# II. Agency #### Summary The **Risk Agency** is the expert matching, risk advisory, and resilience consulting pillar of Nexus. It connects trusted risk experts, public-safe reporting specialists, and domain practitioners with third-party needs across disaster risk, systems risk, frontier technology risk, and readiness support. It supports advisory, consultancy, training, and interpretation without implying certification, procurement approval, financeability, or execution. ### 1. Pillar Identity, Purpose, and Market Need **1.1 Risk Agency Defined.** The **Risk Agency** shall be the Nexus Ecosystem pillar for matching, routing, supporting, supervising, quality-controlling, recording, renewing, and correcting trusted risk expertise for third-party advisory, consultancy, training, facilitation, interpretation, capacity-building, readiness-support, review-support, and cross-sphere translation. It shall function as a global risk advisory, expert matching, risk consulting, resilience advisory, and public-safe reporting support system for the Nexus architecture. It shall enable qualified experts, community leaders, Nexus Guild members, National Working Group participants, Nexus Competence Cell members, Risk Academy faculty, Work-Integrated Learning Path mentors, Nexus Foundry reviewers, DICE data stewards, GRIx specialists, iVRS specialists, public-safe reporting specialists, domain experts, technical experts, safeguard experts, jurisdictional experts, public authority learning facilitators, readiness experts, and institutional practitioners to provide bounded support to third parties across all risk domains, sectors, jurisdictions, technologies, communities, and lawful advisory contexts. **1.2 Pillar Character.** The Risk Agency shall not be a conventional consulting firm, staffing platform, expert marketplace, recruitment service, venture studio, certification body, standards authority, public authority, regulator, fund, broker, investment adviser, insurer, underwriter, procurement body, rating agency, emergency command body, public warning body, audit firm, legal practice by implication, or project execution vehicle. It shall be a **public-good-rooted, role-separated, expert-routing, risk advisory, risk consulting, resilience consulting, training, facilitation, capacity-building, and cross-sphere translation pillar** that makes Nexus-formed and Nexus-aligned expertise available to the world through expert matching and public-safe reporting support without converting advice into approval, consultancy into execution, training into certification, expert standing into licensing, public authority learning into public authority decision, readiness into financeability, insurance-readiness into underwriting, public-safe reporting into public warning, community participation into consent, or Nexus affiliation into endorsement by implication. **1.3 Market Need.** The Risk Agency shall exist because global risk expertise is fragmented across consulting firms, academic silos, expert networks, development contractors, ESG advisers, technology vendors, public-sector consultants, insurance consultants, informal referrals, community networks, and isolated professional practices. These systems often lack a common evidence rail, cross-domain risk integration, transparent expert standing, public-good memory, safeguard discipline, national ownership, public-safe communication, no-conversion boundaries, and correctionability. The Risk Agency shall provide a trusted global risk advisory and expert-matching mechanism for connecting expertise to risk needs without converting advisory support into authority, certification, procurement, finance, insurance, public warning, consent, or execution. **1.4 Core Purpose.** The Risk Agency shall make risk expertise usable, trusted, contextual, jurisdiction-aware, public-safe, safeguard-aware, data-aware, technology-aware, nationally grounded, and accessible across all applications of risk. It shall create a structured pathway for risk consulting, expert advisory, resilience training, readiness support, and public-safe reporting support through which knowledge, methods, data commons, risk intelligence, learning pathways, public-safe outputs, evidence products, value reports, Nexus Foundry packs, Nexus Guild expertise, National Portfolio records, Studio workflows, Marketplace objects, Registry records, Grid inputs, TRL support records, and lawful handoff dependency records can support third parties under recorded scope and clear boundaries. **1.5 Global Ambition.** The Risk Agency shall be designed to become the world’s largest structured risk expertise and advisory-routing agency across all sectors, jurisdictions, technologies, disciplines, communities, languages, and applications of risk. It is designed to become a global risk advisory network and expert-matching platform with world-scale resilience consulting capacity. Its scale shall come from the combined force of global expert networks, Nexus Guilds, Risk Academy and Nexus Academy pathways, DICE records, GRIx risk intelligence, iVRS reporting discipline, Nexus Foundry outputs, Nexus Universe cycles, Nexus Observatory signals, National Nodes, National Working Groups, Nexus Competence Cells, regional hubs, national desks, institutional subscriptions, public authority learning programs, enterprise advisory programs, donor and development capacity programs, and lawful third-party advisory demand. **1.6 Operating Principle.** Nexus creates public-good records, learning, methods, risk intelligence, evidence, data commons, value reporting, public-safe outputs, training pathways, National Portfolios, Guild expertise, Foundry packs, and lawful handoff dependency records. The Risk Agency routes qualified expertise outward to third parties through bounded advisory, consultancy, training, facilitation, interpretation, translation, and readiness-support mandates. Third parties remain responsible for their own decisions, implementation, compliance, finance, procurement, insurance, legal reliance, public authority action, regulated determinations, professional reliance, and execution. **1.7 Non-Execution Default.** The Risk Agency may advise, consult, train, facilitate, translate, map, interpret, review-support, prepare, route, and support. It shall not by default certify, audit, assure, rate, regulate, approve, procure, finance, insure, underwrite, broker, lend, invest, solicit, allocate public funds, award grants, issue public warnings, command emergency response, grant community consent, grant Indigenous consent where applicable, authorize deployment, operate infrastructure, execute projects, provide regulated legal opinions, provide regulated investment advice, make underwriting determinations, or substitute for competent professional, legal, public authority, financial, insurance, procurement, or implementation actors. *** ### 2. Nexus System Placement **2.1 Position Within Nexus.** The Risk Agency shall be the expert-routing and third-party-facing advisory pillar of the Nexus Ecosystem. It shall connect the public-good production layer of Nexus to external advisory, consultancy, training, facilitation, interpretation, readiness, and capacity-building needs while preserving role separation, public-good discipline, data protection, public-safe language, safeguard obligations, national ownership, public authority boundaries, finance and insurance boundaries, procurement neutrality, and lawful handoff discipline. **2.2 Relationship to The Global Centre for Risk and Innovation.** The Global Centre for Risk and Innovation may support the Risk Agency through evidence methods, risk ontology, data governance methods, observability methods, public-good software, open technical baselines, verifiable compute methods, AI workflow controls, cybersecurity baselines, model cards, system cards, benchmark methods, secure-room methods, compute-to-data methods, privacy-enhancing technology methods, and frontier STEM risk methods. Use of such methods shall not create technical certification, public authority approval, procurement approval, financeability, insurability, legal compliance, or execution authority. **2.3 Relationship to The Global Risks Forum.** The Global Risks Forum may support the Risk Agency through public-good legitimacy discipline, claims discipline, public-safe communication, stakeholder formation, public-facing meaning, Gazette and Docket literacy where applicable, correction culture, community-facing communication, public repair, and boundary discipline. Such support shall not create public authority approval, public warning authority, certification, procurement status, financeability, public-facing legitimacy transfer, community consent, or Indigenous consent where applicable. **2.4 Relationship to The Global Risks Alliance.** The Global Risks Alliance may support the Risk Agency through finance-readiness literacy, insurance-readiness question mapping, disaster-risk-finance literacy, donor-readiness questions, public finance relevance questions, no-reliance room design, assumptions registers, dependency registers, diligence-gap registers, capital-reader literacy, insurance-reader literacy, donor-reader literacy, public finance learning, and regulated-perimeter discipline. Such support shall not become investment advice, solicitation, rating, valuation, financeability, insurability, underwriting acceptance, donor commitment, public finance allocation, banking approval, lender approval, transaction readiness, or financial execution. **2.5 Relationship to Nexus Foundry.** The Risk Agency shall support third parties that need to understand, prepare for, contribute to, interpret, or lawfully receive support around Nexus Foundry outputs, including evidence packs, method notes, dataset records, model cards, system cards, benchmark records, compute-use records, network performance records, GRIx records, DRI records, iVRS records, DICE objects, MPM objects, Nexus Rail packs, Studio workflows, Marketplace packages, Registry submissions, Grid input packages, TRL evidence records, National Portfolio packs, Nexus Universe Arena packs, Nexus Core Build technical packs, WEFH-B packs, DRR / DRF / DRI packs, Risk Academy learning packs, public-safe reporting packs, safeguard and protected knowledge packs, and lawful handoff dependency packages. **2.6 Relationship to Risk Academy and Nexus Academy.** Risk Academy and Nexus Academy shall provide learning pathways, faculty pools, WILP mentors, micro-credential records, reviewer pathways, maintainer pathways, public-safe communication training, DRR / DRF / DRI learning, WEFH-B learning, data / AI / cyber / privacy learning, and readiness literacy that may inform Risk Agency expert formation and standing. Learning records shall support matching and quality control only within recorded scope and shall not be treated as professional licenses, regulated qualifications, employment eligibility, procurement qualification, financeability, insurability, or public authority approval by implication. **2.7 Relationship to DICE and Nexus Guilds.** DICE shall provide the trusted data commons, innovation commons, knowledge commons, software commons, contribution commons, access records, rights records, AI-use labels, public-safe controls, and Guild infrastructure that support Risk Agency expert matching, knowledge transfer, and advisory delivery. Nexus Guilds shall provide structured pools of expertise, mentorship, review support, domain translation, technical stewardship, and cross-disciplinary capability. Guild participation, DICE contribution, or commons visibility shall not create Risk Agency expert standing unless separately recorded, and shall not create certification, authority, approval, procurement status, financeability, or execution status. **2.8 Relationship to GRIx and Nexus Observatory.** GRIx and Nexus Observatory shall provide risk signals, disaster-risk-intelligence records, risk ontologies, indicators, dashboards, geospatial layers, WEFH-B index families, scenario packs, confidence labels, uncertainty statements, and public-safe risk summaries that Risk Agency experts may help third parties interpret. Interpretation shall not convert risk signals into warnings, dashboards into decisions, indexes into ratings, geospatial layers into official classifications, public-safe summaries into public authority outputs, or DRI records into emergency commands. **2.9 Relationship to iVRS.** iVRS shall provide value-reporting, risk-reporting, readiness-reporting, safeguard-reporting, public-safe reporting, correction-reporting, and archive-reporting structures that Risk Agency experts may help third parties understand, prepare, localize, or use appropriately. Risk Agency work using iVRS shall remain non-assurance, non-rating, non-financial, non-procurement, non-public-authority, and non-executing unless a separate competent process lawfully creates another status outside the Risk Agency. **2.10 Relationship to Marketplace, Registry, Studio, Grid, and TRL.** The Risk Agency may help third parties understand Marketplace discovery, Registry status truth, Studio workflows, Grid inputs, and TRL 1–10 technical-readiness records. The Risk Agency shall make clear that Marketplace listing is not procurement, Registry status is not certification, Studio runtime is not decision authority, Grid input is not maturity certification, and TRL classification is not financeability, insurability, public authority approval, procurement status, deployment authorization, or execution authority. **2.11 Relationship to National Nodes and Lawful Handoff.** National Nodes, National Nexus Consortiums, National Working Groups, Nexus Competence Cells, National Consortium Companies, Project SPVs, public authorities, and lawful downstream actors may request Risk Agency advisory, consultancy, training, interpretation, or support. Risk Agency outputs may accompany lawful handoff packages only as advisory-context, training-context, expert-context, risk-context, readiness-context, public-safe-context, safeguard-context, support-context, or interpretation-context records, not as implementation authorization, vendor validation, procurement approval, public authority approval, financeability, insurability, or execution authority. *** ### 3. Institutional Model and Global Scale Architecture **3.1 World-Scale Agency Architecture.** The Risk Agency shall operate as a federated, quality-controlled, boundary-safe, multilingual, multi-jurisdictional, multi-domain, technology-enabled, public-good-rooted, and third-party-facing advisory and capacity-building system. It shall be capable of routing expertise across every material risk domain and every lawful advisory context. **3.2 Global Expert Cloud.** The Risk Agency may maintain a global expert cloud composed of scoped, standing-recorded, conflict-reviewed experts, community leaders, Guild members, reviewers, mentors, stewards, technical specialists, domain specialists, public authority learning facilitators, readiness experts, safeguard experts, and jurisdictional experts. The global expert cloud shall not be an uncontrolled marketplace; it shall be governed by standing records, matching rules, conflict controls, engagement terms, review requirements, privacy protections, and correction pathways. **3.3 Global Layer.** The global layer may maintain global methods, expert standing policies, quality standards, practice frameworks, service taxonomies, cross-border rules, public-safe language, conflict policies, matching logic, reliance labels, review levels, training models, platform infrastructure, global Guild pools, global client interfaces, global contracting instruments, global incident management, and global archive. **3.4 Regional Hubs.** Regional hubs may support Regional Nexus Consortiums, regional clusters, corridor logic, regional public authority learning, regional development partners, regional insurers, regional public finance readers, regional universities, regional communities, regional translation, regional Nexus Universe arenas, regional practice groups, regional client programs, and regional lawful handoff pathways. **3.5 National Desks.** National desks may support National Nodes, National Nexus Consortiums, public authorities, universities, National Working Groups, Nexus Competence Cells, community organizations, national companies, Project SPVs, national training programs, national expert pools, national data restrictions, national public-safe language, national client classes, national practice groups, national languages, national legal localization, and national lawful handoff contexts. **3.6 Domain Practices.** The Risk Agency may maintain domain practices for water, energy, food, health, biodiversity, climate, disaster risk, disaster risk finance, disaster risk intelligence, infrastructure, ports, cities, cyber, AI, telecom, geospatial, drones, robotics, sensors, sovereign compute, DLT, quantum-relevant security, semiconductors, supply chains, humanitarian systems, public-safe reporting, safeguards, readiness, governance, public authority learning, and lawful handoff. **3.7 Functional Desks.** The Risk Agency may maintain functional desks for advisory, consultancy, training, executive education, public authority learning, readiness rooms, community safeguard support, public-safe reporting, expert panels, Nexus Universe preparation, Nexus Foundry support, DICE onboarding, GRIx interpretation, iVRS interpretation, Studio facilitation, Marketplace / Registry / Grid / TRL literacy, contracting support, incident correction, and handoff dependency support. **3.8 Scaling Doctrine.** The Risk Agency shall scale through expert formation, expert standing, Guild-linked expert pools, Risk Academy feeder pathways, DICE expert records, Marketplace service-category discovery, Registry status truth, recurring client programs, institutional subscriptions, enterprise advisory programs, public authority learning programs, donor and development capacity programs, Nexus Universe surge periods, regional hub formation, national desk formation, National Node annual portfolios, and continuous correction of expert, client, output, and engagement records. **3.9 Enterprise-Facing and Public-Good-Facing Separation.** The Risk Agency may serve enterprise, public authority, donor, insurer, capital-reader, community, university, humanitarian, provider, sponsor, public-good, National Consortium Company, and Project SPV clients, but shall maintain role separation between public-good Nexus records and client advisory deliverables. Client work shall not rewrite, override, privatize, enclose, suppress, or misrepresent Nexus public-good records. *** ### 4. Client and Demand Architecture **4.1 Client Classes.** Risk Agency clients may include public authorities, enterprises, universities, research institutions, donors, foundations, insurers, reinsurers, banks, investors, public finance institutions, media organizations, humanitarian actors, civil society organizations, community organizations, Indigenous institutions where applicable, National Consortium Companies, Project SPVs, providers, sponsors, development agencies, municipalities, regulators, utilities, infrastructure owners, technology companies, telecom operators, hospitals, ports, logistics actors, and lawful implementation actors. **4.2 Public Authority Clients.** Public authority clients may receive public authority learning, policy learning, dashboard literacy, evidence interpretation, resilience learning, DRR / DRF / DRI learning, public-safe reporting support, and non-decision advisory support. Public authority clients remain responsible for official decisions, statutory duties, emergency communications, regulatory action, procurement, public finance allocation, licensing, permitting, and public records. **4.3 Enterprise Clients.** Enterprise clients may receive risk advisory, technology risk advisory, data governance support, AI governance support, cyber governance support, resilience planning literacy, public-safe communication support, readiness support, and Nexus Foundry interpretation. Enterprise clients remain responsible for legal compliance, operational decisions, procurement, deployment, product claims, customer communications, and execution. **4.4 Community and Public-Interest Clients.** Community, civil society, humanitarian, disability, youth, diaspora, public-interest, and Indigenous institutions where applicable may receive public-safe communication support, safeguard support, non-extractive engagement support, protected knowledge boundary support, accessibility support, and risk translation. Risk Agency support shall not convert community participation into consent, representation, consultation completion, rights waiver, public authority approval, or endorsement. **4.5 Donor, Development, and Public Finance Clients.** Donors, foundations, development agencies, and public finance readers may receive no-reliance risk literacy, readiness-question mapping, assumptions registers, dependency registers, diligence-gap registers, public finance relevance learning, and program-design support. Such support shall not become donor allocation, public finance approval, investment recommendation, financeability, bankability, or transaction readiness. **4.6 Insurer, Reinsurer, Capital-Reader, and Financial Institution Clients.** Insurers, reinsurers, banks, investors, and capital readers may receive no-reliance risk interpretation, DRF literacy, insurance-readiness question mapping, data-gap understanding, scenario literacy, and resilience-readiness support. Risk Agency outputs shall not become underwriting decisions, premium indications, investment advice, ratings, valuations, credit decisions, lending decisions, or solicitation. **4.7 Provider and Sponsor Clients.** Providers and sponsors may receive claims-boundary guidance, public-safe communication support, technology-risk interpretation, Nexus participation support, and provider-neutrality guidance. Risk Agency work shall not validate providers, create preferred-vendor status, determine procurement eligibility, or allow sponsors to control expert matching, advisory conclusions, public-safe outputs, or Nexus records. **4.8 National Consortium Company and Project SPV Clients.** National Consortium Companies and Project SPVs may receive advisory, training, interpretation, readiness, safeguard, evidence-pack orientation, Studio workflow orientation, GRIx interpretation, iVRS interpretation, and lawful handoff support. Such work shall not make the Risk Agency a project developer, operator, contractor, funder, insurer, public authority, procurement body, or implementation decision-maker. *** ### 5. Expert Matching Mechanism **5.1 Matching Function.** The Risk Agency shall operate as a governed expert-matching mechanism that receives third-party needs, classifies the request, identifies the required domain, jurisdiction, language, sector, risk type, technology, public authority context, community context, safeguard need, data sensitivity, readiness boundary, conflict profile, reliance level, output class, and delivery mode, and matches the request to qualified Nexus-aligned experts or expert teams. **5.2 Demand-Side Participants.** Demand-side participants may include governments, public authorities, municipalities, regulators, development agencies, donors, foundations, insurers, reinsurers, banks, investors, public finance institutions, universities, research institutions, companies, infrastructure owners, utilities, technology providers, telecom operators, hospitals, ports, logistics actors, civil society organizations, Indigenous institutions where applicable, community organizations, media organizations, humanitarian actors, National Consortium Companies, Project SPVs, and lawful implementation actors. **5.3 Supply-Side Participants.** Supply-side participants may include community leaders, local experts, Indigenous protocol advisers where applicable, Nexus Guild members, Risk Academy faculty, WILP mentors, Nexus Foundry reviewers, DICE data stewards, GRIx specialists, iVRS reporting specialists, DRR experts, DRF specialists, DRI analysts, WEFH-B systems experts, cyber experts, AI governance experts, geospatial experts, public-safe reporting specialists, safeguard specialists, public authority learning facilitators, finance-readiness experts, insurance-readiness experts, legal-boundary specialists, data privacy specialists, infrastructure experts, climate experts, health and biosecurity experts, energy experts, water experts, food systems experts, biodiversity experts, sovereign compute experts, telecom and AI-RAN/O-RAN experts, robotics and sensor experts, and jurisdictional experts. **5.4 Matching Criteria.** Matching shall consider domain, jurisdiction, language, sector, risk type, technology, public authority context, community context, safeguard needs, data sensitivity, confidentiality, conflict status, availability, experience, standing record, Guild affiliation, National Node relationship, micro-credential record, iCRS contribution record, WILP supervision record, reviewed artifacts, client feedback, correction history, public-safe communication capability, jurisdictional fit, data-access eligibility, and legal-boundary fit. **5.5 Matching Record.** Each material match shall generate a **Risk Agency Matching Record** identifying requester, request scope, client class, expert class, expert standing status, conflicts, data class, delivery mode, permitted use, prohibited use, reliance level, public-safe status, confidentiality status, output class, review level, correction pathway, and archive rule. **5.6 Matching Boundary.** Matching an expert shall not imply certification, licensing, public authority approval, procurement approval, financeability, insurability, legal compliance, official endorsement, provider validation, community consent, Indigenous consent where applicable, or execution authority. Matching shall mean only that the expert or expert team is eligible to provide bounded support within recorded scope. *** ### 6. Expert Classes, Standing, Admission, Renewal, and Quality Control **6.1 Expert Class System.** The Risk Agency shall maintain expert classes to prevent false equivalence among different kinds of knowledge, authority, experience, and responsibility. Expert classes may include community leaders, domain experts, technical experts, public authority learning experts, readiness experts, safeguard experts, Nexus mechanism experts, jurisdictional experts, faculty experts, reviewer experts, maintainer experts, and cross-sphere translators. **6.2 Community Leaders.** Community leaders may include local, civic, Indigenous where applicable, diaspora, humanitarian, disability, youth, public-interest, and place-based leaders who provide contextual intelligence, legitimacy insight, safeguard advice, public-safe communication support, non-extractive engagement guidance, and community-facing review. Community leader standing shall not be used to imply community consent, Indigenous consent, consultation completion, rights waiver, land access, authority to represent all community members, or public authority approval. **6.3 Domain Experts.** Domain experts may include specialists in water, energy, food, health, biodiversity, climate, disaster risk, disaster risk finance, infrastructure, cyber, AI, telecom, geospatial, finance-readiness, insurance-readiness, public finance, law, governance, public policy, supply chains, cities, ports, manufacturing, semiconductors, quantum-relevant security, sovereign compute, humanitarian systems, and public-safe communication. **6.4 Technical Experts.** Technical experts may include specialists in data architecture, AI, cyber, privacy, software, secure rooms, data rooms, clean rooms, cloud, HPC, Edge, dashboards, simulations, digital twins, sensors, robotics, telecom, geospatial systems, AI-RAN/O-RAN, public-good software, APIs, repositories, and advanced infrastructure. **6.5 Public Authority Learning Experts.** Public authority learning experts may support public authority learning rooms, dashboard literacy, evidence interpretation, policy learning, risk communication, resilience learning, DRR literacy, DRF literacy, and DRI review without substituting for public authority decisions. **6.6 Readiness Experts.** Readiness experts may translate evidence, risk, assumptions, dependencies, data gaps, legal dependencies, safeguard dependencies, public authority dependencies, and support gaps into no-reliance readiness materials for capital readers, insurers, donors, public finance readers, National Consortium Companies, Project SPVs, and lawful handoff recipients. **6.7 Safeguard Experts.** Safeguard experts may support accessibility, community safeguards, Indigenous protocols where applicable, protected knowledge, youth safeguards, disability inclusion, public-interest participation, public-safe repair, non-extractive engagement, consent-boundary discipline, and protected participation records. **6.8 Nexus Mechanism Experts.** Nexus mechanism experts may support DICE, GRIx, iVRS, iCRS, MPM, WILPs, Nexus Foundry, Nexus Universe, Nexus Observatory, Nexus Studio, Marketplace, Registry, Grid, TRL 1–10, National Portfolios, Nexus Rails, Nexus Network, Risk Academy, and lawful handoff pathways. **6.9 Jurisdictional Experts.** Jurisdictional experts may provide country, regional, legal-system, public-authority, national-data, language, cultural, institutional, regulatory, community, or market-context knowledge. Jurisdictional expertise shall not be treated as legal advice, public authority approval, compliance determination, or regulated opinion unless separately and lawfully provided by a competent professional outside the default Risk Agency role. **6.10 Expert Formation.** Risk Agency expert standing may be informed by Risk Academy learning, Nexus Academy learning, WILP supervision, micro-credentials, iCRS contribution records, Nexus Guild participation, DICE records, GRIx contributions, iVRS contributions, Nexus Foundry review records, public-safe publication records, National Node participation, Competence Cell work, client feedback, peer review, conflict history, correction history, safeguard training, privacy training, cyber training, and AI governance training. Such formation records shall support matching and quality control only and shall not create professional certification, public authority status, procurement qualification, financeability, insurability, or execution authority by implication. **6.11 Expert Admission.** Expert admission shall require intake, identity review where appropriate, expertise-scope review, conflict review, public-safe communication review where relevant, data/privacy/cyber training where relevant, safeguard training where relevant, jurisdictional limitation review where relevant, and acceptance of Risk Agency terms. Admission shall not imply certification or professional licensing. **6.12 Expert Standing Record.** Expert standing shall be current, scoped, renewable, suspendable, and correctionable. No expert shall be represented as eligible for a Risk Agency engagement unless the expert’s role, scope, standing basis, conflict status, jurisdictional limits, data-access eligibility, safeguard capacity, public-safe communication status, and renewal status are recorded. **6.13 Suspension, Restriction, and Reinstatement.** Expert standing may be restricted, suspended, downgraded, withdrawn, corrected, or archived where overclaim, conflict, client misuse, safeguard breach, confidentiality breach, privacy incident, cyber incident, AI misuse, unsupported advice, stale competence, or boundary failure occurs. Reinstatement shall require current review and record. **6.14 Quality Control.** The Risk Agency shall maintain quality control through intake review, scope control, conflict review, expert standing review, data-sensitivity review, public-safe review, client-fit review, output classification, reliance-level labeling, review-level labeling, feedback, correction records, renewal reviews, and archive. *** ### 7. Nexus Guilds, Risk Academy, and Expert Formation **7.1 Guild-to-Agency Boundary.** Nexus Guilds may provide domain depth, peer learning, review support, maintainer capacity, and specialized knowledge. The Risk Agency may route eligible Guild expertise into third-party advisory, consultancy, training, facilitation, and translation engagements under recorded scope, conflict controls, quality controls, and no-conversion boundaries. Guild participation alone shall not create Risk Agency expert standing. **7.2 Risk Academy Feeder Function.** Risk Academy shall serve as a learning, capability-formation, and quality-control feeder for the Risk Agency by creating structured pathways in risk literacy, DRR, DRF, DRI, WEFH-B systems, data stewardship, AI governance, cyber hygiene, public-safe reporting, safeguard literacy, readiness literacy, and lawful handoff literacy. **7.3 WILP Formation.** Work-Integrated Learning Paths may provide supervised applied experience that supports future expert formation, reviewer readiness, maintainer readiness, training support, advisory preparation, and national capacity. WILP records shall not create employment status, professional certification, procurement qualification, or agency standing without separate review. **7.4 Micro-Credential Use.** Micro-credentials may evidence bounded learning units and may inform expert matching and training eligibility. Micro-credentials shall not be professional licenses, certifications, regulated qualifications, procurement qualifications, financeability indicators, public authority approvals, or execution permissions. **7.5 iCRS Contribution Records.** iCRS records may evidence bounded contribution to Nexus learning, Foundry work, DICE objects, GRIx records, iVRS outputs, public-safe summaries, safeguards, translations, accessibility work, and correction. iCRS records shall not create compensation entitlement, employment status, certification, agency standing, procurement status, financeability, or public authority approval by implication. **7.6 Continuing Education.** Risk Agency expert standing may require continuing education, updated public-safe training, data/privacy/cyber training, AI governance training, safeguard training, legal-boundary awareness, jurisdictional updates, and renewal review where current competence matters. **7.7 Expert Formation Without Credential Inflation.** Expert formation shall be evidence-based, scoped, reviewable, and correctionable. The Risk Agency shall avoid unsupported “world expert” claims, artificial rankings, popularity-based standing, pay-to-standing, credential inflation, and reputation-only matching. *** ### 8. Service Lines and Global Practice Areas **8.1 Risk Intelligence Advisory.** Risk Intelligence Advisory may support GRIx interpretation, DRI records, Observatory signals, dashboards, indicators, scenarios, geospatial layers, confidence labels, uncertainty statements, public-safe risk summaries, and risk literacy. It shall not issue public warnings, ratings, official classifications, emergency commands, or public authority decisions. **8.2 Systems Resilience Advisory.** Systems Resilience Advisory may support WEFH-B systems, infrastructure, cities, ports, corridors, logistics, supply chains, climate adaptation, community resilience, critical services, and national resilience planning literacy. It shall not authorize implementation, approve projects, or replace competent engineering, public authority, procurement, or operational decisions. **8.3 Frontier Technology Risk Advisory.** Frontier Technology Risk Advisory may support AI, agentic systems, cyber, telecom, AI-RAN/O-RAN, private wireless, geospatial systems, drones, robotics, sensors, IoT, OT, IIoT, sovereign compute, cloud, HPC, quantum-relevant security, semiconductors, advanced manufacturing, DLT, DePIN, digital twins, and emerging technology governance. It shall not certify safety, approve deployment, validate vendors, or create procurement status. **8.4 Public Authority Learning and Policy Translation.** Public Authority Learning and Policy Translation may support non-decision rooms, dashboard literacy, evidence interpretation, policy learning, resilience learning, public-safe reporting, DRR literacy, DRF literacy, DRI review, and public authority data-boundary awareness. It shall not create public authority approval, official classification, public warning, regulatory comfort, licensing status, permitting status, or public decision. **8.5 Finance-Readiness and Insurance-Readiness Advisory.** Finance-Readiness and Insurance-Readiness Advisory may support no-reliance readiness notes, insurance-readiness question maps, donor-readiness questions, public finance relevance questions, assumptions registers, dependency registers, diligence-gap registers, readiness-room facilitation, capital-reader literacy, insurer-reader literacy, donor-reader literacy, and public finance learning. It shall not create financeability, insurability, underwriting acceptance, donor commitment, public finance allocation, bankability, valuation, rating, solicitation, or transaction readiness. **8.6 Community and Safeguard Advisory.** Community and Safeguard Advisory may support accessibility, translation, non-extractive engagement, protected knowledge controls, Indigenous protocol support where applicable, youth safeguards, disability inclusion, public-interest participation, participation-without-consent discipline, community-facing public-safe communication, and public repair. **8.7 Nexus Foundry and Handoff Support.** Nexus Foundry and Handoff Support may help third parties understand, prepare, contribute to, or receive interpretation around Foundry outputs, evidence packs, Studio workflows, Marketplace objects, Registry records, Grid inputs, TRL support records, public-safe reporting packs, National Portfolio packs, and lawful handoff dependency packages. **8.8 Risk Academy and Training Programs.** Risk Academy and Training Programs may include executive education, public authority learning, enterprise training, community-facing learning, Guild workshops, WILPs, micro-credentials, simulation exercises, Studio training, DICE onboarding, GRIx literacy, iVRS literacy, DRR learning, DRF literacy, DRI production, WEFH-B systems learning, data stewardship, AI governance, cyber hygiene, privacy controls, and public-safe communication. **8.9 Crisis-Learning and After-Action Advisory.** Crisis-Learning and After-Action Advisory may support lessons learned, incident review, public-safe repair, correction records, after-action review, institutional memory, next-cycle formation, National Portfolio renewal, and archive discipline. It shall not become emergency command, official situation reporting, public warning, or public authority action. **8.10 Digital Trust, Data, AI, Cyber, and Privacy Advisory.** Digital Trust Advisory may support DICE data governance, secure rooms, data rooms, clean rooms, AI-use controls, privacy-enhancing technologies, cybersecurity baselines, data stewardship, repository discipline, public-good software practices, secure collaboration, and controlled knowledge sharing. *** ### 9. Delivery Modes and Engagement Architecture **9.1 Delivery Modes.** The Risk Agency may deliver through individual expert advisory, expert panels, Guild panels, training cohorts, public authority learning rooms, readiness rooms, secure rooms, data rooms, clean rooms, Nexus Studio simulations, workshops, executive briefings, community sessions, written advisory notes, public-safe summaries, scenario exercises, evidence interpretation sessions, National Portfolio support, Nexus Universe preparation rooms, Foundry support rooms, handoff support rooms, and recurring institutional programs. **9.2 Engagement Instruments.** Each engagement shall be governed by appropriate instruments, which may include client engagement terms, expert engagement terms, training terms, public authority learning room terms, readiness room terms, secure room terms, data room terms, clean room terms, community engagement terms, sponsor and provider support terms, no-reliance notices, public-safe output notices, confidentiality terms, data-use terms, AI-use terms, and handoff support notices. **9.3 Delivery Record.** Each delivery mode shall have a **Delivery Record** identifying scope, client, expert class, expert standing, data class, public-safe status, confidentiality status, conflict status, reliance level, permitted use, prohibited use, output type, review level, correction pathway, and archive rule. **9.4 Scope Control.** Engagement scope shall be specific, recorded, and bounded. Material changes in domain, client use, audience, data class, reliance level, public authority relevance, finance relevance, insurance relevance, procurement relevance, safeguard risk, or output class shall require scope update, review, and record. **9.5 Client Responsibility.** Third-party clients remain responsible for their own decisions, implementation, compliance, procurement, finance, insurance, public authority action, regulated reporting, legal advice, professional reliance, and execution. Risk Agency outputs may support understanding and preparation but shall not replace client diligence, professional review, statutory duties, board decisions, public authority decisions, procurement processes, underwriting processes, financing processes, or implementation decisions. *** ### 10. Output Taxonomy, Reliance Labels, and Client Responsibility **10.1 Output Types.** Risk Agency outputs may include advisory memoranda, consultancy notes, training packs, workshop records, readiness question maps, risk interpretation notes, public-safe summaries, evidence interpretation notes, scenario learning records, dashboard literacy notes, stakeholder maps, safeguard notes, dependency registers, assumptions registers, diligence-gap registers, no-reliance notes, public authority learning notes, community-facing notes, technical translation notes, Studio exercise records, DICE onboarding records, GRIx interpretation records, iVRS interpretation records, Foundry support packs, Nexus Universe preparation packs, lawful handoff support notes, correction notices, and expert panel records. **10.2 Output Classification.** Each output shall be classified as advisory, consultancy, training, facilitation, interpretation, review-support, readiness-support, public-safe communication, capacity-building, technical translation, public authority learning, community-facing communication, or handoff-support. Outputs shall not be labeled or marketed as approval, certification, assurance, audit, rating, public warning, procurement status, financeability, insurability, consent, deployment authorization, legal opinion, underwriting decision, or execution instruction unless separately and lawfully produced by a competent actor outside default Risk Agency status. **10.3 Reliance Labels.** Each Risk Agency output shall carry a reliance label identifying whether the output is non-reliance, training-use, internal-use, public-safe-use, controlled-client-use, limited-advisory-use, or separately contracted reliance. Unless expressly stated in a separate lawful engagement instrument, Risk Agency outputs shall not be relied upon as legal, financial, insurance, engineering, emergency, procurement, audit, compliance, public authority, investment, underwriting, or execution determinations. **10.4 Review Levels.** Risk Agency outputs may be self-prepared, expert-reviewed, Guild-reviewed, public-safe-reviewed, safeguard-reviewed, data-reviewed, privacy-reviewed, cyber-reviewed, AI-reviewed, legal-boundary-reviewed, finance-boundary-reviewed, insurance-boundary-reviewed, procurement-boundary-reviewed, public-authority-boundary-reviewed, or controlled-release-reviewed. Review level shall not imply certification, assurance, approval, public authority status, financeability, insurability, procurement status, or execution authority. **10.5 Third-Party Use Restrictions.** Outputs shall identify permitted users, permitted use, prohibited use, sharing restrictions, publication status, public-safe status, confidentiality status, reliance status, correction pathway, and archive rule. Unless expressly recorded, Risk Agency outputs shall not create third-party beneficiary rights or reliance rights for persons outside the engagement. **10.6 Correction and Recall Pathway.** Outputs shall carry a correction pathway. Where outputs are wrong, stale, misused, overclaimed, unsafe, mistranslated, relied upon outside scope, affected by incident, or superseded, the Risk Agency may issue correction, supersession, withdrawal, public-safe repair, restriction, or archive. *** ### 11. Data, Privacy, Security, AI, Confidentiality, and Secure Rooms **11.1 Data Governance.** Risk Agency engagements involving data shall follow DICE data governance principles, including data classification, source records, rights records, license records, data-use labels, AI-use labels, provenance, lineage, data quality, permitted use, prohibited use, privacy controls, security controls, public-safe status, correction pathway, deletion or sealing rule, retention rule, cross-border rule, and archive rule. **11.2 Confidentiality.** Confidential information, client information, public authority information, community-sensitive information, Indigenous protocol-sensitive information where applicable, protected knowledge, enterprise-sensitive information, financial-sensitive information, insurance-sensitive information, cyber-sensitive information, infrastructure-sensitive information, health-sensitive information, and data-room information shall be protected according to recorded confidentiality and access controls. **11.3 Secure Rooms and Data Rooms.** The Risk Agency may use secure rooms, data rooms, clean rooms, compute-to-data environments, confidential computing environments, public authority learning rooms, readiness rooms, protected knowledge rooms, and Nexus Studio rooms where data sensitivity, confidentiality, public authority context, community safeguards, or client requirements demand controlled access and output review. **11.4 AI Use Controls.** AI may support expert matching, drafting, translation, summarization, knowledge retrieval, scenario support, dashboard explanation, readiness-question mapping, and workflow support only where data rights, confidentiality, privacy, security, AI-use labels, public-safe rules, and human review requirements are satisfied. Confidential client data, public authority data, protected knowledge, Indigenous protocol-sensitive information where applicable, secure-room data, data-room data, or community-sensitive information shall not be used in AI tools unless the applicable AI-use record expressly permits the use. **11.5 AI Decision Boundary.** AI shall not make final high-stakes decisions on expert selection, expert standing, client advice, public authority meaning, financeability, insurability, procurement status, publication, output reliance, public-safe release, or handoff without recorded human review. **11.6 Cybersecurity.** The Risk Agency shall maintain appropriate cybersecurity controls for client data, expert data, learning data, engagement records, secure rooms, platforms, repositories, dashboards, AI tools, and communication systems, including identity and access management, least privilege, encryption where appropriate, secure logging, credential controls, vulnerability management, incident response, backup integrity, access recertification, and archive. **11.7 Cross-Border and Sovereignty Controls.** Cross-border data use, expert delivery, client access, public authority data, sovereign data, protected knowledge, export-control-sensitive data, sanctions-sensitive data, and jurisdictionally restricted data shall be reviewed before use, transfer, publication, or handoff. The most restrictive applicable control shall govern where ambiguity creates material risk. **11.8 Privacy and Expert Protection.** Expert profiles, community leader records, learning records, iCRS records, micro-credential records, client feedback, conflict records, and engagement records shall be privacy-aware and used only within recorded purpose. Public display of expert standing shall be controlled to avoid overclaim, unfair ranking, sensitive identity exposure, community risk, credential inflation, harassment, or reputational misuse. *** ### 12. Cross-Sphere Translation and Boundary Discipline **12.1 Translation Function.** The Risk Agency shall specialize in translating risk knowledge across science, technology, law, policy, finance, insurance, public authority, academia, community, enterprise, infrastructure, media, humanitarian, donor, public finance, and implementation spheres. Translation shall preserve meaning, limitations, uncertainty, confidence, public-safe status, jurisdictional context, safeguard requirements, and no-conversion boundaries. **12.2 Science-to-Policy Translation.** Science-to-policy translation may help public authorities, institutions, and stakeholders understand evidence, uncertainty, scenarios, systems risk, DRI, WEFH-B, climate, health, biodiversity, and infrastructure risk without turning scientific interpretation into public authority decisions, emergency warnings, regulatory classifications, legal mandates, or public authority approval. **12.3 Technology-to-Governance Translation.** Technology-to-governance translation may help organizations understand AI, cyber, data, privacy, geospatial, telecom, robotics, sensors, sovereign compute, DLT, digital twins, and frontier STEM risks without creating certification, procurement approval, deployment authorization, safety approval, compliance status, or vendor validation. **12.4 Finance-to-Risk Translation.** Finance-to-risk translation may support no-reliance understanding of assumptions, dependencies, risk layers, insurance questions, donor questions, public finance relevance, and diligence gaps. It shall not become investment advice, underwriting, rating, valuation, transaction support, solicitation, banking approval, insurance approval, donor commitment, or public finance allocation. **12.5 Community-to-Institution Translation.** Community-to-institution translation may help institutions understand lived risk, local context, accessibility needs, safeguard concerns, protected knowledge boundaries, public-safe communication needs, and non-extractive engagement duties. It shall not convert participation into consent, representation, consultation completion, rights waiver, land access, or endorsement. **12.6 Public-Safe Translation.** Public-safe translation shall convert complex risk, data, technology, readiness, and evidence materials into accessible language while preserving uncertainty, limitations, boundaries, correction pathways, and no-conversion meaning. *** ### 13. Public Authority, Finance, Insurance, Procurement, Legal, and Labor Boundaries **13.1 Public Authority Boundary.** The Risk Agency may support public authority learning, policy learning, dashboard literacy, evidence interpretation, data literacy, public-safe reporting, resilience learning, and non-decision records. It shall not create public authority approval, public warning, official classification, emergency command, licensing status, permitting status, procurement status, public finance allocation, regulatory comfort, statutory recordkeeping satisfaction, official recordkeeping, or public decision. **13.2 Public Authority Client Responsibility.** Public authority clients remain responsible for official action, public communications, statutory duties, emergency decisions, regulatory decisions, procurement decisions, public finance decisions, and public records. Risk Agency learning rooms are non-decision rooms unless separately and lawfully designated by a competent public authority outside the default Risk Agency role. **13.3 Finance and Insurance Boundary.** The Risk Agency may support finance-readiness, insurance-readiness, donor-readiness, public finance relevance, disaster-risk-finance literacy, and no-reliance rooms. It shall not provide investment advice, investment research, securities analysis, solicitation, offer, transaction readiness, bankability, financeability, valuation, rating, public finance allocation, donor commitment, guarantee, lending decision, underwriting acceptance, premium indication, coverage decision, actuarial conclusion, or insurance approval. **13.4 Procurement Boundary.** Risk Agency expert matching, advisory notes, training, Nexus affiliation, Guild participation, public-safe reports, Marketplace support, Registry interpretation, provider support, sponsor support, or client engagement shall not create procurement eligibility, supplier approval, vendor preference, public procurement status, procurement scoring, supplier prequalification, or commercial approval. **13.5 Legal and Compliance Boundary.** The Risk Agency may provide legal-boundary literacy, compliance-adjacent literacy, data-governance literacy, risk-governance literacy, public authority boundary literacy, and regulated-perimeter literacy. It shall not provide legal opinions, audit assurance, legal compliance determinations, privacy compliance, cybersecurity certification, AI compliance, environmental compliance, labor compliance, human-rights compliance, securities compliance, procurement compliance, or public-sector compliance by implication. **13.6 Labor Boundary.** The Risk Agency shall not disguise employment, contractor work, unpaid labor extraction, professional services, operational services, procurement work, regulated services, or execution services where law or fairness requires another arrangement. Engagements shall identify whether they are advisory, consultancy, training, facilitation, paid expert work, volunteer contribution, learning-linked participation, sponsored support, grant-supported support, or other governed activity. **13.7 Community and Indigenous Consent Boundary.** Risk Agency work involving communities or Indigenous participants where applicable shall preserve non-extractive engagement, protected knowledge rules, participation-without-consent discipline, and community-facing correction. No Risk Agency output shall grant community consent, Indigenous consent, consultation completion, land access, rights waiver, or legitimacy transfer by implication. *** ### 14. Public-Safe Communication, Safeguards, and Community Protection **14.1 Safeguard Discipline.** The Risk Agency shall treat safeguards as core risk practice. Advisory, consultancy, training, and facilitation work shall address community participation, Indigenous protocols where applicable, protected knowledge, accessibility, youth safeguards, disability inclusion, rights-bearing data, non-extractive engagement, public-interest participation, and community-facing correction where relevant. **14.2 Public-Safe Communication.** The Risk Agency shall ensure that public-facing outputs avoid overclaim, false certainty, unsafe comparisons, panic-inducing language, public authority overclaim, finance overclaim, insurance overclaim, procurement overclaim, provider validation, sponsor overclaim, consent overclaim, technical readiness overclaim, and reputational misuse. **14.3 Protected Knowledge.** Protected knowledge, Indigenous knowledge where applicable, sacred knowledge, place-based knowledge, culturally sensitive knowledge, and rights-bearing data shall not be extracted, published, tokenized, benchmarked, scored, geocoded, modeled, AI-trained, commercialized, credentialized, or handed off without lawful and appropriate authority. **14.4 Accessibility and Localization.** Risk Agency outputs should support accessibility, plain language, multilingual delivery where appropriate, disability inclusion, low-bandwidth participation where possible, cultural localization, legal localization, public-safe translation, and local-context preservation. **14.5 Community Leader Boundary.** Community leaders engaged through the Risk Agency shall be recognized within their recorded scope. Their participation shall not imply that they represent all communities, all affected persons, all rights holders, all Indigenous peoples where applicable, or all local interests unless separately and lawfully recorded. **14.6 Public Repair.** Where Risk Agency outputs cause or contribute to public-safe error, mistranslation, overclaim, safeguard failure, consent confusion, public authority overclaim, finance overclaim, insurance overclaim, procurement overclaim, provider overclaim, or harmful public meaning, the Risk Agency shall support correction, withdrawal, supersession, public repair where appropriate, and archive. *** ### 15. Commercial Model, Sustainability, Independence, and Anti-Capture **15.1 Sustainability Model.** The Risk Agency may sustain itself through advisory mandates, consultancy retainers, training fees, institutional subscriptions, public-good sponsorship, hosted expert panels, capacity-building programs, donor-supported training, public authority learning programs, enterprise advisory work, Nexus Universe preparation support, National Node support, and licensed support services. **15.2 Revenue Boundary.** Revenue, fees, sponsorship, subscriptions, client mandates, referral arrangements, or donor support shall not create sponsor control, provider validation, expert bias, public authority approval, procurement preference, financeability, insurability, donor commitment, public finance allocation, or execution authority. **15.3 Commercial Independence.** No client fee, retainer, success fee, subscription, sponsorship, provider contribution, referral arrangement, donor support, or public authority program shall purchase expert standing, alter public-good records, suppress correction, control expert matching, influence advisory conclusions, determine Marketplace visibility, change Registry status, create provider preference, or imply finance, insurance, procurement, public authority, certification, consent, or execution meaning. **15.4 No Pay-to-Standing.** Expert standing shall not be purchased. Payments, sponsorships, institutional relationships, provider relationships, client relationships, donations, subscriptions, or visibility arrangements shall not determine expert standing, ranking, eligibility, review status, or matching priority unless explicitly recorded as a non-merit administrative factor and controlled for conflict. **15.5 No Contingent Outcome Capture.** The Risk Agency shall not use contingent success fees tied to financing, insurance approval, procurement award, public finance allocation, donor award, public authority approval, regulatory outcome, project authorization, or investment transaction unless separately lawful, expressly reviewed, conflict-controlled, and clearly outside any public-good record or no-reliance context. **15.6 Sponsor and Provider Controls.** Sponsors and providers may support training, tools, venues, compute, data rooms, scholarships, fellowships, technical content, or programs, but shall not control expert matching, standing records, advisory conclusions, public-safe outputs, Registry status, Marketplace display, public authority learning, readiness room outputs, or handoff boundaries. **15.7 Client Capture Controls.** The Risk Agency shall not allow client relationships to rewrite Nexus public-good records, suppress corrections, inflate claims, bypass safeguards, privatize commons outputs, manipulate expert standing, or convert advisory work into hidden execution. **15.8 Expert Fairness.** The Risk Agency shall protect experts from uncompensated extraction, unsafe client demands, inappropriate reliance, public misrepresentation, conflict pressure, harassment, political pressure, sponsor pressure, provider pressure, and unsupported claims about their authority. **15.9 Public-Good Discipline.** The Risk Agency shall remain aligned with Nexus public-good discipline even when serving enterprise or third-party clients. Client service shall not override validity-by-record, correctionability, public-good firewall, public-safe language, national ownership, community safeguards, protected knowledge controls, or no-conversion rules. *** ### 16. Contracting Instruments, Notices, and Engagement Terms **16.1 Master Services Terms.** Risk Agency engagements may be governed by Master Services Terms identifying service scope, role boundaries, reliance level, client responsibility, confidentiality, data use, AI use, public-safe communication, conflicts, fees, correction, withdrawal, archive, and no-conversion notices. **16.2 Expert Engagement Terms.** Expert Engagement Terms shall identify expert role, scope, permitted services, prohibited services, conflicts, confidentiality, data access, AI-use rules, public-safe language, output duties, correction duties, client communication limits, and no-authority boundaries. **16.3 Client Engagement Terms.** Client Engagement Terms shall identify client class, scope, deliverables, reliance label, permitted use, prohibited use, third-party sharing restrictions, client responsibility, data obligations, confidentiality, public authority boundaries, finance boundaries, insurance boundaries, procurement boundaries, legal boundaries, correction pathway, and archive. **16.4 Training Terms.** Training Terms shall identify learning status, training-use status, non-certification language, instructor role, participant obligations, data restrictions, recording rules, public-safe language, micro-credential relationship where applicable, iCRS relationship where applicable, and correction pathway. **16.5 Public Authority Learning Room Terms.** Public Authority Learning Room Terms shall identify non-decision status, data restrictions, participant role, output status, public-safe review, no public warning status, no official classification status, no regulatory comfort status, and public authority responsibility. **16.6 Readiness Room Terms.** Readiness Room Terms shall identify no-reliance status, no solicitation status, no transaction status, confidentiality, competition controls, regulated-perimeter controls, finance and insurance boundaries, donor and public finance boundaries, output limits, and correction pathway. **16.7 Secure Room, Data Room, and Clean Room Terms.** Secure Room, Data Room, and Clean Room Terms shall identify access controls, purpose, data restrictions, output review, no-download rules where applicable, AI-use rules, logging, confidentiality, incident response, sealing, deletion, and archive. **16.8 Community Engagement Terms.** Community Engagement Terms shall identify non-extractive engagement, participation-without-consent discipline, protected knowledge rules, public-safe language, accessibility, translation, community-facing correction, and no representation beyond recorded scope. **16.9 Sponsor and Provider Support Terms.** Sponsor and Provider Support Terms shall identify support without control, no provider validation, no sponsor influence, no procurement meaning, no finance meaning, no public authority meaning, public-safe display, conflicts, correction, and archive. **16.10 Standard Notices.** The Risk Agency may use standard No-Reliance Notices, Public-Safe Output Notices, No-Certification Notices, No-Procurement Notices, No-Finance Notices, No-Insurance Notices, No-Public-Authority Notices, No-Consent Notices, AI-Use Notices, Data-Use Notices, and Handoff Support Notices. *** ### 17. Engagement Lifecycle, Quality Assurance, and Review Levels **17.1 Engagement Intake.** Each Risk Agency engagement shall begin with intake classification, including client type, jurisdiction, domain, risk type, intended use, data sensitivity, public authority relevance, finance relevance, insurance relevance, procurement relevance, community relevance, safeguard needs, confidentiality needs, expert class, delivery mode, output class, reliance level, and boundary risks. **17.2 Scope Definition.** Each engagement shall have a defined scope, permitted use, prohibited use, reliance level, output class, confidentiality status, public-safe status, data-use status, AI-use status, expert role, client responsibility, correction pathway, and archive rule. **17.3 Expert Matching and Conflict Review.** Expert matching shall occur only after expert standing, conflicts, availability, jurisdictional fit, data access needs, safeguard capacity, public-safe communication capability, reliance fit, and boundary fit have been reviewed. **17.4 Review Level Assignment.** Each engagement shall identify review levels required for its outputs, which may include expert review, Guild review, public-safe review, safeguard review, data review, privacy review, cyber review, AI review, legal-boundary review, finance-boundary review, insurance-boundary review, procurement-boundary review, public-authority-boundary review, or controlled-release review. **17.5 Delivery.** Delivery shall occur through the agreed delivery mode and shall remain within recorded scope. Material scope changes shall require update, review, and record. **17.6 Output Review.** Outputs shall be reviewed according to output class, public-safe status, data sensitivity, confidentiality, client reliance level, legal boundary, finance boundary, insurance boundary, procurement boundary, public authority boundary, safeguard status, and publication status. **17.7 Correction and Closeout.** Engagement closeout shall include final output classification, reliance label, client responsibility statement, correction pathway, feedback record, expert performance record where appropriate, conflict update, learning capture, and archive. **17.8 Renewal.** Repeated or continuing engagements shall be renewed through current records. Prior matching, prior expert standing, prior client use, prior output visibility, prior sponsorship, or prior Nexus Universe participation shall not automatically authorize future engagement. *** ### 18. Incidents, Correction, Withdrawal, and Public Repair **18.1 Incident Categories.** Risk Agency incidents may include expert overclaim, client misuse, confidentiality breach, privacy incident, cyber incident, AI incident, public-safe communication failure, safeguard failure, protected knowledge exposure, public authority overclaim, finance overclaim, insurance overclaim, procurement overclaim, consent overclaim, sponsor or provider influence, commercial capture, role collapse, handoff overclaim, or unauthorized public reliance. **18.2 Incident Severity.** Incidents may be classified according to severity, affected parties, reliance risk, public-safe risk, data sensitivity, public authority relevance, finance relevance, procurement relevance, insurance relevance, safeguard harm, legal exposure, and correction urgency. **18.3 Incident Intake and Triage.** Incidents shall be received, classified, triaged, assigned, and recorded. Triage shall determine containment needs, access restrictions, public-safe communication needs, expert suspension needs, client notification needs, data sealing needs, withdrawal needs, public repair needs, and archive actions. **18.4 Containment.** Containment may include pausing engagement, restricting access, suspending expert standing, withdrawing outputs, limiting publication, issuing correction, sealing data, notifying affected parties where appropriate, stopping AI use, restricting client use, and preserving records. **18.5 Correction.** Incorrect advisory outputs, stale training, unsupported claims, public-safe errors, data errors, AI errors, confidentiality errors, mistranslations, accessibility failures, expert overclaims, client misuse, sponsor overclaims, provider overclaims, public authority overclaims, finance overclaims, procurement overclaims, insurance overclaims, consent overclaims, and handoff overclaims shall be corrected. **18.6 Withdrawal and Public Repair.** Outputs may be withdrawn, sealed, delisted, superseded, or archived where issued in error, unsupported, unsafe, unlawful, privacy-violating, confidentiality-violating, cyber-risky, protected-knowledge-exposing, misclassified, overclaimed, duplicated, conflicted, superseded, or harmful to public-safe meaning. Public repair shall be used where public meaning has been materially harmed. **18.7 Archive.** Incident records, correction records, withdrawal records, supersession records, public repair records, expert suspension records, client misuse records, and role-collapse records shall be archived without implying current authority, current standing, or current reliance. *** ### 19. Registers, Records, Governance, and Archive **19.1 Risk Agency Register.** The Risk Agency may maintain a **Risk Agency Register** identifying active service lines, expert classes, practice groups, regional hubs, national desks, delivery modes, output classes, matching rules, standing rules, reliance labels, review levels, correction rules, archive rules, and no-conversion notices. **19.2 Expert Standing Register.** An **Expert Standing Register** may record expert class, standing level, evidence basis, Guild affiliation, Risk Academy affiliation, WILP mentor status, iCRS contribution record, reviewed artifacts, public-safe publication record, National Node relationship, conflict status, privacy status, suspension status, renewal status, and archive. **19.3 Client Class Register.** A **Client Class Register** may record client categories, applicable boundary rules, standard engagement terms, permitted outputs, prohibited outputs, reliance defaults, data controls, public-safe controls, and correction pathways. **19.4 Engagement Register.** An **Engagement Register** may record client class, engagement scope, expert class, delivery mode, data class, output class, reliance level, review level, confidentiality status, public-safe status, conflicts, correction status, and archive. **19.5 Conflict Register.** A **Conflict Register** shall record conflicts involving experts, clients, sponsors, providers, public authorities, capital readers, insurers, donors, public finance readers, universities, communities, Indigenous protocol pathways where applicable, National Nodes, National Consortium Companies, Project SPVs, prior employers, prior engagements, data access, political interests, and related parties. **19.6 Output Register.** An **Output Register** may record advisory memoranda, consultancy notes, training materials, workshop records, readiness maps, public-safe summaries, evidence interpretation notes, Studio records, GRIx interpretation notes, iVRS interpretation notes, Foundry support packs, handoff support notes, correction notices, and expert panel records, including status, version, permitted use, prohibited use, reliance label, review level, correction status, and archive. **19.7 Incident Register.** A **Risk Agency Incident Register** shall record public-safe incidents, confidentiality incidents, privacy incidents, cyber incidents, AI incidents, expert overclaims, client misuse, sponsor or provider overclaims, public authority overclaims, finance overclaims, insurance overclaims, procurement overclaims, consent overclaims, safeguard incidents, commercial capture incidents, and role-collapse incidents. **19.8 Contracting Instrument Register.** A **Contracting Instrument Register** may record Master Services Terms, Expert Engagement Terms, Client Engagement Terms, Training Terms, Public Authority Learning Room Terms, Readiness Room Terms, Secure Room Terms, Data Room Terms, Clean Room Terms, Community Engagement Terms, Sponsor and Provider Support Terms, and standard notices. **19.9 Correction and Archive Registers.** A **Correction Register** shall record correction, supersession, withdrawal, public repair, renewal, and non-continuation actions. An **Archive Register** shall preserve historical expert records, retired service lines, closed engagements, corrected outputs, withdrawn outputs, sealed records, incident records, and non-current statuses without current authority. **19.10 Governance Discipline.** Risk Agency governance shall be coordination, quality control, boundary discipline, and correction, not command over experts, public authorities, clients, National Nodes, Nexus Guilds, public-good records, or lawful implementation actors. *** ### 20. Standard No-Conversion Rule and Final Operating Formula **20.1 No-Conversion.** No Risk Agency pathway, expert match, Agency Standing Record, advisory memorandum, consultancy note, training material, workshop record, readiness question map, risk interpretation note, public-safe summary, evidence interpretation note, scenario learning record, dashboard literacy note, stakeholder map, safeguard note, dependency register, assumptions register, diligence-gap register, no-reliance note, public authority learning note, community-facing note, technical translation note, National Portfolio support note, Studio exercise record, DICE onboarding record, GRIx interpretation record, iVRS interpretation record, Foundry support pack, Nexus Universe preparation pack, lawful handoff support note, expert panel, Guild panel, public authority learning room, readiness room, secure room, data room, clean room, Nexus Studio session, Marketplace support, Registry interpretation, Grid literacy support, TRL support, Nexus Universe participation, Core Build participation, National Node participation, National Working Group participation, Nexus Competence Cell participation, provider-supported engagement, sponsor-supported engagement, capital-reader-room participation, insurance-reader-room participation, donor-reader-room participation, public finance learning-room participation, proof receipt, digital credential, badge, archive record, correction record, supersession record, withdrawal record, public repair record, renewal record, client feedback, expert standing display, or public-facing Risk Agency profile shall create scientific consensus, recognition beyond recorded scope, professional certification, accreditation, audit assurance, risk rating, ESG rating, sustainability rating, public warning, emergency alert, official classification, environmental approval, legal compliance, privacy compliance, cybersecurity certification, AI safety certification, professional license, academic degree, employment eligibility, compensation entitlement, government approval, public authority approval, procurement status, commercial approval, provider validation, supplier approval, financeability, insurability, underwriting acceptance, investment readiness, donor commitment, grant approval, public finance allocation, valuation, solicitation, offer, transaction readiness, maturity certification beyond recorded bounded status, warranty beyond stated terms, community consent, Indigenous consent where applicable, consultation completion, protected knowledge permission, land access, rights waiver, spectrum approval, flight approval, operational authorization, deployment authorization, operational command, regulated disclosure satisfaction, tax treatment, accounting classification, audit evidence, intelligence function, surveillance authority, or execution authority by implication. **20.2 Final Operating Formula.** The controlling Risk Agency formula is that **The Global Centre for Risk and Innovation-supported functions ground evidence, methods, ontology, data governance, public-good software, open technical baselines, AI controls, cyber controls, secure-room methods, compute-to-data methods, privacy-enhancing technologies, and verifiable records; The Global Risks Forum-supported functions preserve public-good legitimacy, claims discipline, stakeholder formation, public-safe reporting, correction, and public meaning; The Global Risks Alliance-supported functions preserve readiness literacy, capital-readability, insurance-readiness questions, disaster-risk-finance literacy, donor-readiness questions, public finance relevance questions, no-reliance rooms, and regulated-perimeter discipline; Risk Academy and Nexus Academy form learning pathways, WILPs, micro-credentials, faculty pools, and expert development; DICE provides trusted data commons, knowledge commons, software commons, contribution records, Guild infrastructure, access controls, rights records, AI-use labels, and public-good digital infrastructure; GRIx structures risk intelligence; iVRS structures value and reporting; Nexus Observatory supplies governed signals, indicators, dashboards, DRI, geospatial layers, digital twins, and uncertainty discipline; Nexus Foundry turns risk needs into governed builds, packs, records, releases, Studio workflows, Marketplace objects, Registry records, Grid inputs, TRL support records, and lawful handoff dependencies; Nexus Universe concentrates annual learning, risk translation, public authority learning, stakeholder learning, technical preparation, and public-safe publication; Nexus Network preserves agency memory; Nexus Rails route agency objects; Nexus Marketplace enables bounded discovery; Nexus Registry preserves status truth; Nexus Studio provides controlled runtime and simulation environments; Nexus Grid may receive bounded maturity inputs without certification; TRL 1–10 may classify technical readiness only where applicable; National Nodes localize advisory and capacity-building pathways; National Working Groups and Nexus Competence Cells convert expertise into national capability; National Consortium Companies and Project SPVs may receive advisory-context, training-context, support-context, readiness-context, and dependency records only through lawful handoff; public authority learning remains learning, not approval; capital-reader and insurance-reader engagement remains no-reliance, not finance or underwriting execution; and correction remains central to trust. The Risk Agency matches, routes, advises, consults, trains, facilitates, translates, supports, records, quality-controls, corrects, renews, and archives risk expertise; it does not certify, rate, warn, regulate, license, employ, compensate by default, procure, finance, insure, approve, consent, deploy, command, or execute by implication.** **20.3 Final Risk Agency Statement.** The Risk Agency shall make expertise globally available without making expertise authority; make advisory powerful without making advisory execution; make consultancy useful without making consultancy procurement; make training practical without making training certification; make expert standing visible without making standing licensing; make community leadership meaningful without making participation consent; make public authority learning possible without public authority substitution; make finance-readiness readable without finance execution; make insurance-readiness useful without underwriting; make risk intelligence understandable without public warning overclaim; make Nexus Foundry outputs usable without implementation authorization; make Nexus Guild expertise accessible without Guild capture; make national capacity stronger without bypassing national ownership; make lawful handoff clearer without collapsing the public-good stack into the enterprise stack; and make correction central so that trust in expertise is renewed by record rather than claimed by reputation. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.therisk.global/organization/operations/pillars/ii.-agency.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.