COMPLIANCE · EU-FIRST · AUDIT-FIRST · FAIL-CLOSED

Compliance posture (high-level)

HBCE is designed to support auditability and accountability for operational identity in autonomous systems. It does this through deterministic validation, minimized public exposure (hash-only), and append-only evidence trails.

Protocol Create Verify Publish
Compliance-by-design: minimize, verify deterministically, write append-only
FAIL-CLOSED NOTICE · SAFETY POSTURE
No evidence ⇒ no validity

HBCE is engineered to deny validation when required evidence is missing or malformed. This prevents “soft acceptance” and supports incident reconstruction under audit constraints.

Core principles

Public surface is hash-only

  • Registry stores minimized proofs only: payload_sha256, timestamp, optional name/status.
  • Private release artifacts never need to be public.
  • This reduces exposure while enabling public matching of evidence.
HASH_ONLY GDPR_MIN NO_PUBLIC_DATA_CUSTODY

Append-only evidence

  • No edits: changes become new entries/events.
  • Evidence trails become auditable timelines.
  • Supports “who did what, when” reconstruction.
APPEND_ONLY AUDIT_FIRST

Deterministic verification

  • Validation is a rule, not an opinion.
  • Required fields missing ⇒ INVALID.
  • Same input yields same result (determinism).
DETERMINISTIC NO_PARTIAL_VALIDATION

Fail-closed by default

  • If the system cannot prove validity, it denies.
  • This is the baseline posture for safety-critical autonomy governance.
FAIL_CLOSED

Evidence model

HBCE separates private artifacts from public proofs. This is the core compliance-by-design mechanism.

Layer Artifact Visibility Stored fields Why
Release IPR Base / Operator / module release JSON Private full payload Operational truth. Kept private to avoid data leakage.
Evidence Deterministic fields Portable payload_sha256, timestamp, signature Verification gate. Minimal set required to prove integrity and time.
Registry Append-only entry Public payload_sha256, timestamp (+ name/status) Public matching surface with minimized proof exposure.

Responsibilities (operational)

Issuer / Operator

  • Generates release artifacts.
  • Keeps private payload private.
  • Publishes minimized proof (hash-only) to registry.

Verifier

  • Checks deterministic evidence fields.
  • Denies validity when required evidence is missing (fail-closed).

Public / Auditor

  • Reads registry as append-only evidence trail.
  • Matches hashes, timestamps, and status updates.

Limitations (explicit)

HBCE does not

  • store public personal data (beyond minimized labels).
  • guarantee the truthfulness of private claims without evidence.
  • replace legal accountability; it supports auditability.
  • perform “probabilistic” validation: it is deterministic or it denies.

HBCE assumes

  • operators keep private artifacts protected.
  • registry is treated as append-only (no rewrites).
  • verification uses the canonical deterministic rules.

Incident reconstruction (workflow)

When something goes wrong (autonomy incident), the minimum viable reconstruction path is:

Reconstruction terminal
WARN
1
Identify registry entry (hash + time) for the incident artifact.
2
Retrieve private release artifact from operator custody.
3
Compute SHA-256 and compare with registry payload_sha256 (deterministic match).
4
Use append-only event trail (ISSUED / STATUS_UPDATE) to reconstruct timeline.
rule
missing evidence ⇒ INVALID (fail-closed)

Direct links

Create Verify Publish Registry Protocol