# XXI. AGENCY Nexus Agile Framework Agency defines the **NAF Risk Agency and expert-routing model** for expert matching, risk advisory, resilience consulting, public-safe reporting, capacity-building, cross-sphere translation, and lawful handoff support. This section explains how **advisory services, client classes, service lines, engagement records, and reliance labels** support risk intelligence and resilience work without creating certification, public authority action, procurement status, financeability, consent, deployment authority, or execution. This section sets the operating model for **Risk Agency services**, **expert classes**, **client boundaries**, **advisory records**, and **non-executing governance controls**. It helps Nexus route specialists, support public-good advisory work, strengthen readiness and literacy, and preserve conflict controls, sponsor boundaries, provider neutrality, public authority boundaries, and lawful handoff discipline. ### What this section covers * Expert routing, advisory support, and client engagement across risk, resilience, and readiness work. * Service lines, reliance labels, records, and controls for public-safe advisory delivery. * Governance boundaries that keep Risk Agency advisory, bounded, and non-executing. Use this section with the [NAF overview](/organization/operations/frameworks/nexus-agile-framework-naf.md), [XIV. STUDIO](/organization/operations/frameworks/nexus-agile-framework-naf/xiv.-studio.md), [XV. GRID](/organization/operations/frameworks/nexus-agile-framework-naf/xv.-grid.md), [XVII. REPORTS](/organization/operations/frameworks/nexus-agile-framework-naf/xvii.-reports.md), [XVIII. ACADEMY](/organization/operations/frameworks/nexus-agile-framework-naf/xviii.-academy.md), and [XX. UNIVERSE](/organization/operations/frameworks/nexus-agile-framework-naf/xx.-universe.md) to connect Risk Agency advisory work with learning, workflows, reporting, readiness, and lawful handoff context. ## 21.1 Risk Agency Position in NAF ### 21.1.1 Expert Matching. 21.1.1.1 Risk Agency shall operate within NAF as the expert-routing and advisory-support interface through which appropriate community leaders, domain experts, technical experts, public authority learning experts, readiness experts, safeguard experts, Nexus mechanism experts, jurisdictional experts, faculty experts, reviewers, maintainers, and cross-sphere translators may be identified, classified, matched, briefed, engaged, reviewed, corrected, and archived for public-good, advisory, learning, resilience, risk-intelligence, capacity-building, and lawful handoff support purposes. 21.1.1.2 Expert Matching shall be record-bearing. No expert shall be matched into a Risk Agency pathway unless the request, scope, expertise need, client class, public-good purpose, boundary status, conflict status, data access class, AI-use status, confidentiality status, public-safe status, safeguard status, reliance label, output class, correction pathway, and archive rule are recorded. 21.1.1.3 Expert Matching shall be function-specific and bounded. A match may identify a person or institution as suitable for a defined advisory, learning, review, translation, training, or support task, but shall not certify professional competence, create professional license status, create public authority approval, create procurement eligibility, validate the expert for all purposes, endorse the expert generally, create employment, create agency, create regulated advice authority, or authorize execution. 21.1.1.4 Expert Matching shall preserve Nexus role separation. Risk Agency may route expertise to Nexus Academy, Risk Academy, Nexus Labs, Nexus Foundry, Nexus Campaigns, Nexus Reports, Nexus Marketplace, Nexus Registry, Nexus Studio, Nexus Grid, Nexus Observatory, Nexus Universe, Nexus Rails, Nexus Network, National Nodes, National Portfolios, National Working Groups, Nexus Competence Cells, public authority learning rooms, readiness rooms, capital-reader rooms, insurance-reader rooms, donor-reader rooms, National Consortium Companies, Project SPVs, and lawful handoff recipients only within the recorded scope of the engagement and without collapsing advisory, learning, evidence, finance-readiness, public authority, procurement, consent, deployment, or execution roles. ### 21.1.2 Risk Advisory. 21.1.2.1 Risk Agency may provide or route risk advisory support concerning systems risk, disaster risk, climate and nature risk, WFEH-B systems, infrastructure risk, cyber-physical risk, public health risk, supply-chain risk, frontier technology risk, AI risk, data risk, cyber risk, privacy risk, geospatial risk, biosecurity-sensitive risk, public-safe communication risk, implementation dependency risk, public authority boundary risk, finance boundary risk, procurement boundary risk, safeguard risk, and lawful handoff dependency risk. 21.1.2.2 Risk Advisory shall be advisory, contextual, evidence-aware, public-safe, correctionable, and bounded by the applicable reliance label. It may support understanding, interpretation, options framing, evidence gap identification, scenario learning, DRI interpretation, GRIx mapping, National Portfolio refinement, Studio workflow interpretation, Grid input interpretation, Reports preparation, Campaign public-safe language, Foundry backlog framing, and handoff dependency mapping. 21.1.2.3 Risk Advisory shall not constitute public warning, emergency command, public authority decision, regulated compliance determination, legal advice by default, investment advice, insurance advice, underwriting, procurement recommendation, technical certification, provider validation, professional certification, consent determination, deployment authorization, or execution instruction. 21.1.2.4 Where Risk Advisory may approach regulated, professional, emergency, legal, financial, insurance, medical, engineering, cybersecurity, public authority, or other controlled advice domains, the engagement shall be escalated, restricted, relabeled, rerouted, or declined unless competent authority, professional authorization, reliance terms, and legal basis are separately recorded. ### 21.1.3 Resilience Consulting Support. 21.1.3.1 Risk Agency may support resilience consulting in a bounded, advisory, and non-executing manner by helping clients and Nexus participants understand resilience needs, systems dependencies, preparedness gaps, continuity issues, adaptive capacity, degraded-mode awareness, infrastructure vulnerabilities, digital resilience, data resilience, organizational resilience, community resilience, climate resilience, WFEH-B resilience, DRR readiness, DRI interpretation, and lawful handoff dependencies. 21.1.3.2 Resilience Consulting Support may include workshops, scenario exercises, readiness question mapping, systems-risk interpretation, dependency mapping, assumptions review, evidence gap mapping, public-safe briefing, National Portfolio inputs, Studio scenario interpretation, Observatory signal interpretation, Grid review context, TRL note interpretation, and handoff dependency notes. 21.1.3.3 Resilience Consulting Support shall not create implementation responsibility, operational control, emergency command, engineering certification, safety certification, public authority approval, procurement decision, financeability, insurability, consent, deployment authorization, or execution. 21.1.3.4 Where a client requires execution, operational services, engineering sign-off, emergency response, procurement support, regulated professional services, implementation contracting, system integration, field deployment, public warning, or command responsibility, Risk Agency shall route the matter to competent lawful actors outside NAF or to separately authorized engagement structures with explicit boundaries. ### 21.1.4 Public-Safe Reporting Support. 21.1.4.1 Risk Agency may support public-safe reporting by helping translate technical, risk, research, DRI, GRIx, Observatory, Studio, Grid, TRL, Foundry, Campaign, Academy, Labs, National Portfolio, and handoff dependency materials into language suitable for the intended audience and release class. 21.1.4.2 Public-Safe Reporting Support shall apply no-warning, no-approval, no-finance, no-procurement, no-certification, no-consent, no-deployment, no-execution, protected knowledge, sensitive geospatial, cyber-sensitive, biosecurity-sensitive, youth, privacy, accessibility, localization, translation, and correction rules. 21.1.4.3 Public-Safe Reporting Support may produce public-safe summaries, advisory notes, literacy notes, workshop records, scenario learning records, dashboard interpretation notes, community-facing summaries, media-safe materials, correction notices, archive notes, and handoff literacy notes. 21.1.4.4 Public-Safe Reporting Support shall not create official public warnings, regulatory findings, public authority statements, investment communications, insurance determinations, procurement communications, certification claims, consent records, deployment instructions, operational commands, or execution authority unless separately and lawfully authorized outside Risk Agency and outside NAF’s default posture. ### 21.1.5 Capacity-Building Support. 21.1.5.1 Risk Agency may support capacity-building for public authorities, enterprises, universities, donors, insurers, banks, public finance readers, media organizations, civil society, communities, Indigenous institutions where applicable, National Consortium Companies, Project SPVs, providers, sponsors, humanitarian actors, National Working Groups, Nexus Competence Cells, Academy cohorts, Risk Academy cohorts, Foundry teams, Campaign teams, Labs streams, and National Nodes. 21.1.5.2 Capacity-Building Support may include training, clinics, briefings, workshops, learning pathways, WILP support, risk literacy, DRI literacy, GRIx literacy, public-safe reporting literacy, AI/data/cyber/privacy literacy, resilience literacy, finance-readiness literacy, insurance-readiness literacy, procurement-boundary literacy, safeguard literacy, Studio literacy, Grid and TRL literacy, and lawful handoff literacy. 21.1.5.3 Capacity-Building Support shall be linked to Nexus Academy, Risk Academy, ILA, iCRS, WILPs, micro-credentials, Reports, Registry, Marketplace, Studio, Grid, Nexus Universe, National Portfolios, and Nexus Network where appropriate, but shall not create qualification by implication. 21.1.5.4 Capacity-building shall not create professional license, public authority competence certification, employment status, procurement eligibility, financeability, insurability, public authority approval, consent, deployment authorization, or execution. ### 21.1.6 Cross-Sphere Translation. 21.1.6.1 Risk Agency shall support Cross-Sphere Translation among technical, scientific, public authority, community, Indigenous where applicable, legal, finance-readiness, insurance-readiness, humanitarian, media, academic, enterprise, standards-aware, open-source, data, AI, cyber, privacy, resilience, and implementation contexts. 21.1.6.2 Cross-Sphere Translation shall convert meaning across domains without converting authority across domains. It may translate technical evidence into public-safe language, public authority learning questions into Studio scenarios, community concerns into safeguard records, finance-readiness questions into diligence-gap records, DRI indicators into public-safe summaries, GRIx categories into controlled vocabulary notes, Reports into learning objects, Campaign signals into Docket items, and Foundry outputs into handoff dependency context. 21.1.6.3 Cross-Sphere Translation shall preserve uncertainty, limitations, assumptions, dependencies, confidence labels, public-safe status, legal boundaries, safeguard boundaries, data boundaries, public authority boundaries, finance boundaries, procurement boundaries, consent boundaries, deployment boundaries, and execution boundaries. 21.1.6.4 Cross-Sphere Translation shall not convert scientific findings into policy decisions, technical readiness into deployment authority, risk intelligence into public warning, finance-readiness into investment advice, insurance-readiness into underwriting, community input into consent, public authority learning into public authority action, or advisory output into execution. ### 21.1.7 Handoff Support. 21.1.7.1 Risk Agency may support lawful handoff by helping prepare, interpret, review, or explain handoff dependency packages, including evidence context, data context, method context, Studio context, Grid context, TRL context, public-safe status, safeguard status, public authority dependencies, legal dependencies, finance and insurance questions, procurement boundaries, provider-neutrality notes, sponsor-boundary notes, recipient responsibilities, correction pathways, recall pathways, and archive linkage. 21.1.7.2 Handoff Support may assist lawful recipients, National Consortium Companies, Project SPVs, public authorities, providers, operators, contractors, funders, insurers, donors, universities, labs, communities where appropriate, and other competent lawful actors to understand records, assumptions, dependencies, limitations, questions, and independent diligence requirements. 21.1.7.3 Handoff Support shall not transfer authority. It shall not authorize implementation, procurement, finance, insurance, public authority action, consent, deployment, operation, contracting, construction, integration, emergency action, public warning, community action, or execution. 21.1.7.4 Handoff Support shall be expressly labeled as handoff context support, not execution support, unless a separate lawful engagement outside NAF’s default posture is created by competent actors with appropriate legal authority, responsibility, professional authorization, insurance, procurement basis, data rights, and reliance terms. ### 21.1.8 Advisory Without Execution. 21.1.8.1 Risk Agency shall operate under an Advisory Without Execution rule. It may route experts, support advisory engagements, translate risk, support learning, support Reports, support public-safe communication, support readiness questions, support public authority learning, support finance-readiness literacy, support insurance-readiness literacy, support Campaigns, support Foundry, support Labs, support Academy, support Studio, support Grid, support Nexus Universe, support National Portfolios, and support handoff context, but shall not execute downstream projects by implication. 21.1.8.2 Advisory Without Execution shall mean that Risk Agency outputs do not operate infrastructure, deploy technology, issue public warnings, command emergency action, procure goods or services, allocate finance, underwrite risk, certify systems, grant consent, approve providers, approve projects, make public authority decisions, or assume recipient responsibilities. 21.1.8.3 Any request that requires execution shall be classified, bounded, and routed to competent lawful actors outside Risk Agency’s default advisory role, including public authorities, regulated professionals, licensed actors, National Consortium Companies, Project SPVs, providers, operators, contractors, funders, insurers, donors, universities, labs, or other lawful recipients as appropriate. 21.1.8.4 The Risk Agency rule within NAF shall be: match carefully, advise within scope, translate across spheres, build capacity, support public-safe reporting, identify dependencies, preserve boundaries, correct errors, archive records, and never convert advisory support into execution authority. ## 21.2 Expert Classes ### 21.2.1 Community Leaders. 21.2.1.1 Community Leaders may be routed by Risk Agency where local context, lived-risk knowledge, community priorities, accessibility needs, safeguard concerns, public-safe communication, trust-building, non-extractive engagement, protected knowledge awareness, or community-facing correction is necessary. 21.2.1.2 Community Leader participation shall be structured, respectful, permission-based, non-extractive, privacy-protective, public-safe, and safeguard-aware. Where Indigenous protocols, protected knowledge, community governance, or consent-sensitive matters apply, appropriate lawful and culturally competent processes shall be used. 21.2.1.3 Community Leader status shall not create community consent, Indigenous consent where applicable, public authority approval, endorsement, project approval, data permission, land access, deployment authorization, or execution. ### 21.2.2 Domain Experts. 21.2.2.1 Domain Experts may include experts in WFEH-B systems, DRR, DRF, DRI, climate, nature, biodiversity, infrastructure, public health, food, water, energy, cyber-physical systems, supply chains, humanitarian systems, governance, policy, law, standards-aware interfaces, public finance literacy, insurance literacy, resilience, and related fields. 21.2.2.2 Domain Experts may support risk interpretation, evidence review, method review, Reports, Academy learning, Risk Academy learning, Campaign framing, National Portfolio development, Studio scenarios, Grid input interpretation, TRL context, Nexus Universe arenas, and handoff dependency notes. 21.2.2.3 Domain Expert status shall be engagement-specific and shall not create professional license status, certification authority, public authority approval, procurement qualification, financeability, consent, deployment authorization, or execution. ### 21.2.3 Technical Experts. 21.2.3.1 Technical Experts may include experts in software, data, AI, agentic systems, cybersecurity, privacy, geospatial systems, Earth observation, digital twins, telecommunications, AI-RAN, O-RAN, edge, private wireless, cloud, HPC, sovereign compute, verifiable compute, sensors, IoT, OT, IIoT, robotics, drones, DLT, DePIN, Web3, quantum-relevant security, semiconductors, advanced manufacturing, biosecurity-sensitive systems, and frontier science infrastructure. 21.2.3.2 Technical Experts may support technical review, architecture interpretation, secure software review, model card review, system card review, benchmark card review, API and connector review, data pipeline review, Studio workflow review, Grid input review, TRL evidence notes, Foundry builds, Labs translation, Reports, and handoff dependency mapping. 21.2.3.3 Technical Expert participation shall not create technical certification, cybersecurity certification, provider validation, standards conformance, deployment approval, public authority approval, procurement readiness, financeability, warranty, or execution. ### 21.2.4 Public Authority Learning Experts. 21.2.4.1 Public Authority Learning Experts may support public authority learning rooms, public authority learning Campaigns, public authority learning Reports, Studio scenarios, DRI literacy, GRIx interpretation, Observatory literacy, Grid and TRL literacy, procurement boundary literacy, public finance boundary literacy, and lawful handoff dependency literacy. 21.2.4.2 Public Authority Learning Experts shall help participants understand evidence, options, questions, limitations, uncertainty, boundaries, and decision dependencies without making decisions for public authorities. 21.2.4.3 Public Authority Learning Expert status shall not create public authority role, official advisory status, regulatory authority, permit authority, licensing authority, public warning authority, procurement authority, public finance authority, deployment authority, or execution authority. ### 21.2.5 Readiness Experts. 21.2.5.1 Readiness Experts may support evidence readiness, method readiness, data readiness, AI-use readiness, cyber readiness, privacy readiness, technical readiness, public-safe readiness, safeguard readiness, National Portfolio readiness, Nexus Universe readiness, finance-readiness question status, insurance-readiness question status, donor-readiness question status, public finance relevance, procurement boundary status, and lawful handoff dependency readiness. 21.2.5.2 Readiness Experts may help formulate readiness questions, identify gaps, prepare Grid inputs, interpret TRL notes, review support classes, map assumptions, map dependencies, document diligence gaps, and support correction. 21.2.5.3 Readiness Expert participation shall not create certification, maturity certification, procurement readiness, financeability, insurability, public authority approval, consent, deployment authorization, or execution. ### 21.2.6 Safeguard Experts. 21.2.6.1 Safeguard Experts may support community safeguards, Indigenous protocols where applicable, protected knowledge controls, youth safeguards, disability inclusion, accessibility, humanitarian sensitivity, non-extractive engagement, community-facing correction, privacy safeguards, public-safe communications, and rights-sensitive participation. 21.2.6.2 Safeguard Experts may review Campaigns, Reports, Studio workflows, National Portfolios, DICE records, DRI outputs, Observatory outputs, Marketplace listings, Registry records, Nexus Universe materials, Foundry outputs, Labs outputs, Academy materials, and handoff dependency notes for safeguard concerns. 21.2.6.3 Safeguard Expert participation shall not create community consent, Indigenous consent where applicable, legal approval, public authority approval, deployment authorization, or execution. Safeguard review shall identify safeguard status and dependencies, not replace lawful consent or rights processes. ### 21.2.7 Nexus Mechanism Experts. 21.2.7.1 Nexus Mechanism Experts may support ILA, iCRS, WILPs, Micro-Production Model, Integrated Value Reporting System, DICE, GRIx, DRI, Proof Receipts, Dockets, Support Ledgers, Assumptions Registers, Dependency Registers, Diligence-Gap Registers, Correction Registers, and Archive Registers. 21.2.7.2 Nexus Mechanism Experts may help design, interpret, implement, review, correct, or archive mechanism records and workflows within the NAF operating system. 21.2.7.3 Nexus Mechanism Expert status shall not create governance authority over institutions, certification authority, public authority approval, procurement authority, finance authority, data rights, consent authority, deployment authorization, or execution. ### 21.2.8 Jurisdictional Experts. 21.2.8.1 Jurisdictional Experts may support localization, legal-context awareness, public authority context, data sovereignty context, cross-border transfer context, labor context, procurement context, public finance context, community governance context, Indigenous protocol context where applicable, standards-interface context, and lawful handoff dependencies. 21.2.8.2 Jurisdictional Expert support shall be classified by jurisdiction, scope, reliance label, professional authorization where applicable, and legal boundary status. 21.2.8.3 Jurisdictional Expert participation shall not constitute legal advice by default, public authority approval, regulatory approval, procurement approval, finance approval, consent, deployment authorization, or execution unless a separate lawful engagement with appropriate professional authorization and reliance terms is recorded. ### 21.2.9 Faculty Experts. 21.2.9.1 Faculty Experts may support Nexus Academy, Risk Academy, WILPs, micro-credentials, curriculum review, public-safe reporting learning, systems-risk literacy, DRR learning, DRF literacy, DRI learning, WFEH-B learning, frontier STEM risk learning, data and AI learning, cyber and privacy learning, public authority learning, and handoff literacy. 21.2.9.2 Faculty Expert participation may support learning quality, assessment design, mentoring, learner feedback, Academy-to-Foundry routing, Academy-to-Risk-Agency routing, Academy-to-National-Node routing, and workforce resilience. 21.2.9.3 Faculty Expert status shall not create professional license authority, degree authority, employment authority, certification authority, public authority approval, procurement eligibility, deployment authorization, or execution. ### 21.2.10 Reviewer Experts. 21.2.10.1 Reviewer Experts may support review of evidence, methods, data, AI-use, cyber, privacy, public-safe status, safeguards, software, models, Reports, Campaigns, Marketplace listings, Registry records, Studio workflows, Grid inputs, TRL notes, Foundry outputs, Labs outputs, Academy outputs, Nexus Universe outputs, National Portfolio objects, and handoff dependency notes. 21.2.10.2 Reviewer Experts shall operate within defined review scopes, criteria, conflict controls, evidence requirements, release classes, public-safe rules, correction pathways, and archive rules. 21.2.10.3 Reviewer Expert participation shall not create certification, warranty, provider validation, procurement approval, public authority approval, financeability, insurability, consent, deployment authorization, or execution. ### 21.2.11 Maintainer Experts. 21.2.11.1 Maintainer Experts may support repositories, data objects, model objects, ontology objects, API objects, dashboard objects, Studio workflows, Marketplace listings, Registry records, Reports packages, learning objects, Campaign tools, DICE objects, GRIx objects, DRI objects, Observatory objects, Grid objects, TRL records, and archive records. 21.2.11.2 Maintainer Experts shall preserve continuity, versioning, support status, documentation, issue management, correction, deprecation, withdrawal, archive, and successor linkage. 21.2.11.3 Maintainer Expert status shall not create ownership by default, employment by default, professional license, certification authority, warranty, public authority approval, procurement authority, provider validation, deployment authorization, or execution. ### 21.2.12 Cross-Sphere Translators. 21.2.12.1 Cross-Sphere Translators may translate among technical, scientific, public authority, community, Indigenous where applicable, legal, finance-readiness, insurance-readiness, humanitarian, media, academic, enterprise, standards-aware, open-source, data, AI, cyber, privacy, resilience, and implementation contexts. 21.2.12.2 Cross-Sphere Translators shall preserve meaning, limitations, assumptions, dependencies, uncertainty, confidence labels, data restrictions, AI-use labels, public-safe status, safeguard status, public authority boundaries, finance boundaries, procurement boundaries, consent boundaries, deployment boundaries, and execution boundaries. 21.2.12.3 Cross-Sphere Translator participation shall not create authority in the translated domain, and translation shall not convert advisory content into approval, certification, financeability, public authority action, consent, deployment authorization, or execution. ## 21.3 Client Classes ### 21.3.1 Public Authorities. 21.3.1.1 Public authorities may receive Risk Agency support for public authority learning, systems-risk literacy, DRI literacy, GRIx interpretation, Observatory literacy, Studio scenario learning, public-safe reporting literacy, National Portfolio review, readiness question review, public finance relevance questions, procurement boundary literacy, and lawful handoff dependency literacy. 21.3.1.2 Public authority engagements shall include no-decision, no-warning, no-command, no-regulatory-action, no-procurement, no-public-finance-allocation, no-permit, no-license, no-approval, and no-execution notices unless a separate lawful public authority process expressly provides otherwise outside NAF. 21.3.1.3 Risk Agency shall not make public authority decisions, issue public warnings, allocate public finance, make procurement decisions, grant permits, grant licenses, regulate, command emergency action, authorize deployment, or execute for public authorities. ### 21.3.2 Enterprises. 21.3.2.1 Enterprises may receive Risk Agency support for risk literacy, resilience interpretation, frontier technology risk advisory, data and AI governance literacy, cyber and privacy literacy, public-safe reporting, readiness questions, National Portfolio relevance, Marketplace and Registry understanding, Studio workflow interpretation, Grid and TRL context, and lawful handoff dependency awareness. 21.3.2.2 Enterprise engagements shall preserve procurement neutrality, provider neutrality, sponsor boundaries, finance boundaries, competition discipline, confidentiality, data rights, public-safe rules, and no-execution discipline. 21.3.2.3 Risk Agency shall not certify enterprises, validate providers, recommend vendors, approve procurement, provide investment advice by default, underwrite risk, approve deployment, or execute enterprise projects. ### 21.3.3 Universities and Research Bodies. 21.3.3.1 Universities and research bodies may receive Risk Agency support for Labs translation, research-to-Foundry routing, research-to-Reports routing, public-safe publication, Academy and Risk Academy pathways, WILPs, micro-credentials, research ethics boundary literacy, data rights, AI-use controls, dual-use controls, protected knowledge controls, and Nexus Universe preparation. 21.3.3.2 University and research engagements shall preserve institutional separateness, research ethics, academic independence, learner safeguards, data rights, IP and licensing boundaries, public-safe reporting, and no-execution discipline. 21.3.3.3 Risk Agency shall not grant university credit, approve research ethics, issue degrees, create employment, certify professional competence, authorize deployment, or execute research or implementation projects by implication. ### 21.3.4 Donors and Foundations. 21.3.4.1 Donors and foundations may receive Risk Agency support for public-good learning, National Portfolio context, Campaign support context, Academy support context, Foundry support context, Reports support context, DICE and DRI context, Nexus Universe readiness, support dependency mapping, grant-readiness questions, donor-readiness questions, public-safe reporting, and lawful handoff dependency awareness. 21.3.4.2 Donor and foundation engagements shall be no-reliance, non-soliciting unless separately authorized, non-transactional by default, and shall preserve sponsor support without control, public-good independence, anti-capture discipline, public-safe reporting, and correction. 21.3.4.3 Risk Agency shall not create donor commitments, grant approvals, financeability determinations, investment recommendations, public finance allocations, procurement status, consent, deployment authorization, or execution. ### 21.3.5 Insurers and Reinsurers. 21.3.5.1 Insurers and reinsurers may receive Risk Agency support for insurance-readiness literacy, DRF literacy, DRI context, protection-gap questions, risk-layering questions, assumptions, dependencies, diligence gaps, public-safe Reports, National Portfolio context, Studio scenario interpretation, Grid and TRL context, and lawful handoff dependency notes. 21.3.5.2 Insurance and reinsurance engagements shall be no-reliance, non-underwriting, non-advisory by default, no-coverage, no-premium, no-insurability, no-risk-score, no-commitment, and non-executing unless separately and lawfully structured outside NAF. 21.3.5.3 Risk Agency shall not underwrite, price risk, approve insurance, issue insurance recommendations, create coverage commitments, create insurability determinations, or execute insurance functions. ### 21.3.6 Banks and Capital Readers. 21.3.6.1 Banks and capital readers may receive Risk Agency support for capital-readability literacy, finance-readiness question interpretation, assumptions, dependencies, diligence gaps, National Portfolio context, DRF context, DRI context, public-safe Reports, readiness-room context, Studio workflow interpretation, Grid and TRL context, and handoff dependency awareness. 21.3.6.2 Bank and capital-reader engagements shall be no-reliance, non-soliciting, non-transactional, no-offer, no-investment-advice, no-valuation, no-bankability, no-financeability, no-public-finance-allocation, and non-executing by default. 21.3.6.3 Risk Agency shall not arrange finance, recommend investments, solicit securities, provide valuations, determine bankability, approve finance, or execute financial transactions. ### 21.3.7 Public Finance Readers. 21.3.7.1 Public finance readers may receive Risk Agency support for public finance relevance questions, resilience investment literacy, DRF literacy, protection-gap interpretation, National Portfolio context, public authority learning, donor-readiness questions, assumptions, dependencies, diligence gaps, procurement boundary literacy, and lawful handoff dependency awareness. 21.3.7.2 Public finance engagements shall include no-allocation, no-appropriation, no-procurement, no-approval, no-transaction, no-reliance, and non-execution notices. 21.3.7.3 Risk Agency shall not allocate public funds, approve budgets, approve projects, authorize procurement, approve finance, create public authority commitments, or execute public finance functions. ### 21.3.8 Media Organizations. 21.3.8.1 Media organizations may receive Risk Agency support for public-safe reporting literacy, risk communication, no-warning language, no-approval language, no-finance language, no-procurement language, no-certification language, no-consent language, no-deployment language, no-execution language, protected knowledge controls, and correction notices. 21.3.8.2 Media engagements shall preserve accuracy, public-safe communication, privacy, community safeguards, protected knowledge, sensitive geospatial controls, public authority boundaries, finance boundaries, procurement boundaries, and correctionability. 21.3.8.3 Risk Agency shall not issue official public statements for public authorities by default, create regulated disclosures, provide investment communications, create procurement communications, issue public warnings, or authorize execution. ### 21.3.9 Civil Society and Communities. 21.3.9.1 Civil society and communities may receive Risk Agency support for systems-risk literacy, public-safe reporting, community safeguards, non-extractive engagement, accessibility, public interest participation, Campaign participation, National Portfolio input, DRI literacy, Observatory literacy, Studio scenario learning, Reports interpretation, correction, and lawful handoff awareness. 21.3.9.2 Civil society and community engagements shall protect privacy, local context, community-sensitive data, protected knowledge, youth participants, vulnerable participants, accessibility needs, language needs, and consent boundaries. 21.3.9.3 Risk Agency shall not convert civil society participation or community participation into consent, endorsement, public authority approval, procurement status, deployment authorization, or execution. ### 21.3.10 Indigenous Institutions Where Applicable. 21.3.10.1 Indigenous institutions, where applicable, may receive Risk Agency support only in a manner that respects Indigenous protocols, rights, governance, protected knowledge, data sovereignty, community priorities, consent-sensitive processes, cultural safety, language needs, public-safe reporting, and correction. 21.3.10.2 Indigenous-related engagements shall not extract knowledge, disclose protected knowledge, imply consent, imply representation, imply approval, imply land access, imply data permission, imply deployment authorization, or imply execution. 21.3.10.3 Where Indigenous consent, consultation, accommodation, protected knowledge, land, data, cultural heritage, sacred sites, biodiversity, or community governance is implicated, Risk Agency shall route matters to appropriate lawful, rights-respecting, and protocol-sensitive processes and shall not substitute for them. ### 21.3.11 National Consortium Companies. 21.3.11.1 National Consortium Companies may receive Risk Agency support as lawful enterprise-stack actors and potential handoff recipients, including risk interpretation, readiness question review, evidence context, data context, Studio context, Grid and TRL context, finance-readiness literacy, insurance-readiness literacy, procurement boundary literacy, public authority dependency mapping, safeguard status, and correction pathways. 21.3.11.2 National Consortium Company engagements shall preserve legal separateness from public-good consortiums, GCRI, The Global Risks Forum, The Global Risks Alliance, public authorities, sponsors, providers, and Project SPVs. 21.3.11.3 Risk Agency shall not execute National Consortium Company obligations, approve National Consortium Company projects, provide investment advice by default, underwrite risk, authorize procurement, grant public authority approval, certify readiness, grant consent, authorize deployment, or operate projects. ### 21.3.12 Project SPVs. 21.3.12.1 Project SPVs may receive Risk Agency support as legally separate project-level enterprise-stack actors and potential handoff recipients, including handoff dependency interpretation, evidence context, data context, method context, Studio context, Grid and TRL context, public authority dependencies, legal dependencies, finance and insurance questions, procurement boundaries, safeguard status, recipient responsibilities, correction pathways, and archive linkage. 21.3.12.2 Project SPV engagements shall preserve separateness between public-good learning and enterprise execution. Project SPVs shall remain responsible for their own diligence, procurement, finance, insurance, contracting, permits, approvals, consents, deployment, operations, and execution. 21.3.12.3 Risk Agency shall not become project developer, operator, contractor, funder, insurer, broker, underwriter, public authority, procurement body, consent body, deployment authority, or execution vehicle for a Project SPV. ### 21.3.13 Providers and Sponsors. 21.3.13.1 Providers and sponsors may receive Risk Agency support for public-safe participation, boundary literacy, contribution review, support rules, provider-neutrality rules, sponsor-boundary rules, Campaign participation, Foundry contribution, Nexus Universe participation, Marketplace and Registry understanding, Studio demonstration boundaries, Grid and TRL boundaries, and lawful handoff awareness. 21.3.13.2 Provider and sponsor engagements shall prevent sponsor control, provider validation, pay-to-influence, pay-to-route, pay-to-validate, pay-to-prioritize, procurement overclaim, finance overclaim, public authority overclaim, consent overclaim, deployment overclaim, and execution overclaim. 21.3.13.3 Risk Agency shall not certify providers, endorse sponsors, validate products, prefer suppliers, recommend procurement, grant financeability, grant public authority approval, authorize deployment, or execute on behalf of providers or sponsors. ### 21.3.14 Humanitarian Actors. 21.3.14.1 Humanitarian actors may receive Risk Agency support for crisis-learning, after-action learning, public-safe reporting, humanitarian sensitivity, DRR literacy, DRI literacy, Observatory interpretation, National Portfolio context, community safeguards, data and protection controls, Studio scenario learning, and lawful handoff dependency awareness. 21.3.14.2 Humanitarian engagements shall preserve humanitarian principles, protection sensitivity, do-no-harm discipline, data minimization, privacy, safety, public-safe language, no-warning boundaries, public authority boundaries, community safeguards, and correctionability. 21.3.14.3 Risk Agency shall not command humanitarian operations, issue emergency instructions, allocate relief resources, replace humanitarian coordination mechanisms, issue public warnings, grant consent, authorize deployment, or execute humanitarian activities by implication. ## 21.4 Service Lines ### 21.4.1 Risk Intelligence Advisory. 21.4.1.1 Risk Intelligence Advisory shall support interpretation of GRIx, DRI, Observatory signals, indicators, confidence labels, uncertainty labels, dashboards, hotspots, multi-hazard records, cascade records, Studio scenarios, Reports, National Portfolio records, Grid inputs, TRL context, and handoff dependency notes. 21.4.1.2 Risk Intelligence Advisory may produce risk interpretation notes, dashboard literacy notes, public-safe summaries, scenario learning records, DRI contribution reviews, GRIx mapping notes, Observatory interpretation notes, assumptions registers, dependency registers, correction notes, and archive notes. 21.4.1.3 Risk Intelligence Advisory shall not issue public warnings, ratings, insurance scores, investment signals, public authority decisions, emergency commands, deployment authorizations, or execution instructions. ### 21.4.2 Systems Resilience Advisory. 21.4.2.1 Systems Resilience Advisory shall support understanding of resilience across WFEH-B systems, infrastructure, public health, climate, nature, biodiversity, supply chains, cyber-physical systems, digital systems, organizational systems, community systems, and national capability systems. 21.4.2.2 Systems Resilience Advisory may include dependency mapping, cascade mapping, degraded-mode awareness, continuity questions, preparedness learning, recovery learning, National Portfolio inputs, Studio scenario interpretation, Foundry backlog inputs, Reports support, and handoff dependency mapping. 21.4.2.3 Systems Resilience Advisory shall not create engineering certification, safety approval, public authority approval, operational command, procurement decision, deployment authorization, or execution. ### 21.4.3 Frontier Technology Risk Advisory. 21.4.3.1 Frontier Technology Risk Advisory shall support understanding of risks and opportunities associated with AI, agentic systems, AI-RAN, O-RAN, telecom, private wireless, edge, HPC, sovereign compute, cloud, cybersecurity, geospatial systems, Earth observation, digital twins, drones, robotics, sensors, IoT, OT, IIoT, DLT, DePIN, Web3, quantum-relevant security, semiconductors, advanced manufacturing, biosecurity-sensitive systems, and frontier science infrastructure. 21.4.3.2 Frontier Technology Risk Advisory may support Labs translation, Foundry builds, Studio workflows, Grid inputs, TRL notes, Reports, Marketplace listings, Registry records, public-safe summaries, standards-aware interface questions, cyber and privacy review, AI-use labels, model cards, system cards, benchmark cards, and lawful handoff dependency notes. 21.4.3.3 Frontier Technology Risk Advisory shall not create technical certification, standards conformance, AI safety approval, cybersecurity certification, provider validation, procurement readiness, financeability, public authority approval, deployment authorization, or execution. ### 21.4.4 Public Authority Learning and Policy Translation. 21.4.4.1 Public Authority Learning and Policy Translation shall support public authority participants in understanding public-good evidence, risk intelligence, Reports, National Portfolio context, DRI, GRIx, Observatory, Studio, Grid, TRL, public-safe communication, finance-readiness questions, procurement boundary issues, and lawful handoff dependencies. 21.4.4.2 Policy Translation may convert technical, scientific, community, finance-readiness, insurance-readiness, and implementation dependency content into public authority learning materials, but shall not create policy decisions. 21.4.4.3 Public Authority Learning and Policy Translation shall not create public authority action, regulatory decision, permit, license, public warning, public finance allocation, procurement decision, official adoption, deployment authorization, or execution. ### 21.4.5 Finance-Readiness and Insurance-Readiness Advisory. 21.4.5.1 Finance-Readiness and Insurance-Readiness Advisory shall support no-reliance literacy concerning capital-readability, insurance-readiness questions, donor-readiness questions, public finance relevance questions, DRF, protection gaps, risk layering, assumptions, dependencies, diligence gaps, National Portfolio context, DRI context, Reports, readiness rooms, capital-reader rooms, insurance-reader rooms, donor-reader rooms, and handoff dependency notes. 21.4.5.2 Finance-Readiness and Insurance-Readiness Advisory may produce assumptions registers, dependency registers, diligence-gap registers, readiness question maps, no-reliance notes, public-safe summaries, and handoff dependency notes. 21.4.5.3 Finance-Readiness and Insurance-Readiness Advisory shall not be investment advice, financial advice, securities advice, valuation, bankability determination, financeability determination, underwriting, insurance advice, insurance approval, public finance allocation, donor commitment, procurement decision, or execution. ### 21.4.6 Community and Safeguard Advisory. 21.4.6.1 Community and Safeguard Advisory shall support non-extractive engagement, community safeguards, Indigenous protocols where applicable, protected knowledge controls, youth safeguards, disability inclusion, accessibility, humanitarian sensitivity, public-interest participation, public-safe storytelling, community-facing correction, and consent-boundary discipline. 21.4.6.2 Community and Safeguard Advisory may support Campaigns, Reports, Studio workflows, National Portfolios, DICE records, DRI outputs, Observatory outputs, Marketplace listings, Registry records, Nexus Universe rooms, Foundry outputs, Labs outputs, Academy materials, and handoff dependency notes. 21.4.6.3 Community and Safeguard Advisory shall not create community consent, Indigenous consent where applicable, legal approval, public authority approval, deployment authorization, or execution. Consent-sensitive matters shall be routed to appropriate lawful and community-governed processes. ### 21.4.7 Nexus Foundry and Handoff Support. 21.4.7.1 Nexus Foundry and Handoff Support shall help translate Docket items into Foundry programs, tracks, quests, bounties, builds, maintainer assignments, review gates, release classes, correction loops, archive rules, Marketplace candidates, Registry updates, Grid inputs, TRL notes, Reports, National Portfolio builds, and handoff dependency packages. 21.4.7.2 Handoff Support shall identify evidence context, data context, method context, Studio context, Grid context, TRL context, public-safe status, safeguard status, public authority dependencies, legal dependencies, finance and insurance questions, procurement boundaries, provider-neutrality notes, sponsor-boundary notes, recipient responsibilities, correction pathways, recall pathways, and archive linkage. 21.4.7.3 Nexus Foundry and Handoff Support shall not certify builds, approve providers, authorize procurement, arrange finance, underwrite risk, approve public authority action, grant consent, authorize deployment, or execute projects. ### 21.4.8 Risk Academy and Training Programs. 21.4.8.1 Risk Agency may support Risk Academy and training programs by providing faculty experts, reviewers, mentors, practitioners, community leaders, public authority learning experts, readiness experts, safeguard experts, technical experts, and cross-sphere translators. 21.4.8.2 Training programs may cover systems-risk literacy, DRR learning, DRF literacy, DRI learning, WFEH-B learning, frontier STEM risk learning, data, AI, cyber, privacy, public authority learning, public-safe reporting, safeguard literacy, finance-readiness literacy, insurance-readiness literacy, Studio literacy, Grid and TRL literacy, and handoff dependency literacy. 21.4.8.3 Training shall not create professional qualification by implication, public authority competence certification, employment, procurement eligibility, public authority approval, deployment authorization, or execution. ### 21.4.9 Crisis-Learning and After-Action Advisory. 21.4.9.1 Crisis-Learning and After-Action Advisory shall support learning after incidents, disasters, disruptions, near misses, Campaign issues, Studio issues, data incidents, AI incidents, cyber incidents, privacy incidents, public-safe incidents, protected knowledge incidents, public authority boundary incidents, finance boundary incidents, procurement boundary incidents, provider validation incidents, sponsor control incidents, consent overclaim incidents, handoff overclaim incidents, and execution overclaim incidents. 21.4.9.2 Crisis-Learning and After-Action Advisory may produce after-action learning notes, public-safe summaries, correction records, assumptions updates, dependency updates, DRI updates, GRIx updates, Observatory updates, Studio updates, Grid updates, Reports corrections, Registry updates, Marketplace updates, handoff recall notes, and archive records. 21.4.9.3 Crisis-Learning and After-Action Advisory shall not command response, issue public warnings, allocate resources, make public authority decisions, determine liability, provide legal advice by default, authorize deployment, or execute crisis operations. ### 21.4.10 Digital Trust, Data, AI, Cyber, and Privacy Advisory. 21.4.10.1 Digital Trust, Data, AI, Cyber, and Privacy Advisory shall support data governance, metadata, lineage, data-use labels, AI-use labels, model cards, system cards, benchmark cards, agent workflow cards, secure rooms, data rooms, compute-to-data, cybersecurity, zero trust, privacy, data sovereignty, cross-border transfer awareness, SBOM literacy, vulnerability disclosure, secure software review, AI safety review, and public-safe output review. 21.4.10.2 Digital Trust Advisory may support DICE, Foundry, Labs, Studio, Reports, Marketplace, Registry, Grid, TRL, Nexus Universe, National Portfolios, and handoff dependency packages. 21.4.10.3 Digital Trust, Data, AI, Cyber, and Privacy Advisory shall not create legal compliance determination by default, cybersecurity certification, AI safety certification, privacy certification, data access right, public authority approval, procurement readiness, deployment authorization, or execution. ## 21.5 Engagement Records ### 21.5.1 Request Record. 21.5.1.1 A Request Record shall be created for each Risk Agency engagement request. It shall identify requester, client class, purpose, scope, urgency, jurisdictional context, requested service line, expert class needed, data involved, AI-use status, cyber sensitivity, privacy sensitivity, public-safe status, safeguard status, public authority boundary status, finance boundary status, procurement boundary status, consent boundary status, handoff relevance, reliance expectation, correction pathway, and archive rule. 21.5.1.2 The Request Record shall classify whether the request is informational, advisory, learning, review, translation, training, readiness, public-safe reporting, Foundry support, Campaign support, Studio support, Grid support, Nexus Universe support, National Portfolio support, handoff support, correction support, or potentially execution-seeking. 21.5.1.3 Execution-seeking requests shall be escalated, restricted, rerouted, declined, or converted into bounded advisory support unless a separate lawful engagement outside NAF’s default posture is recorded. ### 21.5.2 Matching Record. 21.5.2.1 A Matching Record shall document the expert or expert pool matched to a request, including expert class, expertise basis, scope of match, role, conflict review, availability, jurisdictional relevance, data access class, confidentiality status, public-safe obligations, safeguard obligations, reliance label, output expectations, review requirements, correction pathway, and archive rule. 21.5.2.2 The Matching Record shall state that the match is bounded to the engagement and does not create certification, professional license, endorsement, procurement eligibility, public authority approval, financeability, insurability, consent, deployment authorization, or execution authority. 21.5.2.3 Matching Records shall be corrected, downgraded, withdrawn, or archived where expert standing changes, conflicts arise, scope changes, quality issues occur, or boundary risks appear. ### 21.5.3 Expert Standing Record. 21.5.3.1 An Expert Standing Record shall document an expert’s classification, qualifications where relevant, experience, domain, Nexus familiarity, public-safe training, safeguard training, data and AI-use training where relevant, conflict disclosures, review history, engagement history, correction history, support status, renewal status, downgrade status, suspension status, withdrawal status, and archive status. 21.5.3.2 Expert Standing Records shall support routing and quality management, not professional licensing. 21.5.3.3 Expert Standing shall not be represented as professional license, certification, public authority approval, procurement qualification, financeability, endorsement, consent authority, deployment authority, or execution authority. ### 21.5.4 Conflict Record. 21.5.4.1 A Conflict Record shall document actual, potential, perceived, financial, institutional, professional, personal, political, sponsor-related, provider-related, public authority-related, capital-related, insurance-related, donor-related, community-related, Indigenous protocol-related where applicable, or role-based conflicts. 21.5.4.2 Conflict Records shall include disclosure, assessment, mitigation, recusal, restriction, monitoring, correction, public-safe disclosure where required, withdrawal where necessary, and archive. 21.5.4.3 Conflict management shall prevent capture, hidden influence, pay-to-route, pay-to-validate, provider validation, sponsor control, public authority overclaim, finance overclaim, procurement overclaim, consent overclaim, and execution overclaim. ### 21.5.5 Delivery Record. 21.5.5.1 A Delivery Record shall document what was delivered under a Risk Agency engagement, including meetings, workshops, advisory sessions, training sessions, review activities, translation activities, Reports support, Studio support, Grid support, Foundry support, Campaign support, National Portfolio support, Nexus Universe support, handoff support, correction support, and archive support. 21.5.5.2 Delivery Records shall include date, participants, materials reviewed, outputs produced, limitations, reliance label, public-safe status, data and AI-use status, safeguard status, decisions not made, actions not authorized, correction pathway, and archive rule. 21.5.5.3 Delivery Records shall not create approval, certification, public authority action, financeability, procurement readiness, consent, deployment authorization, or execution. ### 21.5.6 Output Record. 21.5.6.1 An Output Record shall document advisory memoranda, consultancy notes, training packs, workshop records, readiness question maps, risk interpretation notes, public-safe summaries, scenario learning records, dashboard literacy notes, handoff support notes, correction notices, archive notes, and other Risk Agency outputs. 21.5.6.2 Output Records shall include author, reviewer where applicable, scope, evidence basis, assumptions, limitations, data-use status, AI-use status, public-safe status, safeguard status, reliance label, release class, correction pathway, withdrawal pathway, archive rule, and boundary notices. 21.5.6.3 Output Records shall not create certification, public authority approval, investment advice, underwriting, procurement recommendation, provider validation, consent, deployment authorization, or execution. ### 21.5.7 Reliance Label. 21.5.7.1 Each Risk Agency engagement and output shall carry a Reliance Label appropriate to the engagement type, including learning-only, informational, advisory-no-reliance, internal-review, public-safe summary, controlled-client advisory, professional-reliance-only-if-separately-contracted, handoff-context-only, correction-only, archive-only, or other approved reliance class. 21.5.7.2 Reliance Labels shall define the permitted use, prohibited use, audience, review status, limitation status, downstream diligence requirements, professional boundary status, public authority boundary status, finance boundary status, procurement boundary status, consent boundary status, deployment boundary status, and execution boundary status. 21.5.7.3 No Risk Agency output shall be relied upon for public authority decisions, investment decisions, underwriting decisions, procurement decisions, legal compliance decisions, safety certifications, deployment decisions, consent determinations, emergency actions, or execution unless a separate lawful engagement expressly provides for such reliance outside NAF’s default non-executing posture. ### 21.5.8 Correction Record. 21.5.8.1 A Correction Record shall be created where a Risk Agency request, match, expert standing record, conflict record, delivery record, output record, reliance label, public-safe communication, client understanding, handoff note, or archive record contains error, overclaim, unsafe language, conflict issue, data issue, AI issue, cyber issue, privacy issue, protected knowledge issue, safeguard issue, public authority overclaim, finance overclaim, procurement overclaim, certification overclaim, consent overclaim, deployment overclaim, execution overclaim, or other boundary incident. 21.5.8.2 Correction Records shall document trigger, affected material, affected parties, containment action, claims freeze where applicable, data freeze where applicable, technical freeze where applicable, corrected text, public-safe notice where applicable, client notice where applicable, Registry or Marketplace update where applicable, Reports correction where applicable, handoff recall where applicable, archive action, and closure. 21.5.8.3 Correction Records shall be routed to Correction Registers, Registry, Marketplace, Reports, DICE, DRI, National Portfolios, Nexus Universe, Nexus Network, lawful handoff recipients, and other affected systems where applicable. ### 21.5.9 Archive Record. 21.5.9.1 An Archive Record shall preserve Risk Agency request records, matching records, expert standing records, conflict records, delivery records, output records, reliance labels, correction records, withdrawal records, supersession records, non-continuation records, and archive notices. 21.5.9.2 Archive Records shall include archive date, archive reason, access class, sensitivity class, public-safe status, support status, correction history, successor link where applicable, retention rule, deletion or sealing rule where applicable, and archive-not-current notice. 21.5.9.3 Archive Records shall preserve institutional memory without implying current validity, active support, professional license, certification, public authority approval, procurement status, financeability, consent, deployment authorization, or execution. ## 21.6 Risk Agency Boundaries ### 21.6.1 Advisory Is Not Execution. 21.6.1.1 Risk Agency advisory, including risk advisory, resilience consulting support, public-safe reporting support, capacity-building support, cross-sphere translation, Foundry support, Nexus Universe support, National Portfolio support, Studio support, Grid support, Reports support, Campaign support, and handoff support, shall not constitute execution. 21.6.1.2 Execution includes operating systems, deploying technology, issuing public warnings, commanding emergency action, procuring goods or services, allocating finance, underwriting risk, certifying systems, granting consent, approving providers, approving projects, making public authority decisions, or assuming recipient responsibilities. 21.6.1.3 Execution may occur only through competent lawful actors, lawful public authority processes, lawful procurement processes, lawful finance processes, lawful insurance processes, lawful consent processes, lawful contracting, lawful deployment authorization, lawful operational accountability, and lawful implementation structures outside Risk Agency and outside NAF unless separately and expressly recorded. ### 21.6.2 Matching Is Not Certification. 21.6.2.1 Expert Matching shall not certify experts, providers, products, organizations, methods, systems, technologies, National Portfolios, Campaigns, Reports, Studio workflows, Grid inputs, TRL notes, Marketplace listings, Registry records, or handoff dependency packages. 21.6.2.2 Matching shall indicate a bounded fit between a recorded request and an expert or expert pool for a defined purpose, scope, reliance label, and release class. 21.6.2.3 No Matching Record shall be represented as professional certification, technical certification, safety certification, cybersecurity certification, AI safety certification, standards conformance, procurement qualification, public authority approval, provider validation, financeability, insurability, consent, deployment authorization, or execution authority. ### 21.6.3 Expert Standing Is Not Professional License. 21.6.3.1 Expert Standing within Risk Agency shall be a Nexus routing and quality record only. It shall not be a professional license, statutory credential, regulated qualification, university degree, public authority credential, procurement qualification, finance credential, insurance credential, or deployment authorization. 21.6.3.2 Where regulated professional services are required, the relevant professional authority, legal framework, licensing body, employer, client, insurer, public authority, or competent lawful actor shall be responsible for confirming qualifications and reliance. 21.6.3.3 Expert Standing shall remain correctionable, reviewable, renewable, downgradeable, suspendable, withdrawable, and archivable. ### 21.6.4 Training Is Not Qualification by Implication. 21.6.4.1 Risk Agency training, Risk Academy training, Academy training, workshops, clinics, briefings, learning objects, WILPs, micro-credentials, public-safe reporting exercises, Studio exercises, readiness exercises, and handoff literacy sessions shall not create professional qualification by implication. 21.6.4.2 Training may create learning records, ILA entries, iCRS records, micro-credential records where applicable, participation records, assessment records, contribution records, and public-safe output records, but shall not create professional license, employment eligibility, procurement eligibility, public authority approval, deployment authorization, or execution authority. 21.6.4.3 Any formal qualification, professional license, statutory credential, academic credit, employment decision, procurement eligibility, or regulated competence decision must be separately and lawfully created by competent actors outside Risk Agency unless expressly authorized and recorded. ### 21.6.5 Finance-Readiness Support Is Not Investment Advice. 21.6.5.1 Finance-readiness support, capital-readability support, donor-readiness support, public finance relevance support, assumptions registers, dependency registers, diligence-gap registers, readiness question maps, no-reliance notes, public-safe summaries, and handoff dependency notes shall not constitute investment advice. 21.6.5.2 Risk Agency shall not recommend investments, solicit securities, arrange finance, provide valuations, determine bankability, determine financeability, create investor commitments, create donor commitments, allocate public finance, or execute financial transactions. 21.6.5.3 Any investment, finance, public finance, grant, lending, securities, valuation, or transaction activity must occur separately through competent lawful actors, regulated processes where applicable, independent diligence, lawful documentation, and appropriate authorizations outside Risk Agency and outside NAF’s default posture. ### 21.6.6 Insurance-Readiness Support Is Not Underwriting. 21.6.6.1 Insurance-readiness support, DRF support, protection-gap analysis, risk-layering questions, DRI context, assumptions, dependencies, diligence-gap records, public-safe summaries, and handoff dependency notes shall not constitute underwriting. 21.6.6.2 Risk Agency shall not price risk, approve insurance, issue coverage recommendations, create coverage commitments, create insurability determinations, issue insurance scores, bind insurers, act as broker by default, act as underwriter, or execute insurance functions. 21.6.6.3 Any insurance, reinsurance, brokerage, underwriting, actuarial, coverage, claim, premium, or regulated insurance activity must occur separately through competent lawful actors, regulated processes where applicable, independent diligence, lawful documentation, and appropriate authorizations outside Risk Agency and outside NAF’s default posture. ### 21.6.7 Public Authority Learning Support Is Not Public Authority Decision. 21.6.7.1 Public authority learning support, public authority learning rooms, policy translation, Reports review, DRI interpretation, GRIx interpretation, Observatory interpretation, Studio scenario learning, Grid and TRL literacy, National Portfolio review, readiness question mapping, procurement boundary literacy, public finance boundary literacy, and handoff dependency literacy shall not constitute public authority decision. 21.6.7.2 Risk Agency shall not issue public warnings, emergency commands, permits, licenses, approvals, regulations, official determinations, public finance allocations, procurement decisions, official policy adoption, or deployment authorizations. 21.6.7.3 Public authority decisions must occur separately through competent public authority processes outside Risk Agency and outside NAF unless separately and lawfully recorded. ### 21.6.8 Community Translation Is Not Consent. 21.6.8.1 Community translation, community advisory, safeguard advisory, public-safe storytelling, local knowledge interpretation, community-facing Reports, Campaign participation, community meetings, community leader participation, Indigenous institution participation where applicable, Studio participation, National Portfolio input, Nexus Universe participation, or handoff awareness shall not constitute community consent or Indigenous consent where applicable. 21.6.8.2 Consent-sensitive matters shall be routed to appropriate lawful, community-governed, Indigenous protocol-sensitive where applicable, rights-respecting, and recorded processes outside Risk Agency unless a separate lawful consent record exists. 21.6.8.3 The final Risk Agency rule of Part XXI is that NAF may match experts, route advisory support, support risk intelligence, support resilience learning, support public-safe reporting, support capacity-building, translate across spheres, support Foundry, support Campaigns, support Academy, support Labs, support Studio, support Grid, support Nexus Universe, support National Portfolios, and support lawful handoff context only through record-bearing, conflict-managed, reliance-labeled, public-safe, safeguard-aware, nationally routed where applicable, sponsor-bounded, provider-neutral, public-authority-bounded, finance-bounded, insurance-bounded, procurement-neutral, consent-bounded, correctionable, archive-capable, and non-executing Risk Agency governance. No request, match, expert standing record, engagement, advisory note, training, public-safe summary, readiness map, dashboard literacy note, handoff support note, client conversation, public authority learning session, community translation, finance-readiness support, insurance-readiness support, sponsor participation, provider contribution, Marketplace reference, Registry reference, Nexus Universe participation, or archived Risk Agency record shall become certification, professional license, investment advice, underwriting, procurement recommendation, public authority decision, public warning, public finance allocation, community consent, Indigenous consent where applicable, deployment authorization, operational command, agency, warranty, or execution by implication. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.therisk.global/organization/operations/frameworks/nexus-agile-framework-naf/xxi.-agency.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.