KYE Public Sector Governance Pack™ for AI-generated public-sector decisions & FedRAMP authorising-official assertions.
When an AI agent drafts a benefit or eligibility determination, assembles a record for disclosure under a transparency request, proposes a configuration change inside a FedRAMP-authorised boundary, or compiles a continuous-monitoring assertion for an authorising official and that output starts to move toward being served, disclosed, committed, or submitted, the consequential moment has arrived. The KYE Public Sector Governance Pack™ governs that action boundary: it binds every consequential action to a named official's authority, records the due diligence before the action, holds the output advisory until a named official signs off — with two-person sign-off on the irreversible authorising-official assertion — and seals it into a replay-provable provenance record produced with FIPS 140-validated cryptography. KYE Protocol™ governs whether the output may proceed — it does not replace the FedRAMP / ATO authorisation of the system, make the policy decision, or judge whether the determination is substantively correct.
AI now drafts public-sector decisions and control assertions — and the authorising-official submission is the irreversible action where accountability concentrates.
Generative case-work copilots, automated eligibility engines, disclosure-assembly tools, and continuous-monitoring assistants are producing outputs that move quickly toward citizens, the public record, and the authorising official who carries the ATO. The high-value problem is not the model output — it is the action boundary. Three facts converge:
- The consequential moment is the serve, the disclosure, the commit, and the authorising-official submission — not the draft. An output in a model's response is inert; a determination served to a citizen, a record disclosed under transparency / FOIA, a configuration committed inside a FedRAMP-authorised boundary, or a continuous-monitoring / POA&M assertion submitted to an authorising official is consequential. The authorising-official assertion is part of the accountability record the official relies on for the ATO. Official accountability attaches at the moment an output proceeds — exactly where governance is weakest.
- The standards already exist; the enforcement of authority does not. FedRAMP's continuous monitoring (CA-7), FIPS 140-validated cryptography (SC-13), and personnel-screening (PS-3/PS-7) controls, NIS2 governance, ISO/IEC 42001 AI risk management, ISO/IEC 27001, and the UK AI regulatory framework's accountability and contestability principles define what is required. KYE Protocol™ governs whether an AI-generated output may proceed under those standards, under whose authority, with due diligence recorded before the action.
- Provenance is now an audit and a citizen-rights expectation. An output committed inside a FedRAMP boundary, the evidence behind a control assertion, and a determination a citizen can contest must each carry documented data integrity and lineage. KYE Protocol™ produces a signed, replay-derivable, FIPS 140-validated provenance pin at the moment the action commits.
- This is a governance wedge, not an authorisation replacement. KYE Protocol™ does not compete with FedRAMP, the ATO process, or the case-management systems. It governs the action boundary they feed — the named-authority + due-diligence + two-person sign-off + provenance layer the AI public-sector ecosystem currently lacks. This pack consolidates and retires the two prior incomplete public-sector packs into one coherent spine.
Survives a 3PAO assessment, an authorising-official review, or a transparency challenge — due-diligenced, two-person-signed-off, and derivable from public keys alone.
- Due-diligenced by construction. An AI-generated output that moves toward a serve, disclosure, commit, or authorising-official submission must carry a recorded due-diligence result — personnel-eligibility / US-persons screen where the action touches controlled or citizen PII (FedRAMP PS-3/PS-7), a lawful-basis determination (UK GDPR Art.6 public-task; NIS2 governance; ISO/IEC 42001), and a FedRAMP continuous-monitoring / control-status screen (CA-7; open POA&M items; SI-2 flaw-remediation currency) where applicable. An unscreened, ineligible-personnel, unlawful-basis, or ConMon-deficient output is refused at the action-admissibility gate.
- Sign-off-gated, two-person on the assertion. An output stays advisory until a named caseworker, system owner, or authorising official records sign-off. The irreversible authorising-official-facing assertion additionally requires GovernedUI two-person sign-off — the preparing system owner and an approving authorising official. Unreviewed AI-driven consequential actions are refused and routed dual-channel.
- Authority-bound. Every consequential action maps to a recorded named-authority decision — the agent, the output artefact, the intended action, and the named official under whose authority it proceeds. An AI authorised for one purpose cannot proceed under another.
- Replay-provable provenance. A signed provenance pin — produced with FIPS 140-validated cryptographic modules inside a FedRAMP boundary — binds the model and version, the inputs and pinned source data, the lawful-basis and continuous-monitoring status, the due-diligence result, and the authority outcome — audit-grade data integrity a 3PAO, an authorising official, or a citizen exercising a transparency right can verify offline, against published keys alone.
- Framework-anchored. FedRAMP, NIS2, ISO/IEC 42001, ISO/IEC 27001, and the UK AI regulatory framework each map to a control row — with a 90-day attestation cadence.
Every consequential public-sector action — authority-bound at the action boundary.
One coherent spine governs three jurisdiction specializations — us-federal, uk, and eu — with no parallel packs. Each AI-generated output that moves toward a consequential action flows through the same four rules, on the canonical KYE Protocol™ envelopes.
- 1 — Output proposed. An AI agent produces a determination, a disclosure package, a configuration change, or a control-status / POA&M assertion that begins to move toward being served, disclosed, committed, or submitted to an authorising official.
- 2 — Due diligence + authority check. The Action Admissibility™ Gate verifies a recorded due-diligence result (personnel-eligibility + lawful-basis + continuous-monitoring / control-status screen) and the named-authority under which the output proceeds, under the §25 Edge Governance Safety Floor. No due diligence, no authority = no action.
- 3 — Advisory pending sign-off. The output is advisory until a named caseworker, system owner, or authorising official records sign-off — with two-person sign-off (system owner and authorising official) required on the irreversible authorising-official assertion. Low-confidence or unreviewed outputs are refused and routed dual-channel; a citizen-affecting determination is contestable under §61.
- 4 — Provenance pin sealed. The runtime emits kye.purpose.request.v1 + kye.purpose.admissibility.v1 + kye.evidence.decision_map.v1 + kye.evidence.pack.v1 in lockstep — produced with FIPS 140-validated cryptography — binding the model and version, the pinned source data, the lawful-basis and ConMon status, the named signing official, and the Authority Finality™ outcome — signed and replay-derivable for a 3PAO, an authorising official, or a transparency challenge.
Bound to the AI public-sector authority + due-diligence + provenance perimeter.
The pack binds the canonical KYE™ artefact set to the government and public-sector standards perimeter. Every claim resolves to a control row on the bound framework — the five regimes are consumed by the rule pack, never re-mapped (all five are reused from the existing framework registries, grafted via framework-to-rule-pack edges, not duplicated).
| Framework | Control area | Pack coverage |
|---|---|---|
| FedRAMP (reused) | Continuous monitoring (CA-7), FIPS 140-validated cryptography (SC-13), personnel screening (PS-3/PS-7), flaw remediation (SI-2), authorising-official approval & ATO | partial |
| NIS2 (reused) | Governance & risk-management measures, incident reporting, supply-chain security for essential / important entities | partial |
| ISO/IEC 42001 (reused) | AI management system, AI risk management, lifecycle controls, accountability | partial |
| ISO/IEC 27001 (reused) | Information-security controls, logging & monitoring, data integrity | partial |
| UK AI regulatory framework (reused) | Accountability & governance, transparency, fairness, human oversight & contestability principles | partial |
Honest scope. KYE Protocol™ governs the authority, due diligence, sign-off, and provenance of the AI instruction at the action boundary — whether the output may proceed. It does not replace the FedRAMP / ATO authorisation of the system, make the policy decision, run the case-management engine, or judge whether the determination is substantively correct. Partial coverage means the bound surface satisfies the control area when paired with the agency's own authorisation, system operation, and accountable decision-making. Agencies adopt KYE Protocol™ as a control-implementation, not as an authorisation-replacement.
Qualified AI public-sector partners — apply through the Foundry.
The KYE Public Sector Governance Pack™ is a §68 sector product productised through the KYE Sector Pack Foundry™ Build tier; commercial distribution is value-based, qualification-gated, and disclosed under NDA to qualified applicants.