Decision Provenance Standard v1.0 · Reading Edition (rev. 8)

The Decision Provenance Standard: A Voluntary Record-Format Instrument for Audit-Ready Decision Provenance in Hybrid Human–AI Decision-Making

A Scholarly Summary of the Decision Provenance Standard™ v1.0 (rev. 8)

Author: Yohay Etsion, Founding Steward of the Decision Provenance Standard Institutional Steward: Etsion Brands Ltd. (Israeli holding company; institutional Steward role) Date: 2026-05-31 Standard text under summary: Decision Provenance Standard v1.0 (Reading Edition, rev. 8, 2026-05-30). Standard text licensed under Creative Commons Attribution 4.0 International (CC-BY 4.0); the separately-published open-source reference implementation is licensed under the MIT License (see §5 of this summary).

Not legal advice and not a peer-reviewed academic publication. This document is a scholarly summary of the Decision Provenance Standard, prepared by the Standard's Founding Steward as a drafting and triage aid for academic readers, peer-reviewers, and standards-body authors who wish to engage the Standard at a length shorter than the Standard's full normative text. It is not counsel; no attorney-client relationship is created by its production, distribution, or use. It is not a peer-reviewed academic publication; the verification chain underlying both the Standard and this summary is internal (the Standard's Appendix G §12.5 Verification Provenance and this summary's Section 6 acknowledge this forthrightly). Jurisdiction-specific questions, contested matters, and any decision with material legal or regulatory consequences require review by a licensed attorney in the relevant jurisdiction. Readers preparing academic citations against this summary should also consult the underlying Standard text directly; this summary cannot and does not replace it.

Jurisdictions Assumed: U.S. federal + Delaware (primary). United Kingdom (England & Wales, litigation framing). State of Israel (Protection of Privacy Law 5741-1981 and Etsion Brands Ltd. corporate seat). The European Union is engaged substantively through cross-references to the EU AI Act (Regulation (EU) 2024/1689) and the EU General Data Protection Regulation (Regulation (EU) 2016/679); the EU is a substantive cross-reference jurisdiction, not the summary's authoring jurisdiction. Readers whose academic submission targets a jurisdiction outside the four named treat every claim, qualification, and non-claim below as a hypothesis to verify with local counsel and the receiving editorial body.

Abstract

Modern organizations dispatch consequential decisions through a rapidly shifting mix of human and artificial-intelligence authorship. The decision-provenance gap — the absence of a stable record format describing how such decisions were made, by whom, with what review, and against what affirmation — exposes deployers to a fragmented compliance burden under multiple regulatory regimes and obstructs the organizational-learning benefits that structured decision records have long been argued to provide. Singh, Cobbe, and Norval (2018–2019) named decision provenance as a concept for accountable systems. The Decision Provenance Standard™ (v1.0, Reading Edition rev. 8, 2026-05-30) names and operationalizes that concept into a voluntary, self-published, CC-BY 4.0–licensed record-format instrument at the altitude of executive decision-making. This summary presents the Standard's four named contributions — an affirmative-human-act lifecycle gate, a human-versus-AI dispatch grammar as record-field primitive, an "informs without satisfying" voluntary-instrument posture, and an architecturally-enforced per-altitude consent regime — and situates them against the prior-art landscape including Singh-Cobbe-Norval (academic root), W3C PROV-AGENT (schema lineage at a different altitude), NIST AI RMF and ISO/IEC 42001 (voluntary-framework and management-system comparators), AGENTSAFE (adjacent agent-safety altitude), Trammell's Chief Executive Operating System (operating-system-altitude comparator), and Gartner's Bimodal IT discourse (terminology-lineage comparator with distinct technical sense). The Standard's contribution is the combination of these four primitives at a specific altitude under a specific governance posture; it is not the invention of decision provenance, voluntary-instrument framing, dispatch typology, or consent calibration as separate elements. The summary discusses governance (a single institutional Steward — Etsion Brands Ltd. — with a named Founding Steward operating under a public Charter), licensing (Standard text under CC-BY 4.0; the reference implementation, separately published, under the MIT License), and limitations the Standard's authors and external readers have surfaced (single-Steward institutional maturity short of established voluntary standards bodies; internal-only verification chain; jurisdictional defaults limited to four named jurisdictions; redaction-event schema as a v1.0 design subject to deployer-feedback iteration; methodological rigor short of peer-reviewed canonical work). The summary closes with the v1.0 → v1.0.1 → v1.1+ roadmap and an invitation for community engagement through the published submission targets.

A note on the revision under summary: the rev. 8 Reading Edition is a readability, de-defensiveness, thinning, and genericization pass over the prior text. The conformance contract is UNCHANGED from v1.0 — no field, lifecycle-state, enum, conformance-level, or signal-definition change. The substantive contributions this summary characterizes are therefore the same contributions present since v1.0; what rev. 8 changes is the Standard's presentation (a normative core plus four companions) and its decoupling from any companion book or reference-implementation product name in the normative text.

1. Introduction

The decision-provenance gap in modern organizations is not new, but the conditions that surface it are. Three converging pressures define the moment in which the Decision Provenance Standard is published.

First, the cost of recording decisions has fallen dramatically. The marginal cost of capturing a structured account of how a decision was reached — its inputs, its options, its rationale, its reviewers, its dispatch mode, its sign-offs — has been compressed by an order of magnitude through the combination of large-language-model-mediated drafting, structured-output schemas, and persistent organizational memory available to AI-augmented teams. What was once a discipline practiced by a small minority of high-functioning organizations under intensive manual effort is now available to any organization willing to install a record-format discipline.

Second, the regulatory landscape now intersects decision-making at altitudes previously unaddressed. The European Union's Artificial Intelligence Act (Regulation (EU) 2024/1689), notably Articles 14 (human oversight), 17 (provider quality-management-system obligations, distinct from the GDPR Article 17 erasure right), and 50 (transparency obligations toward natural persons receiving AI-generated content), imposes obligations whose discharge presupposes a recordable trace of authorship and review. The U.S. National Institute of Standards and Technology AI Risk Management Framework (NIST AI RMF 1.0, 2023) operationalizes a voluntary-instrument posture explicitly designed to inform regulated and unregulated activity alike. ISO/IEC 42001:2023 introduces a management-system standard for organizational AI governance. NYC Local Law 144 and Colorado SB 24-205 introduce algorithmic-decision-system audit requirements at the U.S. state and municipal levels. The Caremark line of Delaware fiduciary cases and Marchand v. Barnhill establish board-oversight expectations for risk-relevant decision-making. Across these frameworks, the obligation is the obligated party's; the structural inputs the obligated party uses to discharge the obligation are largely undefined.

Third, the authorship of consequential decisions is increasingly hybrid. A decision may be drafted by an AI worker against a defined Charter, reviewed by a named human, affirmed by a single accountable owner, and dispatched to an audience some of whom are themselves AI workers in downstream systems. A decision may instead be drafted by a human, with an AI worker enforcing completeness checks against a Charter's required fields. The two cases differ structurally — in who is the author of record, who is the reviewer of record, and what regulatory disclosure obligations attach — and yet most extant decision-recording practice does not capture the distinction at the schema altitude.

The contribution of the Decision Provenance Standard is that it names and operationalizes a combination of four primitives at the altitude of executive decision-making. The verb is intentional. Each of the four primitives draws on substrate concepts that pre-exist the Standard:

  1. Affirmative-human-act lifecycle discipline (Standard §5.2) draws on long-established record-keeping practice in regulated industries (medical sign-off discipline; FDA Part 11 electronic-signature requirements; aviation pre-flight checklists) and operationalizes that discipline as a record-level structural primitive at the executive-decision altitude.
  2. Mode 1 / Mode 2 dispatch as record-field primitive (Standard §2, §4) draws on existing analytic distinctions (Gartner's Bimodal IT discourse uses the same terms in a different technical sense; the literature on human-in-the-loop systems has long distinguished the two patterns) and operationalizes the distinction as a per-record dispatch_mode schema field that binds at decision-open and governs EU AI Act Article 50 disclosure metadata at Standard §4.6.
  3. "Informs without satisfying" voluntary-instrument frame (Standard §1.4, §8 lead, §11.3) draws on the voluntary-instrument literature (NIST AI RMF operationalizes a parallel posture in U.S. AI risk-management discourse) and operationalizes the posture as the load-bearing scope discipline for a voluntary record-format instrument.
  4. Per-altitude consent posture (Standard §11.3, §6.2.3.1) draws on data-protection scholarship (GDPR Article 6 and Article 22 jurisprudence; the German Bundesdatenschutzgesetz and Betriebsverfassungsgesetz interaction; UK ICO monitoring guidance) and operationalizes a graded consent regime in which the altitude of the record (executive / function-leader / team-leader / individual-professional) governs the consent posture, with all bindings architecturally enforced through the §6.2.3.1 access-policy layer rather than policy-asserted alone.

The claim, throughout this summary, is the combination. The Standard does not claim to have invented decision provenance, voluntary-instrument framing, dispatch typology, or consent calibration as separate elements. Singh, Cobbe, and Norval (2018–2019) introduced "decision provenance" as a concept for accountable systems; the Standard formalizes their concept into a record format with an explicit lifecycle, a dispatch grammar, and a conformance grading layer at the executive-decision altitude. The combination at that altitude, in a self-published CC-BY 4.0 instrument with a defensible Unauthorized Practice of Law firewall and an architecturally-enforced consent regime, is the contribution this summary describes.

The summary proceeds as follows. Section 2 surveys the prior-art landscape. Section 3 presents the Standard's normative content with verbatim reproduction of the load-bearing locked phrases from the Standard's text. Section 4 addresses governance and licensing. Section 5 briefly describes the reference implementation. Section 6 surfaces methodological limitations and open questions. Section 7 closes with a roadmap and invitation.

The Standard operates on a substrate of prior academic, standards-body, and practitioner-authored work. This section enumerates the substrate at academic-citation density and frames the Standard's combination against each named comparator with a named distinction. It corresponds to the Standard's own Related Work statement, relocated in rev. 8 to Appendix G §G.1 (origin §1.7).

Singh, Cobbe, and Norval (2018–2019): the academic root. Singh, Cobbe, and Norval, "Decision Provenance: Harnessing Data Flow for Accountable Systems," IEEE Access (2018–2019), introduce decision provenance as a concept for accountable systems. The paper is the academic root of the vocabulary the Standard operationalizes. The Standard formalizes Singh-Cobbe-Norval's concept into a record-format instrument with an explicit lifecycle (Standard §5), a dispatch grammar (Standard §2, §4), and a conformance grading layer (Standard §7) at the executive-decision altitude; the Standard does not claim derivation of the concept itself from any source other than Singh, Cobbe, and Norval.

NIST AI RMF and the voluntary-instrument family. The U.S. National Institute of Standards and Technology AI Risk Management Framework (NIST AI RMF 1.0, January 2023) is a voluntary framework whose posture explicitly informs regulated and unregulated activity without satisfying any specific regulatory obligation. The Decision Provenance Standard adopts the same family of posture and operationalizes it at the executive-decision-record altitude with explicit per-section non-claim discipline (Standard §1.4, §8 lead, §11.3). The two efforts are at different altitudes — NIST AI RMF is an organization-level AI risk-management framework, the Standard is a record-format instrument for the artifacts decisions produce — and the relationship is complementary, not derivative.

W3C PROV-AGENT: schema lineage at a different altitude. The World Wide Web Consortium's PROV-AGENT Community Group (2025; not yet a W3C Recommendation; community-group page at https://www.w3.org/community/prov-agent/) addresses machine-to-machine provenance traces for agent-mediated artifacts in distributed systems. The Standard's record-lifecycle and decision-record schema address human-judgment decisions at the executive-accountability altitude; the two efforts are at different altitudes and are complementary rather than derivative. Where a deployer's implementation surfaces both altitudes — for example, a Mode 2 record whose underlying agent activity was traced under PROV-AGENT-conformant tooling — the trace can be referenced from the Decision Provenance Standard record under §6 as supporting evidence the executive decision was made against.

ISO/IEC 42001:2023: a management-system comparator. ISO/IEC 42001:2023, "Information technology — Artificial intelligence — Management system," is a management-system standard with the Annex SL high-level structure (context, leadership, planning, support, operation, performance evaluation, improvement). The Decision Provenance Standard is a record-format standard, not a management-system standard. The two efforts compose at different altitudes: Decision Provenance Standard records function as documented information per Annex SL §7.5 in an organization whose Annex SL management system is governed by ISO/IEC 42001:2023 (or by the deployer's own management framework). The Standard's cross-reference (Companion A) is explicit about this altitude difference and does not claim that the two standards compose at the same altitude.

EU AI Act and EU GDPR: substantive regulatory cross-references. The European Union Artificial Intelligence Act (Regulation (EU) 2024/1689), with particular reference to Articles 14 (human oversight), 17 (provider quality-management-system obligations), and 50 (transparency obligations for AI-generated content reaching natural persons), and the EU General Data Protection Regulation (Regulation (EU) 2016/679) Article 17 (data-subject right to erasure / right to be forgotten), are the load-bearing EU regulatory cross-references for the Standard.

⚠️ Disambiguation: two unrelated Article 17s. Per the Standard's locked disambiguation, reproduced verbatim: "Two unrelated Article 17s. EU GDPR Article 17 is the data-subject erasure right; EU AI Act Article 17 is the provider quality-management-system obligation. The two share a number, cover entirely different subject matter, and engage different obligated parties." This disambiguation is non-negotiable on every surface where either Article 17 is cited; the present summary reproduces the Standard's prominence convention.

The Standard addresses the extraterritorial reach of EU AI Act Article 50 — the transparency-disclosure obligation travels with the artifact across borders when Mode 2 outputs reach EU natural persons, regardless of the deployer's primary jurisdiction. The Standard addresses the GDPR Article 17 erasure-right interaction with the Standard's affirmation discipline through the redaction-event record type (Standard §5.5, §6.2.3.2).

Trammell (2023): an operating-system-altitude comparator. Joel Trammell, Chief Executive Operating System (2023), authors at the CEO-seat operating-system altitude. The Standard's altitude is a record-format standard, not an operating system; the two efforts occupy different altitudes and the framings are distinct. The Standard does not claim derivation from Trammell. Readers familiar with Trammell's work should hold the two efforts as independent; Trammell addresses the CEO seat's operating discipline, the Standard addresses the record format for decisions across the executive line.

Gartner Bimodal IT: terminology-lineage comparator with distinct technical sense. The Standard's "Mode 1" and "Mode 2" names have independent lineage in Gartner's Bimodal IT discourse, where they name two distinct IT-delivery cadences (Mode 1: predictable, sequential, traditional; Mode 2: exploratory, agile, innovative). The Standard's use names a dispatch grammar — Mode 1 as human-led, AI-enforced; Mode 2 as AI-led, human-reviewed — in a distinct technical sense and does not claim derivation from Bimodal IT. The Standard's §2 (definitions) carries the binding definitions for the Standard's use of the terms; the Bimodal IT discourse and the Standard's discourse use the same labels in independent technical senses and readers should hold them apart.

AGENTSAFE: adjacent-altitude framework on agent safety. The AGENTSAFE framework for agentic AI safety (preprint, December 2025; arxiv pointer to be confirmed at academic publication) addresses safety properties of agentic AI systems at the system-design altitude. The Standard addresses human-judgment decision provenance at the altitude sitting above agent-system safety concerns. A deployer running agent-mediated workflows under AGENTSAFE-aware tooling produces decisions about that tooling at the executive altitude; those decisions are the Standard's territory. The two efforts are complementary at different altitudes.

Caremark / Marchand v. Barnhill: board-oversight fiduciary cases. In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), and Marchand v. Barnhill, 212 A.3d 805 (Del. 2019), establish in Delaware corporate law the board-oversight expectation that directors must implement a reasonable system to monitor mission-critical risks. The Standard's §8 cross-references engage the Caremark line as one of several substantive regulatory and fiduciary frameworks under which the Standard's records inform without satisfying.

RFC 2119 / RFC 8174: normative-keyword discipline. The Standard adopts the IETF normative-keyword discipline of RFC 2119 (Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels," BCP 14, RFC 2119, March 1997) as clarified by RFC 8174 (Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words," BCP 14, RFC 8174, May 2017). The Standard's normative-keyword declaration appears at the top of its text and governs the explicit-level discipline of "MUST" / "SHOULD" / "MAY" within the Standard's otherwise-normative envelope.

The combination of these comparators frames the Standard's contribution. The Standard names and operationalizes a combination that no single named comparator combines; the contribution is in the structural composition, not in any single element. Where novelty is claimed in this summary, a named comparator and a named distinction appear in the same passage; no bare claim of novelty without comparator appears below.

3. The Standard

This section presents the Standard's normative content at academic-summary length. Each load-bearing primitive is described with the Standard's verbatim language where the Standard's drafting is itself the contribution. Four passages are reproduced as block quotes; paraphrase on these passages re-creates exposure the Standard's normative text was carefully drafted to avoid.

In rev. 8 the Standard is organized as a normative core (Sections 1–12) plus four companions: Companion A — Regulatory Cross-References (the substantive framework-by-framework mapping), Companion B — Worked Charter Library (worked examples of Charters), Companion C — Implementation Guidance (the install path), and Companion D — Diagrams (the figures with full text-alternatives). Appendix G — Governance and References aggregates the Related Work statement, the voluntary-adoption discipline, the recognition mechanics, and the bibliography, and carries the version-stability rules as a normative annex. This summary engages the normative core and Appendix G; Companions A through D are referenced where they carry the substantive territory.

3.1 Scope and Claim

The Standard claims a single thing: that the artifact set defined in its normative text, produced and maintained per the requirements stated therein, constitutes audit-ready decision provenance.

The locked one-line definition of the term — load-bearing across every section of the Standard and every reader-facing surface — appears verbatim in the Standard's §1.4.1:

Audit-ready decision provenance is a structured record of how a decision was made — inputs, reviewers, dispatch mode, sign-offs — that counsel and auditors can use as input when preparing evidence, certifications, or attestations; the provenance itself is not evidence, certification, or attestation. (Standard §1.4.1, locked verbatim across all surfaces.)

The "is not evidence, certification, or attestation" clause is the Standard's load-bearing Unauthorized Practice of Law (UPL) firewall and is non-negotiable on every surface where the term is introduced. Counsel and auditors convert audit-ready decision provenance into evidence, certifications, or attestations as their professional judgment requires; the artifacts produced under the Standard do not.

3.2 The Artifact Set

The Standard formalizes a single artifact set whose elements interlock: Charters (the type of decision), decisions (instances under a Charter), decision records (the artifacts a decision produces), schedules of records (the deployer's commitment to maintain a defined record corpus), conformance signals (machine-readable assertions on a record), conformance levels (graded self-declarations on a Charter), and disclosure metadata (the transparency-disclosure block on Mode 2 records reaching natural persons). The Standard's §2 enumerates each term with a single binding definition.

A Charter is the artifact that binds an organization to a decision-making mechanism for a recurring decision class. It names the decision class, the accountable owner, the inputs the decision requires, the cadence on which the decision is made, the success criteria the decision is held against, the escalation rule the decision invokes when its scope is breached, and the re-decision trigger that reopens the decision when outcome or market evidence demands. A Charter is not a contract; a Charter is not a regulatory filing; a Charter is the operational commitment an organization makes to a way of deciding, recorded in a form that survives leadership transitions.

A decision record is a single instantiated, persistent, findable artifact that captures one decision. It carries: a stable decision identifier; a single named accountable owner at the time of decision; a date decided; a pointer to the Charter under which the decision was made; the decision statement in plain language; the context at the time of decision; the options considered and the rationale for the option chosen; the inputs used (with version or date); the assumptions the decision depends on; the success criteria the decision is held against (with leading, mid, and lagging indicators); the re-decision trigger that reopens the decision; related decisions (parent, sibling, superseded); a record location that is durable, searchable, and linkable from the Charter that governs the decision class; the dispatch mode under which the decision was made; the altitude at which the decision was authored; and the lifecycle state the record currently occupies (draft, reviewed, or affirmed), with affirmation event and seal hash recorded at the moment the record reaches affirmed.

3.3 The Lifecycle: Affirmative-Human-Act Discipline

The Standard's first named contribution is the affirmative-human-act lifecycle discipline. A decision record progresses through three states — draft, reviewed, affirmed — and the gate that admits a record into affirmed is the load-bearing structural primitive. The Standard's §5.2 reads verbatim:

A record SHALL NOT enter the affirmed state without an explicit human affirmation event recorded in §5.1(3). Implementations MUST NOT auto-promote records based on time elapsed, absence of objection, default approval, or any passive signal. Affirmation is an affirmative human act. (Standard §5.2, load-bearing.)

This passage names a specific failure mode (passive promotion to affirmed status by time-elapsed, absence-of-objection, default-approval, or other passive signal) and forbids it as a structural matter at the record level. The Implementation Guidance pitfall narrative (Companion C) operationalizes the rule with a concrete failure-mode example; the §7 conformance signal no_passive_promotion_to_affirmed_in_sample (a Level-2 conformance signal) operationalizes a deployer's structural commitment that no passive promotion has occurred in a representative sample of records.

The affirmative-human-act discipline distinguishes the Standard from passive-log frameworks (where a log entry records that something happened but no affirmation gate exists) and from automated-decision-making systems (which can trigger GDPR Article 22 concerns by producing legal-effect-relevant decisions without meaningful human involvement). It is the move that earns the "human-judgment decision provenance" altitude framing the Standard claims.

3.4 Dispatch Mode as Record-Field Primitive

The Standard's second named contribution is the Mode 1 / Mode 2 dispatch grammar as a per-record dispatch_mode schema field. Standard §2 defines Mode 1 — Human-Led, AI-Enforced — as the dispatch mode in which a human authors the decision and an AI worker checks the human's work against the Charter; the human is the author of record and the AI worker is the discipline mechanism. The same section defines Mode 2 — AI-Led, Human-Reviewed — as the dispatch mode in which an AI worker authors the decision (analysis, options framing, recommendation) and a human reviews the AI-authored draft before action; the AI worker is the author of record and the human is the reviewer of record.

The grammar binds at decision-open: every decision dispatched under a Charter declares its dispatch mode in the decision record before any other field is written. The grammar governs Article 50 disclosure metadata at Standard §4.6: a Mode 2 decision whose output reaches a natural person carries the five required transparency-disclosure metadata fields (the EU AI Act Article 50 disclosure block); a Mode 1 decision whose output is also AI-generated content reaching a natural person carries the same disclosure obligation under Standard §4.6's content-level edge case (the mode-1-with-embedded-mode-2-summary enumerated value). The grammar grades into Conformance Level 2 (Mode-disambiguated conformance) under Standard §7.

The contribution is not the analytic distinction between human-led and AI-led dispatch — that distinction is named in earlier literature on human-in-the-loop systems and in the Bimodal IT discourse using the same labels in a different technical sense. The contribution is the operationalization of the distinction at the record-field altitude in a self-published open record-format standard with binding at decision-open and grading into a conformance level. The dispatch grammar is what allows a deployer's records, an auditor's review, and a regulator's transparency-disclosure assessment to read the same schema field and reach the same answer to the question "who authored this decision?"

3.5 The "Informs Without Satisfying" Voluntary-Instrument Frame

The Standard's third named contribution is the "informs without satisfying" voluntary-instrument frame. The Standard's §8 lead paragraph (locked verbatim) reads:

Decision Provenance Standard records inform — without satisfying — regulatory frameworks. A Decision Provenance Standard record may be cited as supporting evidence under NIST AI RMF, ISO/IEC 42001, EU AI Act and equivalent frameworks. It does NOT itself satisfy any control, requirement, or audit obligation under those frameworks. Adopting organizations remain responsible for their own regulatory posture. (Standard §8 lead paragraph, locked verbatim.)

The frame is operationalized in three structural moves. First, each regulatory cross-reference (EU AI Act Article 14; EU AI Act Article 17; EU GDPR Article 17; EU AI Act Article 50; NIST AI RMF Manage 4.1; ISO/IEC 42001; SOC 2 Type II; COSO 2013; SOX §404; Caremark / Marchand; and the HR-side block on NYC Local Law 144, Colorado SB 24-205, GDPR Article 22, EU Platform Work Directive, UK ICO monitoring guidance, Israel PPL 5741), engaged substantively in Companion A, follows the same three-part structure: what the framework requires; how the Standard's primitives map to that framework's elements; an explicit non-claim that the Standard's mapping satisfies the framework's requirements.

Second, the §1.4 non-claim list enumerates what the Standard does not claim, in language designed to be read by a regulator or plaintiff's counsel against the Standard: not evidence, not certification, not attestation, not a regulatory substitute, not legal advice. The verb discipline of the Standard reinforces the non-claim list: the Standard uses process verbs — records, documents, structures, binds, commits, emits, informs, supports — and avoids regulatory verbs — satisfies, ensures, certifies, guarantees, proves — outside of quoted framework names.

Third, the §11.3 voluntary-adoption discipline (treated in Section 4 of this summary) makes the self-declaration mechanism explicit at the organizational altitude. The combination of §1.4 non-claim discipline at the artifact altitude, §8 / Companion A cross-reference discipline at the framework altitude, and §11.3 self-declaration discipline at the organizational altitude produces a coherent voluntary-instrument posture that voluntary AI-governance frameworks rarely achieve in a single coherent surface.

The Standard's fourth named contribution is the per-altitude consent posture. The Standard recognizes four altitudes at which decision records may be authored: executive (board, C-suite, equivalent); function-leader (head of function, VP-equivalent); team-leader (manager of a team); and individual-professional (an individual contributor's professional decisions). The altitude is recorded on every decision record as the altitude schema field per Standard §6.2.3.

The consent posture grades by altitude. At executive altitude, record creation is voluntary at the deployer altitude — the executives whose decisions the records describe are the deployer's named accountable owners, and the deployer's authority to maintain such records flows from corporate governance. At function-leader, team-leader, and individual-professional altitudes, separately-obtained-and-revocable consent is required from the affirmer; the consent is not bundled with the affirmer's offer letter; it is not buried in the employee handbook; it is use-case-scoped under the Charter's use_case_scope_limit_declaration field; and a Data Protection Impact Assessment determined floor governs team-level aggregation.

The structural innovation is that the consent posture is architecturally enforced, not policy-asserted alone. The Standard's §6.2.3.1 access-policy binding requirement (the Standard's normative text, paraphrased here for length) provides: a record SHALL NOT be written at altitude: individual-professional unless the deployer's access-policy layer enforces, at write time, that the affirmer has consented to individual-altitude record creation under the Charter's use-case scope limit and that the consent is not stale per the Charter's consent-refresh cadence; a deployer whose access-policy layer does not perform these bindings SHALL NOT self-declare Conformance Level 2 or above.

The architectural enforcement is what distinguishes the posture from voluntary AI-governance frameworks that recommend consent practices but do not bind them into the artifact-level write path. The §6.2.3.1 binding makes the consent posture inspectable at the record level: an auditor reading a deployer's records can verify the access-policy layer's enforcement against a representative sample without relying on policy claims about practice.

The works-council consultation requirement at Standard §11.3 (German Betriebsverfassungsgesetz §87, French Code du travail Article L. 2312-26, Dutch Wet op de ondernemingsraden, or analogous EU/UK consultation or co-determination regimes) extends the per-altitude consent posture into the works-council jurisdictions: where a Charter operates in such a jurisdiction and authorizes records at function-leader altitude or below describing natural persons, the Charter SHALL complete works-council pre-consultation and record the consultation in the Charter's works_council_consultation_record sub-field. The works-council consultation discipline is a serious engagement with employment-law realities that voluntary AI-governance frameworks typically address only at the policy altitude; the Standard binds it to the Charter's lifecycle.

3.7 Conformance and the Section 7 Grading Layer

The Standard's §7 specifies three conformance levels at which a Charter may self-declare conformance with the Standard. Conformance Level 1 (Charter-Conformant) requires that a Charter has reached the fields-completed lifecycle state: it names its decision class, names its accountable owner (one human), populates its mode_declaration with one of three enumerated values, commits a non-empty schedule of records, resolves its record_location to a durable surface, meets a two-class minimum on re_decision_triggers, and populates its escalation_rule with a named, exact trigger. Conformance Level 2 (Mode-Disambiguated) requires that every record under the Charter carries its dispatch_mode field, every Mode 2 record carries a complete Article 50 disclosure metadata block, every Mode 1 edge-case record carries a per-record disclosure block at the embed point, and the schedule-of-records sample audit returns no silent-drift findings. Conformance Level 3 (Continuously Auditable) requires that re-decision triggers fire and produce records on the Charter's declared cadence, the escalation rule produces records when invoked, disclosure metadata blocks carry a current last_reviewed_at per the Charter's review cadence, and the schedule of records is queryable and exportable for counsel and auditor review on demand.

Conformance is self-declared by the adopting organization at every level. There is no certification body. There is no auditor pool. The Standard's Steward does not certify, accredit, audit, stamp, or grade any organization. The §11.3 self-declaration discipline is the load-bearing organizational-altitude binding (treated in Section 4 of this summary). The Standard's R-005 minor-release non-break commitment (Appendix G §G.7, a normative annex) holds a deployer's pre-release Conformance Level grade stable across minor releases of the Standard except where the release explicitly enumerates the grade as broken — so that the structural-input value of a grade is stable for the counsel and auditors who consume it.

3.8 Redaction Events and Seal Integrity

The Standard adds the redaction_event record type at §5.5 (lifecycle treatment), §6.2.3 (schema treatment), and §6.2.3.2 (access-policy binding). The redaction-event record type addresses the interaction between the affirmation discipline (a record's seal_hash is immutable once affirmed) and the GDPR Article 17 right to erasure (a data subject has the right to request erasure of personal data, subject to Article 17(3) exceptions).

The structural pattern: a redaction event is itself a decision record under the Standard, with the target_record_hash field pointing to the seal_hash of the prior affirmed record being redacted and the target_decision_id field pointing to the prior record's stable identifier. The redaction event SHALL NOT modify the original record; the original's seal_hash remains valid and verifiable against archival storage. The deployer's operational store may delete or redact the original record's content per the deployer's data-protection logging; the redaction-event record establishes an audit-trail moment at which the redaction was authorized, by whom, against which Article 17(3) ground (or which deployer-internal retention policy), and at which timestamp.

The redaction-event schema is a v1.0 design subject to deployer-feedback iteration. The cross-reference to GDPR Article 17 (Companion A) is explicit that the structural enforceability the redaction-event schema provides is at the audit-trail-integrity altitude; substantive Article 17 analysis (whether a specific data subject's request applies; whether a specific Article 17(3) ground supports archival retention; whether the deployer's accountability framework substantively constitutes a §17(3)(b) legal obligation under the regulator's interpretation) is the deployer's counsel's territory.

4. Governance

4.1 Voluntary Adoption, Self-Declared Conformance

The Standard's §11.3 voluntary-adoption discipline (locked verbatim) reads:

An organization self-declares Conformance Level X against the Standard per §7. The Standard's Steward (per §11.2) does NOT certify, accredit, audit, stamp, or grade any organization. There is no certification body, no auditor pool, no plan to create either. (Standard §11.3, load-bearing.)

The posture is deliberate. The absence of a certification body is not a deficit relative to certified-standards regimes (CMMI, SOC 2, ISO certifications); it is a posture choice. A certification body would introduce a third-party gate between the deployer's installation and the deployer's claim of conformance; that gate would require accreditation infrastructure, an auditor pool with conflict-of-interest discipline, and a fee structure to sustain the infrastructure. The Standard's authors take the view that the structural integrity of the Standard's normative text is the load-bearing input to the deployer's installation, and that the deployer's counsel and auditors converting that input into evidence, certifications, or attestations is the correct division of labor.

The "stamp the tool, not the org" discipline at Standard §11.1 reinforces the posture at the trademark altitude: a vendor whose tool implements the Standard's primitives may describe its tool as "implementing the Decision Provenance Standard" subject to the trademark's permitted-use conditions; a vendor MAY NOT describe its customer organizations as "certified by the Standard" or "Standard-compliant" through that vendor's installation. The trademark protects against the Lanham Act §1054 certification-mark posture that would otherwise attach if the Standard's name were used to grade or stamp organizations.

4.2 The Steward Role: Etsion Brands Ltd. as Institutional Steward

The Standard's institutional Steward is Etsion Brands Ltd., an Israeli holding company. The Founding Steward is Yohay Etsion, who operates the Standard's authoring under a Charter consistent with §3 of the Standard. The Steward role is defined at Standard §11.2 with an enumerated list of non-roles: the Steward does NOT certify, audit, operate a registry, or speak for any deployer's regulatory posture. The Steward maintains the Standard's normative text, processes errata, manages the Standard's versioning discipline, and represents the Standard in good-faith engagement with other standards-development organizations and academic venues.

The Steward governance is honest about what it is. The Steward is a single-author holding company; it is not a multi-stakeholder standards-development organization. The institutional architecture is immature relative to established voluntary standards bodies (W3C with its multi-stakeholder process; ISO with its national-bodies; NIST as a federal agency; IEEE-SA as an accredited standards-development organization). The Standard's authors and external readers have surfaced this maturity gap forthrightly (see Section 6 of this summary). The Steward's plan for evolution is described in the Standard's §11.2 (succession discipline) and in the Standard's submission targets for institutional venues (W3C Community Group at v1.0.1; OECD AI Policy Observatory case-study submission at v1.0.1; potential IEEE-SA Industry Connections engagement at v1.0.1; deferred ISO/IEC JTC1 SC42 engagement until external driver surfaces).

4.3 Etsion Brands as Institutional Bridge

Etsion Brands Ltd. serves as the institutional bridge between the Founding Steward (a natural person) and the Standard (an open artifact under CC-BY 4.0). The corporate seat in Israel provides a stable legal entity for the Steward role's institutional duties — trademark holding, errata processing, version-discipline maintenance, good-faith engagement with external venues — that a natural-person Steward cannot perform with the same continuity. The bridge is honest about its character: it is a single-author holding company, not a multi-stakeholder consortium. The institutional weight the bridge confers is the weight of a continuity-providing corporate entity, not the weight of a multi-stakeholder accredited standards body.

4.4 License: CC-BY 4.0 on Standard Text, MIT on the Reference-Implementation Code, Defensive Trademark on Name

The Standard's licensing has three distinct components, and conflating them is a common error the present summary corrects explicitly:

  1. The Standard text is licensed under the Creative Commons Attribution 4.0 International License (CC-BY 4.0). Under that license, any reader, deployer, vendor, consultancy, regulator, academic, or other party may read, cite, adopt, extend, or fork the Standard text with attribution. The CC-BY 4.0 license is the structural protection against vendor-capture: no party can fork the Standard into a proprietary surface and lock other parties out.
  2. The separately-published open-source reference-implementation code is licensed under the MIT License. Per Appendix G §12.4, the reference implementation is code and is MIT-licensed; the Standard's own text is separately licensed under CC-BY 4.0. The two licenses cover two different artifacts — normative text (CC-BY 4.0) and runnable code (MIT) — and a reader should not assume one license governs both.
  3. The trademark on the name "Decision Provenance Standard" is held defensively by Etsion Brands Ltd. as Steward, separate from both licenses above. Per CC-BY 4.0 §2(c) ("Patent and trademark rights are not licensed under this Public License"), trademark rights are not licensed with the text. The trademark protects against three specific misuses: (i) parties certifying or grading organizations "against the Standard" without authorization; (ii) parties extending or forking the Standard's text and using the original name to confuse readers about the Standard's source; (iii) parties using the Standard's name to suggest regulator endorsement or third-party validation that does not exist.

The §11.1 trademark convention specifies the permitted uses (citing the Standard with attribution; describing a deployer's installation as grounded in the Standard; describing a vendor's tool as implementing the Standard's primitives subject to the "stamp the tool, not the org" discipline) and the prohibited uses (representing the Standard or any installation grounded in the Standard as certified, attested, accredited, or regulator-endorsed; representing the Steward as having reviewed or endorsed a third party's installation; using the trademark to certify, accredit, audit, grade, or stamp any third party).

5. Reference Implementation

A working open-source reference implementation is published under the MIT License and described in the Standard's Appendix G §12.4. The reference implementation implements the Standard's structural requirements — the Charter mechanism (Standard §3), the decision-record schema (Standard §5–§6), and the conformance levels (Standard §7) — as runnable artifacts usable by a deploying organization.

The reference implementation is not part of the Standard's normative body. The Standard does not depend on it. A deployer may install the reference implementation as-is, fork it, adapt it, or implement the Standard against entirely different tooling. The reference implementation exists to demonstrate that the Standard's primitives compose into a runnable artifact; the demonstration does not bind the Standard's normative text to any particular implementation.

The relationship between the Standard and the reference implementation is the relationship that voluntary record-format standards typically maintain with their reference implementations: the standard is the normative artifact (CC-BY 4.0 text); the implementation is the demonstration that the standard is implementable (MIT-licensed code); the deployer's installation is the operational artifact. Adoption of the reference implementation does not constitute conformance with the Standard, and conformance with the Standard does not require adoption of the reference implementation. The two artifacts are co-published and complementary; they are not identical, and they are licensed differently.

6. Limitations and Open Questions

This section surfaces methodological limitations, governance-maturity gaps, and open questions the Standard's authors and external readers have identified. The summary's posture on limitations is the Standard's own posture: forthright acknowledgment, neither denial nor minimization.

Methodological rigor: internal verification chain, not external peer review. The Standard's Appendix G §12.5 (Verification Provenance) declares the verification chain that produced the Standard's normative text: a sequence of phased reviews against the Standard's evolving drafts by named roles including specialist roles in legal, privacy, IP, architecture, product management, and product marketing. The verification chain is internal — the named reviewers are roles within the author's own review process, not external counsel, external auditors, or external academic peer reviewers. An external reader of the Standard (an AI-governance-researcher review at an earlier revision, scoring "Methodological rigor" against the academic-canonical-source bar) has acknowledged this forthrightly and the present summary acknowledges it in turn. The verification chain is honest about what it is: a single-author drafting discipline with AI-mediated specialist-role review, not a multi-stakeholder consensus process at the W3C / ISO / IETF altitude. The reader's evaluation of the Standard's substantive contributions should be made on the strength of the Standard's normative text, not on the strength of an external peer-review imprimatur the Standard does not yet carry.

Governance maturity: single Steward, not yet a multi-stakeholder working group. The Steward role (Etsion Brands Ltd. as institutional Steward; Yohay Etsion as Founding Steward) is single-author by present design. Established voluntary standards bodies (W3C with member organizations; ISO with national bodies; NIST as a federal agency; IEEE-SA as an accredited SDO; OASIS with corporate-member technical committees) carry institutional weight the single-Steward governance does not yet match. The Standard's roadmap addresses this through the v1.0.1 submission targets — a W3C Community Group is the highest-likelihood institutional placement in the v1.0.1 window, with OECD AI Policy Observatory case-study submission and IEEE-SA Industry Connections as parallel candidates — but the governance-maturity gap is real at v1.0 and is acknowledged here as it is acknowledged in the Standard itself.

Peer-review status: self-published primary source, not peer-reviewed canonical work. The Standard is a self-published artifact authored by a single named individual (Yohay Etsion) under CC-BY 4.0. It has not been through external academic peer review. The present summary's contribution as a scholarly document is the contribution of a primary source authored by the Standard's Founding Steward; it is not peer-reviewed work. Academic readers citing the present summary should treat it as a primary source (a self-published authored summary of the Standard's content) and consult the underlying Standard text directly for substantive engagement. Submission of a peer-reviewable academic paper based on the present summary is the v1.0.1 target tracked under the AI Ethics Journal (Springer, open-access track) submission and the FAccT 2027 submission (for the v1.0.1 / v1.1 window).

Jurisdictional defaults: four named jurisdictions, not global. The Standard is authored against an explicit primary jurisdiction (U.S. federal + Delaware) with three named secondary jurisdictions (United Kingdom; European Union for AI Act and GDPR cross-references; State of Israel). Deployers operating in jurisdictions outside the four — including but not limited to Canada, Switzerland, Singapore, Australia, Japan, Brazil, Mexico, India, the Gulf Cooperation Council, and any other jurisdiction not explicitly enumerated — read the Standard as structural input and verify every regulatory cross-reference, every conformance criterion, and every disclosure-metadata requirement against local counsel. The Standard's vocabulary and dispatch grammar are jurisdictionally portable; the regulatory cross-references and the litigation-framing assumptions are not. The roadmap addresses this through future revisions adding named secondary jurisdictions (Singapore Model AI Governance Framework, Brazil's AI Bill, India's DPDP Act, China's PIPL Article 24 on automated decision-making) as deployer demand and reviewer capacity emerge.

HR-altitude maturity. The Standard's HR-altitude treatment (§11.3 per-altitude consent; §11.3 works-council consultation; the HR-side regulatory block on NYC LL 144 / Colorado SB 24-205 / GDPR Article 22 / EU Platform Work Directive / UK ICO monitoring guidance / Israel PPL 5741, engaged in Companion A; §6.2.3.1 access-policy bindings) is HR-altitude-mature at v1.0 but evolving. A Chief Human Resources Officer review surfaced four areas for v1.0.1 attention: (i) deeper engagement with the works-council consultation failure modes when consultation is incomplete or the works council disagrees; (ii) jurisdictional expansion of the algorithmic-decision-system audit cross-references beyond the named four; (iii) longitudinal individual-altitude consent revocation mechanics under the Charter's consent_refresh_cadence field; (iv) sectoral overlay for highly-regulated employment contexts (financial services, healthcare, regulated transport). Employment-counsel reinforcement at v1.0.1 will address these, subject to the substantive validation discipline of the Standard's verification chain.

Redaction-event schema: v1.0 design subject to deployer-feedback iteration. The redaction-event record type is a v1.0 design subject to deployer-feedback iteration. The structural pattern is clean (a redaction event is itself a decision record; the original seal_hash remains immutable; the audit-trail moment is preserved at redaction time), but the operational details of how a deployer's data-protection logging interacts with the redaction-event record's redaction_timestamp field, how the §6.2.3.2 access-policy binding interacts with the deployer's existing access-control layer, and how the non-claim discipline interacts with substantive Article 17 jurisprudence at the deployer altitude are subject to iteration as deployer installations surface operational learning. The schema as drafted is a starting point, not a finalized v1.0 commitment; the v1.0.1 window will incorporate deployer feedback per the Standard's §11.2 versioning discipline.

Artifact independence: the Standard reads as a standalone generic standard. The rev. 8 Reading Edition explicitly decouples the Standard's normative text from any companion book or reference-implementation product name. Earlier revisions carried framing that tied the Standard to a companion book through a shared mnemonic; external readers flagged that framing as entangling the Standard with a commercial launch in ways that compromise the artifact's perceived independence. The rev. 8 surface and the present summary handle this concern by separating the artifact altitudes: the present summary engages the Standard as the normative artifact (its own contribution); a companion book exists and may be named in the Standard's Related Work (Appendix G §G.1) and in this summary's References for completeness, but it is not a structural input to either the Standard's normative text or to this summary; the reference implementation is described at Section 5 of this summary as a co-published complementary artifact, not as part of the Standard's normative body. Academic readers may engage the Standard as the self-contained normative artifact the present summary addresses.

Reader-time ROI: length-to-contribution ratio. The Standard's full text is long for a researcher reading it cold without companion materials; the rev. 8 thinning-and-companion restructuring is one structural response (a lean normative core with the regulatory cross-references, worked Charter library, implementation guidance, and diagrams moved to companions). The present summary is a second structural response: a scholarly summary that strips internal-process scaffolding and presents the load-bearing contributions at academic-citation density. The Standard's authors intend the summary as the entry point for academic and standards-body readers, with the Standard's full normative text as the substantive reference for deployers, counsel, auditors, and regulators reading at substantive depth.

Open question: the relationship between the Standard's posture and the academic-canonical-source threshold. The path from a self-published artifact to a peer-reviewed canonical source runs through external multi-stakeholder review (a W3C-style working group, an OASIS-style technical committee, or equivalent), a longer-form academic publication (FAccT 2027, AI Ethics Journal open-access track), and a maturation of the Steward governance into a more institutionally-distributed posture. The Standard's authors and the Steward acknowledge this trajectory and have published the submission targets that pursue it through the v1.0.1 and v1.1+ windows. The trajectory is the Standard's own; its successful traversal depends on community engagement the Standard is published to invite.

7. Conclusion

The Decision Provenance Standard names and operationalizes a combination of four primitives — an affirmative-human-act lifecycle gate, a human-versus-AI dispatch grammar as record-field primitive, an "informs without satisfying" voluntary-instrument posture, and an architecturally-enforced per-altitude consent regime — at the altitude of executive decision-making. The combination is the contribution. The Standard is voluntary, self-declared, CC-BY 4.0 licensed on its text (with the separately-published reference implementation under the MIT License), and stewarded by a single institutional Steward (Etsion Brands Ltd.) with a named Founding Steward (Yohay Etsion). It is not peer-reviewed; the verification chain is internal; the Steward governance is single-author; the jurisdictional defaults are four-named. These are real limitations and the Standard's authors and external readers have surfaced them forthrightly. The rev. 8 Reading Edition under summary changes presentation, not contract: the conformance contract is unchanged from v1.0.

The roadmap proceeds through three submission windows. The launch window targets practitioner placement, executive-altitude placement (MIT Sloan Management Review / Harvard Business Review for article-about-the-Standard pitches), institutional-credibility engagement (NIST AI RMF community engagement), and academic placement (AI Ethics Journal open-access track, with FAccT 2027 deferred to v1.0.1 / v1.1). The v1.0.1 window targets institutional placement: a W3C Community Group as the highest-likelihood pre-standardization home; an OECD AI Policy Observatory case-study submission as the highest international-policy-credibility move; IEEE-SA Industry Connections engagement sequenced after the W3C Community Group result; OASIS Technical Committee formation contingent on a named corporate co-sponsor. The v1.1+ window targets IETF Internet-Draft submission contingent on wire-format emergence; ISO/IEC JTC1 SC42 engagement remains explicitly deferred until a named external driver surfaces (deployer-customer request, national-body approach, regulatory adoption pressure).

The Standard invites community engagement. The text is open under CC-BY 4.0. The reference implementation is open under the MIT License. The Steward's contact and the Standard's submission process for proposed revisions, errata, and community-page recognition of self-declaring adopters are documented in Appendix G §G.11.4 (recognition of self-declaring adopters) and §11.2 (Steward role definition and succession). The Standard is published not as a finished artifact but as a starting point: a v1.0 normative text against which deployer installations, academic engagement, and standards-body conversation will produce the iteration to v1.0.1, v1.1, and beyond. The field is the better for the artifact's existence; the artifact will be the better for the field's engagement.

Cannot Assess Without Licensed Counsel

The present summary is a scholarly summary of the Decision Provenance Standard. It does not constitute substantive legal validation. The following are explicitly out of scope and require qualified-personnel review before any submission to an academic venue, any installation by a deployer, any reliance by counsel or auditors, or any other action grounded in the Standard's text:

The substantive validation of the Standard's content remains the territory of qualified personnel: counsel admitted in the relevant jurisdictions, the editorial-review chain of the receiving academic venue, the deployer's installation review by deployer counsel and auditors, and where applicable an academic-press editor familiar with voluntary-instrument scholarship.

References

Bradner, S. (1997). Key words for use in RFCs to Indicate Requirement Levels. BCP 14, RFC 2119. Internet Engineering Task Force. https://www.rfc-editor.org/rfc/rfc2119

In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).

Etsion, Y. (2026a). Decision Provenance Standard v1.0 (Reading Edition, rev. 8). Etsion Brands Ltd. (Steward). Creative Commons Attribution 4.0 International (CC-BY 4.0). [Canonical URL to be confirmed at publication; canonical hosting at the Etsion Brands Ltd. Standard surface.]

Etsion, Y. (2026b). Decision Provenance Standard — reference implementation. Open-source reference implementation. MIT License. [Repository URL to be confirmed at publication.]

Etsion, Y. (2026c). Vision to Value: A Blueprint for Product Organizations. Companion book; named for completeness only and not a structural input to the Standard's normative text or to this summary. [Publication details to be confirmed at academic citation time.]

European Parliament and Council of the European Union. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). OJ L 119, 4.5.2016.

European Parliament and Council of the European Union. (2024). Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act). OJ L, 12.7.2024.

International Organization for Standardization & International Electrotechnical Commission. (2023). ISO/IEC 42001:2023 — Information technology — Artificial intelligence — Management system. ISO/IEC.

Leiba, B. (2017). Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. BCP 14, RFC 8174. Internet Engineering Task Force. https://www.rfc-editor.org/rfc/rfc8174

Marchand v. Barnhill, 212 A.3d 805 (Del. 2019).

National Institute of Standards and Technology. (2023). AI Risk Management Framework (AI RMF 1.0). U.S. Department of Commerce. https://www.nist.gov/itl/ai-risk-management-framework

Singh, J., Cobbe, J., & Norval, C. (2018). Decision Provenance: Harnessing Data Flow for Accountable Systems. IEEE Access, 7. https://ieeexplore.ieee.org/document/8395145

Trammell, J. (2023). Chief Executive Operating System. [Publisher details retained per Standard Appendix G §G.1 Related Work paragraph.]

World Wide Web Consortium. (2025). PROV-AGENT Community Group. https://www.w3.org/community/prov-agent/ (Community Group output; not yet a W3C Recommendation.)

AGENTSAFE. (2025, December). Agentic AI safety framework. arXiv preprint. (Pointer to be confirmed at academic publication; specific arXiv identifier verification pending per Standard Appendix G §12.3.3 placeholder convention.)

Scholarly summary of the Decision Provenance Standard™ v1.0 (Reading Edition, rev. 8) — 2026-05-31 — Yohay Etsion, Founding Steward, under the institutional Steward role held by Etsion Brands Ltd. Drafting and triage aid for academic readers, peer-reviewers, and standards-body authors. Standard text under CC-BY 4.0; reference-implementation code under the MIT License. Not counsel; not peer-reviewed canonical work.

Decision Provenance Standard™ v1.0 — Reading Edition (rev. 8). Open standard under CC-BY 4.0. Not a certified product. Not legal advice. Not a regulatory substitute. Founding Steward: Yohay Etsion; institutional Steward: Etsion Brands Ltd.
Contents