Self-governed · live signed receipts Framework coverage · machine-readable
Agentic Governance™ with Authority Finality™.
Governance without enforcement is a recommendation. KYE Protocol™ enforces authority while the action is forming — before the wire transfer commits, before the clinical recommendation issues, before the contract is signed. Authority expires, context drifts, legitimacy disappears mid-flight; KYE™ refuses out-of-scope action before the side effect lands. Every refusal and every approval is signed, replayable evidence — but the enforcement is the primitive, not the receipt.
Three questions decide whether an AI action is legitimate. Everything else KYE Protocol™ does sits under one of them.
Was this action allowed?
Stop an unauthorised AI action before it commits — not after the regulator asks.
Can you prove it?
Turn every action into proof an auditor can verify in seconds — without trusting your word for it.
Did it legitimately close?
Let irreversible actions reach signed closure — contestable later, never deniable.
New here? The protocol is a small set of building blocks, and each one always wears the same colour across the whole site. Learn the nine colours once and the rest of KYE Protocol™ reads itself.
A governed lane of capability — Evidence, Billing, Onboarding, Comms.
The runtime that actually decides or computes — the working parts.
An autonomous actor KYE™ governs as a first-class principal.
Something you can buy — a product, pilot or add-on.
A regulation or standard KYE™ maps to — EU AI Act™, SOC 2, DORA.
An industry pack — banking, healthcare, insurance, public sector.
A sealed, replay-verifiable document you can defend to an auditor.
A customer-facing application surface you log in and use.
A canonical entity profile — how KYE™ recognises who or what acts.
Every privileged action this codebase takes — a CI gate, a deploy, a schema migration, a key rotation — is admissibility-checked, evidence-emitting, and Replay-Proof™ verifiable from public keys alone. Not "trust us": evidenced, governed, and verifiable by you, offline. See the full receipts on the self-governance page.
Digital-transformation teams decide scope, capabilities and autonomy long before governance shows up. KYE Protocol™ turns your project scope into a sealed governance design — controls, evidence, autonomy tier and the frameworks that apply — and the fee credits 100% into a pilot.
design_services Design governance in → cloud Governance as a service
The protocol resolves four kinds of AI-agent action at the moment they form — a wire transfer, a payment, a clinical decision, an audit replay. Each is checked against its authority contract and sealed as signed evidence: out-of-scope refused, in-scope admitted, every decision verifiable offline from published keys alone.
An insurance AI agent triages 40,000 claims an hour. Six months later, the compliance team sits down with the auditor. They cannot review what was done — the speed broke the model. Post-facto governance is forensics, not control.
Once execution moves at machine speed, authority has to be resolved before the action commits — not in the audit log it leaves behind.
“That world has already ended without people even realising it had ended.”
AI safety, observability, guardrails, compliance frameworks — every layer of the agent stack is being built in parallel. None of them answer who is authorised to act, on whose behalf, with what evidence, at the moment the action executes.
Without highway code, the rest is logistics. KYE Protocol™ answers the questions nobody else is answering: who is authorised to act, within what scope, under which delegation, against which policy — resolved at the speed the agent acts.
Each stage is a governed checkpoint. KYE Protocol™ spans the full spine. Click any stage for its canonical surface.
Every KYE Protocol™ integration traverses the same lifecycle — from Intent through Authority Finality™ to Renewal or Revocation. Up-arrows show advancement; dashed exits show revocation paths.
Authority only means something if every actor resolves to a known place in one tree. In KYE Protocol™ the Tenant is the billing and isolation root; every workspace, team, resource, model, tool and acting party resolves up a parent chain to exactly one Tenant. Nothing acts from nowhere.
kye:tenant:…) — billing + isolation root; owns legal entities, billing, domains and policies.kye:wsp:…) — an environment / dataspace owned by a Tenant.kye:prin:…) — the acting party; every decision, tool call and audit row resolves to exactly one.A Principal is exactly one of four classes — the same governance applies whether the actor is a person or a piece of software:
KYE Protocol™ proves who or what acted, on whose behalf, under what authority, inside what scope, with what decision and what evidence — before the action executes, not after the regulator asks.
KYE™ governs the chain before execution becomes consequence.
Giving an AI agent a cryptographic identity is necessary — and the enterprise is already racing to do it. Uber has publicly described building agent identity, an AI Agent Mesh, a Security Token Service and an MCP gateway that propagate the full actor-chain (originating human → agents → tool) through every hop. That answers who is acting. It does not answer whether the action was allowed.
An authenticated agent with a valid key may still lack authority to approve a refund, release a legal document, call a sensitive tool, read protected memory, spend budget, merge code, or trigger a regulated workflow. KYE Protocol™ extends agent identity into runtime authority:
KYE Protocol™ publishes governed AI research held to the same bar as a regulated decision: every claim traces to a pinned source, every edition is sealed and Ed25519-signed over the published keys, and any reader can verify the seal offline. Subscribe to the editions that match your sector and role — the categories are drawn live from the canonical report matrix, never a hand-kept list.
Pick a stakeholder tab. Each tabpanel is one unified kye.report.v1 executive summary — verdict-first, role-specific findings, signature-covered bytes. Auditors verify the signature offline with the published assembler_kid public key. No portal log-in.
What a Data Protection Officer receives from a KYE™ pilot.
Verdict: GDPR Art 30 RoPA, Art 28 sub-processor register, and Art 12–22 data-subject rights are continuously evidenced — 0 lawful-basis gaps across 47 processing activities, 12 DPIAs current, 1 DSAR closed in 22 days.
kye.lawful_basis.v1 envelope citing SCCs + adequacy.assembler_kid public key.
What a Chief Information Security Officer receives from a KYE™ pilot.
Verdict: ISO 27001 Statement of Applicability is 93/93 controls operational — 0 sev-high incidents, 0 stale privileged credentials, 100% fleet at current minor version, DORA Art 28 register synchronised across 18 sub-processors.
incident_evidence_pack.assembler_kid public key.
What a Board director receives at the quarterly governance review.
Verdict: 14/14 declared regulatory frameworks L3-conforming, 0 material findings, 0 board-reportable incidents, pilot pipeline +18% QoQ — the protocol is regulator-ready and commercially compounding.
assembler_kid public key.
What an external SOC 2 / ISO 27001 auditor receives as the per-control evidence packet.
Verdict: SOC 2 Trust Services Criteria CC1 through A1 are operating effectively across the audit window — 47/47 in-scope controls effective, 2 informational observations, 0 deviations, all evidence retrievable by control ID.
assembler_kid public key.
What an EU AI Act / sectoral regulator receives during an Annex IV inspection.
Verdict: Annex IV technical documentation is complete for all 8 high-risk systems, every Article 9–13 obligation has a signed evidence artefact, and Art 50 disclosures are 100% covered — the deployer can be inspected today without a portal log-in.
transparency_log.v1).assembler_kid public key.
What a KYE™ channel partner receives at the quarterly business review.
Verdict: The partnership is producing — 7 active pilots, 4 advanced to PoC, 1 closed-won at $612k attributed ARR, 12 consultants L2+ certified, 0 deal-collision findings.
assembler_kid public key.
What a certified KYE™ consultant receives as their quarterly portfolio summary.
Verdict: The portfolio is healthy — 18 active engagements, 92% billable utilisation, 0 high-tier risk, L3 certification current, every Approval Brief™ client- and consultant-signed and WORM-archived.
assembler_kid public key.
What a buyer receives every month as proof their SLA + per-decision guarantees held.
Verdict: Every contractual guarantee held — 99.97% availability vs 99.5% commitment, p95 latency 38ms, 14.8M decisions each with a signed evidence pack a buyer's auditor can verify offline.
require_approval flows resolved.assembler_kid public key.
What a General Counsel receives as proof the agent estate is contractually defensible.
Verdict: Every one of 14.8M agent actions traces back to a named human principal — 0 orphan actions, 0 out-of-scope actions, every subpoena answered with a signed Evidence Pack™ within 24h, 2 of 3 cases settled pre-litigation.
assembler_kid public key.
What a litigator or insurer receives when one agent decision becomes a $1M question.
Verdict: The counterparty's agent-impersonation claim is refuted on the bytes — decision kye:decision:01HZAQX-procure-q2-07 carries a verifiable authority chain back to the named CFO, a matched purpose-permission, an unchanged supplier IBAN, and a settlement signed in 48h with €0 legal cost above retainer.
kye:decision:01HZAQX-procure-q2-07 · timestamp 2026-04-18T14:22:11Z · agent kye:agent:acme:procurement-bot-v2.kye:delegation:01HZA22-cfo → human principal kye:human:acme:cfo-priya-shah · all 3 signatures verifiable against published JWKS.kye:purpose-permission:acme:supplier-payment:eur-100k-500k · matched · scope respected.kye:entity:supplier:counterparty-bv · matched the human-approved supplier list at decision time · NO substitution.kye:entity:supplier:counterparty-bv at decision time · signed audit-chain entry confirms no change in the 90 days before the payment.assembler_kid public key.
New for legal teams: explore the Legal sector page — agent-as-contracting-party + UNCITRAL MLES + FRE 901 + GDPR Art 22 crosswalk, all answered by one signed Evidence Pack™.
Audit prep means combing six vendor consoles, screenshotting logs, interviewing engineers, and rebuilding a story the regulator has to take on trust.
The auditor fetches one URL, verifies the signature with public keys, replays every decision, and maps it to 289 controls across 170 frameworks.
KYC, KYB and KYA verify categories of actors. KYE™ governs entities capable of action.
Once AI agents, tools, workflows and APIs act through delegated authority chains at machine speed, governance cannot remain a post-facto stitching of IAM, OAuth, SIEM logs and GRC systems. KYE Protocol™ provides the runtime authority and evidence layer for delegated AI actions — one signed delegation chain, one Decision Map™, one Evidence Pack™, one Replay Proof™ — under a single open contract.
High-blast-radius AI-agent actions don't have to be a leap of faith. KYE Scenario Testing™ runs the proposed action through a deterministic stress evaluator before it executes — emitting a risk level, a recommended decision, and a list of recommended controls. KYE Approval Brief™ then composes 13 required-knowledge slots into a structured, signed brief so the human approver decides on facts, not vibes — and the decision is sealed into a KYE Approval Evidence Pack™ any auditor verifies offline. Read more: Scenario Testing™ · Informed Approval™.
A delegated AI system can remain explainable, trusted, high-performing and cryptographically verifiable while slowly decoupling from current operational reality. KYE Reality Coupling™ detects that stable-drift failure mode — locally valid, globally wrong — before trusted automation causes trusted harm. The new n_reality_coupling decision step grounds every decision in a current view of the world, and emits a signed kye.stable_drift_event.v1 the moment the world moves.
If you advise on AI governance, data privacy, or security, you bring the regulator credibility. KYE™ brings the cryptographically-signed evidence layer. Together your clients get evidence-grade governance in weeks, not the 12 months it takes to build from scratch. The KYE Consultant Toolkit™, a multi-tenant console, signed attribution on every action, and a public marketplace listing — for CISO, DPO, and AI-governance practices.
Two ways to go beyond adopting KYE Protocol™: productise a governance framework you own through the KYE Sector Pack Foundry™, or get your people formally certified to deploy and operate the protocol.
Every jurisdiction running a serious AI program is converging on the same expectation: AI must prove its authority at runtime, not declare it in a policy. KYE Protocol™ ships per-region reference pages mapping the protocol to the regulators each jurisdiction reads first.
Plus sector pilots: Clinical AI · KYE HAARF Readiness Pilot™ · Financial services · Trust Center
Run the free 24-question / 6-lens self-assessment from any IDE that speaks Claude Code, MCP, or our CLI. Get an unsigned score instantly. Sign up for a free KYE™ account and convert it into a signed kye.report.v1 envelope — auditor-grade, regulator-grade, verifiable offline against our published JWKS. 3 signed envelopes / month / email on free tier.
/kye:diagnose · /kye:score · /kye:report · /kye:verify · /kye:framework-map. Apache 2.0.
hub
MCP server
One server → Claude Desktop, Cursor, Windsurf, Cline, Zed. Same five tools. Apache 2.0.
device_hub
NIST 800-53 Rev 5 hub
170 frameworks crosswalk INTO one canonical taxonomy. "Do you map to X?" = one hop, deterministic.
When you're ready to close the gaps the diagnostic finds (not just measure them): apply for a paid pilot — unlimited signed envelopes + the runtime that turns gaps into enforced policy.
You see exactly how six rungs — you pick far you go — step by step, with the signed evidence trail at each step so a regulator can replay it offline.
Every claim here is backed by the open KYE Protocol™ contracts and verifiable end-to-end from the publisher's JWKS — you check it yourself, you don't take our word for it.
Every claim here is backed by the open KYE Protocol™ contracts and verifiable end-to-end from the publisher's JWKS — you check it yourself, you don't take our word for it.
An AI agent calls five services with five different identities. Stop signals don’t cross system boundaries. Auditors can’t reconstruct what happened. Regulators (EU AI Act, DORA, NIS2, PSD3, ISO 42001, NIST AI RMF) want a chain of authority — not an OAuth token.
One URN format. One delegation chain. One decision vocabulary. One cascading bus. One signed proof. The same answer in every system to who acted, on whose behalf, with what authority, under what scope, with what evidence?
Regulatory tailwind · composes with OAuth / SPIFFE / MCP / KYC / KYA · implementable today on Apache 2.0 schemas + reference Gateway + 129-fixture conformance pack.
KYE™ produces the KYE Chain of Authority™ the way digital signatures produce chain-of-custody for documents. Courts already accept signed documents; KYE™ gives them signed delegations.
You stop relying on vendor good-faith and start relying on cryptographic proof — that is what changes when AI agents act on your behalf at runtime.
KYE Protocol™ is the open identity, authority, scope, state and audit layer for every action a human, business, AI agent, service, model, tool or workflow takes — one URN, one delegation chain, one decision vocabulary, one cascading bus, one signed proof.
More: why it exists / what it adds → · technical reference → · whitepaper →
Compliance frameworks, governance architectures, authorisation models and runtime execution control are related but distinct. KYE Protocol™ sits where governance meets execution: the runtime authority and evidence layer that decides and proves whether a delegated action should happen.
Question: What obligations must we meet?
KYE™ role: produces runtime evidence packs and Compliance Map™ mappings that frameworks consume.
Does not: replace the framework, the certifier, or the auditor.
Question: How is accountability organised?
KYE™ role: turns governance intent into runtime authority decisions and replayable evidence.
Does not: replace organisational governance.
Question: Who or what may be allowed?
KYE™ role: extends authorisation into delegated agency, capability scope, six-dimension state, Authority Continuity™, Discoverability, evidence and revocation.
Does not: replace IAM.
Question: Should this specific action happen now?
KYE™ role: decides, records, revokes and proves authority at the point of action.
Does not: process the underlying payment, clinical action or infrastructure command itself.
Identity · Authority · Scope · State (6-dim) · Decision · Audit · Evidence Pack™ · Discoverability · Continuity. Resolves who or what is acting, on behalf of whom, under what authority, in what state — then produces a signed Decision Map™ + Evidence Pack™ any auditor or regulator verifies offline with public keys.
Frameworks tell you what must be governed. KYE™ controls and proves what actually happened at runtime.
IAM answers who logged in. Agentic systems require a deeper runtime question: what was actually acting through the chain?
Who logged in? What permissions were assigned at issuance?
Who or what acted? On behalf of whom? Through which delegation chain? Using which capability? Inside what scope? In what state? With what evidence? Was Authority Continuity™ preserved? Can it be discovered and revoked?
Every claim here is backed by the open KYE Protocol™ contracts and verifiable end-to-end from the publisher's JWKS — you check it yourself, you don't take our word for it.
What it is
What it is not
Every claim here is backed by the open KYE Protocol™ contracts and verifiable end-to-end from the publisher's JWKS — you check it yourself, you don't take our word for it.
Core records who or what acted, on whose behalf, under what authority, in what state, with what evidence. Seven runtime profiles add the layers around it: an upstream admissibility layer that decides whether a proposed action may even enter the pipeline, continuity from intent to action, discoverability across the authority graph, a shared-vocabulary semantic layer, an operating-model adoption layer, an assurance-card layer, and a formal-rules layer that turns rights, obligations and governance into runtime authority decisions.
Admit. Decide. Gate. Prove. Revoke. Replay. KYE™ does not only attribute delegated actions after they exist — it checks whether proposed actions are admissible before they enter the authority pipeline, then decides, proves, revokes and replays what happens next.
KYE Protocol™ is a contract layer with a commercial trust layer — not a SaaS product. Path: Learn → Review → Build → Pilot → Conform → Certify. Pick the entry point that fits your role.
Identity tells you the front door — KYE Protocol™ tells you what happened on the other side. We call this Authority Finality™: a replayable proof layer for AI-agent actions. Every action carries a delegation chain back to a human or business, attenuable scope, signed evidence, and standardised reason codes that any auditor can verify with public keys alone.
The v1.0 contract is bank-grade and frozen as of April 2026 (10 canonical profiles + 57 rule packs + 49 sector packs + 191 dictionaries, 550 OpenAPI operations, 276 schemas, 289 control mappings, 133 conformance fixtures all passing). Reference implementations are pilot-grade (correctness-first, not throughput-tuned).
KYE™ composes with all of them. OAuth issues credentials; MCP gives agents tool access; SPIFFE handles workload identity; KYA vendors issue agent passports. KYE™ binds these into one open contract that carries delegation, scope, state, decision, and signed audit across every layer.
Every release of KYE Protocol™ runs scripts/self-govern-kye-on-kye.mjs — eight engines (Identity, Authority, Admissibility, Continuity, Meaning Continuity™, Formal Rules, Obligations, Evidence) evaluate the project as a governed entity and emit eight Ed25519-signed artefacts.
The honest part: the engines correctly classify the project as obligation: breached and admissibility: require_human_review when consistency-drift, missing SOC 2, or stat-mismatches surface. Most "trust" pages claim a green checkmark; KYE™’s signs an honest red one and routes itself to human review.
scripts/verify-self-audit.mjs with zero dependencies. Defaults to offline (against on-disk fixtures); anyone with the publisher's JWKS can re-derive the decision — no vendor server in the path.