Organizations make consequential decisions every day, and increasingly they make them through a mix of people and AI. Months later, someone asks a simple question: how was this decided, by whom, against what information, and with what review? Usually the answer has to be reconstructed from email threads and memory. That reconstruction is slow, it is unreliable, and sometimes it cannot be done at all.

The Decision Provenance Standard closes that gap. It is a record format: a defined way to write down how a decision was made, so the decision can be found, understood, and trusted later. It does not change what you decide. It changes whether you can account for how you decided it.

This box sits at the front on purpose, because it governs how to read every other section.

The records the Standard produces are audit-ready decision provenance — structured input that counsel and auditors convert into evidence, certifications, or attestations. The records are not evidence, certification, or attestation on their own. The Standard informs frameworks without satisfying them; conformance is self-declared and no body certifies it; nothing here is legal advice or a regulatory substitute.

Hold onto that. As you read about Charters, Modes, signatures, and conformance levels, none of them turns a record into proof. Every one of them produces better input for the human professionals who do the proving.

A small, fixed set of building blocks makes an organization's decisions affirmable, auditable, and resumable — whether a human or an AI did the underlying work — and that is how responsibility for decisions stays human as AI takes on more of it. The records are input to the humans who judge them; they never replace that judgment.

Two things have to land at once. The first is the mechanism: a closed set of structural building blocks — Charter, Mode, affirm-and-seal, conformance — that you cannot extend at runtime. Because the set is closed, records become comparable and gradeable across any organization. The second is the firewall: those records are input to the people who judge them, never a replacement for that judgment. The locked definition holds both together:

"Audit-ready decision provenance is a structured record of how a decision was made — inputs, reviewers, dispatch mode, sign-offs — that counsel and auditors can use as input when preparing evidence, certifications, or attestations; the provenance itself is not evidence, certification, or attestation."

The rest of this document is those building blocks, one at a time.

Before the mechanics, it helps to know who the Standard is for and what it is actually optimizing.

The Standard serves five kinds of reader at once. Executives and boards want to know that consequential decisions have a named owner and a record. Product and operating leaders want a decision to be resumable months later without an archaeology project. Counsel and compliance teams want structured input they can convert into the artifacts a regulator or auditor expects. Auditors want to read a decision's history without trusting anyone's memory. And the builders of AI tooling want a defined target to build against, so their tools produce comparable records.

The framing that ties those audiences together is measurement-first. The primary value of the Standard is decision-quality measurement: it makes the quality of how an organization decides into something you can observe, track, and improve. Regulatory readiness is a positive externality of doing that well, not the starting goal. An organization that adopts the Standard to decide better ends up with records that happen to be useful to counsel. An organization that adopts it only to look compliant has missed the point and will get less value from it.

A Charter governs a recurring kind of decision — a decision class — and not a single decision. Launch-readiness calls are a decision class. Pricing exceptions are a decision class. A Charter is written once for the class and then governs every instance of it.

It states up front, in writing, four things among its 16 Charter required fields: the single human accountable (accountable_owner), the mode it will use (mode_declaration), the schedule of records it will keep (schedule_of_records), and the triggers that force the decision to be reopened (re_decision_triggers). Writing these down before any decision happens is what makes the class governable rather than improvised.

A Charter moves through five lifecycle states in one direction only and never backward: open → mode-declared → fields-required → fields-completed → closed. The closed state is terminal and irreversible; you do not re-open a closed Charter, you author a new one. Requiring each field before the state advances is what makes a Charter consistent by construction, rather than consistent only after someone reviews it later. The Charter is the foundation everything else sits on.

Figure 3-1 — Charter Lifecycle State Machine. The five states run in one direction only; closed is terminal, and reactivation authors a new Charter rather than re-opening. (Full description: in the figure's embedded text alternative.)

Every decision is dispatched in one of two modes, and the mode answers the question auditors care about most: who actually authored this?

Mode 1 — Human-Led, AI-Enforced. A human authors the decision; an AI checks it against the Charter's requirements but does not write the substance. The short version: AI checks the human.

Mode 2 — AI-Led, Human-Reviewed. An AI authors the analysis and recommendation; a named human reviews it and signs off before any action is taken. The short version: the human checks the AI.

There are two Modes, but the enumeration that the format records is mode-1, mode-2, and a third value, mode-1-with-embedded-mode-2-summary, which handles the common case of an AI-written passage embedded inside a human-authored document. For that third value, authorship is judged at the content level, not the container level — the embedded AI-generated span carries its own disclosure block. So there are two Modes but three enum values, and the set is closed: no fourth mode, and no fuzzy "AI-assisted" label. The mode is declared at two altitudes that line up one-to-one: the Charter field mode_declaration and the per-record field dispatch_mode.

Figure 3-2 — Mode Dispatch Grammar (simplified). Two Modes, three closed enum values: mode-1, mode-2, and mode-1-with-embedded-mode-2-summary — with authorship judged at the content level for the third. (Full description: in the figure's embedded text alternative.)

When an AI authors content that reaches a person, the EU AI Act (Article 50) requires transparency. The Standard does not satisfy that obligation. It structures the inputs a human needs in order to satisfy it, through a small disclosure block with exactly five required fields: declaring-authority (the responsible human), ai-system-identity, jurisdictional-applicability-tag, content-type-tag, and generation-timestamp.

Caption: the Standard structures the inputs; it does not satisfy the Article 50 obligation.

A useful property follows when records are later anonymized. Under anonymization, four of the five fields survive unchanged; only declaring-authority may transform, and it transforms to a single frozen value: anonymized-deployer-class:product-organization. In plain terms, you can hide who without erasing that AI authored this, where, of what type, and when.

Two of the fields draw from controlled vocabularies. jurisdictional-applicability-tag is one of {eu, us-federal, us-delaware, uk, israel, other:}. content-type-tag is one of {decision-summary, recommendation, decision-aid, draft, classification, synthetic-media, other:}. Using a fixed vocabulary is what lets one organization's disclosure block be read the same way as another's.

Figure 4-1 — Article 50 Disclosure-Metadata Flow (simplified). The block has exactly five required fields; under anonymization four survive unchanged and only declaring-authority transforms — to anonymized-deployer-class:product-organization. The Standard structures the inputs; it does not satisfy the Article 50 obligation. (Full description: in the figure's embedded text alternative.)

A decision record moves through three lifecycle states, forward only: draft → reviewed → affirmed. The load-bearing rule is stated in the Standard exactly this way:

"A record SHALL NOT enter the affirmed state without an explicit human affirmation event… Implementations MUST NOT auto-promote records based on time elapsed, absence of objection, default approval, or any passive signal. Affirmation is an affirmative human act."

A record becomes affirmed only when a named human performs an explicit act — a signature — and at that moment the record is sealed: its affirmation_record and seal_hash are populated, and the seal is tamper-evident. There is no passive promotion. A record cannot drift into "approved" because time elapsed or a box auto-checked. This is what separates the Standard from a logging system, and it is the answer to the question people ask first: "won't AI just decide everything?" No, because a human signature gates every consequential record.

Figure 5-1 — Decision-Record State Machine (simplified, Family B). The lifecycle runs draft → reviewed → affirmed; at affirmed the record is sealed (affirmation_record + seal_hash). There is no passive promotion. (Full description: in the figure's embedded text alternative.)

There is a subtle failure the Standard has to defend against. A record can start its life declared as Mode 1 — human-authored, AI-enforcing — and then quietly become AI-authored in substance without anyone noticing. That is mode drift, and a declaration alone does not prevent it.

The defense is a four-layer safeguard, deliberately composed so that no two layers share an actor. The first layer is statistical detection: it looks across records for patterns that suggest a Mode-1 record is behaving like a Mode-2 one. The second layer is an in-flow audit hook that examines records as they move, not only after the fact. The third layer is a periodic Mode-Confirmation Audit, run by someone other than the people the first two layers depend on. The fourth layer is a named human-attestation fallback: when the automated layers cannot resolve a case, a named human attests to the mode directly.

Why split the actors? Because a safeguard whose detection and confirmation rest on one person can be defeated by that one person. Spreading the four layers across different actors is what makes the safeguard hard to quietly bypass. This is the most novel architectural part of the Standard, and it is the structural reason the human-led claim stays true over time rather than only at the moment of declaration.

Figure 4-2 — Mode-Drift Four-Layer Safeguard (simplified). Four layers — statistical detection, in-flow audit hook, Mode-Confirmation Audit, named human-attestation fallback — composed so no two layers share an actor. (Full description: in the figure's embedded text alternative.)

There are three conformance levels, each cumulative on the last, and all of them self-declared — there is no certifying body.

Conformance Level 1 — Charter-Conformant: the Charter is structurally complete.

Conformance Level 2 — Mode-Disambiguated: every record carries its mode; every AI-authored record carries its Article 50 block; an audit finds no silent drift.

Conformance Level 3 — Continuously Auditable: triggers fire on schedule, escalations produce records, disclosures stay current, and the schedule is queryable on demand.

The levels are cumulative, and the rule is strict: a Charter that does not grade at Level 1 cannot grade at Level 2 or 3. An organization grades itself with a reporter that reads the structural facts and records the result in conformance_level_declared, whose values are 1, 2, or 3. Counsel and auditors read that grade as one input, never as a certification.

Caption: self-declared; no certifying body; a grade is input, not audit defense.

Figure 7-1 — Three Conformance Levels (cumulative). Level 1 — Charter-Conformant, Level 2 — Mode-Disambiguated, and Level 3 — Continuously Auditable nest cumulatively; a Charter that does not grade at Level 1 cannot grade at Level 2 or 3. Self-declared; no certifying body; a grade is input, not audit defense. (Full description: in the figure's embedded text alternative.)

The single most-asked institutional question is: how is this different from, or related to, NIST, ISO, the EU AI Act, and W3C PROV-AGENT? The honest answer is altitude plus complementarity. The Standard sits at the executive-decision-record altitude, and it informs each of these frameworks without satisfying them. It is complementary, not derivative.

NIST AI RMF is an organization-level AI risk-management framework, and it is voluntary. The Standard shares that voluntary posture but operates at a different altitude: it is a record-format instrument at the executive-decision-record level. It produces records the NIST framework, and the humans operating it, can read as input. It does not replace the framework.

ISO/IEC 42001:2023 is a management-system standard built on the Annex SL structure. The Standard's records function as documented information within such a management system; the Standard is not itself a management system. It informs an ISO 42001 program without being one.

EU AI Act Article 50 is a transparency obligation. As described above, the Standard structures the disclosure inputs a deployer needs and does not satisfy the obligation itself.

W3C PROV-AGENT traces machine-to-machine provenance at the system altitude. The Standard records human-judgment decisions at the executive altitude. The two are complementary: one traces what the machines did; the other records how the humans decided.

In every case the relationship pairs "informs" with "without satisfying." The Standard does not "map to" or "cover" any of these frameworks. It produces input they — and the qualified humans operating them — can use.

Figure — Altitude ladder. The Standard sits at the executive-decision-record altitude and informs NIST AI RMF, ISO/IEC 42001:2023, EU AI Act Article 50, and W3C PROV-AGENT without satisfying them — complementary, not derivative. (Full description: in the figure's embedded text alternative.)

This is the most important section, and it restates the front-of-document box in full so it cannot be missed.

The records are audit-ready decision provenance — structured input that counsel and auditors convert into evidence, certifications, or attestations. Counsel and auditors convert audit-ready provenance into evidence, certifications, or attestations; the artifacts themselves do not.

• They are not evidence, not certification, not attestation on their own.
• The Standard is not legal advice and not a regulatory substitute — it informs frameworks without satisfying them.
• Conformance is self-declared; no body certifies it.

Figure — The firewall (callout, not a badge). The records are audit-ready decision provenance — structured input that counsel and auditors convert into evidence; they are not evidence, certification, or attestation on their own. (Full description: in the figure's embedded text alternative.)

It is a small, self-contained set of pieces.

The core Standard is the normative text. Four Companions support it: regulatory cross-references, a worked-charter library, implementation guidance, and the diagrams. An Appendix holds governance and references. And there is an open-source reference implementation — published under the MIT license, while the Standard's text is separately published under CC-BY 4.0.

It is one reference implementation, not "the" tooling: a reference implementation structures the inputs; conformance against any framework remains a determination made by the deployer's qualified personnel. The reference implementation is not a conformance-certifying body, and nothing in it stamps an organization as certified.

Figure 6-1 — Artifact-Set Relationship Map. A one-picture orientation showing how the Charter, Schedule of Records, Decision Record, Article 50 Disclosure Block, Conformance Signals, and Conformance Levels compose, with a one-way pointer to the deploying organization's methodology. (Full description: in the figure's embedded text alternative.)

The Standard's text is published openly under Creative Commons Attribution (CC-BY 4.0), and the reference implementation is published under the MIT license. The name "Decision Provenance Standard™" is a protected trademark, held defensively; self-declared, non-certified use does not trigger certification-mark obligations.

A Founding Steward governs the text, but the Steward does not certify, accredit, audit, stamp, or grade any organization. There is no certification body, no auditor pool, no accreditation regime, and no plan to create any of them. The rule for vendors is stamp the tool, not the org: a vendor may build "Standard-conformant tooling," but no one — not even the Steward — stamps a customer organization as "certified." The institutional Steward is Etsion Brands Ltd., providing a person-first Founding Steward backed by an institutional backstop.

Adoption is voluntary and incremental, and the path is Charter-first. You author one Charter for one real recurring decision. You name the accountable human. You declare the mode. You produce records. You self-declare Level 1. Then you work upward.

You do not need an organization-wide rollout to begin, and you do not need anyone's permission. One Charter, run honestly, is a conformant start. An accountable leader installs the Standard; it is a leader's act, not a regulator's mandate.

A few fixed blocks — the Charter, the two-Mode authorship grammar, the human-affirmation-and-seal, and self-declared conformance levels — turn "how was this decided?" into a record you can find in thirty seconds and trust. The records are input to the humans who judge them; they never replace that judgment. And a human signature gates every consequential decision — which is how responsibility stays human as AI does more of the work.