# XIX. OBSERVATORY ## 19.1 Observatory Object Doctrine ### 19.1.1 Observatory object defined. An **Observatory Object** under the Distributed Digital Public Goods Framework shall mean any recorded digital public-good object used to observe, describe, classify, interpret, summarize, visualize, route, review, correct, or archive signals relevant to risk, resilience, WFEH-B systems, disaster risk reduction, disaster risk finance, disaster risk intelligence, climate, nature, biodiversity, public health, infrastructure, cyber-physical systems, supply chains, frontier technologies, public authority learning, National Portfolios, Nexus Universe preparation, Studio workflows, Grid inputs, TRL notes, Reports, Marketplace listings, Registry records, or lawful handoff context. Observatory Objects may include signals, indicators, sensor records, edge records, geospatial layers, Earth observation layers, digital twin inputs, hotspot records, cascade records, degraded-mode records, public-safe observability summaries, and related provenance, confidence, uncertainty, correction, and archive records. An Observatory Object shall be evidence-bearing and public-safe by design. It shall not be treated as surveillance authority, public warning authority, public authority decision, emergency command, official map, risk rating, insurance score, investment signal, procurement input, certification, deployment authorization, or execution authority by default. Its purpose is to support visibility, learning, review, public-safe reporting, readiness, correction, and lawful context transfer. ### 19.1.2 Signal object defined. A **Signal Object** shall mean a recorded observation, input, alert-like indicator, anomaly, trend, event trace, data point, field observation, sensor output, public report, satellite-derived observation, dashboard input, community observation, National Portfolio input, Campaign input, DRI input, Observatory input, or other evidence-bearing indication that may become relevant to Nexus workflows. Signal Objects shall include source pathway, timestamp or period, location class where applicable, confidence label where applicable, uncertainty label where applicable, sensitivity class, data-use label, public-safe status, review status, correction pathway, and boundary notices. A Signal Object shall not be a warning, official notice, public authority alert, emergency instruction, rating, forecast certainty, public decision, insurance score, finance signal, or operational command. Signals shall be triaged, reviewed, classified, and routed before being used in reports, dashboards, DRI records, Studio workflows, Grid inputs, TRL notes, Marketplace objects, Registry records, or handoff context. ### 19.1.3 Sensor object defined. A **Sensor Object** shall mean a recorded representation of a physical, digital, remote, edge, IoT, IIoT, environmental, cyber-physical, geospatial, Earth observation, infrastructure, water, food, energy, health, biodiversity, climate, weather, hydrological, seismic, atmospheric, marine, ecological, mobility, network, telemetry, or other sensing source used or referenced within DDPGF. Sensor Objects may include sensor identity, steward, host, location sensitivity, calibration status where applicable, data stream class, collection method, access class, cyber status, privacy status, public-safe transformation, retention rule, correction pathway, and archive status. A Sensor Object shall not authorize surveillance, operational control, field intervention, public authority action, public warning, emergency command, infrastructure operation, community monitoring, protected knowledge disclosure, or deployment. Sensor presence, sensor data, or sensor metadata shall be governed by data rights, community safeguards, cyber controls, privacy controls, geospatial sensitivity, protected knowledge restrictions, and public-safe release discipline. ### 19.1.4 Geospatial object defined. A **Geospatial Object** shall mean any map layer, coordinate set, boundary layer, place record, spatial dataset, raster, vector, tile, geocoded record, location-linked dataset, route, corridor, hotspot, exposure layer, vulnerability layer, infrastructure layer, sensor location, community location, ecological layer, protected site layer, facility layer, disaster footprint, climate layer, or spatial visualization used within DDPGF. Geospatial Objects shall include source, scale, resolution, date, coordinate reference where appropriate, sensitivity class, masking status, aggregation status, delay status where applicable, public-safe status, data-use label, access class, correction pathway, and archive rule. A Geospatial Object shall not be an official map, legal boundary determination, property determination, public authority record, surveillance authority, emergency command layer, procurement basis, insurance rating, investment signal, or deployment authorization unless separately issued or adopted by a competent authority outside DDPGF default posture. ### 19.1.5 Earth observation object defined. An **Earth Observation Object** shall mean a digital public-good object derived from satellite, aerial, drone, remote-sensing, radar, optical, thermal, multispectral, hyperspectral, LiDAR, atmospheric, oceanographic, hydrological, ecological, climate, weather, or other Earth observation source. Earth Observation Objects may include imagery, derived layers, change-detection outputs, land-cover classifications, flood extents, drought indicators, vegetation indices, heat-risk layers, coastal-risk layers, wildfire-related layers, infrastructure-exposure layers, biodiversity-related layers, public-safe summaries, or digital twin inputs. Earth Observation Objects shall be governed by source rights, resolution sensitivity, geospatial masking, public-safe transformation, data quality, confidence and uncertainty labels, method notes, correction pathways, and archive rules. Earth observation output shall not be treated as forecast certainty, public warning, official map, public authority decision, operational command, surveillance authority, or deployment authorization. ### 19.1.6 DRI indicator object defined. A **DRI Indicator Object** shall mean a recorded indicator, metric, index component, threshold, trend, proxy, signal category, exposure measure, vulnerability measure, capacity measure, hazard-relevant measure, resilience measure, protection-gap indicator, risk-layering indicator, public-safe risk-intelligence element, or dashboard input used in Disaster Risk Intelligence workflows. DRI Indicator Objects shall identify definition, source, method, update cadence, uncertainty label, confidence label, geographic scope, temporal scope, public-safe status, sensitivity class, assumptions, limitations, correction pathway, and no-warning and no-rating notices. A DRI Indicator Object shall not be a public warning, emergency alert, insurance score, credit score, investment score, public authority rating, country ranking, community ranking, procurement signal, finance signal, or compliance determination. It shall be a bounded risk-intelligence object for learning, analysis, public-safe reporting, and readiness context only. ### 19.1.7 Risk intelligence as public-safe object. Risk intelligence under DDPGF shall be treated as a public-safe object class requiring careful distinction between evidence, interpretation, uncertainty, confidence, public communication, and authority. Risk-intelligence objects may synthesize signals, indicators, sensor records, geospatial layers, Earth observation layers, digital twin inputs, scenario outputs, DRI records, Observatory records, GRIx categories, DICE data records, Studio workflows, Reports, National Portfolio records, Nexus Universe outputs, and handoff-context notes. Such synthesis shall be documented, versioned, reviewed, and corrected. Risk intelligence shall be public-safe by design. It shall avoid panic, false certainty, over-precision, community harm, protected knowledge exposure, sensitive location disclosure, cyber-sensitive disclosure, public authority overclaim, finance overclaim, insurance overclaim, procurement overclaim, rating overclaim, and warning overclaim. Public-safe risk intelligence informs learning and preparedness contexts; it does not command action by default. ### 19.1.8 Intelligence without warning authority. DDPGF, Nexus Observatory, DRI workflows, dashboards, indicators, geospatial layers, Earth observation outputs, Studio scenarios, Reports, Marketplace listings, Registry records, Grid inputs, TRL notes, Nexus Universe presentations, and handoff-context packages shall not issue public warnings by default. Warning authority belongs only to competent public authorities, designated warning agencies, emergency management bodies, meteorological or hydrological services, health authorities, infrastructure operators, or other lawful actors acting within their mandates. DDPGF may support warning literacy, public authority learning, public-safe summaries, preparedness learning, indicator interpretation, and evidence context, but it shall not replace, imply, simulate, or pre-empt official warning systems. Any material that could be mistaken for a warning shall carry no-warning language unless separately issued by a competent authority. ## 19.2 Observatory Object Classes ### 19.2.1 Signal records. **Signal Records** shall document observed or reported conditions, anomalies, trends, events, changes, vulnerabilities, opportunities, or system states relevant to Nexus risk and resilience workflows. Signal Records may originate from sensors, dashboards, public datasets, Earth observation, field reports, public-safe community inputs, Campaigns, National Portfolios, DRI workflows, Observatory nodes, Studio exercises, Reports, or public authority learning contexts. Signal Records shall include source pathway, time, location class where applicable, sensitivity class, evidence class, confidence where applicable, uncertainty where applicable, public-safe status, review status, routing decision, correction pathway, and boundary notices. A Signal Record shall be an input to interpretation, not a warning, rating, decision, or command. ### 19.2.2 Indicator records. **Indicator Records** shall document structured measures or proxies used to interpret risk, exposure, vulnerability, resilience capacity, preparedness, protection gaps, finance-readiness questions, insurance-readiness questions, WFEH-B system status, climate stress, hazard context, infrastructure exposure, or public-good capability formation. Indicator Records shall identify definition, source, method, calculation approach, temporal scope, spatial scope, update cadence, limitations, confidence, uncertainty, public-safe status, and correction pathway. Indicator Records shall not be rankings, ratings, public authority decisions, insurance scores, investment scores, procurement scores, or compliance determinations. ### 19.2.3 Sensor records. **Sensor Records** shall document sensor identity, source, host, steward, sensor class, data stream class, location sensitivity, calibration status where applicable, data quality, access class, cyber sensitivity, privacy status, public-safe status, retention rules, and correction pathway. Sensor Records may apply to environmental sensors, infrastructure sensors, edge sensors, remote sensors, IoT/IIoT devices, telemetry sources, Earth observation sources, or Observatory-linked systems. Sensor Records shall not be surveillance authority, operational command authority, public warning authority, or deployment authorization. Sensor visibility shall be limited where disclosure could create security, privacy, community, protected knowledge, or infrastructure risk. ### 19.2.4 Edge records. **Edge Records** shall document edge devices, edge nodes, local compute environments, edge analytics, preprocessing workflows, low-bandwidth capabilities, offline modes, local sensing workflows, local dashboards, or degraded-mode observability functions. Edge Records shall identify steward, location class, host, provider, access model, data flows, security controls, cyber status, data-use label, AI-use label where applicable, public-safe controls, maintenance responsibility, and teardown rule. Edge Records shall not authorize surveillance, field operation, infrastructure operation, emergency command, public authority action, or local implementation by default. ### 19.2.5 Geospatial layers. **Geospatial Layers** shall include spatial datasets, map layers, exposure layers, vulnerability layers, hazard layers, resilience layers, infrastructure layers, WFEH-B layers, biodiversity layers, sensor location layers, community context layers, corridor layers, national context layers, or Observatory-derived spatial layers. Each layer shall include source, date, scale, resolution, method, sensitivity class, masking, aggregation, delay rules where applicable, public-safe status, access class, correction pathway, and archive rule. Geospatial Layers shall not be official maps, legal boundaries, operational maps, public warning maps, insurance maps, procurement maps, or investment maps by default. ### 19.2.6 Earth observation layers. **Earth Observation Layers** shall include satellite-derived, aerial-derived, drone-derived, radar-derived, optical-derived, thermal-derived, LiDAR-derived, climate-derived, weather-derived, hydrological-derived, ecological-derived, or oceanographic-derived layers. They may support flood analysis, drought analysis, vegetation monitoring, heat analysis, coastal analysis, land-cover change, infrastructure exposure, biodiversity sensitivity, public-safe reporting, Studio simulations, DRI dashboards, or National Portfolio records. Earth Observation Layers shall include sensor/source, processing method, resolution, date, uncertainty, confidence where applicable, public-safe status, masking, access class, license, and correction pathway. They shall not create official determinations, warnings, legal maps, or operational commands. ### 19.2.7 Digital twin inputs. **Digital Twin Inputs** shall include data, parameters, assumptions, spatial layers, sensor feeds, infrastructure records, model outputs, scenario variables, climate inputs, hazard inputs, WFEH-B inputs, DRI indicators, or Observatory signals used to create or update digital twin workflows. Each input shall be recorded with source, version, quality, assumptions, limitations, sensitivity, data-use label, AI-use label where applicable, public-safe status, and correction pathway. A Digital Twin Input shall not make a digital twin operationally authoritative. Digital twin inputs remain bounded evidence, not forecast certainty, public authority decision, deployment authorization, or command logic. ### 19.2.8 Hotspot records. **Hotspot Records** shall identify areas, systems, themes, sectors, hazards, vulnerabilities, dependencies, or clusters that appear to require attention within public-safe risk intelligence, DRI, Observatory, National Portfolio, Campaign, Studio, or Nexus Universe workflows. Hotspot Records shall identify basis, source, method, uncertainty, confidence, sensitivity, public-safe status, update cadence, and correction pathway. Hotspot Records shall not be public warnings, official designations, legal classifications, country rankings, community rankings, insurance scores, investment signals, or emergency instructions. ### 19.2.9 Multi-hazard records. **Multi-Hazard Records** shall document interactions among hazards, vulnerabilities, exposures, capacities, cascading pathways, compound events, systemic dependencies, WFEH-B interactions, cyber-physical dependencies, infrastructure dependencies, climate stressors, disaster-risk contexts, and resilience needs. They shall identify hazard scope, data basis, method, scenario assumptions, uncertainty, public-safe status, GRIx mapping, DRI mapping, Studio linkage, Reports linkage, and correction pathway. Multi-Hazard Records shall support systems learning and public-safe reporting. They shall not constitute official hazard classification, warning, emergency plan, operational instruction, or public authority decision by default. ### 19.2.10 Cascade records. **Cascade Records** shall document potential or observed cascading effects across systems, including water, food, energy, health, biodiversity, infrastructure, supply chains, cyber systems, telecom networks, financial dependencies, public services, mobility, climate, disaster impacts, or technology dependencies. Cascade Records shall identify source signals, assumptions, dependency chains, uncertainty, confidence, scenario basis, public-safe status, sensitivity controls, and correction pathway. Cascade Records shall not be predictions, warnings, official emergency assessments, insurance determinations, investment signals, or operational commands. ### 19.2.11 Degraded-mode records. **Degraded-Mode Records** shall document reduced functionality, reduced confidence, missing data, stale data, outage conditions, sensor gaps, connectivity loss, delayed updates, partial coverage, model degradation, dashboard limitations, data-room limitations, Studio limitations, Observatory limitations, or DRI limitations. These records shall identify affected objects, time period, cause where known, impact, public-safe notice, correction status, and restoration pathway. Degraded-mode disclosure shall prevent overreliance. It shall not authorize lower review standards, emergency command, or public warning by default. ### 19.2.12 Public-safe observability summaries. **Public-Safe Observability Summaries** shall translate Observatory signals, DRI indicators, geospatial layers, Earth observation outputs, sensor records, digital twin inputs, hotspot records, multi-hazard records, cascade records, and degraded-mode records into safe, understandable, bounded, and non-authoritative summaries. They shall avoid sensitive details, protected knowledge exposure, unsafe geospatial precision, cyber-sensitive disclosure, false certainty, warning overclaim, rating overclaim, and public authority overclaim. Public-safe observability summaries may support Reports, Marketplace listings, Registry records, Academy materials, Campaigns, National Portfolios, Nexus Universe outputs, and handoff context, but they shall not be official warnings, official maps, ratings, rankings, approvals, or commands. ## 19.3 DRI Object Classes ### 19.3.1 Indicator definitions. **Indicator Definitions** shall specify the meaning, purpose, method, data basis, unit, scope, update cadence, limitations, confidence approach, uncertainty approach, public-safe status, and correction pathway for DRI indicators. Indicator definitions shall be controlled through GRIx and DRI semantic discipline where applicable and shall be versioned to prevent semantic drift. Indicator definitions shall not create legal classifications, public authority standards, insurance scoring systems, finance metrics, procurement criteria, or country rankings by default. ### 19.3.2 Confidence labels. **Confidence Labels** shall indicate the degree of support available for an indicator, signal, summary, dashboard output, geospatial layer, scenario output, or public-safe statement within recorded scope. Confidence Labels may consider source quality, method maturity, data completeness, validation history, review status, update recency, and correction history. Confidence Labels shall not create certainty, approval, certification, or authority. A high-confidence label shall not convert risk intelligence into a warning, rating, forecast certainty, finance signal, insurance score, or public authority decision. ### 19.3.3 Uncertainty labels. **Uncertainty Labels** shall identify uncertainty arising from incomplete data, model limitations, source gaps, temporal gaps, spatial resolution, measurement error, bias, conflicting sources, sensitivity constraints, public-safe masking, scenario assumptions, or rapidly changing conditions. Uncertainty Labels shall be visible wherever users could overinterpret risk-intelligence objects. Uncertainty Labels shall not be treated as weakness alone; they are trust controls. They shall prevent overclaim, false precision, and misuse. ### 19.3.4 Risk-intelligence dashboards. **Risk-Intelligence Dashboards** shall visualize DRI indicators, signals, geospatial layers, Observatory objects, hotspot records, cascade records, multi-hazard records, degraded-mode records, public-safe summaries, or National Portfolio risk contexts. Dashboards shall display source notes, update cadence, public-safe status, confidence labels, uncertainty labels, sensitivity controls, correction notices, and no-warning/no-rating notices. Risk-intelligence dashboards shall not be public authority decisions, official warning dashboards, emergency command tools, insurance scoring tools, investment dashboards, procurement dashboards, or country-ranking tools by default. ### 19.3.5 Public-safe DRI summaries. **Public-Safe DRI Summaries** shall translate disaster risk intelligence into safe, understandable, bounded knowledge for Reports, Academy, Campaigns, National Portfolios, Marketplace, Registry, Nexus Universe, Studio, Grid, TRL, or handoff contexts. These summaries shall avoid operational warning language, false certainty, sensitive location disclosure, protected knowledge exposure, community harm, and overclaim. Public-safe DRI summaries shall not substitute for official disaster risk communication, public warnings, emergency management instructions, insurance underwriting, financial risk assessment, or public authority decision-making. ### 19.3.6 National DRI contribution records. **National DRI Contribution Records** shall document contributions from National Nodes, National Working Groups, Competence Cells, public authority learning participants, universities, communities, Campaigns, Observatory nodes, data stewards, or other national actors to DRI workflows. They shall include contribution source, scope, data class, public-safe status, national context, safeguards, review status, and correction pathway. National DRI contribution shall preserve national ownership and public-good discipline. It shall not create public authority approval, national endorsement, consent, warning authority, ranking authority, procurement status, financeability, or execution authority. ### 19.3.7 DRI correction records. **DRI Correction Records** shall document corrections to DRI indicators, definitions, dashboards, summaries, data sources, confidence labels, uncertainty labels, hotspot records, cascade records, geospatial layers, or public-safe statements. Corrections may arise from source error, stale data, method error, sensitivity issue, public-safe issue, overclaim, warning confusion, rating confusion, or downstream misuse. DRI corrections shall propagate to Reports, Registry, Marketplace, Studio, Grid, TRL, Nexus Universe, National Portfolios, and handoff context where affected. ### 19.3.8 DRI archive records. **DRI Archive Records** shall preserve historical DRI objects, indicators, dashboards, summaries, geospatial layers, versions, methods, confidence labels, uncertainty labels, corrections, withdrawals, and non-continuing items. Archive status shall prevent stale indicators or outdated dashboards from being mistaken for current intelligence. DRI archive records shall not be current warnings, current ratings, current official maps, current public authority decisions, or current handoff context unless separately reactivated and recorded. ### 19.3.9 No-warning notices. **No-Warning Notices** shall be attached to DRI objects, Observatory outputs, dashboards, public-safe summaries, reports, Marketplace listings, Registry records, Studio workflows, Grid inputs, TRL notes, Nexus Universe presentations, and handoff context wherever there is a risk of confusion with official warning systems. The notice shall state that the object is for learning, evidence, preparedness context, public-safe reporting, or readiness review only and is not an official public warning. No-warning notices shall be prominent enough to prevent misuse. ### 19.3.10 No-rating notices. **No-Rating Notices** shall be attached to indicators, dashboards, hotspot records, National Portfolio summaries, DRI objects, Marketplace listings, Reports, Studio workflows, and public-safe summaries where users could mistake risk-intelligence objects for ratings, rankings, scores, investment signals, insurance scores, procurement scores, country rankings, community rankings, or public authority classifications. No-rating notices shall preserve public-safe interpretation and prevent harmful comparison or misuse. ## 19.4 Geospatial and Sensitive Location Controls ### 19.4.1 Sensitive infrastructure masking. Sensitive infrastructure masking shall be applied where geospatial objects, sensor records, network records, digital twin inputs, Observatory records, or dashboard outputs could reveal exploitable information about critical infrastructure, utilities, telecom networks, energy systems, water systems, transport systems, health facilities, emergency facilities, data centers, secure facilities, edge nodes, sensor networks, or cyber-physical dependencies. Masking may include aggregation, generalization, obfuscation, resolution reduction, delayed publication, access restriction, or metadata-only release. Masking shall preserve public-safe utility while reducing harm. Unmasked sensitive infrastructure shall not be publicly released by default. ### 19.4.2 Protected species masking. Protected species masking shall be applied where precise geospatial data could expose endangered species, sensitive habitats, breeding locations, migration routes, nesting sites, ecological refugia, protected areas, or biodiversity-sensitive locations to harm, exploitation, poaching, disturbance, extraction, or misuse. Masking may include spatial generalization, temporal delay, restricted access, aggregation, or protected knowledge room review. Biodiversity and ecological data shall not be opened merely because it has public-good value. Protection of sensitive ecological knowledge shall be part of public-good discipline. ### 19.4.3 Sacred site and protected knowledge controls. Sacred sites, culturally sensitive places, Indigenous knowledge locations where applicable, community-protected locations, burial sites, ceremonial sites, heritage places, protected knowledge locations, and other sensitive place-based knowledge shall be subject to strict access, disclosure, attribution, publication, translation, AI-use, and handoff controls. Public-safe summaries may omit, generalize, or withhold location information entirely. No DDPGF map, dashboard, report, Studio workflow, Marketplace listing, Registry record, or handoff package shall disclose sacred site or protected knowledge locations without lawful, protocol-compliant, and consent-aware permission. ### 19.4.4 Community-sensitive location generalization. Community-sensitive location data shall be generalized where precise location could expose communities, households, informal settlements, vulnerable groups, displaced persons, migrants, refugees, children, health-related groups, protected community sites, humanitarian sites, or at-risk populations to harm, stigma, extraction, surveillance, discrimination, political misuse, or security risk. Generalization may include larger spatial units, non-identifying descriptions, aggregation, masking, or controlled access. Community-sensitive location data shall not be used to rank, target, exploit, police, displace, insure, price, procure, or implement without appropriate authority and safeguards. ### 19.4.5 Delay rules. Delay rules shall be applied where real-time or near-real-time publication could create harm. Delay may apply to sensitive species data, infrastructure data, sensor data, cyber-sensitive events, public authority-sensitive events, humanitarian movement data, community-sensitive observations, security-relevant events, or locations exposed to exploitation. Delay shall be recorded with rationale, duration where appropriate, review trigger, and public-safe status. Delayed publication shall not be used to conceal correction needs or suppress public-safe accountability where disclosure is safe and appropriate. ### 19.4.6 Aggregation rules. Aggregation rules shall be applied where individual-level, household-level, facility-level, sensor-level, community-level, or precise location data would create privacy, security, protected knowledge, public-safe, or misuse risk. Aggregation shall preserve interpretability while reducing re-identification, targeting, exploitation, or false precision. Aggregation level shall be recorded and disclosed where material to interpretation. Aggregated data shall not be treated as risk-free by default. Aggregation must be reviewed for re-identification and small-cell risks. ### 19.4.7 Access restriction. Access restriction shall apply to geospatial and location-linked objects that cannot be safely released openly. Restrictions may include controlled public release, secure-room-only access, data-room-only access, protected knowledge room access, public authority learning room access, handoff-recipient-only access, metadata-only release, or archive-only status. Access restrictions shall be recorded in Registry and Marketplace metadata where applicable. Access restriction shall not create access entitlement, public authority approval, data right, handoff permission, or deployment authorization. ### 19.4.8 Public-safe map publishing. Public-safe map publishing shall require review of source, scale, resolution, sensitive infrastructure, protected species, sacred sites, protected knowledge, community-sensitive locations, cyber-sensitive features, public authority-sensitive layers, uncertainty, confidence, update cadence, public-safe labels, accessibility, and correction pathway. Maps shall include no-warning, no-rating, no-official-map, and no-decision notices where appropriate. Public-safe maps shall not be official maps, legal maps, emergency maps, insurance maps, procurement maps, investment maps, or operational command maps by default. ### 19.4.9 Correction. Geospatial and sensitive location corrections shall address wrong locations, outdated layers, unsafe precision, missing masking, incorrect aggregation, exposed protected knowledge, sensitive infrastructure exposure, protected species exposure, community-sensitive disclosure, public authority overclaim, warning overclaim, rating overclaim, or misleading map interpretation. Corrections may require map withdrawal, layer masking, dashboard update, Registry correction, Marketplace delisting, Report correction, Studio shutdown, handoff recall, or archive. Correction shall propagate to all dependent objects using the affected layer or location data. ### 19.4.10 Archive. Geospatial and sensitive location archives shall preserve historical maps, layers, source records, transformations, masking decisions, corrections, withdrawals, recalls, and public-safe summaries where appropriate. Archives shall be open, controlled, secure, sealed, metadata-only, or deleted according to sensitivity, rights, privacy, protected knowledge, and lawful retention requirements. Archived geospatial records shall not be treated as current maps, current warnings, current official records, current operational layers, or current handoff context. ## 19.5 Observatory-to-Nexus Routing ### 19.5.1 Observatory to Reports. Observatory objects may route to Nexus Reports as public-safe summaries, technical notes, observability reports, DRI reports, WFEH-B reports, National Portfolio reports, Nexus Universe reports, correction reports, archive reports, or handoff context notes. Reports routing shall require public-safe transformation, source notes, confidence and uncertainty labels, sensitivity review, protected knowledge controls, no-warning notices, no-rating notices, and correction pathways. Reports shall not convert Observatory output into official warnings, official maps, public authority decisions, ratings, rankings, procurement signals, finance signals, or deployment authorizations. ### 19.5.2 Observatory to DRI. Observatory objects may route to DRI workflows as signal records, indicator inputs, dashboard inputs, hotspot records, multi-hazard records, cascade records, degraded-mode records, national contribution records, confidence labels, uncertainty labels, correction records, or archive records. DRI routing shall preserve data provenance, method notes, uncertainty, public-safe status, and no-warning/no-rating notices. DRI use shall not convert Observatory signals into warnings or ratings. ### 19.5.3 Observatory to GRIx. Observatory objects may route to GRIx for controlled vocabulary, risk categorization, taxonomy mapping, semantic alignment, WFEH-B mapping, DRR/DRF/DRI mapping, frontier technology risk mapping, safeguard category mapping, public authority boundary mapping, finance and insurance boundary mapping, and handoff dependency mapping. GRIx routing shall support semantic clarity and interoperability. GRIx mapping shall not create legal classification, standards authority, rating, ranking, public authority determination, or certification. ### 19.5.4 Observatory to DICE. Observatory objects may route to DICE for data commons governance, metadata records, lineage capture, data-use labels, AI-use labels, data quality records, data rights review, controlled access, secure rooms, data rooms, compute-to-data workflows, public-safe transformation, and archive. DICE routing shall preserve rights, privacy, sensitivity, protected knowledge, and correction controls. DICE routing shall not create open data status, unrestricted data rights, AI training permission, handoff permission, or public authority approval. ### 19.5.5 Observatory to Studio. Observatory objects may route to Nexus Studio for dashboards, simulations, digital twin workflows, scenario learning, public authority learning workflows, readiness workflows, secure review workflows, public-safe output workflows, and handoff demonstrations. Studio routing shall apply no-write-back, no-command, no-download where appropriate, output review, logging, AI-use controls, shutdown triggers, and archive rules. Studio use shall not create deployment authorization, operational command, public authority decision, public warning, procurement, finance, insurance, or execution authority. ### 19.5.6 Observatory to Grid. Observatory objects may route to Nexus Grid as evidence inputs, readiness inputs, data-quality inputs, public-safe inputs, support inputs, safeguard inputs, interoperability inputs, correction inputs, or TRL context. Grid routing shall record scope, object class, review status, limitations, dependencies, assumptions, and correction pathway. Grid inputs shall not create certification, procurement readiness, financeability, insurability, public authority approval, or deployment authorization. ### 19.5.7 Observatory to Marketplace. Observatory objects may route to Nexus Marketplace only where listing is safe, rights-cleared, public-safe, correctly classified, and boundary-noticed. Marketplace objects may include public-safe observability summaries, dashboards, reports, learning objects, datasets, metadata-only records, Studio workflow descriptions, DRI summaries, or National Portfolio observability objects. Sensitive objects may be listed as metadata-only or not listed at all. Marketplace listing shall not create endorsement, public warning, rating, official map, procurement relevance, financeability, public authority approval, handoff permission, or execution authority. ### 19.5.8 Observatory to Registry. Observatory objects shall route to Nexus Registry where status truth, provenance, versioning, review status, support status, data-use status, AI-use status, correction, withdrawal, recall, archive, or non-continuation must be preserved. Registry routing shall make visible the lifecycle state of Observatory objects and prevent stale or unsafe reuse. Registry status shall not certify Observatory objects or convert them into official warnings, official maps, ratings, approvals, or deployment authorizations. ### 19.5.9 Observatory to Nexus Universe. Observatory objects may route to Nexus Universe as public-safe arena materials, dashboards, Studio demonstrations, National Portfolio inputs, DRI summaries, WFEH-B summaries, public authority learning materials, readiness-room materials, Campaign context, Foundry build context, or handoff dependency context. Nexus Universe routing shall preserve no-warning, no-rating, no-decision, no-deployment, and no-execution boundaries. Nexus Universe presentation shall not create approval, endorsement, public authority action, warning, rating, procurement, finance, insurance, consent, or execution authority. ### 19.5.10 Observatory to handoff context. Observatory objects may route to lawful handoff context as evidence context, data context, method context, Studio context, Grid context, TRL context, public-safe status, safeguard status, public authority dependency, legal dependency, finance or insurance question, procurement boundary, provider-neutrality note, sponsor-boundary note, recipient responsibility, correction pathway, or recall pathway. Handoff routing shall identify what is transferred, what remains restricted, what requires further authority, and what cannot be used. Handoff context shall transfer dependencies and evidence context only. It shall not transfer public authority approval, procurement status, financeability, insurability, operational command, community consent, Indigenous consent, deployment authorization, or execution authority. ## 19.6 Observatory Boundary Rules ### 19.6.1 Signal is not warning. A Signal Object, signal record, anomaly, trend, sensor output, Observatory input, DRI input, dashboard input, Campaign input, community input, or public-safe signal summary shall not constitute a public warning, emergency alert, public authority notice, public health notice, infrastructure warning, meteorological warning, hydrological warning, or operational instruction. Warning authority requires competent authority outside DDPGF default posture. ### 19.6.2 Indicator is not rating. An Indicator Object, DRI indicator, risk-intelligence metric, exposure measure, vulnerability measure, resilience measure, hotspot label, confidence label, uncertainty label, or dashboard indicator shall not constitute a rating, ranking, insurance score, investment score, procurement score, country score, community score, public authority classification, compliance score, or certification. Indicators are bounded interpretive objects only. ### 19.6.3 Geospatial layer is not official map. A Geospatial Layer, Earth Observation Layer, dashboard map, visual atlas, digital twin layer, National Portfolio map, Observatory map, DRI map, or public-safe map shall not constitute an official map, legal boundary, land title record, zoning record, public authority map, emergency map, insurance map, procurement map, investment map, or deployment map unless separately issued or adopted by a competent authority. ### 19.6.4 Sensor record is not surveillance authority. A Sensor Record, edge record, telemetry record, Observatory node record, sensor network record, geospatial sensor layer, or Earth observation source record shall not create authority to monitor persons, communities, infrastructure, territory, facilities, protected knowledge, Indigenous lands where applicable, public authority systems, private systems, or operational systems. Sensor-related use shall remain subject to privacy, data rights, consent where required, public-safe controls, cyber controls, and lawful authority. ### 19.6.5 DRI dashboard is not public authority decision. A DRI dashboard, risk-intelligence dashboard, Observatory dashboard, WFEH-B dashboard, hotspot dashboard, cascade dashboard, public-safe dashboard, or Studio dashboard shall not constitute a public authority decision, emergency instruction, public warning, public finance allocation, procurement decision, regulatory decision, policy adoption, official risk classification, or operational command. Dashboards support learning, interpretation, and readiness context only. ### 19.6.6 Observatory output is not emergency command. No Observatory output, DRI output, Signal Record, Sensor Record, Geospatial Layer, Earth Observation Object, Digital Twin Input, hotspot record, cascade record, multi-hazard record, degraded-mode record, public-safe observability summary, Report, Marketplace listing, Registry record, Studio workflow, Grid input, TRL note, Nexus Universe presentation, or handoff context shall be treated as emergency command, operational instruction, deployment order, field directive, infrastructure command, public warning, evacuation instruction, or emergency response authorization by default. Competent emergency authorities and lawful operators remain responsible for command and execution outside DDPGF. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.therisk.global/organization/operations/frameworks/distributed-digital-public-goods-framework-ddpgf/xix.-observatory.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.