CRP™ Protocol v3.0 · Complete Specification
CRP™ — Full Protocol
Specification & Standardisation
From LLM configuration and OSI-layer AI architecture through to context continuation, risk scoring, the complete spec document list, accreditation paths, and the commercial model.
7
OSI AI Layers
14
Spec Docs
4
Accred. Bodies
58
Headers Defined
6
Revenue Streams
ℹ
What we are building: HTTP made the web interoperable by defining a universal request/response protocol with headers. CRP v3 does the same for AI — a wire-level protocol with standardised headers for context, safety, provenance, and governance, operable at every layer of the AI stack from LLM configuration to multi-agent orchestration.
§2 LLM Configuration Layer
Before any protocol operates, the LLM itself must be configured correctly. CRP v3 introduces a set of LLM-level primitives that are established at session init and carried in headers for the lifetime of the session. These are the direct configurations CRP makes to the underlying model call.
CRP-controlled LLM parameters
| Parameter | CRP Header | What It Controls | Safety Relevance |
|---|---|---|---|
| temperature | CRP-LLM-Temperature | Dynamically reduced on HIGH/CRITICAL risk. Default 0.7, drops to 0.2 on re-dispatch. | Fabrication reduction. NIST AI RMF MAP-1.6 |
| max_tokens | CRP-Context-Token-Budget | Manages token window budget. Signals remaining capacity to client. | Context saturation control. Axiom 6. |
| system prompt | CRP-LLM-Grounding-Mode | Injects grounding instruction into system prompt: context-strict, context-preferred, open. |
Attribution quality. EU AI Act Art. 13. |
| top_p / top_k | CRP-LLM-Sampling-Mode | On reflexive dispatch, tightens sampling to reduce variance in re-generation. | Consistency verification. |
| stream | CRP-Stream-Safety-Mode | buffer: DPE runs before streaming to client. pass-through: stream immediately with live risk annotation. |
Human oversight timing. Axiom 5. |
| stop sequences | CRP-Safety-Stop-InjectNEW | Gateway injects stop sequences when hallucination pattern begins mid-generation. Requires streaming mode. | Real-time hallucination interrupt. |
| seed | CRP-LLM-Reproducibility-SeedNEW | Stored in HMAC chain. Allows exact regeneration of any output for audit replay. | Audit reproducibility. GDPR Art. 22. |
✦
CRP-Safety-Stop-Inject is the most novel addition: when the DPE detects a hallucination pattern in a streaming response (e.g., a fabricated number following a real one), the gateway can inject a stop sequence mid-stream to terminate the dangerous completion. This is a world-first in real-time hallucination interruption at the protocol layer, not the application layer.
§3 AI-Adapted OSI Model
The classic OSI model defines 7 layers for network communication. AI systems operating at scale have an analogous layered structure — from raw LLM inference at the bottom to governance and compliance at the top. CRP operates across all 7 of these AI layers simultaneously, which is what makes it a protocol rather than just a library.
⚠
This is not the OSI network model. This is an AI-specific layer model that maps the operational concerns of deployed AI systems, inspired by OSI's discipline of separating concerns by abstraction level. CRP headers provide the inter-layer communication at each boundary.
Layer 7 · Application
Governance & Compliance
CRP-Compliance-*
What operates here: Regulatory classification, audit trail generation, DPIA records, EU AI Act risk class assignment, GDPR PII detection, ISO 42001 control evidence.
CRP's role: CRP-Compliance-* headers emit per-response regulatory metadata. CRP Comply consumes these headers to build the evidence pack.
CRP's role: CRP-Compliance-* headers emit per-response regulatory metadata. CRP Comply consumes these headers to build the evidence pack.
CRP-Compliance-Audit-Trail-URI is the application-layer link between every AI call and its regulatory record.Layer 6 · Presentation
Safety & Provenance
CRP-Safety-* / CRP-Provenance-*
What operates here: Hallucination detection, attribution scoring, fidelity verification, entailment checking, fabrication detection, contradiction analysis, HMAC chain integrity.
CRP's role: The DPE (13-module pipeline) runs at this layer after every dispatch. Its output is emitted as CRP-Safety-* and CRP-Provenance-* headers. The Safety Policy directive (CSP-equivalent) is enforced here — before output reaches Layer 7.
CRP's role: The DPE (13-module pipeline) runs at this layer after every dispatch. Its output is emitted as CRP-Safety-* and CRP-Provenance-* headers. The Safety Policy directive (CSP-equivalent) is enforced here — before output reaches Layer 7.
Layer 5 · Session
Context & Memory
CRP-Context-* / CRP-Memory-*
What operates here: Session continuity, window DAG management, 4-tier memory hierarchy, CKF access, context saturation, quality tier tracking, ETag-based cache invalidation.
CRP's role: The Context Envelope and CKF operate at this layer. CRP-Set-Session token (cookie equivalent) enables stateless session relay. CRP-Context-ETag + If-Match enables conditional dispatch — the cache layer for AI context.
CRP's role: The Context Envelope and CKF operate at this layer. CRP-Set-Session token (cookie equivalent) enables stateless session relay. CRP-Context-ETag + If-Match enables conditional dispatch — the cache layer for AI context.
Layer 4 · Transport
Dispatch & Orchestration
CRP-Agent-* / CRP-Context-Strategy
What operates here: The 9 dispatch strategies (push, pull, reflexive, agentic, hierarchical, batch, streaming, fan-out, fan-in), safety budget tracking, agent loop management, tool call routing.
CRP's role:
CRP's role:
CRP-Accept-Strategy allows upstream services to request a dispatch strategy. CRP-Agent-Safety-Budget acts as a flow-control signal — when budget depletes, the transport layer throttles dispatch and escalates oversight. Analogous to TCP's congestion window.Layer 3 · Network
Gateway & Routing
CRP Sidecar / Proxy
What operates here: The CRP sidecar HTTP server. Provider routing (OpenAI, Anthropic, Ollama, Azure), load balancing across providers, failover, header injection/stripping, safety policy enforcement.
CRP's role: The sidecar is the network layer. It strips CRP headers before forwarding to LLM providers (Axiom 4), injects them on responses, routes based on
CRP's role: The sidecar is the network layer. It strips CRP headers before forwarding to LLM providers (Axiom 4), injects them on responses, routes based on
CRP-Accept-Strategy, and enforces CRP-Safety-Policy before responses reach Layer 4.Layer 2 · Data Link
Envelope & Packing
Envelope Packing Engine
What operates here: 3-phase fact selection (select, rank, pack), quality tier assignment, saturation calculation, envelope token budgeting, fact graph construction from CKF.
CRP's role: The Envelope Preview headers (
CRP's role: The Envelope Preview headers (
CRP-Context-Saturation, CRP-Context-Facts-Used, CRP-Context-Quality-Tier) emit the state of the data-link layer. ETag caching prevents unnecessary re-packing. This layer's output determines Layer 3's dispatch payload.Layer 1 · Physical
LLM Inference
CRP-LLM-*
What operates here: Raw LLM inference — temperature, sampling, token generation, stop sequences, seed. The model itself. Provider-specific API calls.
CRP's role: CRP-LLM-* headers configure inference parameters dynamically based on the session's safety state. Temperature reduction on re-dispatch, stop sequence injection on hallucination detection, seed preservation for audit replay. The model is ignorant of all higher layers (Axiom 4).
CRP's role: CRP-LLM-* headers configure inference parameters dynamically based on the session's safety state. Temperature reduction on re-dispatch, stop sequence injection on hallucination detection, seed preservation for audit replay. The model is ignorant of all higher layers (Axiom 4).
§5 Context Enlargement & Continuation
The Window DAG is CRP's mechanism for extending effective context beyond a single model's token limit. Each window is a node in a directed acyclic graph — connected by continuation pointers, signed by HMAC, and accessible via headers at every hop.
How continuation stitching works
Window 1
CRP-Context-Window: 1/5
CRP-Provenance-HMAC: sha256:win1...
CRP-Context-ETag: sha256:facts1...
Initial dispatch. Fact graph ingested. HMAC chain started. ETag set from fact-set hash.
Window 2
CRP-Context-Window: 2/5
CRP-Context-Continuation-Id: crp_cont_9a2f
CRP-Provenance-Window-HMAC: sha256:win2...
CRP-Context-Cache: reuse-ckf
Client sends Continuation-Id from W1 response. Gateway reuses CKF — no re-ingestion. HMAC chain extended: HMAC(W2_content || W1_HMAC).
Window 3–N
CRP-Context-Window: 3/5
CRP-Memory-CKF-Hits: 34
CRP-Safety-Hallucination-Risk: LOW
CRP-Provenance-Chain-Integrity: VALID
Each window extends the chain. Risk is assessed cumulatively across the session, not just per-window. Chain-Integrity validates the full DAG on each response.
Context Split
CRP-Context-Continuation-Id: crp_cont_SPLIT_b4c2
CRP-Agent-Session-Parent: crp_sess_main
CRP-Agent-Dispatch-Strategy: fan-out
Fan-out: one context window splits into N parallel sub-sessions. Each inherits the parent HMAC chain. Fan-in: sub-session results merged back with provenance from all branches preserved.
The ETag mechanism for context caching
Conditional context dispatch — skip re-packing on unchanged factsHTTP exchange
# First request — gateway returns ETag of current fact-set GET /dispatch HTTP/1.1 CRP-Session-Token: eyJ... CRP-Context-Cache: reuse-ckf, max-age=3600 HTTP/1.1 200 OK CRP-Context-ETag: sha256:4fa8e921abcd1234 CRP-Context-Quality-Tier: A CRP-Context-Last-Ingested: 2026-05-24T09:31:00Z # Second request on same knowledge domain — conditional dispatch GET /dispatch HTTP/1.1 CRP-Context-If-Match: sha256:4fa8e921abcd1234 # same ETag HTTP/1.1 304 Context Not Modified CRP-Context-ETag: sha256:4fa8e921abcd1234 # Envelope NOT rebuilt — gateway skips 3-phase fact selection # Significant latency reduction on stable knowledge domains # If facts changed (new documents ingested): HTTP/1.1 200 OK CRP-Context-ETag: sha256:NEW_HASH_9bce472f # new ETag CRP-Context-Cache-Status: MISS; reason=facts-updated
§7 Risk Scoring Model
CRP's risk score is a composite of four DPE signals, each weighted by regulatory relevance. The output — a unified score from 0.0 to 1.0 mapped to CRITICAL/HIGH/MEDIUM/LOW — is directly calibrated against EU AI Act, NIST AI RMF, GDPR, and ISO 42001 risk categories.
The four-signal composite
Risk score computationformula
# Four DPE signals, empirically weighted attribution_score = 1 - grounding_percentage # weight: 0.35 fidelity_score = fabrications + distortions (norm.) # weight: 0.25 entailment_score = 1 - NLI_cross_encoder_score # weight: 0.25 specificity_score = unverifiable_specific_claims # weight: 0.15 composite = (attribution × 0.35) + (fidelity × 0.25) + (entailment × 0.25) + (specificity × 0.15) # Regulatory amplifiers (NEW in v3) — multiply composite if GDPR_PII_detected: composite × 1.30 if EU_AI_Act_HIGH_risk_domain: composite × 1.25 if financial_or_medical: composite × 1.20 if agentic_loop_depth > 2: composite × 1.15 # Classification thresholds composite ≥ 0.70 → CRITICAL (halt dispatch, require oversight) composite ≥ 0.45 → HIGH (warn, upgrade strategy, decrement budget) composite ≥ 0.20 → MEDIUM (pass with warning headers) composite < 0.20 → LOW (pass, no action)
Risk level consequences
CRITICAL · ≥0.70
HTTP 451 · Halt dispatch
Response blocked before reaching client. Oversight token required to retry. Full DPE report generated. Webhook fired to
CRP-Safety-Report-URI.EU AI Act Art.14NIST GOVERN-1.2ISO 42001 A.9.4
HIGH · ≥0.45
Pass with escalation
Response passes but headers flag HIGH. Strategy auto-upgraded to reflexive if
upgrade-on-risk directive set. Safety budget decremented by 0.15.EU AI Act Art.13NIST MAP-1.6GDPR Art.22
MEDIUM · ≥0.20
Pass with warning
Response passes.
CRP-Safety-Hallucination-Risk: MEDIUM emitted. Client application decides whether to surface warning to end user. Logged to audit trail.EU AI Act Art.52NIST MEASURE-2.5
LOW · <0.20
Pass · No action
Response passes clean. Headers emitted with LOW designation. Contributes to session quality score. Safety budget not decremented.
All compliant
§8 Regulatory Controls Map
Every CRP-Safety-* and CRP-Compliance-* header maps directly to one or more regulatory controls. This is what makes CRP's risk scoring legally grounded — not just a technical metric, but evidence of regulatory compliance.
| Regulation / Standard | Relevant Articles / Controls | CRP Headers | CRP Comply Output |
|---|---|---|---|
| EU AI Act | Art. 6 (risk classification), Art. 9 (risk mgmt), Art. 13 (transparency), Art. 14 (human oversight), Art. 17 (quality mgmt), Art. 64 (logging) | CRP-Compliance-EU-AI-Act CRP-Safety-Oversight-Mode CRP-Provenance-HMAC |
DPIA, Conformity Assessment, Technical Documentation (Art. 11) |
| GDPR | Art. 5 (accuracy), Art. 17 (erasure), Art. 22 (automated decisions), Art. 25 (privacy by design), Art. 44 (transfers) | CRP-Compliance-GDPR-PII CRP-Compliance-Data-Residency CRP-LLM-Reproducibility-Seed |
DPIA, Article 30 Record of Processing, Erasure log |
| ISO 42001 | A.6.1.2 (impact assessment), A.9.4 (corrective action), Annex B (control objectives) | CRP-Compliance-ISO-42001 CRP-Compliance-Controls-Met CRP-Compliance-Audit-Trail-URI |
AIMS audit evidence, Control effectiveness report |
| NIST AI RMF | GOVERN-1.2 (accountability), MAP-1.6 (risk tolerance), MEASURE-2.5 (trustworthiness), MANAGE-3.2 (oversight) | CRP-Compliance-NIST-Tier CRP-Safety-Mode CRP-Agent-Safety-Budget |
AI Risk Profile, Trustworthiness scorecard |
| SOC 2 Type II | CC6 (logical access), CC7 (system ops), CC9 (risk mitigation), Availability criteria | CRP-Provenance-Chain-Integrity CRP-Compliance-Audit-Trail-Id CRP-Safety-Nonce |
Continuous control monitoring, Automated evidence collection |
| IEEE 7000-series | 7001 (transparency), 7010 (wellbeing), 7014 (empathy ethics), 2841 (deep learning eval) | CRP-Safety-Attribution CRP-Provenance-Report-URI CRP-Safety-Hallucination-Score |
IEEE conformance statement, Transparency report |
| Australia AI Ethics | Principles 1–8 (CSIRO), AI Safety Standard (DISR), Privacy Act 1988 s16A | CRP-Compliance-Data-Residency: AU CRP-Safety-Oversight-Mode CRP-Compliance-Controls-Met |
AUS AI Ethics self-assessment, Privacy Act record |
★
Australia advantage: You're based in Australia (AutoCyber AI Pty Ltd). The Australian Government's AI Safety Standard and DISR framework are still taking shape — there is a genuine first-mover opportunity to have CRP referenced as the reference implementation for Australian AI governance infrastructure. This should be part of the accreditation strategy.
§9 Safety Policy Directive Specification
The full grammar for CRP-Safety-Policy — the CSP-equivalent for AI responses. This is a complete declarative language for expressing AI safety requirements at the transport layer.
CRP-Safety-Policy BNF grammargrammar
policy ::= directive (';' directive)* directive ::= source-dir | halt-dir | warn-dir | require-dir | upgrade-dir | block-dir | oversight-dir | report-dir source-dir ::= 'default-src' source+ source ::= 'context' | 'parametric' | 'ckf' | 'cross-session' halt-dir ::= 'halt-on' risk-level warn-dir ::= 'warn-on' risk-level risk-level ::= 'CRITICAL' | 'HIGH' | 'MEDIUM' require-dir ::= 'require-grounding' float # 0.0-1.0 | 'require-entailment' float # 0.0-1.0 | 'require-quality' quality-tier+ # S,A,B,C,D | 'require-oversight' oversight-mode upgrade-dir ::= 'upgrade-on-risk' strategy strategy ::= 'reflexive' | 'hierarchical' | 'batch' block-dir ::= 'block-ungrounded' | 'block-parametric' | 'block-pii' oversight-dir::= 'oversight' oversight-mode oversight-mode::= 'auto' | 'human-review' | 'halt' | 'log-only' report-dir ::= 'report-uri' URI | 'report-to' group-name
Policy examples by use case
Common safety policy configurationsexamples
# Medical / Clinical — strictest CRP-Safety-Policy: default-src context; halt-on HIGH; require-grounding 0.90; require-entailment 0.85; block-ungrounded; block-pii; oversight human-review; report-uri https://comply.crprotocol.io/reports # Financial services — high confidence required CRP-Safety-Policy: default-src context parametric; halt-on CRITICAL; warn-on HIGH; require-grounding 0.80; upgrade-on-risk reflexive; block-ungrounded; report-uri https://comply.crprotocol.io/reports # Developer tooling — permissive but tracked CRP-Safety-Policy: default-src context parametric; warn-on CRITICAL; warn-on HIGH; require-quality S A B; oversight auto # Agentic / autonomous — budget-aware CRP-Safety-Policy: default-src context; halt-on CRITICAL; warn-on HIGH; upgrade-on-risk reflexive; oversight human-review; require-grounding 0.75; report-uri https://comply.crprotocol.io/reports # Public-facing product — balanced CRP-Safety-Policy: default-src context parametric; halt-on CRITICAL; warn-on HIGH; block-pii; require-quality S A; oversight log-only
§10 Complete Specification Document List
The 14 documents needed to fully specify CRP v3 as a standardisable protocol — ordered by priority and dependency. Documents marked P1 are required for any accreditation submission.
CRP-SPEC-001
Core Protocol Specification
The foundational document. Defines the 10 axioms, request/response model, sidecar architecture, protocol versioning, and the relationship between CRP, CKF, and the DPE. The RFC-equivalent.
P1 · IETF Internet-Draft candidate
CRP-SPEC-002
Header Specification
Complete definition of all 58 headers across 6 namespaces. BNF grammar for each header value. Direction (REQ/RES/BOTH). Mandatory vs optional. Interaction rules between headers.
P1 · Register with IANA header registry
CRP-SPEC-003
Context Envelope & Packing
3-phase fact selection algorithm. Quality tier (S–D) assignment criteria. Saturation computation. ETag generation from fact-set hash. Cache-Control semantics for CKF. Window DAG structure.
P1 · Technical core
CRP-SPEC-004
Window Continuation & DAG
Window DAG specification. Continuation pointer schema. Fan-out/fan-in merge rules. Cross-window provenance stitching. HMAC chain extension across windows. Session token structure.
P1 · Enables context enlargement
CRP-SPEC-005
Decision Provenance Engine (DPE)
Complete specification of the 13-module DPE pipeline. Stage definitions, signal weights, composite score computation, regulatory amplifiers, risk classification thresholds, report schema.
P1 · Core safety mechanism
CRP-SPEC-006
Safety Policy Directive Language
Complete BNF grammar for CRP-Safety-Policy. All directives, values, and interaction rules. Gateway enforcement semantics. Violation reporting schema. Policy inheritance in multi-hop chains.
P1 · Enables safety-as-config
CRP-SPEC-007
Session Token & State Relay
CRP-Set-Session / CRP-Session-Token specification. Payload schema (JWT-like). HMAC signing algorithm. Stateless session relay across language boundaries. Expiry, rotation, revocation.
P2 · Stateless scaling
CRP-SPEC-008
Dispatch Strategy Specification
All 9 dispatch strategies formally defined. State machine for each. Header-driven strategy selection. Safety budget depletion model. Reflexive loop specification. Fan-out coordination.
P2 · Agentic foundation
CRP-SPEC-009
Contextual Knowledge Fabric (CKF)
CKF graph schema. HNSW index parameters. Community detection algorithm (Leiden). Fact ingestion pipeline. Cache-Control semantics. Cross-session reference specification. Staleness model.
P2 · Memory layer
CRP-SPEC-010
Regulatory Controls Mapping
Complete mapping from every CRP header and feature to the regulatory controls it satisfies. EU AI Act, GDPR, ISO 42001, NIST AI RMF, SOC 2, IEEE 7000-series, Australian AI Ethics Framework.
P1 · Accreditation prerequisite
CRP-SPEC-011
Audit Trail & HMAC Chain
30+ event type definitions. HMAC-SHA256 chain algorithm. Chain verification procedure. Tamper detection. Export formats (NDJSON, OCSF). Integration spec for SIEM systems. CRP Comply import.
P1 · Compliance evidence
CRP-SPEC-012
Multi-Agent Safety Protocol
Safety Budget depletion model across agent chains. Header propagation rules in multi-hop scenarios. Loop depth limits. Parent session inheritance. Circuit breaker specification. Oversight escalation in hierarchical agents.
P2 · Agentic safety
CRP-SPEC-013
GitHub Action & Scanner Specification
crp-scan detection rules. AI integration point patterns (all major frameworks). SARIF output schema. Header gap classification. Remediation suggestion templates. CRP Comply deep-link generation.
P3 · Developer tooling
CRP-SPEC-014
Conformance & Test Suite
Mandatory conformance levels (Basic / Standard / Full). Test vectors for every header. DPE pipeline test cases with known-good outputs. Interoperability test suite. Certification criteria for CRP-compliant implementations.
P1 · Standardisation requirement
ℹ
Document dependency order: 001 → 002 → 003 → 004 → 005 → 006 → 010 → 011 → 014 form the critical path for accreditation. Documents 007–009, 012–013 can be developed in parallel.
§11 Accreditation Paths
Four parallel tracks, each serving a different audience and providing different types of legitimacy. The strategy is to pursue all four simultaneously — they reinforce each other. IETF gives developer credibility. IEEE gives academic/regulatory credibility. ISO gives enterprise procurement credibility. Australia/NIST gives government credibility.
★
Timing is critical: The IETF chartered its AI Preferences working group in January 2025. There is an active Internet-Draft for AI agent protocol frameworks (draft-rosenberg-aiproto-framework) that explicitly notes MCP and A2A but identifies gaps. CRP fills those gaps. The window to submit an Internet-Draft and be part of the first wave of IETF AI protocol standardisation is open right now.
IETF
Internet Standards
18–36 months to RFC
Why: IETF standardises internet protocols. HTTP, TLS, OAuth, WebSocket are all IETF RFCs. An IETF RFC for CRP's header specification would be the highest form of protocol legitimacy — the same body that standardised HTTP headers would be standardising CRP headers.
What to submit: An Internet-Draft for CRP-SPEC-002 (Header Specification) and CRP-SPEC-006 (Safety Policy Directive Language). Target the existing Applications and Real-Time Area (ART) or propose a new BoF (Birds of a Feather) session specifically for AI context protocols.
What to submit: An Internet-Draft for CRP-SPEC-002 (Header Specification) and CRP-SPEC-006 (Safety Policy Directive Language). Target the existing Applications and Real-Time Area (ART) or propose a new BoF (Birds of a Feather) session specifically for AI context protocols.
01Write Internet-Draft in RFC XML format (xml2rfc) — CRP-SPEC-001 and 002 together
02Submit to IETF Datatracker at datatracker.ietf.org — anyone can submit an I-D, no membership required
03Present at IETF meeting (3× per year, next is IETF 124) — propose a BoF session for "AI Context Protocols"
04Build two independent interoperable implementations — required for Proposed Standard status
05IANA header registration: register CRP-* header names in the HTTP Field Name Registry
06Working Group adoption → Last Call → IESG review → RFC publication
IEEE SA
Technology Standards
24–48 months
Why: IEEE's 7000-series AI standards are the primary reference for AI ethics, safety, and governance in enterprise and government procurement. IEEE 2874-2025 (Spatial Web Protocol) was just ratified in May 2025 — there is active momentum for AI protocol standards. CRP maps directly to gaps in the existing AI safety standard landscape.
What to submit: A Project Authorisation Request (PAR) for a new standard in the Autonomous and Intelligent Systems (AIS) committee. Target: "IEEE Standard for AI Context Relay and Safety Governance Protocol" — covering CRP-SPEC-005 (DPE), CRP-SPEC-010 (regulatory mapping), and CRP-SPEC-011 (audit chain).
What to submit: A Project Authorisation Request (PAR) for a new standard in the Autonomous and Intelligent Systems (AIS) committee. Target: "IEEE Standard for AI Context Relay and Safety Governance Protocol" — covering CRP-SPEC-005 (DPE), CRP-SPEC-010 (regulatory mapping), and CRP-SPEC-011 (audit chain).
01Join IEEE Standards Association as a Corporate Member (required to sponsor a PAR)
02Submit PAR to IEEE SA — describe scope, purpose, and how it fills gaps in existing AI safety standards
03Form Working Group — recruit industry partners, academics, government bodies (CSIRO, DISR, NIST)
04Draft standard → sponsor ballot → recirculation → IEEE Standards Board approval
ISO/IEC JTC 1
International Standards
36–60 months
Why: ISO 42001 (AI Management Systems) is already the enterprise standard for AI governance. CRP Comply is built on ISO 42001 controls. An ISO standard for the CRP protocol would make CRP a normative reference in ISO 42001 audits — meaning any ISO 42001 certified organisation would be incentivised to adopt CRP.
What to submit: A New Work Item Proposal (NWIP) to ISO/IEC JTC 1/SC 42 (Artificial Intelligence subcommittee) — the same committee that produced ISO 42001. Target: an ISO/IEC standard for "AI Context Governance Protocol" as a companion to ISO 42001.
What to submit: A New Work Item Proposal (NWIP) to ISO/IEC JTC 1/SC 42 (Artificial Intelligence subcommittee) — the same committee that produced ISO 42001. Target: an ISO/IEC standard for "AI Context Governance Protocol" as a companion to ISO 42001.
01Engage Standards Australia (SAI Global) — they are the Australian member body of ISO and can sponsor the NWIP
02Submit NWIP to JTC 1/SC 42 — requires support from 5 participating member bodies
03Working Draft → Committee Draft → Draft International Standard → International Standard
NIST / DISR
Government Reference
12–18 months
Why: NIST AI RMF is the de facto AI risk framework for US government procurement. Australia's DISR AI Safety Standard references NIST. A formal mapping document published as a NIST NCCoE (National Cybersecurity Center of Excellence) practice guide would make CRP the reference implementation for AI RMF compliance — the fastest path to government adoption.
What to submit: Submit CRP-SPEC-010 (Regulatory Controls Mapping) as a public comment to NIST's AI RMF 1.1 update process. Engage DISR's AI Safety Standard consultation (currently open). Apply for NIST NCCoE Technology Partner status.
What to submit: Submit CRP-SPEC-010 (Regulatory Controls Mapping) as a public comment to NIST's AI RMF 1.1 update process. Engage DISR's AI Safety Standard consultation (currently open). Apply for NIST NCCoE Technology Partner status.
01Publish CRP-SPEC-010 as an open document — formal NIST AI RMF mapping
02Apply to NIST NCCoE Technology Partner (similar to GitHub Technology Partner application)
03Engage DISR AI Safety Standard consultation — submit CRP as a reference implementation
04Get CRP cited in AI RMF Playbook as an implementation resource — this is achievable in 12 months
§12 Accreditation Roadmap
3-year standardisation roadmaptimeline
2026 Q3 ▶ Publish CRP-SPEC-001 through 006 as open documents (crprotocol.io/spec) ▶ Submit Internet-Draft to IETF Datatracker ▶ Register CRP-* header prefix with IANA ▶ Launch crp-scan GitHub Action — builds developer adoption ▶ Engage Standards Australia re: ISO/IEC JTC 1 path 2026 Q4 ▶ Present at IETF 125 or 126 — BoF session "AI Context Safety Protocol" ▶ Submit NIST NCCoE Technology Partner application ▶ Submit DISR AI Safety Standard consultation response ▶ Publish CRP-SPEC-010 regulatory mapping publicly 2027 Q1 ▶ IETF Working Group adoption (if BoF successful) ▶ IEEE SA PAR submission — AIS committee ▶ 2 independent CRP implementations (required for IETF Proposed Standard) ▶ CRP cited in NIST AI RMF Playbook v1.1 2027 Q2 ▶ ISO/IEC JTC 1/SC 42 NWIP submission (via Standards Australia) ▶ IETF Last Call for CRP header specification RFC ▶ IEEE Working Group draft circulated for ballot 2028 Q1 ▶ IETF Proposed Standard RFC published (CRP Headers) ▶ IEEE standard ballot complete ▶ ISO/IEC Committee Draft published 2028 Q4 ▶ IEEE standard published ▶ ISO/IEC Draft International Standard ▶ CRP is a referenced standard in EU AI Act implementing regulations
§13 What We Achieve
For the AI ecosystem
CRP v3 with headers solves the three biggest unsolved problems in deployed AI infrastructure today:
🔍
Observability
Every AI call produces structured safety and provenance metadata — readable by any tool in the stack without SDK dependency. AI systems become as observable as web servers.
🛡️
Safety-at-the-wire
Safety enforcement moves to the transport layer. Application code never sees CRITICAL-risk output. Safety policy is declared once, enforced everywhere — the same model that made web security headers transformative.
📋
Compliance-by-default
Every AI response automatically generates the evidence needed for EU AI Act, GDPR, ISO 42001, and NIST AI RMF compliance. Compliance stops being a project and becomes a header.
For developers
One GitHub Action finds every ungoverned AI call in their repo. One CRP wrapper fixes all of them. One CRP Comply link gives them their full regulatory evidence pack. The entire AI governance lifecycle — from code review to regulatory audit — flows through CRP.
For enterprises
CRP becomes the answer to the board-level question: "How do we know our AI is safe?" The Audit Trail URI on every response is a direct link to the evidence. The Safety Budget header is a real-time dashboard of accumulated AI risk across a session. The EU AI Act risk classification is a header value — not a consultant's report.
§14 Monetisation Model
Six distinct revenue streams, each addressing a different buyer. The protocol is open and free — revenue comes from the platform layer above it, exactly the model that made HTTP the foundation of trillion-dollar businesses.
CRP Comply SaaS
Per-seat or per-organisation subscription for the compliance platform. Every CRP-header-emitting application is a potential Comply customer. EU AI Act enforcement creates mandatory demand.
$500–$5,000/mo per org · Recurring
CRP Managed Gateway
Hosted CRP sidecar as a service — the AI equivalent of Cloudflare. Organisations pay per-call to have CRP sit in front of their LLM calls, emitting headers and generating compliance evidence.
$0.001–0.01 per LLM call · Usage
GitHub Marketplace
crp-scan free tier (basic detection) with paid tiers (full header gap analysis, auto-remediation PRs, CRP Comply integration). GitHub's 100M+ developer base is the top of the funnel.
$0 / $29 / $99 per repo/mo
Government & Enterprise
Consulting and implementation contracts for EU AI Act compliance, NIST AI RMF adoption, and ISO 42001 certification using CRP as the technical backbone. Australian Government is the first target.
$50K–$500K project · High margin
Certification Program
"CRP-Compliant" certification for AI products and platforms — analogous to SOC 2 Type II. Organisations pay to have their AI systems tested against CRP-SPEC-014 (Conformance Suite). Annual renewal.
$5K–$25K per certification
SDK & Integration Licensing
Commercial SDKs for enterprises requiring SLA-backed support, private CKF deployments, on-premises sidecar, and custom regulatory mapping. Open-source core, enterprise features licensed.
$2K–$20K/yr enterprise license
★
The standard-as-moat strategy: Once CRP headers are registered with IANA and referenced in NIST/ISO/IEEE standards, the protocol becomes infrastructure. Competitors can implement the spec but cannot replicate the CRP Comply evidence platform, the CKF knowledge graph, the GitHub Action ecosystem, or the certification program. The open protocol drives adoption; the platform layer captures the value — exactly how HTTP drove adoption of Apache/Nginx/Cloudflare.
CRP™ Protocol v3.0 Complete Specification · © 2025–2026 AutoCyber AI Pty Ltd
Context Relay Protocol™ · crprotocol.io · comply.crprotocol.io
Context Relay Protocol™ · crprotocol.io · comply.crprotocol.io