◎ OS PUB Apache 2.0 ← All specifications

P183 — AIEP — Evidence Licence Compliance Protocol

Publication Date: 2026-03-27 Status: Open Source Prior Art Disclosure Licence: Apache License 2.0 Author/Organisation: Phatfella Ltd Schema: AIEP_OS_SPEC_TEMPLATE v1.0.1 — https://aiep.dev/schemas/aiep-os-spec-template/v1.0.1

Framework Context

[0001] This disclosure operates within an Architected Instruction and Evidence Protocol (AIEP) environment as defined in United Kingdom patent application number GB2519711.2, filed 20 November 2025, the entire contents of which are incorporated herein by reference.

[0002] The present disclosure defines a protocol for attaching structured LicenceRecord metadata to evidence artefacts, tracking the licence terms under which each artefact may be used by AIEP reasoning chains and downstream systems, enforcing licence constraints at the access control layer (P166), and generating LicenceComplianceReports enabling corpus operators to audit and demonstrate licence compliance across the full evidence corpus.

Field of the Disclosure

[0003] This disclosure relates to licence metadata management and compliance enforcement protocols for evidence corpora in governed artificial intelligence systems.

[0004] More particularly, the disclosure concerns: a LicenceRecord schema; a LicenceConstraint taxonomy; licence enforcement at access time; attribution generation for licensed evidence use; licence compatibility checks for evidence synthesis operations (P185); and corpus-level LicenceComplianceReporting.

Background

[0005] Evidence artefacts in AIEP corpora originate from heterogeneous sources operating under diverse licence regimes: open-access academic publications (Creative Commons variants), proprietary licensed datasets, government open data licences, and custom bilateral licence agreements. Each licence imposes different constraints on use: attribution requirements, non-commercial use restrictions, derivative work prohibitions, redistribution limitations.

[0006] A reasoning chain that presents an output derived from licenced evidence without proper attribution, or that uses proprietary-licensed evidence in a context that violates the licence terms, creates legal exposure for the corpus operator and the reasoning chain operator. Licence compliance must be tracked and enforced at the data layer, not left to manual review.

[0007] Licence compatibility between artefacts used in synthesis operations (P185) is particularly important: a synthesis that combines a CC-BY-SA artefact with a proprietary non-redistribution artefact may produce an output that is incompatible with either licence.

Summary of the Disclosure

[0008] LicenceRecord Schema:

  • licence_id — SHA-256 of canonical serialisation
  • subject_deid — DEID (P162) of the artefact to which this licence applies
  • licence_type — a structured identifier: SPDX:{spdx_expression} for SPDX-identified licences (e.g. SPDX:CC-BY-4.0); AIEP_BILATERAL:{agreement_id} for bilateral agreements registered with the corpus operator; PROPRIETARY:{owner_identifier} for proprietary licences not covered by an SPDX identifier; PUBLIC_DOMAIN
  • requires_attribution — boolean
  • attribution_text — the attribution text required when the artefact is cited or used (P157); may reference the CitationRecord (P157) fields author and title
  • allows_derivative_works — boolean
  • allows_commercial_use — boolean
  • allows_redistribution — boolean; if false, the artefact may not be included in shared evidence packages (P174) delivered outside the corpus boundary
  • use_scope_restrictions — optional list of additional restrictions: e.g. NON_AUTOMATED_ONLY, RESEARCH_USE_ONLY, EU_JURISDICTION_ONLY
  • licence_uri — URI of the full licence text
  • verified_by — node fingerprint (P46) of the node that verified this licence record
  • verified_at — ISO 8601 timestamp
  • licence_signature — cryptographic signature by the verifying node

[0009] LicenceConstraint Taxonomy: Structured constraint codes used in licence enforcement:

  • ATTRIBUTION_REQUIRED — must generate attribution text on any use
  • NO_DERIVATIVE_WORKS — artefact content may not be combined, summarised, or synthesised
  • NON_COMMERCIAL — use is restricted to non-commercial purposes
  • NO_REDISTRIBUTION — artefact may not be included in packages delivered to external parties
  • RESTRICTED_USE_SCOPE:{scope_code} — use limited to the specified scope (e.g. RESEARCH, REGULATORY)
  • BILATERAL_TERMS:{agreement_id} — use subject to terms of a registered bilateral agreement

[0010] Licence Enforcement at Access: When an access token (P166) requests READ access to an artefact, the access control system checks the LicenceRecord:

  • If allows_redistribution: false and the requestor’s token has a distribution_scope: EXTERNAL, access is denied with LICENCE_NO_REDISTRIBUTION
  • If use_scope_restrictions includes a restriction incompatible with the token’s declared use scope, access is denied with LICENCE_USE_SCOPE_VIOLATION:{restriction}
  • If allows_commercial_use: false and the token’s declared use is COMMERCIAL, access is denied with LICENCE_COMMERCIAL_USE_PROHIBITED
  • All denied accesses are recorded in the AuditLog (P171) with the licence constraint that was violated

[0011] Attribution Generation: For artefacts with requires_attribution: true, the citation system (P157) automatically includes the attribution_text from the LicenceRecord in any CitationRecord generated for that artefact. Evidence packages (P174) include a required_attributions list for all package items with attribution requirements, enabling consuming systems to surface attributions in any output derived from the package.

[0012] Licence Compatibility Check for Synthesis: Before a synthesis operation (P185) combines multiple artefacts, the synthesis workflow executes a LicenceCompatibilityCheck:

  1. Retrieve all LicenceRecords for the input artefacts
  2. Check for mutual compatibility: NO_DERIVATIVE_WORKS on any input fails the check; BILATERAL_TERMS on any input requires a check against the bilateral agreement terms
  3. Determine the most restrictive output licence: the output SynthesisNode’s LicenceRecord must be at least as restrictive as the most restrictive input licence
  4. Return a LicenceCompatibilityReportCOMPATIBLE or INCOMPATIBLE:{reason}; incompatible inputs block the synthesis operation unless a governance node (P89) grants an explicit exemption

[0013] LicenceComplianceReport: Periodically (default: monthly) the corpus generates a LicenceComplianceReport:

  • Total artefact count by licence_type
  • Count of access denials by licence constraint type in the period
  • Count of attribution-required artefact uses in the period
  • Outstanding bilateral licence agreements nearing expiry (within 90 days)
  • Artefacts with PROPRIETARY or BILATERAL_TERMS licences pending renewal

ASCII Architecture

Artefact Ingestion
        │ LicenceRecord attached

LicenceRecord (per DEID)
(licence_type, constraints, attribution_text)

        ├──▶ Access Control (P166)
        │    checks at READ/DISTRIBUTE time:
        │    NO_REDISTRIBUTION, NON_COMMERCIAL,
        │    USE_SCOPE_RESTRICTIONS
        │    → denied: AuditLog (P171)

        ├──▶ Citation (P157)
        │    attribution_text auto-included
        │    in CitationRecord

        ├──▶ Package Assembly (P174)
        │    required_attributions list in package
        │    NO_REDISTRIBUTION → excluded from external packages

        ├──▶ Synthesis (P185)
        │    LicenceCompatibilityCheck before combining
        │    output licence = most restrictive of inputs

        └──▶ LicenceComplianceReport (monthly)

Operational Detail

[0014] Bilateral Agreement Registry: The corpus operator maintains a bilateral agreement registry indexed by agreement_id. Each entry records the agreement parties, scope, expiry date, and permitted use terms. The LicenceRecord references the registry by agreement_id; the enforcement component looks up the agreement at access time. Agreements approaching expiry trigger renewal alerts in the LicenceComplianceReport.

[0015] Public Domain Handling: Artefacts with licence_type: PUBLIC_DOMAIN carry no access constraints and require no attribution. The LicenceRecord is still created and maintained for these artefacts to provide a complete audit record that the public domain status was verified.

[0016] Unknown Licence Handling: Artefacts ingested without a verified LicenceRecord are assigned licence_type: UNKNOWN and allows_redistribution: false, allows_commercial_use: false by default — the most restrictive posture. A LICENCE_UNVERIFIED annotation (P176) is attached to the artefact and a governance node (P89) review is triggered to establish the correct LicenceRecord before the artefact is broadly accessible.

Claims-Exclusion Notice

This specification is published as open-source prior art. No patent claims are asserted by the author in respect of the mechanisms described. Any third party seeking to patent mechanisms substantially equivalent to those described herein is placed on notice of this prior art disclosure.

This specification is published as open-source prior art under the Apache License 2.0. Copyright 2026 Protocol Owner. Inventor: Protocol Architect.

Patent information · Licensing · All open specifications