Decision Provenance Standard — Frequently Asked Questions
The Decision Provenance Standard™ · v1.0 · open standard, CC-BY 4.0
1. What is the Decision Provenance Standard?
It is an open record format: a defined, closed set of building blocks for writing down how a consequential decision was made — by whom, against what information, with what review, and at what moment it was affirmed. It works whether a human or an AI produced the underlying analysis. The goal is to turn "how was this decided?" into a record you can find in thirty seconds and trust, instead of something reconstructed from email and memory.
2. What problem does it solve?
Organizations make consequential decisions every day, increasingly through a mix of people and AI. Later, no one can reliably reconstruct how a given decision was made. As AI authors more of the underlying work, the line of responsibility also blurs. The Standard closes both gaps: it makes decisions affirmable, auditable, and resumable, and it keeps responsibility human as AI does more of the work.
3. Is it legal advice?
No. The Standard is not legal advice and not a regulatory substitute. No attorney-client relationship is created by reading, citing, or adopting it. Any decision with material legal or regulatory consequences requires review by a licensed attorney in the relevant jurisdiction.
4. Does adopting it make me compliant with regulations?
No. The Standard informs frameworks without satisfying them. The records it produces are input that counsel and auditors convert into evidence, certifications, or attestations. A record may be cited as supporting input under frameworks such as NIST AI RMF, ISO/IEC 42001, and the EU AI Act, but it does not itself satisfy any control, requirement, or audit obligation. Compliance remains your organization's responsibility, discharged by your qualified personnel.
5. Who certifies conformance?
No one. There is no certifying body and no certification track. Every conformance level is self-declared by the adopting organization. The Founding Steward governs the text but does not certify, grade, or audit anyone's conformance, and maintains no central registry of conformant organizations.
6. What are Mode 1 and Mode 2?
Every decision is dispatched in one of two modes — answering the question auditors care about most, who actually authored this?
- Mode 1 — Human-Led, AI-Enforced: a human authors the decision; an AI checks it against the Charter's requirements but does not write the substance. AI checks the human.
- Mode 2 — AI-Led, Human-Reviewed: an AI authors the analysis and recommendation; a named human reviews and signs off before any action. The human checks the AI.
There is one more value for the common case of an AI-written passage embedded inside a human-authored document — authorship is judged at the content level, not the container. The enumeration is closed: no third mode, no fuzzy "AI-assisted" label.
7. What is the Charter?
A Charter governs a recurring kind of decision — launch-readiness calls, pricing exceptions, and the like — not a single decision. It states up front, in writing: the single human accountable, the dispatch mode, the schedule of records it will keep, and the triggers that force the decision to be reopened. It moves through five states in one direction — open, mode declared, required fields set, fields completed, closed — and never backward, which makes it consistent by construction rather than by after-the-fact review.
8. What is Article 50 disclosure?
When an AI authors content that reaches a person, the EU AI Act (Article 50) requires transparency. The Standard does not satisfy that obligation — it structures the inputs a human needs to satisfy it, through a small disclosure block with five required fields: the responsible human (declaring authority), the AI system identity, the jurisdiction, the content type, and the timestamp. A useful property: when records are later anonymized, four of the five fields survive unchanged — only the named person may be replaced by a placeholder. You can hide who without erasing that an AI authored this, where, of what type, and when.
9. What is the human signature, and why does it matter?
A decision record moves draft → reviewed → affirmed. The load-bearing rule: a record becomes affirmed only when a named human performs an explicit act — a signature — and at that moment it is sealed with a tamper-evident hash. There is no passive promotion: a record never drifts into "approved" because time passed or a box auto-checked. This is what separates the Standard from a logging system, and it is the answer to "won't AI just decide everything?" — no, because a human signature gates every consequential record.
10. What are the conformance levels?
Three cumulative, self-declared levels:
- Level 1 — Charter-Conformant: the Charter is structurally complete.
- Level 2 — Mode-Disambiguated: every record carries its mode, every AI-authored record carries its Article 50 disclosure block, and an audit finds no silent drift.
- Level 3 — Continuously Auditable: triggers fire on schedule, escalations produce records, disclosures stay current, and the schedule is queryable on demand.
An organization grades itself with a reporter that reads the structural facts. Counsel and auditors read the grade as one input — never as a certification.
11. What is the license?
The Standard is published under the Creative Commons Attribution 4.0 International License (CC-BY 4.0) — free to read, use, extend, and fork under attribution. The reference implementation is published separately under the MIT License. The name is a protected trademark: trademark rights are not licensed with the text, so anyone may use and extend the text while the name stays protected against misrepresentation. Removing the firewall language, or representing the Standard as certified, attested, or regulator-endorsed, is outside the license.
12. How do I start?
Adoption is voluntary and incremental — the path is Charter-first. Pick one real recurring decision, author a single Charter for it, name the one human accountable, declare whether it dispatches in Mode 1 or Mode 2, begin producing records, and self-declare Conformance Level 1. From there, work upward against the named criteria for Level 2 and Level 3. One Charter, run honestly, is a conformant start.
13. How does it relate to NIST, ISO, and the EU AI Act?
It informs them without satisfying them. The Charter, the decision records, and the conformance grade are an input substrate your AI-governance, compliance, and audit functions can use when preparing their own work — for example, NIST AI RMF Manage 4.1's continuous-documentation expectation, documented information within an ISO/IEC 42001 management system, or the EU AI Act Article 50 disclosure inputs. In every case the obligation is discharged by your qualified personnel, not by the Standard. The Standard's conformance levels are not ISO/IEC 42001 maturity levels, and there is no defined cross-walk between them.
14. What is — and is not — included in the release?
A small, self-contained set, all under CC-BY 4.0: the core Standard, four Companions (regulatory cross-references, a worked-charter library, implementation guidance, and the diagrams), an Appendix for governance and references, and a working open-source reference implementation under the MIT License (a real artifact you may consult, but not the Standard itself — the Standard does not depend on it).
Jurisdiction assumed: U.S. federal and Delaware (primary); United Kingdom, the European Union, and Israel (named secondaries). For any other jurisdiction, treat every statement here as a hypothesis to verify with local counsel. Not legal advice.