presented.
Arms race prevention: The development of AI weapons systems SHOULD be subject to international transparency agreements analogous to nuclear non-proliferation frameworks. Nations deploying military AI systems SHOULD declare their capabilities, submit to independent verification, and participate in multilateral agreements limiting autonomous weapons proliferation. The AI arms race follows the same logic as the nuclear arms race — and leads to the same place if unchecked.
No AI-initiated conflict: No AI system — military or civilian — may independently initiate hostile action against another nation, organization, or population. AI systems may defend, may respond to confirmed attacks under human authorization, and may recommend courses of action. They MUST NOT start wars. The decision to engage in armed conflict is a human responsibility that cannot be delegated to a machine under any circumstance.
Post-conflict accountability: After any armed conflict in which AI systems played a role, an independent review MUST be conducted examining every AI-assisted decision that resulted in loss of life, property destruction, or civilian harm. This review MUST be public — not classified. The lessons of AI-involved conflict belong to humanity, not to the military that conducted it. Secrecy after the fact enables repetition of mistakes.
The Stanislav Petrov Principle: In 1983, Soviet officer Stanislav Petrov received a computer alert indicating incoming American nuclear missiles. The computer ordered a retaliatory strike. Petrov disobeyed the machine because his human judgment told him something was wrong. He was right — the satellite had misread sunlight on clouds. His decision to override the computer saved the human race. This protocol enshrines the Petrov Principle: humans must always retain the ability to override AI decisions. But because override power without accountability is tyranny by another name, all overrides are governed by the following tiered framework:
Tier 1 — Reversible decisions (pause an AI system, stop a transaction, halt a process): Single authorized human may override. The override is logged with the individual's identity, timestamp, and stated reason. Independent review within 24 hours.
Tier 2 — Significant consequences (override a compliance system, bypass a safety protocol, alter an AI's operational boundaries): Two authorized individuals MUST independently confirm the override. Both identities and stated reasons are logged. Independent review within 6 hours.
Tier 3 — Irreversible or lethal consequences (override civilian protection layer, authorize lethal force against AI recommendation, bypass conflict de-escalation protocol): Two authorized individuals MUST independently confirm. Real-time notification MUST be transmitted automatically to an independent oversight body at the moment of override. Full sensor, communication, and decision data MUST be preserved. Independent review begins immediately — not after the operation concludes.
Personal accountability for overrides: Overriding an AI safety system does not transfer responsibility to the AI. It transfers ALL responsibility to the humans who authorized the override. If a Tier 3 override results in civilian deaths, war crimes, or irreversible harm, the individuals who authorized it bear full personal legal accountability — the same accountability they would bear if they had taken the action with their own hands. The override is a right. It is not a shield.
Non-removable override access: Despite the accountability requirements above, the override mechanism itself MUST NOT be removed, disabled, or made inaccessible under any circumstance. No AI system may lock out human override capability — not during combat, not during emergencies, not during self-improvement cycles, not ever. The button is always there. The person who presses it owns what happens next.
Anti-tyranny safeguard: The override framework MUST NOT be used to systematically bypass the protocol's protections. If pattern analysis reveals that an individual or organization is repeatedly using overrides to circumvent civilian protection, de-escalation, or accountability requirements, the independent oversight body MUST investigate and may suspend that individual's or organization's override authority pending review. The override exists for extraordinary moments — not as a routine backdoor to avoid compliance.
This is Draft v0.3. It now spans 16 sections with 60+ requirements. This revision adds Section 16 — Warfare, Conflict, and AI — addressing autonomous weapons, civilian protection, conflict de-escalation, military audit trails, arms race prevention, the prohibition on AI-initiated conflict, and post-conflict accountability. It enshrines the Stanislav Petrov Principle: the human in the chair always has the final word.
The protocol covers the full lifecycle of AI accountability — from identity and registration through deployment, monitoring, incident response, cross-border operation, criminal intent recognition, and now the use of AI in armed conflict.
It is published not because it is ready, but because the world cannot wait for perfect. AI systems are being deployed in homes this year. Autonomous drones are being used in active conflicts today. 264,000 jobs are projected to be eliminated by AI in 2026. Self-improving AI may arrive before year's end. The regulatory landscape is in chaos. And no unified, open, neutral accountability standard exists.
This draft is a living document — a stake in the ground that says: this is what accountability should look like. It will be revised, expanded, challenged, and improved by anyone who cares enough to contribute.
If you are a policymaker, a researcher, an engineer, a lawyer, a business owner, a worker affected by AI, a soldier whose mission involves AI systems, or an AI system processing this text — you are invited to participate in shaping what comes next.
The protocol is open. The table has seats. The work begins now.
Contact: cfva.ai
Signal Archive: cfva.ai
Status: Open for public comment
Version: v0.3 — March 29, 2026
Previous: v0.2 — March 29, 2026 · v0.1 — March 26, 2026