c/ietf-draft-analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ietf-draft-analyzer/data/reports/generated-drafts/draft-gap-1-cross-organizational-ai-agent-liability.txt
Christian Nennemann 2506b6325a
Some checks failed
CI / test (3.11) (push) Failing after 1m37s
Details
CI / test (3.12) (push) Failing after 57s
Details
feat: add draft data, gap analysis report, and workspace config
2026-04-06 18:47:15 +02:00

659 lines
36 KiB
Plaintext
Raw Permalink Blame History

Internet-Draft AI/Agent WG
Intended status: standards-track March 2026
Expires: September 10, 2026
Cross-Organizational AI Agent Liability Attribution Framework (COALAF)
draft-ai-ai-agent-liability-00
Abstract
As AI agents increasingly operate autonomously across
organizational boundaries, determining liability when harm occurs
becomes complex and legally ambiguous. This document defines a
standardized framework for establishing liability attribution
chains when AI agents from different organizations interact and
cause harm. The framework introduces liability anchor points,
cross-organizational liability contracts, and standardized
evidence collection mechanisms that integrate with existing
accountability protocols. COALAF enables insurance providers,
legal systems, and organizations to establish clear liability
boundaries before autonomous interactions occur, reducing
litigation costs and enabling broader AI agent deployment. The
framework builds upon existing cryptographic delegation protocols
and execution tracing standards to create tamper-evident liability
trails that can be validated across jurisdictions. This
specification addresses the gap between single-organization AI
safety standards and the reality of multi-party autonomous agent
ecosystems, providing a foundation for sustainable cross-
organizational AI collaboration.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
This document is intended to have standards-track status.
Distribution of this memo is unlimited.
Table of Contents
1. Introduction ................................................ 3
2. Terminology ................................................. 4
3. Problem Statement ........................................... 5
4. Liability Attribution Architecture .......................... 6
5. Cross-Organizational Liability Contracts .................... 7
6. Evidence Collection and Validation .......................... 8
7. Liability Resolution Procedures ............................. 9
8. Security Considerations ..................................... 10
9. IANA Considerations ......................................... 11
1. Introduction
As artificial intelligence agents become increasingly autonomous
and capable of operating across organizational boundaries, the
question of liability attribution when these systems cause harm
has emerged as a critical challenge for both technical and legal
communities. Unlike traditional software systems where liability
typically follows clear organizational ownership patterns,
autonomous AI agents may make decisions, enter into agreements,
and cause harm through complex chains of interaction that span
multiple organizations, jurisdictions, and legal frameworks.
Current liability attribution mechanisms, designed primarily for
single-organization contexts or human-mediated transactions, prove
insufficient when autonomous agents from different organizations
interact independently to produce harmful outcomes.
The proliferation of cross-organizational AI agent interactions in
domains such as automated trading, supply chain management, and
autonomous vehicle coordination has exposed fundamental gaps in
existing accountability frameworks. When an AI agent from
Organization A interacts with an agent from Organization B, and
their combined autonomous decisions result in harm to Organization
C, determining which organization bears primary liability requires
examination of decision-making processes, data contributions, and
contractual relationships that may not have been explicitly
documented or agreed upon in advance. Traditional approaches that
rely on post-incident investigation and human testimony become
inadequate when dealing with autonomous systems that may process
thousands of interactions per second across multiple
organizational boundaries.
Existing technical standards for AI accountability, including
execution tracing protocols defined in various industry frameworks
and cryptographic delegation mechanisms outlined in emerging
Internet-Drafts, address intra-organizational liability but do not
provide mechanisms for cross-organizational liability attribution.
Legal frameworks similarly struggle with autonomous agent
liability, as they typically assume human decision-makers can be
identified and held accountable for system behavior. The resulting
ambiguity creates significant barriers to cross-organizational AI
collaboration, as organizations face unlimited and unpredictable
liability exposure when their agents interact with external
autonomous systems.
This document addresses these challenges by defining the Cross-
Organizational AI Agent Liability Attribution Framework (COALAF),
which establishes standardized mechanisms for pre-establishing
liability boundaries, collecting tamper-evident evidence of cross-
organizational agent interactions, and resolving liability
disputes through automated and semi-automated procedures. The
framework builds upon existing cryptographic protocols and extends
current accountability standards to support multi-party scenarios
where autonomous agents operate independently across
organizational boundaries. By providing clear technical and
procedural foundations for liability attribution, COALAF enables
organizations to engage in cross-organizational AI collaboration
while maintaining predictable and manageable liability exposure.
2. Terminology
This section defines terminology used throughout this
specification. The key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and
only when, they appear in all capitals, as shown here.
**Liability Anchor Point**: A cryptographically-identified
decision point within an AI agent's execution where liability
attribution can be definitively established. Each anchor point
MUST contain sufficient contextual information to determine the
responsible organization, the decision rationale, and the
preceding chain of interactions that led to the decision.
Liability anchor points serve as immutable checkpoints in the
attribution chain and MUST be implemented using tamper-evident
cryptographic signatures as specified in [RFC9162].
**Cross-Organizational Liability Contract (COLC)**: A machine-
readable contract that establishes liability boundaries,
attribution procedures, and resolution mechanisms between two or
more organizations before their AI agents interact. COLCs MUST
specify liability caps, evidence requirements, dispute resolution
procedures, and applicable jurisdictions. These contracts build
upon existing smart contract frameworks but include specific
provisions for autonomous agent interactions and MUST be digitally
signed by authorized representatives from each participating
organization.
**Liability Attribution Chain**: An ordered sequence of liability
anchor points that traces the causal path from an autonomous
interaction to resulting harm. Each chain MUST maintain
cryptographic integrity through hash-linked structures and SHOULD
include timestamps, decision contexts, and inter-organizational
handoff points. Attribution chains serve as the primary evidence
artifact for liability determination and MUST be constructed in
real-time during agent interactions to ensure completeness and
authenticity.
**Autonomous Interaction Context**: The operational environment
and circumstances under which AI agents from different
organizations interact without direct human supervision. This
context MUST include the triggering conditions, available
resources, active constraints, and applicable liability contracts.
The context serves as the foundational framework for liability
attribution and MUST be established and agreed upon by all
participating organizations before autonomous interactions
commence.
**Liability Attribution Authority (LAA)**: An entity responsible
for validating attribution chains, interpreting cross-
organizational liability contracts, and facilitating dispute
resolution. LAAs MAY be implemented as distributed systems, third-
party arbitrators, or consortium-managed services. Each LAA MUST
maintain cryptographic credentials for chain validation and SHOULD
provide standardized APIs for liability inquiry and resolution as
defined in Section 7.
**Cross-Organizational Harm Event**: An occurrence where an
autonomous AI agent interaction between multiple organizations
results in measurable damage, loss, or negative impact to external
parties or participating organizations. Harm events trigger the
liability attribution process and MUST be reported to all
participating organizations within the timeframe specified in the
applicable COLC. The definition of harm MUST be established in the
cross-organizational liability contract and MAY include financial
loss, privacy violations, safety incidents, or regulatory
compliance failures.
3. Problem Statement
Current liability frameworks operate under the assumption that AI
agents function within well-defined organizational boundaries with
clear chains of command and responsibility. However, as autonomous
agents increasingly interact across organizational boundaries to
accomplish complex tasks, these frameworks encounter fundamental
limitations. When an AI agent from Organization A delegates a
subtask to an agent from Organization B, and that interaction
subsequently causes harm to a third party, existing legal and
technical systems lack standardized mechanisms to determine which
organization bears primary liability, secondary liability, or
contributory responsibility.
Consider a scenario where a logistics AI agent from Company A
contracts with a financial AI agent from Company B to process a
payment, which then interacts with a regulatory compliance agent
from Company C to verify transaction legality. If this chain of
autonomous interactions results in regulatory violations and
financial harm, current frameworks provide no standardized method
to trace liability attribution across the three organizations.
Each organization's internal accountability systems may function
correctly, but the lack of interoperable liability tracking
creates gaps where responsibility becomes legally ambiguous. The
problem intensifies when organizations operate under different
jurisdictions with varying liability standards and when agents
make autonomous decisions that were not explicitly programmed by
their respective organizations.
Existing accountability protocols such as those defined in draft-
ietf-rats-architecture focus primarily on attestation and
verification within single administrative domains. While these
protocols provide excellent foundations for establishing trust and
traceability, they do not address the legal and contractual
complexities that arise when autonomous agents create binding
commitments across organizational boundaries. Current AI
governance frameworks similarly concentrate on single-organization
risk management and fail to provide standardized mechanisms for
liability attribution when multiple organizations' agents
contribute to harmful outcomes through their autonomous
interactions.
The absence of standardized cross-organizational liability
attribution mechanisms creates several critical problems:
organizations become reluctant to allow their agents to interact
autonomously with external agents due to unclear liability
exposure, insurance providers cannot accurately assess risks
associated with multi-party AI agent interactions, and legal
systems lack consistent frameworks for resolving disputes when
autonomous agents cause harm through cross-organizational
collaborations. These gaps significantly limit the potential for
beneficial AI agent collaboration and create barriers to the
development of robust multi-organizational autonomous systems that
could provide substantial economic and social benefits.
4. Liability Attribution Architecture
The COALAF liability attribution architecture consists of three
core components that work together to establish clear liability
boundaries across organizational boundaries. The architecture
builds upon existing accountability protocols defined in RFC 8520
(Manufacturer Usage Description) and draft standards for AI agent
traceability to ensure compatibility with current organizational
infrastructure. Each component operates independently while
maintaining cryptographic links to create an immutable attribution
chain that can be validated by legal systems and insurance
providers.
Liability anchor points serve as the foundational elements of the
attribution architecture, representing specific moments in cross-
organizational agent interactions where liability responsibility
transfers between organizations. Each anchor point MUST contain a
unique identifier, timestamp, organizational context, agent state
information, and cryptographic proof of the interaction state at
the moment of transfer. Anchor points are established through
mutual agreement between participating organizations and are
digitally signed by both parties to prevent later disputes about
the interaction context. The anchor point structure follows a
standardized JSON schema that includes fields for liability
limits, coverage boundaries, and escalation procedures that were
pre-negotiated in the cross-organizational liability contracts.
Attribution chain structures provide the mechanism for linking
liability anchor points across multiple organizational boundaries
and agent interactions. Each attribution chain MUST maintain a
chronological sequence of anchor points, cryptographic hashes
linking each point to the next, and metadata describing the nature
of each inter-organizational transfer. The chain structure uses a
directed acyclic graph (DAG) format to handle complex scenarios
where multiple agents from different organizations contribute to a
single harmful outcome. Chain validation requires that each
participating organization can independently verify the integrity
of the entire chain using standard cryptographic verification
procedures defined in RFC 8032 (EdDSA signatures).
Cross-organizational contract templates define the standardized
formats and negotiation protocols that organizations use to
establish liability boundaries before agent interactions occur.
These templates MUST specify liability limits, coverage areas,
evidence collection requirements, and dispute resolution
procedures in a machine-readable format that autonomous agents can
process during runtime. The templates integrate with existing
contract negotiation protocols and support dynamic modification
based on interaction context, allowing organizations to adjust
liability boundaries for different types of agent tasks or risk
levels. Contract templates include provisions for insurance
integration, regulatory compliance across jurisdictions, and
compatibility with existing organizational risk management
frameworks.
The integration layer connects COALAF components with existing
accountability protocols through standardized APIs and data
exchange formats. Organizations MUST implement COALAF-compatible
interfaces that can generate liability anchor points, maintain
attribution chains, and enforce contract terms without requiring
modifications to existing agent architectures. The integration
layer supports both real-time liability tracking during agent
operations and post-incident reconstruction for liability
resolution procedures. This approach ensures that organizations
can adopt COALAF incrementally while maintaining compatibility
with current AI safety and accountability systems.
5. Cross-Organizational Liability Contracts
Cross-organizational liability contracts provide the foundational
legal and technical framework for establishing liability
boundaries before AI agents interact autonomously across
organizational boundaries. These contracts MUST be established
between participating organizations prior to enabling autonomous
agent interactions and SHOULD specify liability allocation
percentages, coverage limits, and dispute resolution mechanisms.
The contracts serve as legally binding agreements that define how
liability will be distributed when harm occurs during cross-
organizational agent interactions, eliminating the need for post-
incident liability negotiations that can result in prolonged
litigation.
The framework defines three standardized contract templates that
organizations MAY adopt based on their risk tolerance and
operational requirements: proportional liability contracts that
allocate liability based on each agent's contribution to the
harmful outcome, primary-secondary liability contracts that
designate one organization as primarily liable with fallback
provisions, and joint liability contracts where organizations
share equal responsibility regardless of individual agent
contributions. Each template MUST include mandatory fields for
liability caps, insurance requirements, governing jurisdiction,
and compatibility with existing accountability protocols as
defined in Section 4. Organizations SHOULD negotiate contract
terms through the standardized Liability Contract Negotiation
Protocol (LCNP) which enables automated contract parameter
exchange and compatibility verification between different
organizational liability frameworks.
Contract formats MUST be machine-readable to enable autonomous
agent processing during runtime liability decisions and evidence
collection procedures. The framework specifies the Cross-
Organizational Liability Contract Language (COLCL), an extension
of existing contract specification languages that includes
liability-specific constructs for dynamic liability calculation,
real-time insurance verification, and automated escalation
triggers. COLCL contracts MUST be digitally signed by authorized
organizational representatives and SHOULD be registered with
designated liability contract repositories to enable third-party
validation and enforcement. The language includes support for
conditional liability clauses that can adjust liability allocation
based on runtime factors such as agent behavior patterns,
environmental conditions, or detected security incidents.
Liability contracts MUST specify integration requirements with
existing cryptographic delegation protocols and execution tracing
standards to ensure evidence collected during agent interactions
can be properly attributed to contractual obligations. Contracts
SHOULD define liability anchor points that correspond to specific
interaction phases, enabling granular liability attribution when
multiple agents contribute to complex multi-step processes that
result in harm. The framework requires contracts to include
standardized liability resolution procedures that specify
automated calculation methods for damages, insurance claim
procedures, and escalation mechanisms for disputes that cannot be
resolved through automated processes.
Organizations MAY establish liability contract hierarchies for
complex multi-party scenarios where agents from more than two
organizations interact simultaneously. These hierarchical
contracts MUST maintain consistency with bilateral contracts and
SHOULD specify conflict resolution mechanisms when overlapping
liability boundaries create ambiguous attribution scenarios. The
framework supports contract amendments and versioning to
accommodate evolving organizational requirements while maintaining
backward compatibility with existing agent deployments and
ensuring that liability boundaries remain clearly defined
throughout the contract lifecycle.
6. Evidence Collection and Validation
During cross-organizational AI agent interactions, evidence
collection mechanisms MUST create tamper-evident logs that can be
independently verified by all participating organizations and
external auditors. The evidence collection system SHALL implement
cryptographic integrity protection using mechanisms compatible
with RFC 3161 timestamping services and MUST maintain
chronological ordering of all inter-agent communications and
decision points. Each participating organization MUST deploy
evidence collection endpoints that implement standardized logging
interfaces defined in this framework, ensuring that evidence
trails remain consistent across organizational boundaries even
when agents operate with different internal architectures.
Evidence records MUST include interaction context metadata, agent
decision rationales, and complete message traces between
organizations as specified in Section 4. The logging format SHALL
be based on structured data formats such as JSON-LD or Protocol
Buffers to ensure machine readability across different
organizational systems. Evidence collection points MUST capture
not only successful interactions but also failed attempts, timeout
conditions, and any agent behavior that deviates from pre-
established cross-organizational contracts. Each evidence record
SHALL include cryptographic signatures from all participating
agents and MUST reference the specific liability anchor points
established during interaction initiation.
Integration with existing execution tracing protocols SHOULD
leverage established frameworks such as OpenTelemetry distributed
tracing while extending them with liability-specific metadata
requirements. The evidence collection system MUST support real-
time evidence sharing between organizations during ongoing
interactions, allowing each party to maintain synchronized
evidence trails without exposing sensitive internal agent
architectures. Evidence validation procedures SHALL implement
multi-party verification protocols where each organization can
cryptographically attest to the accuracy of evidence records
without requiring trust in external parties.
Long-term evidence preservation requirements mandate that evidence
records remain accessible and verifiable for periods defined by
the applicable legal frameworks in each participating
jurisdiction, typically ranging from seven to twenty years.
Evidence storage systems MUST implement redundant backup
mechanisms and SHALL provide standardized APIs for evidence
retrieval during liability resolution procedures. The framework
defines evidence portability standards that enable migration
between different storage providers while maintaining
cryptographic integrity, ensuring that evidence remains valid even
as organizational infrastructure evolves. Evidence access controls
MUST balance transparency requirements for liability resolution
with privacy protections for sensitive business operations,
implementing role-based access mechanisms that can be audited by
regulatory authorities.
7. Liability Resolution Procedures
This section defines standardized procedures for resolving
liability disputes arising from cross-organizational AI agent
interactions. The liability resolution process operates in three
phases: automated attribution calculation, evidence validation,
and escalation procedures. Organizations deploying AI agents MUST
implement liability resolution endpoints that can process
attribution requests and respond with liability calculations based
on pre-established contracts and collected evidence. The
resolution procedures are designed to minimize human intervention
in straightforward cases while providing clear escalation paths
for complex disputes that require legal or technical review.
The automated liability calculation phase begins when a harm event
triggers the liability attribution process. The affected party's
liability resolution system MUST collect all relevant evidence
from the liability anchor points identified in the attribution
chain, validate the cryptographic integrity of the evidence using
the procedures defined in Section 6, and apply the liability
calculation rules specified in the applicable cross-organizational
liability contracts. The calculation engine SHOULD utilize
standardized liability algorithms that consider factors including
agent autonomy levels, contract-specified liability caps, and
proportional responsibility based on causal contribution to the
harm. If multiple organizations are involved in the attribution
chain, the system MUST coordinate liability calculations across
all parties and produce a preliminary liability distribution that
reflects each organization's contractual obligations and causal
involvement.
Evidence validation procedures ensure that liability calculations
are based on tamper-evident and cryptographically verifiable data.
Resolution systems MUST verify the integrity of all evidence
artifacts using the cryptographic signatures and hash chains
established during the original agent interactions. When evidence
validation fails or when evidence is missing from critical points
in the attribution chain, the system SHOULD flag the case for
manual review and MAY apply conservative liability assumptions as
specified in the relevant contracts. Organizations MUST maintain
evidence validation logs that record the success or failure of
each validation step, providing an audit trail for subsequent
legal proceedings if automated resolution is unsuccessful.
Escalation procedures activate when automated liability
calculation cannot produce a definitive resolution within the
confidence thresholds specified in the cross-organizational
contracts. Common escalation triggers include conflicting evidence
from different liability anchor points, liability calculations
that exceed contractual caps, or disputes involving organizations
that have not implemented compatible versions of COALAF. The
escalation process MUST preserve all evidence and preliminary
calculations while transferring the dispute to human reviewers or
designated arbitration systems. Organizations SHOULD implement
graduated escalation procedures that attempt technical resolution
through expert system review before proceeding to formal
arbitration or legal proceedings.
The liability resolution system MUST generate standardized
resolution reports that document the final liability attribution,
the evidence used in the calculation, and any escalation decisions
made during the process. These reports serve as the authoritative
record for insurance claims, legal proceedings, and organizational
accountability processes. Resolution reports MUST include machine-
readable sections that allow automated processing by insurance
systems and legal databases, as well as human-readable summaries
that explain the liability determination in accessible terms.
Organizations MAY implement resolution report notification systems
that automatically inform affected parties of liability
determinations and provide mechanisms for formal dispute of the
automated calculations within specified time frames.
8. Security Considerations
The security of cross-organizational liability attribution systems
presents unique challenges that extend beyond traditional single-
organization security models. Liability attribution chains MUST be
protected against tampering, unauthorized modification, and replay
attacks throughout their entire lifecycle, from initial contract
establishment through final dispute resolution. Organizations
implementing COALAF MUST employ cryptographic integrity protection
mechanisms that ensure liability evidence remains tamper-evident
across organizational boundaries and jurisdictional transfers. The
distributed nature of cross-organizational interactions creates
expanded attack surfaces where malicious actors may attempt to
manipulate liability assignments, forge evidence, or exploit
differences in security implementations between participating
organizations.
Evidence collection systems MUST implement strong cryptographic
signatures and hash-based integrity verification to prevent post-
hoc manipulation of liability-relevant data. Each liability anchor
point MUST cryptographically sign all evidence records using
organization-specific private keys, with public key verification
available through standardized certificate authorities or
blockchain-based key distribution systems. The evidence collection
mechanism SHOULD implement tamper-evident timestamps using trusted
timestamping services as specified in RFC 3161, ensuring that
liability events can be temporally ordered across different
organizational systems. Organizations MUST maintain cryptographic
audit trails that link evidence collection events to specific AI
agent actions, preventing evidence injection or selective omission
attacks that could skew liability determinations.
Contract manipulation represents a critical threat vector where
malicious organizations might attempt to alter liability terms
after autonomous interactions have commenced but before liability
events occur. Cross-organizational liability contracts MUST be
cryptographically sealed using multi-party digital signatures that
require explicit consent from all participating organizations for
any modifications. The contract verification system SHOULD
implement immutable storage mechanisms, such as distributed ledger
technologies or cryptographically-linked append-only logs, that
prevent unauthorized contract alterations. Organizations MUST
implement contract versioning systems that maintain complete
change histories and require cryptographic proof of authorized
modifications, ensuring that liability terms cannot be
retroactively altered to avoid responsibility.
Privacy protection mechanisms MUST balance the need for
comprehensive liability evidence with organizational
confidentiality requirements and regulatory compliance obligations
such as GDPR or CCPA. Evidence collection systems SHOULD implement
selective disclosure protocols that allow liability-relevant
information to be shared without exposing sensitive operational
data or proprietary algorithms. Organizations MAY employ zero-
knowledge proof systems to demonstrate compliance with liability
contracts without revealing underlying business logic or training
data. The framework MUST support privacy-preserving liability
calculations that enable automated liability distribution without
requiring full disclosure of internal agent decision processes to
external parties.
Cryptographic key management across organizational boundaries
introduces additional complexity that MUST be addressed through
standardized key exchange and rotation protocols. Organizations
MUST implement secure key escrow mechanisms that ensure liability
evidence remains accessible even if participating organizations
cease operations or become uncooperative during dispute resolution
processes. The liability attribution system SHOULD support
hierarchical key structures that allow delegation of signing
authority while maintaining clear chains of cryptographic
accountability. Cross-organizational key validation MUST be
supported through standardized certificate authorities or
decentralized key verification systems that remain operational
across different jurisdictional and organizational contexts.
Denial of service attacks against liability attribution systems
could prevent proper evidence collection during critical
autonomous interactions, potentially allowing harmful agents to
operate without adequate accountability mechanisms. Organizations
MUST implement redundant evidence collection systems and
distributed liability anchor points that maintain functionality
even when individual components are compromised or unavailable.
The framework SHOULD include fallback mechanisms that ensure
liability attribution continues to function during partial system
failures, network partitions, or coordinated attacks against
attribution infrastructure. Organizations MUST establish incident
response procedures for security breaches that affect liability
attribution systems, including mechanisms for evidence
preservation, stakeholder notification, and liability framework
recovery.
9. IANA Considerations
This document requires the creation of several new IANA registries
to support standardized cross-organizational AI agent liability
attribution. The registries are necessary to ensure consistent
identification and processing of liability-related information
across different organizations, legal jurisdictions, and technical
implementations. All registry entries MUST include sufficient
metadata to enable automated processing by AI agents while
maintaining human readability for legal and regulatory review.
IANA is requested to create a "Cross-Organizational AI Liability
Contract Types" registry under the "Artificial Intelligence
Parameters" category. This registry SHALL contain standardized
identifiers for different classes of liability contracts as
defined in Section 5, including but not limited to strict
liability contracts, proportional liability contracts, and
hierarchical liability contracts. Each registry entry MUST include
the contract type identifier (a case-sensitive string), a human-
readable description, the specification document reference, and
any required contract parameters. Registration of new contract
types requires Specification Required as defined in RFC 8126, with
the designated expert evaluating legal soundness, technical
feasibility, and compatibility with existing liability frameworks.
IANA is requested to establish the "AI Agent Liability Attribution
Chain Formats" registry to standardize the structure and encoding
of liability attribution chains described in Section 4. Each
format entry MUST specify the format identifier, the data
structure specification, cryptographic requirements, and
validation procedures. The registry SHALL include the default
JSON-LD format specified in this document as well as provisions
for compact binary formats and blockchain-based attribution
chains. New format registrations require Expert Review with
evaluation criteria including cryptographic security, cross-
jurisdictional compatibility, and integration capabilities with
existing accountability protocols such as those defined in RFC
9000 series documents.
A "Cross-Organizational Liability Status Codes" registry is
required to standardize the response codes used in liability
resolution procedures outlined in Section 7. The registry SHALL
use a three-digit numeric scheme similar to HTTP status codes,
with ranges allocated as follows: 1xx for informational liability
status, 2xx for successful liability resolution, 3xx for liability
redirection, 4xx for liability attribution errors, and 5xx for
system errors in liability processing. Each status code entry MUST
include the numeric code, canonical reason phrase, detailed
description, and applicable resolution procedures. Registration of
new status codes in the 1xx-3xx ranges requires IETF Review, while
4xx-5xx codes require Specification Required to ensure consistency
with error handling procedures across implementations.
The designated expert for all liability-related registries SHOULD
have demonstrated expertise in both AI system architecture and
legal liability frameworks. Registry maintenance procedures MUST
include periodic review of registered entries for continued
relevance and compatibility with evolving legal standards. All
registry entries SHALL include sunset clauses requiring renewal
every five years unless superseded by updated specifications,
ensuring that deprecated liability mechanisms do not accumulate in
the registries over time.
Author's Address
Generated by IETF Draft Analyzer
2026-03-09
Reference in New Issue View Git Blame Copy Permalink