# 0. Front Matter

### Part 0 — Front Matter: Document Control, Perimeter, and Authority

#### 0.1 Title Page

0.1.1 Instrument name: **Future of Web Guild Charter** (the “Charter”).\
0.1.2 Guild: **Future of Web Guild** (the “Guild”).\
0.1.3 Alignment: **Enterprise Web Intelligence Platform v1.0** (the “Platform”).\
0.1.4 Version identifier: **v1.0 (Publishable)**.\
0.1.5 Effective date: **January, 01, 2026**.\
0.1.6 Handling class (default): **Public-safe**, unless re-elected by record under Part 0.6 and Part 19.\
0.1.7 Supersession statement: This Charter supersedes all prior drafts, outlines, summaries, and informal descriptions of the Guild’s constitution as of the Effective date.\
0.1.8 Citation rule: Any reference to this Charter must include version identifier and effective date; excerpts must not be represented as the whole.

#### 0.2 Issuing Entity, Legal Seat, and Scope Election

0.2.1 Issuers: **The Global Centre for Risk and Innovation (GCRI)** acting through:\
(a) **GCRI Canada** (nonprofit corporation; not a charity); and\
(b) **GCRI US** (planned 501(c)(3) entity), once constituted and acting only within its lawful scope.\
0.2.2 Legal seat:\
(a) This Charter is issued under the governing authority of the issuing entity(ies) and applicable law in their respective jurisdictions; and\
(b) No clause herein creates a supranational seat, treaty authority, or public law mandate.\
0.2.3 Scope election: This Charter is an **R\&D and evidence-governance instrument** governing Guild methods, publications, and discipline supporting Platform users. It is not a certification scheme, enforcement regime, nor operational service agreement.\
0.2.4 Dual-entity clarity: GCRI Canada and GCRI US are **legally separate** entities with distinct liabilities, boards, and contracting capacity; neither is the agent of the other absent a written instrument expressly granting agency and recorded by both entities.\
0.2.5 Attribution rule: Every public-facing release, dataset, benchmark, code artifact, or AEP shall identify: (i) the issuing entity; (ii) the scope election; and (iii) the applicable handling class and reliance bounds.

#### 0.3 Purpose and Audience

0.3.1 Purpose: Establish the Guild as a **web-resilience R\&D commons** and evidence discipline producing **contestable, reproducible, correctionable** web intelligence artifacts aligned to the Platform, enabling trusted digital infrastructure governance without crossing into regulated execution.\
0.3.2 Primary audiences:\
(a) researchers, engineers, analysts, maintainers, reviewers, stewards, and educators participating in Guild work;\
(b) enterprises and infrastructure providers adopting Platform outputs for governance, risk management, and resilience programs;\
(c) standards bodies and multi-stakeholder communities consuming interoperability mappings and benchmark methods;\
(d) civil society and public-interest institutions using public-safe comparative research outputs.\
0.3.3 Adoption contexts: enterprise risk governance, security and privacy engineering governance, resilience and dependency mapping, standards-aligned measurement, procurement-neutral benchmarking, and evidence packs supporting internal accountability.\
0.3.4 What this is not: a security operations center, incident command function, emergency operations center, CERT/CSIRT, regulator, compliance authority, certifier, procurement authority, lobbying vehicle, market operator, underwriting/settlement/custody function, nor enforcement actor.

#### 0.4 Regulatory Perimeter & Liability

0.4.1 Nature of activities: The Guild performs **R\&D, measurement, methods development, reference implementations, datasets, benchmarks, education, and evidence packaging** (including AEPs) supporting Platform users.\
0.4.2 Bright-line exclusions: The Guild shall not:\
(a) provide operational security services or managed detection/response;\
(b) conduct incident command or dispatch;\
(c) provide legal, regulatory, investment, medical, engineering, or other professional advice;\
(d) issue compliance determinations, certifications, attestations, or endorsements;\
(e) influence procurement, create “approved vendor” lists, or steer commercial selection;\
(f) publish exploit-enabling playbooks or weaponization-enabling detail;\
(g) act as an enforcement body or coordinate coercive action.\
0.4.3 Non-reliance and accountability: Outputs are decision-support artifacts with explicit uncertainty and limitations. Adopters remain solely responsible for decisions and actions taken under their authority, controls, and legal duties.\
0.4.4 Liability posture: Outputs are provided **as-is and correctionable**; the Guild’s core duty is integrity-by-record (publication discipline, contestability, and correction), not operational guarantee.

#### 0.5 Non-Execution / Non-Advocacy / Non-Deal Room / Competition-Safe Summary

0.5.1 Non-executing perimeter: The Guild publishes methods and evidence; it does not execute operations or direct operational actions.\
0.5.2 Non-advocacy perimeter: The Guild is not a political advocacy vehicle; it supports evidence-based governance and interoperability as a research discipline.\
0.5.3 Non-deal room: The Guild is not a matchmaking, placement, sales, or procurement-routing venue; it shall not host deal rooms or facilitate transactions.\
0.5.4 Competition-safe posture: The Guild shall operate an antitrust-safe collaboration protocol, including: agenda-bounded meetings, prohibited-topic rules, escalation and stop-the-line procedures, and records discipline.\
0.5.5 Neutrality: The Guild is vendor-neutral and stack-neutral; comparative publications must disclose methodology and limits and may not be sold as endorsements.

#### 0.6 Records Discipline and Validity-by-Record Summary

0.6.1 Validity-by-record rule: Guild outputs are “Guild outputs” only when issued under a **Release Record** that assigns a version, handling class, reliance bounds, issuer, and correction path.\
0.6.2 Mandatory record types:\
(a) **Decision Record** (authority, scope, rationale, dissent, handling election, reliance bounds);\
(b) **Release Record** (artifact inventory, version IDs, claims, tests, limitations, grades, distribution posture);\
(c) **Correction/Supersession Record** (what changed, why, impact, migration guidance, deprecations);\
(d) **Dispute Record** (contestability request, evidence, outcome, and publication posture);\
(e) **Handling Election Record** (Public-safe / Controlled / Restricted; expiry);\
(f) **Role & Good Standing Record** (membership status, COI disclosure state);\
(g) **Incident Register Entry** (integrity incidents, disclosure incidents, benchmark disputes, misrepresentation events).\
0.6.3 Distribution logs: Controlled and Restricted outputs require distribution logs and expiry elections; recipients must accept handling discipline as a condition of access.\
0.6.4 Correction clocks: Corrections are time-bounded by severity tiers: **critical**, **material**, **methodological**, and **periodic drift** review, with each correction recorded and linked to the superseded artifact(s).\
0.6.5 Prohibition on silent edits: Substantive changes must not be made without a Correction/Supersession Record.

#### 0.7 Definitions and Abbreviations

0.7.1 **WEBINT**: Web intelligence as observatory tradecraft for web ecosystems—evidence-first, rights-preserving, non-intrusive, and contestable.\
0.7.2 **UNOSINT**: Universal Nexus open-source intelligence methodology: Direction → Collection → Processing → Analysis → Dissemination → Feedback, with provenance and correction discipline.\
0.7.3 **GRIx**: Nexus ontology backbone enabling common objects, lineage, and interoperability for evidence-grade artifacts.\
0.7.4 **NRM**: Nexus Risk Management discipline (Sense → Evidence → Scenario → Decision → Route → Learn) with validity-by-record and correction clocks.\
0.7.5 **AEP**: Assurance & Evidence Pack: an enterprise-grade evidence container (BOM, provenance, confidence, tests, limitations, reliance bounds, correction metadata).\
0.7.6 **DID/VC**: Decentralized Identifiers / Verifiable Credentials (identity and credentialing primitives; used only within stated scope).\
0.7.7 **SBOM/SLSA**: Software Bill of Materials / Supply-chain Levels for Software Artifacts (build integrity and provenance).\
0.7.8 **C2PA**: Content provenance/authenticity standards and verification workflows.\
0.7.9 **OWASP / CVE**: Web security risk taxonomy / Common Vulnerabilities and Exposures identifiers.\
0.7.10 **WCAG**: Web Content Accessibility Guidelines and related accessibility standards.\
0.7.11 **DNS/DNSSEC**: Domain Name System / DNS Security Extensions.\
0.7.12 **CT logs**: Certificate Transparency logs supporting certificate issuance visibility and monitoring.\
0.7.13 **Handling classes**: Public-safe / Controlled / Restricted (defined by election; governs dissemination, logging, and expiry).\
0.7.14 **Reliance bounds (R0–R4)**: permitted levels of operational reliance on outputs (defined in Part 2 of the Charter).

#### 0.8 Guild Threat Model Summary

0.8.1 Core threat categories:\
(a) **capture and influence** (sponsor/vendor/state pressure, bribery, coercion, revolving-door conflicts);\
(b) **gaming and tampering** (benchmark manipulation, dataset poisoning, adversarial evasion, metric hacking);\
(c) **misrepresentation** (false endorsement claims, badge misuse, selective screenshotting, context stripping);\
(d) **legal compulsion abuse** (subpoena/FOI/discovery overreach, compelled disclosure pressure);\
(e) **publication risk** (dual-use leakage, unsafe disclosure enabling exploitation);\
(f) **integrity drift** (method drift, sampling bias, silent edits, untracked model changes).\
0.8.2 Baseline controls (summary): COI disclosures and recusals; influence caps; reproducibility and lineage; anti-gaming monitoring; handling class elections; distribution logs; stop-the-line authority; contestability and dispute clocks; correction and supersession discipline.

#### 0.9 Measurement & Collection Doctrine Summary

0.9.1 Observatory posture: measurement shall be lawful, non-intrusive, rate-limited, and minimum-necessary; methods are documented to enable scrutiny and replication.\
0.9.2 Sensitive data minimization: no PII by default; redaction rules apply for accidental capture; special categories are excluded absent recorded justification and lawful basis.\
0.9.3 Separation doctrine:\
(a) observatory outputs ≠ surveillance;\
(b) intelligence products ≠ enforcement;\
(c) governance templates ≠ regulated execution;\
(d) measurement ≠ censorship or coercive moderation design.\
0.9.4 Operator harm avoidance: measurement must avoid disruption; safety identifiers and backoff behavior apply.

#### 0.10 Canada–US Dual-Entity Operating Summary

0.10.1 Separation of powers: each entity retains separate governance, contracting authority, staffing, banking, insurance, and liability.\
0.10.2 Joint posture: collaboration is permitted where consistent with each entity’s governing documents and recorded by appropriate instruments; collaboration does not merge liabilities.\
0.10.3 Signing and attribution: no cross-entity signing without explicit authorization; releases state issuer and scope election; public communications must not imply agency.\
0.10.4 Data sovereignty and cross-border: hosting and processing elections are recorded; access controls and retention policies are applied by issuer and handling class.\
0.10.5 Employment boundary: Guild membership and roles do not create employment or fiduciary agency unless expressly contracted.

#### 0.11 Platform Alignment Statement (Enterprise Web Intelligence Platform v1.0)

0.11.1 The Guild constitutes the Platform’s **research, measurement, and evidence backbone**, providing:\
(a) WEBINT doctrine and intelligence product discipline;\
(b) GRIx web ontology objects and mappings;\
(c) NRM-aligned decision records and AEP structure;\
(d) benchmark integrity standards and anti-gaming controls;\
(e) release discipline, correctionability, and longitudinal comparability.\
0.11.2 Platform module posture: The Platform’s v1.0 modules consume Guild methods and publish outputs only under record-valid release discipline and handling-class elections.\
0.11.3 Integration posture: The Platform supports enterprise integration (e.g., SIEM/SOAR/GRC) through **interfaces and evidence artifacts**, not operational dispatch or enforcement.\
0.11.4 Credit model alignment: Participation and sustainability mechanisms (e.g., CRS credits) are governed by this Charter’s neutrality, anti-capture, and competition-safe requirements; credits are utility mechanisms and do not constitute currency, investment instruments, or compensation absent a recorded agreement.\
0.11.5 Maturity and release discipline: v1.0 outputs shall carry explicit maturity markers, reproducibility grades, and reliance bounds; “enterprise-deployable” markings do not imply certification or compliance determination.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.therisk.global/organization/cooperation/nexus-guilds/future-of-web/0.-front-matter.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.