Certification Claims
AIEP defines three machine-readable certification claims. Each claim is cumulative: making a higher claim implies all lower claims are also met.
The three claims
| Claim | What it asserts | Required proof | Who it is for | Trust grade |
|---|---|---|---|---|
| AIEP Compatible | Can read and write AIEP artefacts in a schema-conformant way | None — self-declared | Any builder consuming or publishing AIEP artefacts | Baseline |
| AIEP Mirror Enabled | Operates a live Machine Mirror with valid discovery files at /.well-known/aiep/ | index.json and metadata.json passing schema validation | Any publisher wanting AI retrievability | Registry-listed |
| AIEP Certified | Meets the full certification standard: valid issuer DID, unexpired certificate, conjunction trust-eligible | cert_id, issuer DID in registry, cert_hash, policy_ref, within expiry window | Regulated entities, enterprise compliance, operators requiring machine-verifiable trust | Fail-closed |
What “fail-closed” means for the certified claim
The “AIEP Certified” claim is fail-closed. This means:
- If the certificate artefact is missing, the claim is invalid — not downgraded
- If the certificate is expired, the claim is invalid — not downgraded
- If the issuer DID cannot be resolved from the registry, the claim is invalid
- There is no “partially certified” state
A system checking for the AIEP Certified claim treats any ambiguity as a failure. This is intentional and documented in GB2519711.2.
What no claim does NOT mean
Making no claim does not mean an artefact is untrustworthy. An artefact published without any certification claim:
- Can still carry evidence references
- Can still be hash-verified
- Can still conform to canonical schemas
- Cannot be used in a conjunction trust chain where a certified issuer is required
The claim system governs trust chains and machine-verifiable assertions about the publisher, not the validity of individual evidence.
Making a claim in your artefact
Claims are declared in the artefact’s certification field:
{
"certification": {
"claim": "aiep_certified",
"cert_id": "cert-2025-gb-00042",
"issuer_did": "did:aiep:gb:abc123",
"cert_hash": "sha256:abc...",
"policy_ref": "https://aiep.io/policy/v1",
"expires": "2026-11-30"
}
}
A retriever encountering this artefact can independently verify the claim by resolving the issuer_did from the Registry and checking cert_hash against the published certificate artefact.
Related
- Certification process — how to become a certified issuer
- Access Tiers — what capabilities unlock at each tier
- Registry — how DIDs and certificates are resolved
- Security — the conjunction trust model and four trust conditions