Certification
AIEP certification is the process by which a publisher becomes a registered issuer — capable of making machine-verifiable claims that third parties can check without contacting the publisher.
Certification is voluntary. Most publishers will operate at Level 1 or Level 2 (discoverability and verifiability) without ever pursuing certification. Certification becomes relevant when conjunction trust is required: when your artefacts must participate in a multi-party evidence chain, or when a downstream system requires a machine-verifiable identity anchor.
What certification is and is not
| It is | It is not |
|---|---|
| A registered issuer DID anchored to the AIEP Registry | A quality review of your content |
| A machine-verifiable certificate artefact with expiry and hash | An endorsement of your claims |
| The basis for conjunction trust participation | A requirement for open protocol use |
| Fail-closed on expiry and revocation | A permanent status once granted |
The four trust conditions
AIEP’s conjunction trust model requires that all four conditions are satisfied for a certified artefact to be admitted into a trusted evidence chain. Certification satisfies the Identity condition. The other three are satisfied by the artefact structure and evidence references.
| Condition | What it requires | Satisfied by |
|---|---|---|
| Identity | Issuer DID resolvable from registry, unexpired, not revoked | Certification process |
| Integrity | artefact_hash matches published content | Hash verification at retrieval time |
| Admissibility | Plausibility gate passed, probability certification in range | P03 + P04 gate |
| Goal commitment | GoalVector encoded and consistent with instruction | GENOME kernel layer |
For a detailed breakdown of the conjunction trust model, see Security.
Certification process
| Step | What happens | Timescale |
|---|---|---|
| 1. Publish discovery files | index.json and metadata.json live at /.well-known/aiep/ | Before applying |
| 2. Publish at least one conformant artefact | At least one artefact matching a canonical schema, with issuer_did pre-populated | Before applying |
| 3. Submit issuer DID registration | DID Document submitted to registry with public key and service endpoint | Days |
4. Receive cert_id and certificate artefact | Registry issues cert_id, cert_hash, and policy reference | Days to weeks |
| 5. Publish certificate artefact | Certificate artefact published at your Mirror for public resolution | Before claiming |
| 6. Declare claim in artefacts | certification.claim field set to aiep_certified in relevant artefacts | Ongoing |
Certificate expiry
All certificates carry an expires field. Before expiry, the issuer must resubmit the certificate artefact with updated hash and expiry date. There is no grace period. On the expiry date:
- The “AIEP Certified” claim in all affected artefacts becomes invalid
- Retrievers applying conjunction trust will reject the artefact
- Resubmission restores the claim — no penalties, no re-review of content
Certification and access tiers
Certification is closely related to, but distinct from, access tiers. Certification governs what claim you can make. Access tiers govern what registry and governance capabilities are available to you.
A Tier 1 subscriber who has not completed certification cannot make the “AIEP Certified” claim. An uncertified publisher can still access Tier 1 capabilities.
See Access Tiers for the tier breakdown, and Certification Claims for the full claim comparison table.
Certification in detail
Certification Claims
What claims a certified issuer may make, the exact field values required in artefacts, and how validators check a claim. The claim comparison table across all issuer levels.
Certificates
The certificate artefact schema — every field, expected value, and expiry behaviour. How to publish a certificate in your Mirror and link it from your artefacts.
Registry
The public AIEP Certification Registry — how issuers are listed, how DID resolution works, and how any retriever can verify an issuer’s status without contacting the issuer.
Access Tiers
The four access tiers — Open, Tier 1, Tier 2, Tier 3 — and what registry and governance capabilities are available at each. Certification eligibility begins at Tier 2.
See also: Compliance · Trust & Security · IP & Licensing