# ARTICLE XV. FINANCE

### Section 349. Fiscal Stewardship and Nonprofit Treasury Governance

349.1 Fiscal Stewardship Purpose.\
GCRI Canada shall maintain fiscal stewardship and nonprofit treasury governance to ensure that all funds, assets, grants, donations, sponsorships, subscriptions, fees, reimbursements, cost-recovery amounts, in-kind contributions, restricted funds, unrestricted funds, reserves, public-good technical assets, and financial records are received, held, used, reported, safeguarded, and closed out in a manner consistent with GCRI Canada’s public-benefit purpose, nonprofit and non-distribution character, legal separateness, research integrity, public-good stewardship, anti-capture obligations, public authority boundaries, finance-readiness boundaries, procurement neutrality, provider neutrality, sponsor support-without-control, data / AI / cyber continuity, public-safe publication, and correctionability. Fiscal stewardship shall be treated as a core governance function, not merely an administrative function, because financial control protects mission lock, institutional independence, public trust, evidence integrity, technical continuity, and the credibility of GCRI Canada’s non-executing public-good role.

349.2 Public-Benefit Use of Funds.\
Funds and assets of GCRI Canada shall be used only for lawful purposes consistent with its public-benefit mission, Articles, this Bylaw, Board-approved budgets, donor or grant restrictions lawfully accepted, applicable agreements, and approved programs. Public-benefit use may include research, evidence infrastructure, methods development, observability methods, ontology stewardship, public-good software, open technical baselines, data governance, AI governance, cybersecurity, public-safe publication, Academy programs, fellowships, training, community safeguards, public authority learning, records, legal compliance, insurance, audit, risk management, institutional operations, and other approved purposes. Funds shall not be used to confer improper private benefit, purchase influence, distort research outcomes, create provider preference, procure advantage, finance-readiness influence, certification influence, public authority access, recognition, maturity status, political benefit, or personal enrichment.

349.3 Nonprofit Treasury Discipline.\
GCRI Canada shall maintain nonprofit treasury discipline by ensuring that treasury decisions are guided by mission, prudence, liquidity, restricted-fund compliance, continuity, risk control, segregation of duties, documentation, auditability, and Board oversight. Treasury discipline shall include cash management, bank account controls, reserve planning, budget discipline, payment controls, investment of idle funds where lawful and prudent, restricted-fund tracking, donor-condition compliance, grant-condition compliance, fraud controls, financial reporting, reconciliation, and record retention. Treasury discipline shall not be used to operate as an investment adviser, fund manager, securities issuer, lending institution, insurer, underwriter, capital arranger, public finance authority, or enterprise execution vehicle.

349.4 Non-Distribution Requirement.\
GCRI Canada shall not distribute profits, surplus, assets, dividends, patronage returns, equity-like interests, residual claims, or private earnings to directors, officers, members, participants, subscribers, donors, sponsors, providers, hosts, partners, contributors, fellows, employees, contractors, public authorities, National Consortium Companies, Project SPVs, or any private person except as lawful compensation, reimbursement, grant, stipend, scholarship, award, contract payment, program payment, or other payment approved for a bona fide public-benefit, operational, contractual, or legal purpose. Dissolution, winding-up, or asset-transfer treatment shall be governed by applicable law, the Articles, this Bylaw, and any required public-benefit or nonprofit asset-lock requirements.

349.5 No Private Inurement.\
No part of GCRI Canada’s income, assets, opportunities, data, technical assets, public-good software, baselines, publications, public authority relationships, program access, sponsorship benefits, or institutional reputation shall inure improperly to the private benefit of any director, officer, member, employee, contractor, fellow, advisor, donor, sponsor, provider, host, partner, public authority participant, capital reader, National Consortium Company, Project SPV, or related person. Transactions involving insiders, related parties, sponsors, providers, donors, funders, hosts, public authorities, universities, laboratories, or Nexus actors shall be conflict-reviewed, documented, fair, mission-aligned, and subject to recusal where required. Private benefit that is incidental, reasonable, mission-related, and lawfully approved may be permitted only within recorded limits.

349.6 Prudent Stewardship of Corporate Resources.\
Directors, officers, employees, contractors, committee participants, program stewards, and other authorized persons shall exercise prudent stewardship over GCRI Canada’s funds, systems, records, technical assets, software, data, intellectual property, licenses, subscriptions, facilities, repositories, controlled rooms, data rooms, cloud environments, public-good materials, and institutional relationships. Prudent stewardship requires reasonable care, mission alignment, cost discipline, value assessment, security, continuity, conflict management, documentation, and correction. Resources shall not be used wastefully, personally, politically, unlawfully, for provider advantage, for sponsor benefit beyond approved acknowledgment, for procurement steering, for finance promotion, or for public authority misdescription.

349.7 Financial Integrity as Governance Control.\
Financial integrity shall be treated as a governance control that supports Board oversight, officer accountability, lawful delegation, budget discipline, program integrity, restricted-fund compliance, records, auditability, and institutional continuity. Financial records shall be sufficiently accurate, timely, and complete to allow the Board to understand GCRI Canada’s financial position, commitments, reserves, runway, restricted funds, program obligations, risks, and resource needs. Financial integrity shall support correction of errors, misallocations, overcommitments, donor-condition issues, grant-condition issues, sponsor-benefit issues, and improper private benefit concerns.

349.8 Financial Integrity as Anti-Capture Control.\
Financial integrity shall function as an anti-capture control by ensuring that funding sources, sponsorships, donations, subscriptions, grants, in-kind contributions, provider credits, host support, public authority support, and cost-recovery arrangements do not control GCRI Canada’s governance, evidence, methods, research conclusions, public-good software, technical baselines, publications, public authority access, Nexus interface outputs, GRF-compatible inputs, GRA-facing technical inputs, Nexus Rails inputs, Nexus Grid inputs, or correction decisions. Financial arrangements shall be reviewed for sponsor control, provider preference, donor influence, funder influence, host influence, public authority overclaim, finance-readiness influence, certification influence, procurement advantage, recognition purchase, and improper private benefit.

349.9 Financial Integrity as Public Trust Control.\
Financial integrity shall support public trust by requiring accurate financial records, clear restrictions, transparent stewardship where appropriate, public-safe summaries where approved, timely correction of financial misstatements, proper treatment of donations, grants, subscriptions, sponsorships, fees, and in-kind support, and avoidance of misleading claims about funders, sponsors, public authorities, providers, or partners. Public-facing financial summaries shall be accurate, non-promotional, public-safe, and boundary-compliant. Public trust shall not be traded for sponsor visibility, provider branding, public authority implication, exaggerated funding claims, or unsupported sustainability claims.

349.10 Financial Integrity as Research Integrity Control.\
Financial integrity shall support research integrity by ensuring that research funding, program grants, sponsorships, fellowships, stipends, awards, lab support, challenge funding, benchmarking subscriptions, and provider contributions do not distort research questions, evidence selection, methods, conclusions, publication timing, negative-result capture, correction, withdrawal, retraction, public-safe summaries, or technical baseline content. Funding sources and conflicts shall be disclosed or controlled where material. No funding arrangement shall purchase findings, suppress findings, veto methods, control evidence, guarantee publication, create provider endorsement, or influence public authority-facing conclusions.

349.11 Financial Integrity as Data / AI / Cyber Continuity Control.\
Financial integrity shall support data / AI / cyber continuity by ensuring that budgets, reserves, grants, subscriptions, vendor payments, cloud costs, repository costs, cybersecurity costs, AI provider costs, storage costs, backup costs, incident response costs, privacy compliance costs, controlled-room costs, data-room costs, and technical asset maintenance costs are planned and controlled. Financial discontinuity shall not be allowed to create unmanaged data, abandoned repositories, unsupported software, unpatched systems, broken correction paths, lost records, uncontrolled cloud accounts, shadow IT, or insecure public-good assets.

349.12 Financial Integrity as Public-Good Technical Asset Continuity Control.\
Financial integrity shall support continuity of public-good technical assets, including software, schemas, APIs, SDKs, dashboards, maps, test harnesses, benchmark tools, ontology files, data dictionaries, technical baselines, model cards, dataset cards, system cards, public-safe publication tools, Observatory-supporting tools, Truth Engine-supporting tools, and verifiable compute tools. Financial planning shall account for maintenance, security, dependency review, documentation, licensing, repository costs, contributor support, deprecation, retirement, archival, and correction. Technical assets shall not be launched without reasonable consideration of maintenance and exit.

349.13 Board Oversight of Treasury.\
The Board shall oversee treasury governance, financial integrity, budgets, reserves, restricted funds, financial statements, audit or review engagement where applicable, material expenditures, material funding arrangements, bank account authority, signing authority, risk controls, fraud controls, financial reporting, and financial policy. The Board may delegate day-to-day treasury administration to officers or management, but delegation shall not relieve the Board of oversight responsibility. Board oversight shall include review of financial risks that may affect mission lock, public-benefit purpose, independence, data / AI / cyber continuity, public-good technical assets, public authority relationships, and anti-capture posture.

349.14 Officer and Management Duties.\
Officers and management shall administer GCRI Canada’s financial affairs within Board-approved budgets, delegations, policies, agreements, restricted-fund conditions, accounting controls, signing authority, and applicable law. Officer and management duties include maintaining books, preparing budgets, monitoring variance, supporting reconciliations, managing payments, maintaining documentation, tracking restricted funds, reporting financial condition, escalating risks, preventing fraud, preserving records, and ensuring that financial administration supports public-benefit purpose. Officers and management shall not use delegated authority to approve self-benefit, bypass restrictions, conceal deficits, create unauthorized commitments, or accept funding conditions inconsistent with this Bylaw.

349.15 Segregation of Duties.\
GCRI Canada shall maintain segregation of duties proportionate to size, complexity, staffing, risk, and resources. Segregation may separate authorization, custody, payment initiation, payment approval, reconciliation, bookkeeping, financial reporting, vendor setup, payroll approval, expense approval, restricted-fund release, bank administration, and financial statement review. Where full segregation is not practical, compensating controls shall be used, including Board review, dual approval, independent reconciliation, external bookkeeping, audit or review, management reporting, access restrictions, and periodic control review.

349.16 Documentation and Auditability.\
Financial transactions, commitments, budgets, amendments, grants, donations, sponsorships, subscriptions, fees, reimbursements, awards, stipends, contracts, in-kind contributions, restricted funds, payroll, contractor payments, vendor payments, expense reimbursements, credit card charges, transfers, foreign exchange, bank reconciliations, financial statements, and financial reports shall be documented and auditable. Documentation shall identify authority, purpose, amount, account, funding source, restriction, approval, invoice or support, payment method, recipient, classification, and records location. Auditability shall be sufficient to support Board oversight, legal compliance, restricted-fund accountability, public trust, and correction.

349.17 Fiscal Stewardship Records.\
GCRI Canada shall maintain fiscal stewardship records, including fiscal stewardship purpose records, public-benefit use-of-funds records, nonprofit treasury discipline records, non-distribution records, private inurement reviews, prudent stewardship records, financial integrity governance records, anti-capture financial review records, public trust financial records, research integrity financial records, data / AI / cyber continuity financial records, public-good technical asset continuity records, Board treasury oversight records, officer and management duty records, segregation of duties records, documentation and auditability records, corrections, reconciliations, reviews, closeouts, and archives.

***

### Section 350. Budget Cycle, Annual Budget, Material Amendments, Reserves, Runway, Sustainability, and Multi-Year Planning

350.1 Budget Cycle.\
GCRI Canada shall maintain a budget cycle appropriate to its size, stage, programs, funding sources, restricted funds, staffing, technical assets, data / AI / cyber obligations, public authority interfaces, publication commitments, Academy programs, fellowships, labs, challenges, benchmarking programs, and Nexus-compatible activities. The budget cycle shall include planning, management input, program forecasts, restricted-fund review, draft budget preparation, Board review, approval, variance monitoring, amendment, reserve review, sustainability review, and closeout. The cycle shall preserve public-benefit purpose, fiscal prudence, anti-capture discipline, and mission lock.

350.2 Annual Budget Requirement.\
GCRI Canada shall prepare an annual budget for each fiscal year unless the Board determines that a shorter or alternate budget period is appropriate during formation, transition, restructuring, extraordinary circumstances, or special program phases. The annual budget shall include expected revenues, grants, donations, sponsorships, subscriptions, fees, cost recovery, in-kind support where tracked, operating costs, program costs, restricted funds, unrestricted funds, staffing, contractors, technology, legal, insurance, audit, risk, reserves, contingency, and capital or technical asset needs. The annual budget shall be an authorization and planning control, not a guarantee of funding or obligation to spend.

350.3 Board Approval of Annual Budget.\
The annual budget shall be approved by the Board or, where urgent timing requires interim action, by a process authorized by the Board subject to ratification. Board approval shall consider mission alignment, funding reliability, restricted-fund conditions, public-benefit priority, operating runway, reserve adequacy, technical continuity, data / AI / cyber obligations, legal compliance, public authority obligations, community safeguards obligations, sponsor and donor conditions, provider neutrality, and risk. No officer or manager shall materially exceed the approved budget without authority under this Bylaw, Board policy, or emergency procedure.

350.4 Budget Categories.\
The budget may include categories for research, evidence, methods, observability, ontology, public-good software, technical assets, open technical baselines, data governance, AI governance, cybersecurity, public authority learning, publication, Academy programs, fellowships, training, community safeguards, accessibility, labs, pilots, adoption windows, replication sprints, challenge programs, benchmarking, Partnering Office activities, legal, compliance, insurance, audit, accounting, administration, fundraising, communications, reserves, and contingencies. Budget categories shall support transparency, accountability, restricted-fund tracking, and program-level management.

350.5 Research Budget.\
The research budget may support literature review, field research, desk research, research fellows, technical fellows, research tools, datasets, controlled access, ethics review, translation, accessibility, publication review, peer review, research integrity processes, and research closeout. Research budget controls shall preserve independence, avoid sponsor control, support negative-result capture, and ensure that research funds are not used to purchase predetermined outcomes, provider endorsement, finance-readiness claims, certification implications, procurement advantage, recognition, or maturity status.

350.6 Evidence and Methods Budget.\
The evidence and methods budget may support source records, evidence packs, proof packs, methods development, replication, validation, benchmarking methodology, source comparison, public-safe summaries, confidence notes, limitation notes, review mechanisms, evidence repositories, controlled annexes, and correction pathways. The budget shall support disciplined evidence and methods work without converting evidence outputs into public authority decisions, finance-readiness determinations, certifications, procurement approvals, ratings, recognition, maturity determinations, or execution instructions.

350.7 Public-Good Software and Technical Asset Budget.\
The public-good software and technical asset budget may support software development, repositories, maintainers, technical contributors, secure development, dependency review, vulnerability management, licenses, SBOM practices where appropriate, documentation, APIs, SDKs, schemas, dashboards, maps, test harnesses, benchmark tools, ontology files, model cards, dataset cards, system cards, technical baselines, deprecation, retirement, and archival. Budgeting shall account for maintenance and security obligations before public release wherever feasible.

350.8 Data / AI / Cybersecurity Budget.\
The data / AI / cybersecurity budget may support data governance, privacy compliance, AI governance, approved AI tools, model governance, cybersecurity controls, identity and access management, MFA, logging, monitoring, incident response, penetration testing where appropriate, vulnerability management, secure architecture, backups, controlled rooms, data rooms, repository security, cloud security, and training. Budgeting shall recognize that underfunded data / AI / cyber controls can create legal, public-safe, operational, and reputational risk.

350.9 Public Authority Learning and Publication Budget.\
The public authority learning and publication budget may support public authority learning materials, capacity-classified engagement, public-safe publication review, reports, whitepapers, websites, social media, speeches, decks, public-safe maps, dashboards, media protocol, translations, accessibility, public authority reference review, public-safe corrections, controlled summaries, and archive management. Budgeting shall include boundary discipline and shall not support public authority lobbying, procurement steering, public warning substitution, or regulatory substitution unless separately lawful and approved.

350.10 Academy, Fellowship, and Training Budget.\
The Academy, fellowship, and training budget may support curriculum, trainers, learning platforms, fellows, scholarships, stipends, awards, technical residencies, role-based training, competence-cell training, train-the-trainer pathways, public-safe playbooks, controlled annexes, accessibility, translation, learning records, renewal, revocation, and closeout. Budgeting shall preserve credential non-inflation and shall not imply professional certification, regulated credential, public authority qualification, procurement eligibility, finance-readiness, recognition, or maturity status.

350.11 Safeguards and Community Participation Budget.\
The safeguards and community participation budget may support community engagement, Indigenous / local / territorial knowledge safeguards, protected participant support, accessibility, translation, travel support, custodial review, consent or authorization processes, public-safe mapping review, community harm prevention, withdrawal and correction processes, controlled annexes, and protected knowledge stewardship. Budgeting shall avoid extractive participation, tokenization, coercion, and conversion of protected knowledge into ordinary program materials.

350.12 Legal, Compliance, Insurance, Audit, and Risk Budget.\
The legal, compliance, insurance, audit, and risk budget may support legal advice, corporate compliance, privacy advice, export-control review, sanctions review, controlled technology review, contracts, intellectual property, employment, nonprofit compliance, insurance, audit or review engagement, accounting support, risk assessment, incident response, conflict review, and Board governance support. Such budget shall support institutional resilience and shall not be reduced below prudent levels where legal or risk exposure is material.

350.13 Restricted Funds Budgeting.\
Restricted funds shall be budgeted separately or otherwise tracked to ensure that funds are used only for accepted restrictions, lawful purposes, approved programs, permitted costs, and required reporting. Restricted-fund budgeting shall identify restrictions, eligible costs, prohibited costs, indirect cost treatment, matching obligations, reporting dates, closeout requirements, return or reallocation terms, and conflicts. Restricted funds shall not be commingled in a manner that defeats accountability, even where bank accounts are operationally combined.

350.14 Material Budget Amendments.\
Material amendments to the approved budget shall require approval under the Board’s budget policy, signing authority, or delegation matrix. Material amendments may include new programs, material increases in expenditures, material decreases in expected revenue, new restricted funds, new staffing commitments, major technology commitments, major legal or risk exposure, new debt-like obligations where lawful, reserve drawdowns, emergency expenditures, or changes that affect mission, solvency, public-good technical continuity, or restricted-fund compliance. Amendments shall be documented.

350.15 Emergency Budget Amendments.\
Emergency budget amendments may be authorized where urgent action is required to protect safety, legal compliance, data / AI / cyber security, privacy, public authority obligations, protected knowledge, public-safe publication, records, core operations, or institutional continuity, and Board approval cannot reasonably be obtained in time. Emergency amendments shall be limited, documented, reported to the Board promptly, and ratified or revised according to policy. Emergency authority shall not be used to bypass ordinary budget controls for convenience or private benefit.

350.16 Operating Reserves.\
GCRI Canada may maintain operating reserves to support continuity, payroll where applicable, essential systems, rent or facility obligations where applicable, legal compliance, insurance, recordkeeping, public-good technical asset maintenance, data / AI / cyber controls, and orderly wind-down or transition. Operating reserves shall be reviewed periodically by the Board. Reserve targets may vary according to funding reliability, program commitments, restricted funds, technical obligations, and risk exposure.

350.17 Research Continuity Reserves.\
GCRI Canada may maintain research continuity reserves to protect critical research records, evidence records, methods work, public authority learning commitments, fellowships, datasets, controlled rooms, publication review, and correction obligations where funding interruption would materially harm integrity or public benefit. Research continuity reserves shall not be used to sustain research that is no longer lawful, ethical, public-benefit aligned, or consistent with safeguards.

350.18 Technology and Security Reserves.\
GCRI Canada may maintain technology and security reserves for cybersecurity incidents, system failures, cloud migration, repository continuity, backup restoration, urgent vulnerability remediation, public-good software maintenance, controlled-room continuity, data-room continuity, AI provider migration, technical asset deprecation, and secure disposal. Such reserves shall reflect the public-good technical asset continuity obligations of GCRI Canada.

350.19 Legal and Risk Reserves.\
GCRI Canada may maintain legal and risk reserves for legal advice, regulatory response, privacy incidents, cyber incidents, contract disputes, public authority reference corrections, protected knowledge concerns, insurance deductibles, employment issues, IP disputes, publication corrections, retractions, and other foreseeable risk needs. Legal and risk reserves shall not be used to conceal or defer required reporting, correction, or Board oversight.

350.20 Runway Targets.\
The Board may establish runway targets to identify the minimum months of operating capacity, program capacity, or core continuity that GCRI Canada should maintain. Runway targets shall account for unrestricted cash, restricted cash availability, committed grants, reliable subscriptions, recurring obligations, technical continuity, legal obligations, and closeout costs. Runway targets shall guide planning and shall not be represented as guarantees of solvency, program continuation, or funding availability.

350.21 Sustainability Planning.\
GCRI Canada shall conduct sustainability planning to ensure that programs, staffing, technical assets, public-good software, data / AI / cyber controls, public authority learning, Academy programs, fellowships, safeguards commitments, and publication obligations are not undertaken beyond reasonable resource capacity. Sustainability planning shall include funding diversity, reserve strategy, cost control, restricted-fund management, technical maintenance planning, staff capacity, closeout pathways, and decommissioning plans. Sustainability planning shall preserve mission and independence over growth for growth’s sake.

350.22 Multi-Year Financial Planning.\
GCRI Canada may maintain multi-year financial plans to support public-good institutional continuity, technical asset continuity, major program development, fundraising strategy, restricted-fund sequencing, reserve planning, staffing, infrastructure, legal compliance, and risk management. Multi-year planning shall include scenarios, dependencies, funding assumptions, program priorities, sustainability risks, and correction pathways. Multi-year plans shall be planning tools and shall not create enforceable commitments unless separately approved by competent authority.

350.23 Budget Variance Review.\
GCRI Canada shall review budget variances at intervals proportionate to size, risk, and activity. Variance review shall compare actual revenue and expenditures to budget, identify restricted-fund variance, program variance, runway changes, reserve changes, technology cost changes, legal or risk cost changes, fundraising variance, and material deviations. Significant variances shall be explained, corrected, escalated, or reflected in budget amendments. Variance review shall support Board oversight and financial integrity.

350.24 Budget Records.\
GCRI Canada shall maintain budget records, including budget cycle records, annual budgets, Board approvals, budget category records, research budget records, evidence and methods budget records, public-good software and technical asset budget records, data / AI / cybersecurity budget records, public authority learning and publication budget records, Academy / fellowship / training budget records, safeguards and community participation budget records, legal / compliance / insurance / audit / risk budget records, restricted-fund budgets, material amendments, emergency amendments, reserve records, runway target records, sustainability plans, multi-year financial plans, variance reviews, corrections, and archives.

***

### Section 351. Accounts, Books, Bank Accounts, Reconciliations, Financial Statements, Audit or Review Engagement, and Financial Reporting

351.1 Books of Account.\
GCRI Canada shall maintain accurate books of account sufficient to record revenues, expenses, assets, liabilities, fund balances, restricted funds, unrestricted funds, grants, donations, sponsorships, subscriptions, fees, in-kind contributions where tracked, accounts payable, accounts receivable, payroll where applicable, contractor payments, reimbursements, reserves, bank balances, commitments, and program-level financial activity. Books shall be maintained in a manner sufficient for Board oversight, legal compliance, financial reporting, auditability, restricted-fund accountability, public-benefit stewardship, and correction.

351.2 Accounting Standards.\
GCRI Canada shall maintain its accounts in accordance with accounting standards, practices, or methods applicable to its legal form, jurisdiction, size, and reporting obligations, as determined by the Board or authorized financial officer with professional advice where appropriate. Accounting treatment shall be consistent, documented, and reviewed where material. Changes in accounting policy or treatment that materially affect financial statements, restricted funds, reserves, revenue recognition, or reporting shall be disclosed to the Board.

351.3 Chart of Accounts.\
GCRI Canada shall maintain a chart of accounts appropriate to its activities, including categories for operating funds, restricted funds, program revenue, grants, donations, sponsorships, subscriptions, fees, cost recovery, in-kind support where tracked, research expenses, evidence and methods expenses, software and technical asset expenses, data / AI / cyber expenses, Academy and training expenses, fellowship expenses, safeguards expenses, public authority learning expenses, publication expenses, legal and compliance expenses, insurance, audit, accounting, administration, reserves, and closeout costs. The chart of accounts shall support program-level accountability and restricted-fund reporting.

351.4 Bank Accounts.\
GCRI Canada may open and maintain bank accounts, payment accounts, savings accounts, reserve accounts, restricted-fund accounts, investment or cash-management accounts where lawful and prudent, and other financial accounts approved by competent authority. Bank accounts shall be held in the legal name of GCRI Canada or another approved name consistent with law and Board authorization. No personal bank account, informal account, unapproved payment wallet, unapproved platform account, or third-party account shall be used to hold GCRI Canada funds except as expressly authorized for limited processing and promptly reconciled.

351.5 Bank Account Opening and Closing Authority.\
Bank accounts may be opened or closed only by Board resolution, officer authority under a Board-approved delegation, or other competent authority recorded in writing. Opening or closing records shall identify the institution, account type, purpose, authorized signatories, online banking administrators, limits, restrictions, linked services, restricted-fund relevance, and records location. Closing a bank account shall include reconciliation, transfer of balances, preservation of statements, cancellation of access, and update of signing authority.

351.6 Restricted Account Controls Where Appropriate.\
Where required by donor restrictions, grant terms, Board policy, legal obligation, risk profile, or prudent administration, GCRI Canada may maintain separate accounts or subaccounts for restricted funds. Where separate bank accounts are not required, accounting records shall separately track restricted funds. Restricted account controls shall prevent unauthorized use, misallocation, commingling that defeats accountability, and failure to report. Restricted funds shall be released only according to accepted restrictions and approved authority.

351.7 Cash Management.\
Cash management shall preserve liquidity, safety, lawful use, restricted-fund compliance, reserve targets, payment obligations, continuity, and prudent stewardship. GCRI Canada may use low-risk cash-management arrangements where lawful and approved, but shall not engage in speculative investment, leverage, trading, lending, capital placement, or treasury activity inconsistent with its nonprofit public-benefit role. Cash management shall account for operating runway, restricted funds, emergency needs, technical continuity, and closeout obligations.

351.8 Reconciliations.\
GCRI Canada shall perform reconciliations of bank accounts, credit cards, payment processors, restricted-fund balances, accounts payable, accounts receivable, payroll where applicable, grant balances, subscription revenue, sponsorship revenue, donation revenue, and other material accounts at intervals appropriate to risk and volume. Reconciliations shall be reviewed by an authorized person not directly responsible for the underlying transaction where feasible. Unreconciled differences shall be investigated, corrected, and reported where material.

351.9 Monthly Financial Reports Where Appropriate.\
Monthly financial reports may be prepared where appropriate to GCRI Canada’s size, stage, activity, risk, funding complexity, restricted funds, payroll obligations, program obligations, or Board requirements. Monthly reports may include income statement, balance sheet, cash position, runway, budget variance, restricted-fund status, accounts payable, accounts receivable, grant status, sponsorship status, subscription status, major commitments, reserve status, and risk notes. Monthly reports shall be management and governance tools, not public representations unless approved for publication.

351.10 Quarterly Financial Reports Where Appropriate.\
Quarterly financial reports may be prepared for Board review, funder reporting, grant reporting, restricted-fund oversight, program oversight, audit preparation, or public-safe financial summaries where approved. Quarterly reports may include financial statements, budget variance, restricted-fund status, program financials, cash flow, reserves, runway, fundraising progress, commitments, risk, and management narrative. Quarterly reports shall be reviewed for accuracy and corrected where errors are identified.

351.11 Annual Financial Statements.\
GCRI Canada shall prepare annual financial statements for each fiscal year in accordance with applicable law, accounting standards, Board policy, and reporting obligations. Annual financial statements shall present financial position, activities, cash flows where applicable, fund balances, restricted funds where applicable, notes where required, and other required information. Annual financial statements shall be reviewed by the Board and, where required by law or approved by the Board, by an auditor, reviewer, accountant, or other qualified professional.

351.12 Audit, Review Engagement, Compilation, or Financial Review Where Required or Approved.\
GCRI Canada shall obtain an audit, review engagement, compilation, independent financial review, or other financial assurance engagement where required by law, the Articles, members where applicable, funders, grantors, donors, public authority terms, Board policy, or risk. The Board may approve an audit or review even where not required if financial complexity, public trust, restricted funds, grants, public authority relationships, or institutional credibility warrant it. The scope and level of assurance shall be recorded.

351.13 Auditor or Reviewer Appointment Where Applicable.\
Where an auditor, reviewer, accountant, or financial professional is required or approved, appointment shall be made according to applicable law, the Articles, this Bylaw, member approval where required, and Board authority. The appointed person or firm shall be independent where required, qualified for the engagement, and provided access to necessary records. Removal, replacement, resignation, or non-renewal shall be recorded with reasons where appropriate.

351.14 Management Representations.\
Management representations may be required in connection with financial statements, audit, review engagement, grant reporting, restricted-fund reporting, or Board financial review. Representations may address completeness of records, fraud disclosure, restricted funds, commitments, related-party transactions, litigation, contingencies, subsequent events, revenue recognition, grant compliance, donor restrictions, and internal controls. False or incomplete representations shall be treated as serious governance matters.

351.15 Board Review of Financial Statements.\
The Board shall review annual financial statements and other material financial reports. Board review shall consider accuracy, accounting treatment, restricted funds, budget variance, runway, reserves, going-concern issues, program sustainability, related-party transactions, sponsor or donor concentration, provider or vendor concentration, public authority funding conditions, grant obligations, legal compliance, and risks. Board review shall be recorded in minutes or resolutions.

351.16 Member Review or Approval Where Required by Law.\
Where GCRI Canada has statutory members or where applicable law requires member review, approval, appointment, receipt, or other action regarding financial statements, auditors, reviewers, or financial reports, such process shall be followed. Member financial rights, if any, shall be limited to those provided by law, Articles, and this Bylaw. Member review shall not create authority to direct research, evidence, methods, publications, technical baselines, public authority interfaces, finance-readiness outputs, or program decisions.

351.17 Funder and Grantor Reporting Where Required.\
GCRI Canada shall provide financial reports to funders, grantors, donors, sponsors, public authorities, or other supporters only where required by agreement, law, Board policy, or approved stewardship practice. Reports shall be accurate, restricted to permitted information, consistent with confidentiality, privacy, public authority terms, protected knowledge obligations, and public-safe publication rules. Funder reporting shall not permit funders to control findings, methods, publications, public authority access, certification, recognition, procurement, or finance-readiness.

351.18 Public-Safe Financial Summaries Where Approved.\
GCRI Canada may publish public-safe financial summaries to support transparency, public trust, annual reporting, donor stewardship, or institutional accountability. Public-safe financial summaries shall be accurate, limitation-bearing, non-misleading, and approved before publication. They shall not disclose confidential donor information, protected knowledge, personal information, sensitive vendor terms, security-sensitive information, public authority-sensitive information, or finance-sensitive details unless authorized. Public summaries shall not imply public authority approval, sponsor control, provider endorsement, or guaranteed sustainability.

351.19 Financial Record Retention.\
Financial records shall be retained according to applicable law, accounting requirements, tax requirements, corporate requirements, grant terms, donor terms, audit requirements, public authority terms, litigation holds, privacy obligations, cybersecurity needs, and institutional memory. Retention schedules shall address books, bank statements, reconciliations, invoices, receipts, payroll records, contracts, grant reports, donation records, sponsorship records, subscription records, tax filings, financial statements, audit records, restricted-fund records, and Board financial approvals. Disposal shall be secure and recorded where material.

351.20 Accounting and Financial Reporting Records.\
GCRI Canada shall maintain accounting and financial reporting records, including books of account, accounting standard records, chart of accounts, bank account records, account opening and closing records, restricted account controls, cash management records, reconciliations, monthly financial reports where prepared, quarterly financial reports where prepared, annual financial statements, audit / review / compilation / financial review records, auditor or reviewer appointment records, management representations, Board review records, member review or approval records where required, funder and grantor reports, public-safe financial summaries, financial record retention records, corrections, restatements, and archives.

***

### Section 352. Signing Authority, Expenditure Thresholds, Dual Approvals, Electronic Payment Controls, and Restricted Delegations

352.1 Signing Authority Purpose.\
GCRI Canada shall maintain signing authority, expenditure thresholds, dual approvals, electronic payment controls, and restricted delegations to ensure that contracts, payments, grants, donations, sponsorships, in-kind contributions, restricted funds, bank transactions, expenses, electronic payments, foreign exchange, and financial commitments are authorized, documented, prudent, public-benefit aligned, conflict-controlled, fraud-resistant, and auditable. Signing authority shall preserve Board oversight, officer accountability, segregation of duties, restricted-fund discipline, non-distribution, no-private-inurement, sponsor non-control, provider neutrality, public authority boundaries, finance-boundary discipline, and institutional continuity.

352.2 Board-Approved Signing Authority Matrix.\
The Board may adopt a signing authority matrix establishing who may approve contracts, payments, banking actions, grant agreements, donation agreements, sponsorship agreements, in-kind contribution agreements, restricted-fund releases, employment or contractor commitments, technology purchases, legal expenditures, insurance expenditures, travel expenditures, program expenditures, emergency expenditures, and other commitments. The matrix may include thresholds, dual approvals, category-specific limits, restricted delegations, prohibited approvals, escalation triggers, and reporting obligations. No person shall rely on title, seniority, technical role, program role, public authority relationship, sponsor relationship, provider relationship, or possession of credentials as signing authority without a competent record.

352.3 Contract Signing Authority.\
Contracts, memoranda, grant agreements, donation agreements, sponsorship agreements, subscription agreements, vendor agreements, data-sharing agreements, public authority agreements, host agreements, research agreements, IP agreements, licensing agreements, software agreements, cloud agreements, AI provider agreements, cybersecurity agreements, employment agreements, contractor agreements, fellowship agreements, and other binding instruments shall be signed only by persons with authority under the signing authority matrix, Board resolution, officer delegation, or applicable law. Contract signing shall be preceded by legal, financial, data / AI / cyber, public authority, safeguards, finance-boundary, or conflict review where required.

352.4 Payment Signing Authority.\
Payments shall be authorized only by persons with payment signing authority and only for approved purposes, valid obligations, authorized budgets, accepted restrictions, proper invoices, approved reimbursements, payroll obligations, grant or stipend obligations, award obligations, tax obligations, bank charges, or other lawful commitments. Payment signing authority may be subject to thresholds, dual approvals, restricted-fund controls, category limits, documentation, and segregation of duties. Payment approval shall not be combined with self-approval.

352.5 Banking Signing Authority.\
Banking signing authority shall govern account opening, account closing, signatory changes, online banking administrators, wire approvals, EFT approvals, cheque signing where applicable, credit card issuance, borrowing where lawful and approved, foreign exchange, reserve transfers, restricted-fund transfers, and bank instruction changes. Banking authority shall be documented and reviewed periodically. Former officers, employees, contractors, or signatories shall be removed promptly upon role change or offboarding.

352.6 Grant Agreement Signing Authority.\
Grant agreements shall be signed only by authorized persons and only after review of grant purpose, budget, deliverables, restrictions, reporting, data rights, publication rights, IP terms, public authority terms, safeguards terms, cross-border issues, sanctions, export controls, controlled technology, non-execution boundary, finance-boundary issues, and closeout obligations. Grant signing shall not accept conditions that compromise GCRI Canada’s independence, research integrity, public-safe publication, correctionability, provider neutrality, or public authority boundaries.

352.7 Donation Agreement Signing Authority.\
Donation agreements or donation acceptance records shall be approved and signed according to authority, donor due diligence, restrictions, public-benefit purpose, tax treatment where applicable, donor recognition, confidentiality, conflict review, sponsor-like benefits, no-control language, no-private-inurement, and prohibited restriction review. Donation signing shall not accept donor conditions that purchase research outcomes, public authority access, provider preference, finance-readiness, certification, recognition, maturity, procurement advantage, or governance control.

352.8 Sponsorship Agreement Signing Authority.\
Sponsorship agreements shall be signed only by authorized persons after review of sponsor identity, purpose, benefits, restrictions, acknowledgment language, conflicts, public authority implications, provider implications, research independence, publication independence, data / AI / cyber implications, event implications, no-control language, no-recognition-purchase language, no-finance-readiness-purchase language, no-certification-purchase language, and no-procurement-advantage language. Sponsorship shall be support-without-control and shall not create entitlement to findings, public authority access, or Nexus interface status.

352.9 In-Kind Contribution Agreement Signing Authority.\
In-kind contribution agreements shall be signed or recorded by authorized persons and shall identify contribution type, value where required, ownership, license, use rights, data rights, IP rights, confidentiality, security, restrictions, conflicts, donor or sponsor benefits, public acknowledgment, termination, return, disposal, and closeout. In-kind contributions may include software credits, cloud credits, compute credits, equipment, facilities, services, data access, technical support, hosting, or professional services. In-kind support shall not compromise independence, security, public-safe publication, provider neutrality, or procurement neutrality.

352.10 Restricted Fund Signing Authority.\
Restricted fund commitments, releases, reallocations, transfers, returns, amendments, closeouts, and reports shall be approved by persons authorized for restricted funds. Restricted fund signing authority shall verify restriction, eligible cost, budget, available balance, documentation, reporting obligation, donor or grantor terms, conflict review, public-benefit purpose, and closeout. Restricted funds shall not be used outside accepted restrictions without lawful amendment, reallocation, return, or other approved handling.

352.11 Expenditure Thresholds.\
The Board may establish expenditure thresholds requiring different levels of approval based on amount, category, restricted-fund status, budget status, program status, vendor type, conflict risk, public authority sensitivity, technology sensitivity, data / AI / cyber risk, legal risk, insurance risk, foreign exchange risk, or emergency status. Thresholds shall be periodically reviewed. Splitting invoices, contracts, payments, or purchases to avoid thresholds is prohibited.

352.12 Dual Approval Requirements.\
Dual approvals shall be required for payments, commitments, transfers, restricted-fund releases, wire transfers, foreign exchange transactions, new vendors, high-risk vendors, related-party transactions, sponsor benefits, material technology purchases, public authority-sensitive commitments, data / AI / cyber-sensitive commitments, emergency payments, or other transactions identified by Board policy. Dual approval shall include meaningful review, not merely formal countersignature.

352.13 Three-Way Match Where Appropriate.\
GCRI Canada may require three-way match or equivalent controls for purchases, including matching purchase approval, invoice, receipt of goods or services, contract, delivery confirmation, milestone acceptance, or program owner approval. Three-way match shall be used where appropriate for larger purchases, restricted funds, grants, technical assets, software, cloud services, professional services, equipment, and high-risk vendors. Exceptions shall be documented.

352.14 Electronic Payment Controls.\
Electronic payment systems shall be access-controlled, MFA-protected where available, role-limited, logged, reviewed, and reconciled. Electronic payment controls shall address payment initiation, approval, release, vendor setup, bank detail changes, recurring payments, subscription charges, credit cards, online accounts, wire transfers, EFTs, foreign exchange, payment processors, and emergency payments. Payment credentials shall not be shared informally or stored insecurely.

352.15 Wire, EFT, Credit Card, Online Payment, and Foreign Exchange Controls.\
Wire transfers, EFTs, credit cards, online payments, payment processors, and foreign exchange transactions shall be governed by approval thresholds, documentation, fraud checks, bank detail verification, restricted-fund review, budget review, dual approval where required, and reconciliation. Foreign exchange shall be used only for approved purposes and shall not become speculative currency activity. Credit cards shall be used only for approved expenses and shall be supported by receipts and business purpose documentation.

352.16 Expense Approval Controls.\
Expenses shall be approved according to policy, budget, restricted-fund rules, travel rules, reimbursement rules, conflict rules, and documentation requirements. Expenses shall identify business purpose, program, funding source, category, receipt, approval, and any public authority, sponsor, provider, donor, host, community, or conflict sensitivity. Personal expenses, lavish expenses, undocumented expenses, self-approved expenses, improper gifts, political expenses, prohibited entertainment, or expenses inconsistent with public-benefit purpose are prohibited.

352.17 Restricted Delegations.\
Delegations may be restricted by amount, category, program, funding source, role, time, geography, contract type, data class, AI-use class, cyber class, public authority class, safeguards class, finance-boundary class, or legal risk. Restricted delegations shall be recorded and may be revoked or suspended. Delegation to approve expenditures shall not imply authority to approve publication, public authority references, finance-readiness language, certification claims, procurement recommendations, provider endorsements, or program scope changes unless separately recorded.

352.18 No Self-Approval.\
No person shall approve their own compensation, reimbursement, expense, contract, grant, stipend, award, fellowship payment, scholarship, related-party transaction, vendor payment, consulting payment, benefit, travel, credit card charge, or other financial benefit except as part of an approved automated process with adequate independent controls. Self-approval prohibition applies to directors, officers, employees, contractors, fellows, advisors, committee participants, council participants, and related persons. Exceptions, if any, must be lawful, minimal, documented, and independently reviewed.

352.19 Emergency Payment Authority.\
Emergency payment authority may be exercised where urgent payment is necessary to prevent material harm to safety, legal compliance, data / AI / cyber security, privacy, protected knowledge, public authority obligations, core operations, insurance, records, technical asset continuity, incident response, or institutional continuity, and ordinary approval cannot reasonably be obtained in time. Emergency payments shall be limited to the emergency purpose, documented promptly, reported to the Board or authorized officer, reconciled, and ratified or corrected. Emergency authority shall not be used for convenience or to avoid controls.

352.20 Payment Fraud Controls.\
GCRI Canada shall maintain payment fraud controls proportionate to risk, including vendor verification, bank detail change verification, dual approval, segregation of duties, MFA, phishing awareness, invoice review, unusual payment review, restricted-fund review, credit card monitoring, payment limits, reconciliation, and incident response. Suspected fraud, attempted fraud, payment diversion, phishing, unauthorized payment, or bank compromise shall be escalated, contained, investigated, corrected, and recorded.

352.21 Signing and Expenditure Records.\
GCRI Canada shall maintain signing and expenditure records, including signing authority purpose records, signing authority matrices, contract signing records, payment signing records, banking signing records, grant agreement signing records, donation agreement signing records, sponsorship agreement signing records, in-kind contribution agreement records, restricted fund signing records, expenditure threshold records, dual approval records, three-way match records, electronic payment control records, wire / EFT / credit card / online payment / foreign exchange records, expense approval records, restricted delegation records, no-self-approval records, emergency payment records, fraud control records, corrections, reversals, and archives.

***

### Section 353. Fundraising Mandate and Deliverables-Led Capital Strategy

353.1 Fundraising Mandate.\
GCRI Canada may fundraise, seek grants, accept donations, enter sponsorships, offer subscriptions, charge lawful program fees, recover costs, accept in-kind support, pursue public-benefit funding, and develop multi-year funding strategies to support its nonprofit public-benefit mission. Fundraising shall be conducted under Board oversight and within GCRI Canada’s non-executing, non-distributing, role-separated, public-good mandate. Fundraising shall not be conducted as securities offering, investment solicitation, capital raising for private ventures, brokerage, finder activity, insurance placement, public finance approval, procurement steering, certification sale, recognition sale, finance-readiness sale, public authority access sale, or provider endorsement sale.

353.2 Public-Benefit Fundraising Purpose.\
Fundraising shall support public-benefit purposes, including research, evidence infrastructure, methods, observability, ontology, public-good software, open technical baselines, data governance, AI governance, cybersecurity, public-safe publication, Academy programs, fellowships, training, community safeguards, public authority learning, program records, legal compliance, core operations, reserves, and technical asset continuity. Public-benefit fundraising may communicate need, planned deliverables, institutional priorities, and public-good value, but shall not promise findings, procurement outcomes, public authority adoption, finance-readiness, certification, recognition, maturity, or provider preference.

353.3 Deliverables-Led Capital Strategy.\
GCRI Canada may maintain a deliverables-led capital strategy that organizes fundraising around defined public-benefit deliverables, such as research outputs, evidence packs, methods notes, ontology releases, software releases, technical baselines, Academy modules, public-safe reports, dashboards, maps, fellowships, labs, challenge programs, benchmarking infrastructure, controlled rooms, data / AI / cyber controls, and safeguards programs. Deliverables-led strategy shall clarify purpose, cost, timeline, dependencies, public-safe posture, maintenance needs, and correction obligations. Deliverables shall not be framed as investable assets, securities, guaranteed outcomes, provider products, or public authority-approved projects.

353.4 Multi-Year Funding Strategy.\
GCRI Canada may maintain a multi-year funding strategy to support continuity, scale public-benefit programs prudently, diversify funding, reduce concentration risk, maintain reserves, protect core capacity, support technical assets, and plan sustainable commitments. The strategy may include grants, donations, sponsorships, subscriptions, program fees, cost recovery, public-good partnerships, and in-kind support. Multi-year funding strategy shall include anti-capture review, restricted-fund discipline, donor concentration review, sponsor control review, provider neutrality review, public authority boundary review, and sustainability planning.

353.5 Public-Good R\&D Funding.\
GCRI Canada may seek funding for public-good R\&D involving research, prototypes, methods, evidence, observability, ontology, data governance, AI governance, cybersecurity, technical baselines, public-good software, dashboards, maps, verifiable compute, Truth Engine methods, Nexus Observatory methods, and public-safe publication tools. Public-good R\&D funding shall preserve independence, open or public-safe outputs where appropriate, controlled outputs where required, IP terms, publication review, negative-result capture, and correction. Funding shall not purchase research conclusions or provider endorsements.

353.6 Evidence Infrastructure Funding.\
GCRI Canada may seek funding for evidence infrastructure, including source records, evidence packs, proof packs, evidence classification, source lineage, confidence notes, limitation notes, controlled annexes, public-safe summaries, evidence repositories, evidence review mechanisms, activation dockets, readiness records, public authority learning evidence, safeguards evidence, and correction records. Evidence infrastructure funding shall not imply recognition, maturity, finance-readiness, certification, procurement approval, public authority approval, or public warning status.

353.7 Methods and Ontology Funding.\
GCRI Canada may seek funding for methods and ontology work, including controlled vocabularies, taxonomies, schemas, data dictionaries, risk ontologies, evidence classifications, semantic interoperability, external standards mapping, public-safe claims discipline, localization, compatibility notes, divergence logs, AI-readable knowledge structures, and correction. Funding conditions shall not control terminology to create private advantage, public authority overclaim, finance-readiness implication, certification implication, procurement advantage, recognition, or maturity status.

353.8 Public-Good Software and Open Technical Baseline Funding.\
GCRI Canada may seek funding for public-good software, open technical baselines, schemas, APIs, SDKs, dashboards, maps, reference architectures, profiles, test harnesses, benchmark tools, repository security, documentation, licensing, vulnerability management, deprecation, retirement, and archival. Funding shall preserve public-good stewardship, secure development, contribution terms, provider neutrality, public-safe release, and correction. Funded software or baselines shall not become sponsor-controlled products or provider endorsements.

353.9 Data / AI / Cyber Infrastructure Funding.\
GCRI Canada may seek funding for data governance, AI governance, cybersecurity, secure architecture, approved tools, identity and access management, privacy, controlled rooms, data rooms, logging, monitoring, vulnerability management, incident response, model governance, AI-use controls, repository security, public-safe AI outputs, and technical continuity. Funding shall not authorize unapproved data processing, AI model training, public authority data use, protected knowledge use, cross-border transfer, or publication without separate review.

353.10 Nexus Observatory Methods Funding.\
GCRI Canada may seek funding for Nexus Observatory methods, including observability methods, telemetry rules, sensing methods, AI-RAN / O-RAN evidence methods, DePIN evidence methods, sensor methods, geospatial methods, Earth observation methods, digital twin methods, degraded-mode awareness, resilience indicators, dashboard methods, map methods, verifiable intelligence, and correction records. Such funding shall not make GCRI Canada an Observatory operator, emergency commander, public warning authority, infrastructure operator, certifier, procurement authority, finance-readiness authority, or provider selector.

353.11 Nexus Truth Engine Methods Funding.\
GCRI Canada may seek funding for Truth Engine methods, including source comparison, corroboration, contradiction detection, spoof detection, tamper detection, stale-source handling, missing-source handling, confidence support, retrieval review, AI-assisted comparison, verifiable intelligence records, and public-safe outputs. Truth Engine funding shall support evidence and methods integrity only and shall not imply absolute truth, official truth, public authority truth, legal truth, finance truth, certification truth, procurement truth, recognition, maturity, or public warning authority.

353.12 Academy, Fellowship, and Workforce Funding.\
GCRI Canada may seek funding for Academy programs, role-based training, competence-cell training, fellowships, scholarships, stipends, awards, technical residencies, public authority learning, workforce development, public-safe playbooks, controlled annexes, train-the-trainer pathways, accessibility, translation, and learning records. Funding shall preserve credential non-inflation and shall not purchase professional certification, public authority qualification, procurement eligibility, provider recognition, finance-readiness, recognition, or maturity status.

353.13 Community Safeguards Funding.\
GCRI Canada may seek funding for community safeguards, protected knowledge protocols, Indigenous / local / territorial knowledge stewardship, protected participant support, accessibility, translation, public-safe mapping review, community participation, custodial review, consent or authorization processes, withdrawal rights, correction rights, and harm-prevention measures. Community safeguards funding shall not purchase access to protected knowledge, public legitimacy, community endorsement, finance-readiness, recognition, maturity, or sponsor value.

353.14 Public Authority Learning Funding.\
GCRI Canada may seek funding for public authority learning materials, public-sector education, regulator-listening support, public finance reader literacy, emergency-management learning, infrastructure-operator learning, data / AI / cyber literacy, observability literacy, public-safe publication literacy, and boundary literacy. Public authority learning funding shall preserve non-delegation, no-public-warning, no-emergency-command, no-regulatory-approval, no-procurement-approval, no-funding-approval, no-public-finance-approval, and no-sovereign-obligation boundaries.

353.15 Core Operating Support Funding.\
GCRI Canada may seek unrestricted or flexible core operating support to maintain governance, staff, systems, records, accounting, legal compliance, insurance, audit, technology, data / AI / cyber controls, public-good technical asset continuity, fundraising capacity, publications, and institutional resilience. Core support shall be especially valued where it preserves independence and continuity. Core support shall not confer governance control, publication control, public authority access, provider preference, finance-readiness influence, certification influence, procurement advantage, recognition, or maturity status.

353.16 Restricted Program Funding.\
GCRI Canada may accept restricted program funding only where restrictions are lawful, mission-aligned, public-benefit consistent, administratively feasible, financially prudent, and compatible with this Bylaw. Restricted program funding shall be reviewed for restrictions, eligible costs, reporting, publication rights, data rights, IP, public authority terms, safeguards, sponsor or donor influence, provider neutrality, finance-boundary risk, certification-boundary risk, procurement-boundary risk, and closeout. Prohibited restrictions shall be rejected or modified.

353.17 Board Oversight of Fundraising Strategy.\
The Board shall oversee fundraising strategy, major funding relationships, donor concentration, sponsor concentration, restricted-fund exposure, fundraising claims, benefit schedules, public acknowledgment language, fundraising risks, compliance, and mission alignment. The Board may delegate fundraising execution to officers or authorized persons, but fundraising delegation shall remain subject to Board-approved policies, conflict controls, non-control language, and financial reporting. Major or high-risk funding arrangements shall be escalated.

353.18 No Fundraising That Implies Securities Offering, Investment Solicitation, Public Finance Approval, Procurement Preference, Certification, Recognition, or Finance-Readiness Outcome.\
No fundraising material, donor pitch, sponsor proposal, grant application, subscription offer, public deck, website, event material, challenge fund material, public authority-facing material, provider-facing material, GRA interface material, Nexus Rails material, or capital-reader material shall imply securities offering, investment solicitation, capital placement, investor matchmaking, public finance approval, procurement preference, vendor selection, certification, accreditation, compliance approval, recognition, standing, maturity, Nexus Grid status, finance-readiness, insurance-readiness, bankability, rating, underwriting approval, lending approval, public authority endorsement, public warning, emergency command, or execution instruction by GCRI Canada. Required limitation language shall be included where material.

353.19 Fundraising Strategy Records.\
GCRI Canada shall maintain fundraising strategy records, including fundraising mandate records, public-benefit fundraising purpose records, deliverables-led capital strategy records, multi-year funding strategy records, public-good R\&D funding records, evidence infrastructure funding records, methods and ontology funding records, public-good software and open technical baseline funding records, data / AI / cyber infrastructure funding records, Nexus Observatory methods funding records, Nexus Truth Engine methods funding records, Academy / fellowship / workforce funding records, community safeguards funding records, public authority learning funding records, core operating support funding records, restricted program funding records, Board oversight records, no-securities-offering / no-investment-solicitation / no-public-finance-approval / no-procurement-preference / no-certification / no-recognition / no-finance-readiness records, corrections, withdrawals, and archives.

***

### Section 354. Restricted Funds, Unrestricted Funds, Donor Conditions, Grant Conditions, Program-Level Accountability, and Closeout

354.1 Restricted Funds Definition.\
Restricted funds are funds, grants, donations, sponsorships, subscriptions, fees, in-kind contributions, public authority support, or other resources accepted by GCRI Canada subject to a donor, grantor, sponsor, funder, contract, Board, legal, program, geographic, time, purpose, reporting, or use restriction. Restricted funds may be restricted by purpose, program, deliverable, period, cost type, geography, beneficiary class, reporting obligation, public authority term, research use, data use, publication right, safeguards requirement, or closeout condition. Restrictions shall be recorded and complied with unless lawfully modified, released, returned, reallocated, or otherwise handled.

354.2 Unrestricted Funds Definition.\
Unrestricted funds are funds or resources available for GCRI Canada’s general public-benefit purposes, subject to applicable law, Articles, this Bylaw, Board-approved budgets, financial policies, and fiduciary duties. Unrestricted funds may support core operations, governance, research, evidence, methods, technical assets, public-good software, data / AI / cyber controls, public-safe publication, Academy programs, safeguards, public authority learning, reserves, and other approved uses. Unrestricted funds remain subject to nonprofit discipline and may not be distributed or used for improper private benefit.

354.3 Board Oversight of Restricted Funds.\
The Board shall oversee restricted funds to ensure that restrictions are lawful, mission-aligned, administratively feasible, financially prudent, public-benefit consistent, and compatible with GCRI Canada’s independence, non-execution, role separation, public authority boundaries, finance-boundary discipline, certification-boundary discipline, procurement neutrality, provider neutrality, sponsor support-without-control, research integrity, public-safe publication, data / AI / cyber controls, safeguards, and correctionability. Board oversight may include approval of material restricted funds, review of restricted-fund reports, variance review, closeout review, and return or reallocation decisions.

354.4 Acceptance of Restrictions.\
GCRI Canada may accept restrictions only after review of purpose, eligible costs, prohibited costs, duration, reporting, deliverables, publication rights, data rights, IP rights, confidentiality, public authority terms, safeguards terms, sponsor or donor benefits, conflicts, administrative burden, reserve implications, audit implications, and closeout. Restrictions shall be accepted only where they are consistent with law, public-benefit purpose, nonprofit character, mission lock, and this Bylaw. Ambiguous restrictions shall be clarified before acceptance.

354.5 Prohibited Restrictions.\
GCRI Canada shall not accept restrictions that require or imply control over research conclusions, evidence records, methods, ontology, public-good software, open technical baselines, publications, public authority access, protected knowledge, public-safe review, corrections, Board decisions, staff decisions, provider references, procurement outcomes, finance-readiness outcomes, certification outcomes, recognition outcomes, maturity outcomes, or Nexus interface outputs. Restrictions are prohibited where they create improper private benefit, sponsor control, provider preference, public authority misdescription, political intervention inconsistent with law, unlawful discrimination, unsafe data handling, protected knowledge extraction, or violation of law.

354.6 Donor Conditions.\
Donor conditions shall be recorded and reviewed for legality, public-benefit alignment, recognition language, confidentiality, reporting, restrictions, conflicts, tax treatment where applicable, public acknowledgment, benefit schedule where applicable, no-control language, and closeout. Donor conditions shall not create governance rights, publication rights, research conclusion rights, public authority access rights, provider preference, procurement advantage, finance-readiness influence, certification influence, recognition purchase, maturity purchase, or public warning authority.

354.7 Grant Conditions.\
Grant conditions shall be reviewed for program purpose, budget, deliverables, reporting, eligible costs, indirect costs, data rights, publication rights, IP terms, confidentiality, public authority terms, safeguards terms, audit rights, record retention, cross-border transfer, sanctions, export controls, controlled technology, non-execution, finance boundaries, and closeout. Grant conditions shall be documented and incorporated into program records and restricted-fund tracking. Grant deliverables shall not be overclaimed as certification, recognition, finance-readiness, procurement approval, or public authority approval.

354.8 Sponsor Conditions.\
Sponsor conditions shall be reviewed for support-without-control, benefit schedule, public acknowledgment, logo use, event visibility, access rights, publication rights, data rights, provider-neutrality risk, public authority implications, conflicts, research independence, finance-boundary risk, certification-boundary risk, procurement-boundary risk, public-safe publication, and closeout. Sponsor conditions that give sponsor control over findings, methods, evidence, publications, technical baselines, public authority access, Docket inputs, Grid inputs, GRF-compatible inputs, GRA-facing inputs, Nexus interface outputs, or corrections are prohibited.

354.9 Program-Level Accounting.\
GCRI Canada shall maintain program-level accounting for restricted funds and may maintain program-level accounting for major unrestricted programs where appropriate. Program-level accounting shall identify budget, revenues, expenses, eligible costs, prohibited costs, allocation basis, staff or contractor costs, technology costs, travel, reimbursements, grants, stipends, awards, in-kind support, indirect costs, cost recovery, variance, and closeout. Program-level accounting shall support reporting, accountability, and correction.

354.10 Use-of-Funds Tracking.\
Use-of-funds tracking shall document how restricted and material unrestricted funds are used. Tracking shall link expenditures to approved budget, funding source, program, deliverable, restriction, invoice, payment, approval, and closeout. Use-of-funds tracking shall support donor reporting, grant reporting, Board oversight, auditability, public trust, and correction. Funds shall not be shifted between restricted purposes without lawful authority.

354.11 Restricted Fund Budgeting.\
Restricted fund budgeting shall identify approved revenue, expense categories, eligible costs, prohibited costs, cost-share, matching funds, indirect costs, administrative fees, contingency, reserve treatment, deliverables, reporting periods, closeout, and return or reallocation rules. Restricted fund budgets shall be updated through approved amendment where conditions, costs, deliverables, or timelines change materially.

354.12 Restricted Fund Reporting.\
Restricted fund reporting shall be accurate, timely, complete, and consistent with the accepted restriction, grant or donor agreement, Board policy, accounting records, public-safe publication rules, confidentiality, privacy, protected knowledge obligations, and public authority terms. Reports shall not overstate outcomes, conceal limitations, imply public authority approval, imply finance-readiness, imply certification, imply procurement preference, or misrepresent sponsor or donor influence.

354.13 Restricted Fund Variance Review.\
Restricted fund variance review shall compare actual revenues and expenses to restricted fund budgets, identify overages, underspending, timing issues, ineligible costs, reporting risk, matching issues, sustainability issues, closeout risk, and needed amendments. Material variances shall be escalated and corrected. Variance review shall prevent restricted funds from being used as unrestricted funds or from masking financial weakness.

354.14 Restricted Fund Conflict Review.\
Restricted funds shall be reviewed for conflicts involving donors, sponsors, funders, providers, hosts, public authorities, Board members, officers, staff, contractors, fellows, advisors, universities, laboratories, National Consortium Companies, Project SPVs, and program participants. Conflict review shall determine disclosure, recusal, independent review, conditions, denial, or mitigation. Restricted funds shall not be accepted where conflicts cannot be controlled.

354.15 Restricted Fund Public-Good Purpose Review.\
Restricted funds shall be reviewed for public-good purpose alignment. Review shall assess whether the restriction supports research, evidence, methods, observability, ontology, public-good software, open technical baselines, data / AI / cyber controls, public-safe publication, Academy, fellowships, community safeguards, public authority learning, or other approved public-benefit purposes. Restrictions primarily serving private marketing, provider advantage, sponsor visibility, procurement influence, finance promotion, political benefit, or protected knowledge extraction shall be denied or modified.

354.16 Restricted Fund Data / AI / Cyber and Publication Review Where Applicable.\
Restricted funds involving data, AI, cyber, public authority data, protected knowledge, software, dashboards, maps, repositories, technical assets, controlled technology, public-safe publication, or public-facing materials shall undergo data / AI / cyber and publication review where applicable. Review shall address approved tools, data rights, model-training restrictions, privacy, security, public authority terms, protected knowledge, publication rights, sponsor influence, provider neutrality, limitation language, correction, and incident response.

354.17 Restricted Fund Closeout.\
Restricted fund closeout shall identify funds received, funds spent, remaining balance, deliverables, eligible costs, ineligible costs, reports delivered, restrictions satisfied, open issues, return or reallocation needs, records retained, public-safe summaries where approved, corrections, and archive status. Closeout shall occur according to restriction, agreement, Board policy, and applicable law. Remaining funds shall be handled lawfully and documented.

354.18 Return, Reallocation, or Cy-Près-Style Handling Where Lawful and Appropriate.\
Where restricted funds cannot be used as intended, where restrictions become impossible, impracticable, unlawful, unsafe, inconsistent with public-benefit purpose, or otherwise inappropriate, GCRI Canada may seek donor or grantor release, return funds, reallocate funds, modify restrictions, or pursue cy-près-style handling where lawful and appropriate. Any such action shall be approved by competent authority, documented, and consistent with applicable law, agreements, public trust, and mission. GCRI Canada shall not unilaterally repurpose restricted funds contrary to law or agreement.

354.19 Restricted and Unrestricted Fund Records.\
GCRI Canada shall maintain restricted and unrestricted fund records, including restricted fund definitions, unrestricted fund definitions, Board oversight records, restriction acceptance records, prohibited restriction reviews, donor condition records, grant condition records, sponsor condition records, program-level accounting records, use-of-funds tracking records, restricted fund budgets, restricted fund reports, variance reviews, conflict reviews, public-good purpose reviews, data / AI / cyber and publication reviews, closeout records, return / reallocation / cy-près-style handling records, corrections, releases, amendments, and archives.

***

### Section 355. Institutional R\&D Sponsorships

355.1 Institutional R\&D Sponsorship Purpose.\
GCRI Canada may accept institutional R\&D sponsorships to support public-benefit research, evidence infrastructure, methods development, observability methods, ontology stewardship, public-good software, open technical baselines, data / AI / cyber governance, public-safe publication, Academy programs, fellowships, public authority learning, community safeguards, labs, challenges, benchmarking, and Nexus-compatible public-good work. Institutional R\&D sponsorship shall be support-without-control and shall not purchase findings, methods, evidence outcomes, technical baselines, public authority access, provider preference, finance-readiness, certification, recognition, maturity status, procurement advantage, or Nexus interface outputs.

355.2 Eligible Sponsorship Uses.\
Eligible sponsorship uses may include research costs, evidence record development, methods work, observability methods, ontology work, software maintenance, repository costs, cybersecurity controls, technical baseline development, Academy materials, fellowships, scholarships, stipends, public-safe publication, controlled annexes, accessibility, translation, community safeguards, public authority learning, lab costs, challenge costs, benchmark infrastructure, and core support where approved. Uses shall be specified in sponsorship records and shall be consistent with public-benefit purpose, budget, restrictions, and financial controls.

355.3 Research Sponsorship.\
Research sponsorship may support public-benefit research, but shall preserve research independence, source discipline, methods integrity, negative-result capture, publication review, conflict disclosure, and correction. Sponsors shall not control research questions beyond accepted scope, select evidence to support predetermined outcomes, require favourable conclusions, suppress unfavourable findings, veto publication except for narrow confidentiality or legal review where approved, or influence public authority-facing language. Research sponsorship shall include sponsor role disclosure where material.

355.4 Methods Sponsorship.\
Methods sponsorship may support development, testing, documentation, replication, validation, localization, and correction of methods. Sponsors shall not control methods to create proprietary advantage, provider preference, procurement steering, finance-readiness implication, certification implication, recognition implication, maturity implication, or public authority approval. Methods funded by sponsorship shall remain subject to GCRI Canada review, versioning, limitations, public-safe classification, and correction.

355.5 Observatory Methods Sponsorship.\
Observatory methods sponsorship may support telemetry methods, sensing methods, AI-RAN / O-RAN methods, DePIN methods, geospatial methods, digital twin methods, cyber telemetry methods, degraded-mode awareness, resilience indicators, public-safe dashboards, public-safe maps, and verifiable intelligence methods. Sponsorship shall not make the sponsor an Observatory operator, public authority, preferred provider, certified provider, finance-ready project, or infrastructure authority. Observatory methods sponsorship shall include public warning and emergency command boundaries where material.

355.6 Public-Good Software Sponsorship.\
Public-good software sponsorship may support development, maintenance, documentation, secure release, dependency review, vulnerability management, licensing, repository costs, contributor support, and correction of public-good software. Sponsors shall not control roadmap, licensing, access, public release, security disclosure, issue prioritization, provider references, public authority references, or technical meaning in a manner inconsistent with public-benefit purpose. Sponsor-funded software shall not become sponsor-certified, sponsor-owned, or provider-preferred unless separately and lawfully documented.

355.7 Open Technical Baseline Sponsorship.\
Open technical baseline sponsorship may support development, testing, documentation, consultation, localization, publication, deprecation, retirement, or correction of open technical baselines. Sponsors shall not purchase baseline language, compliance implication, certification pathway, procurement requirement, public authority adoption, finance-readiness implication, provider preference, or recognition. Baseline sponsorship shall include limitation language and shall preserve version control, public-safe review, and correctionability.

355.8 Academy and Fellowship Sponsorship.\
Academy and fellowship sponsorship may support training materials, fellowships, scholarships, stipends, awards, technical residencies, public authority learning, competence-cell training, train-the-trainer pathways, accessibility, translation, and workforce development. Sponsorship shall not purchase admission, grades, completion status, credential, certification, professional qualification, public authority qualification, procurement eligibility, provider recognition, finance-readiness, research conclusion, public statement, or authority to speak for GCRI Canada. Selection and curriculum integrity shall remain under GCRI Canada control.

355.9 Public Authority Learning Sponsorship.\
Public authority learning sponsorship may support public-benefit educational materials, workshops, Academy modules, evidence literacy, methods literacy, data / AI / cyber literacy, observability literacy, public-safe publication literacy, and public authority boundary literacy. Sponsorship shall not purchase public authority access, public authority endorsement, regulatory influence, procurement advantage, funding influence, public finance approval, public-private partnership, sovereign obligation, public warning authority, or emergency command role. Public authority participation shall remain capacity-classified and reference-controlled.

355.10 Challenge, Benchmark, or Lab Sponsorship.\
Challenge, benchmark, or lab sponsorship may support public-benefit technical work, but shall be subject to challenge rules, benchmark independence, lab charters, provider neutrality, conflict controls, anti-collusion safeguards, public-safe publication, and correctionability. Sponsors shall not control criteria, scoring, publication, eligibility, results, suppression, provider rankings, public authority references, finance-readiness implications, certification implications, procurement implications, or award outcomes except through limited administrative support expressly approved and recorded.

355.11 Sponsorship Acceptance Test.\
Before accepting institutional R\&D sponsorship, GCRI Canada shall apply a sponsorship acceptance test. The test shall consider sponsor identity, source of funds, reputation, sanctions, export-control, conflicts, public-benefit fit, restrictions, benefits, public acknowledgment, public authority implications, provider implications, research integrity, data / AI / cyber implications, publication implications, finance-boundary implications, certification-boundary implications, procurement-boundary implications, safeguards, administrative burden, and closeout. Sponsorship shall be denied or modified where risks cannot be controlled.

355.12 Research Independence Requirement.\
All institutional R\&D sponsorships shall preserve research independence. Research independence includes GCRI Canada control over research design, methods, evidence classification, analysis, conclusions, limitations, publication review, public-safe status, correction, withdrawal, retraction, and archive status, subject only to lawful confidentiality, privacy, protected knowledge, public authority, IP, export-control, sanctions, and legal review conditions. Sponsor review may be permitted for factual accuracy or confidential information where recorded, but sponsor review shall not become veto over public-benefit conclusions.

355.13 Sponsor Role Disclosure.\
Sponsor role disclosure shall be made where required by law, agreement, publication policy, research integrity, public-safe review, public authority context, conflict management, or public trust. Disclosure shall identify sponsor support accurately and without overclaim. Disclosure shall not imply sponsor endorsement, sponsor control, GCRI Canada endorsement of sponsor, provider preference, public authority approval, finance-readiness, certification, recognition, maturity status, procurement advantage, or public-good status beyond the recorded contribution.

355.14 Sponsor Benefit Schedule.\
A sponsor benefit schedule shall be maintained where sponsorship includes acknowledgment, logo use, event visibility, website listing, report acknowledgment, Academy visibility, controlled material access, learning access, lab observation, public-safe briefings, or other benefits. The benefit schedule shall identify permitted benefits, prohibited benefits, public language, access limits, non-control language, no-provider-preference language, no-public-authority-access-purchase language, no-finance-readiness language, no-certification language, no-procurement-advantage language, and correction rights. Benefits shall be proportionate and mission-aligned.

355.15 No Sponsor Control of Findings, Methods, Evidence, Publications, Technical Baselines, Data Access, Public Authority Access, Docket Inputs, Grid Inputs, GRF Inputs, GRA Inputs, or Nexus Interface Outputs.\
No sponsor shall control, direct, approve, veto, suppress, purchase, condition, distort, or otherwise determine GCRI Canada findings, methods, evidence, publications, technical baselines, data access, public authority access, activation docket inputs, Nexus Grid evidence inputs, GRF-compatible claims-discipline inputs, GRA-facing technical inputs, Nexus Rails evidence inputs, Nexus Observatory methods, Academy materials, public-good software, public-safe summaries, corrections, withdrawals, retractions, or Nexus interface outputs. Sponsorship shall not create governance rights or institutional authority.

355.16 No Sponsor Veto, Suppression Right, Outcome Purchase, Recognition Purchase, Certification Purchase, Finance-Readiness Purchase, or Procurement Advantage.\
No sponsorship shall grant a sponsor veto right, suppression right, outcome purchase, recognition purchase, certification purchase, finance-readiness purchase, insurance-readiness purchase, procurement advantage, provider preference, public authority access purchase, research conclusion purchase, benchmark result purchase, challenge award purchase, maturity status purchase, or right to prevent correction. Confidentiality and pre-publication review may be permitted only for lawful, narrow, and recorded reasons and shall not undermine public-benefit integrity.

355.17 Sponsorship Closeout.\
Sponsorship closeout shall identify funds or in-kind support received, benefits delivered, benefits not delivered, restrictions satisfied, deliverables supported, publications issued, sponsor disclosures, conflicts managed, data or technical assets affected, public authority references, provider references, unused funds, return or reallocation needs, corrections, and archive status. Closeout shall confirm that sponsorship did not create sponsor control, provider preference, finance-readiness, certification, recognition, maturity, procurement advantage, or public authority endorsement.

355.18 Institutional R\&D Sponsorship Records.\
GCRI Canada shall maintain institutional R\&D sponsorship records, including sponsorship purpose records, eligible use records, research sponsorship records, methods sponsorship records, Observatory methods sponsorship records, public-good software sponsorship records, open technical baseline sponsorship records, Academy and fellowship sponsorship records, public authority learning sponsorship records, challenge / benchmark / lab sponsorship records, sponsorship acceptance tests, research independence records, sponsor role disclosures, sponsor benefit schedules, no-sponsor-control records, no-veto / no-suppression / no-outcome-purchase / no-recognition-purchase / no-certification-purchase / no-finance-readiness-purchase / no-procurement-advantage records, closeout records, corrections, withdrawals, and archives.

***

### Section 356. Program Grants

356.1 Program Grant Purpose.\
GCRI Canada may seek, receive, administer, report, and close out program grants to support approved public-benefit programs, including research, evidence, methods, observability, ontology, public-good software, open technical baselines, data / AI / cyber controls, public-safe publication, Academy programs, fellowships, training, community safeguards, public authority learning, labs, pilots, adoption windows, replication sprints, challenges, benchmarking, and Nexus-compatible public-good activities. Program grants shall be administered as nonprofit public-benefit resources and shall not create execution authority, procurement authority, finance-readiness authority, certification authority, recognition authority, public authority delegation, public warning authority, or provider preference.

356.2 Grant Eligibility.\
GCRI Canada may apply for or accept grants where it is legally eligible, mission-aligned, capable of compliance, financially prudent, administratively capable, and able to satisfy grant conditions without compromising independence, research integrity, public-safe publication, correctionability, data / AI / cyber controls, public authority boundaries, community safeguards, finance-boundary discipline, certification-boundary discipline, procurement neutrality, provider neutrality, or sponsor support-without-control. Eligibility review shall include legal status, jurisdiction, program fit, budget capacity, reporting burden, match requirements, and restriction review.

356.3 Grant Application Authority.\
Grant applications shall be submitted only by persons authorized by the Board, an officer, policy, or delegation record. Grant application authority shall identify who may approve grant concepts, budgets, narratives, commitments, partners, public authority references, match commitments, data commitments, IP commitments, publication commitments, and submission. Applications shall be accurate, evidence-supported, financially sound, and boundary-compliant. No application shall promise prohibited outputs or overstate authority.

356.4 Grant Acceptance Authority.\
Grant awards shall be accepted only by authorized persons after review of grant agreement terms, budget, restrictions, deliverables, reporting, data rights, publication rights, IP terms, confidentiality, audit rights, public authority terms, safeguards terms, sanctions, export controls, controlled technology, cross-border issues, non-execution boundary, finance-boundary issues, certification-boundary issues, procurement-boundary issues, and closeout obligations. Acceptance shall be recorded and may require Board approval where material or high-risk.

356.5 Grant Agreement Review.\
Grant agreements shall undergo review proportionate to value, risk, restriction, jurisdiction, public authority involvement, data sensitivity, AI use, cyber sensitivity, protected knowledge, IP, publication rights, controlled technology, export controls, sanctions, cross-border transfer, subcontracting, partners, reporting, audit, and closeout. Review shall confirm that GCRI Canada can comply without compromising mission, independence, public-safe publication, public authority boundaries, or correctionability. Problematic terms shall be negotiated, conditioned, escalated, or rejected.

356.6 Grant Budget.\
Each grant shall have a budget identifying revenue, eligible expenses, prohibited expenses, direct costs, indirect costs, match or cost-share where any, staff or contractor costs, technology costs, data / AI / cyber costs, publication costs, safeguards costs, travel, equipment, subgrants where lawful, stipends, awards, administrative costs, contingency, and closeout costs. Grant budgets shall align with accounting records and program records. Material budget changes shall be approved according to grant terms and GCRI Canada authority.

356.7 Grant Deliverables.\
Grant deliverables shall be defined clearly and shall remain consistent with GCRI Canada’s role. Deliverables may include research reports, evidence records, methods notes, public-safe summaries, datasets, software releases, technical baselines, Academy materials, training records, fellowships, lab outputs, challenge outputs, dashboard methods, map methods, controlled summaries, or closeout reports. Deliverables shall not be described as certification, procurement approval, finance-readiness, recognition, maturity, public authority approval, public warning, emergency command, or execution instruction unless separately lawful and competent, and not by GCRI Canada default.

356.8 Grant Reporting.\
Grant reporting shall be timely, accurate, supported by records, and consistent with grant terms, accounting records, program records, publication rules, data / AI / cyber controls, public authority terms, protected knowledge obligations, and public-safe limitations. Grant reports shall distinguish completed work, incomplete work, limitations, changes, corrections, budget variance, restricted funds, outputs, and closeout. Grant reports shall not overstate results or conceal material issues.

356.9 Grant Data Rights.\
Grant data rights shall be reviewed and recorded before acceptance and throughout performance. Data rights shall address ownership, access, use, sharing, publication, AI processing, model training, retention, deletion, transfer, localization, public authority data, protected knowledge, personal information, cyber-sensitive data, infrastructure-sensitive data, health-sensitive data, finance-sensitive evidence, controlled technology, and correction. GCRI Canada shall not accept grant data terms that require unsafe, unlawful, or uncorrectable data handling.

356.10 Grant Publication Rights.\
Grant publication rights shall preserve GCRI Canada’s public-safe publication discipline, research integrity, correctionability, legal compliance, confidentiality, privacy, public authority terms, protected knowledge, export controls, sanctions, IP rights, and security. Grantor review may be permitted for factual accuracy, confidential information, or required reporting where appropriate, but shall not create improper suppression, sponsor or funder control of conclusions, veto of public-benefit publication, or overclaim of grantor approval.

356.11 Grant IP Terms.\
Grant IP terms shall identify ownership, licenses, background IP, foreground IP, derivative works, public-good software, open-source obligations, technical baselines, schemas, data dictionaries, documentation, attribution, patent rights, moral rights treatment where applicable, repository release, restricted assets, and closeout. IP terms shall support public-benefit use and shall not improperly transfer public-good assets, block correction, create provider capture, or undermine technical continuity.

356.12 Grant Research Integrity Terms.\
Grant research integrity terms shall preserve research design integrity, source discipline, methods documentation, authorship, attribution, conflict disclosure, negative-result capture, publication review, correction, withdrawal, retraction, and archive obligations. Grant terms shall not require predetermined results, selective reporting, suppression of unfavourable evidence, provider endorsement, sponsor benefit, finance-readiness outcomes, certification outcomes, procurement outcomes, recognition, maturity, or public authority approval.

356.13 Grant Public Authority Terms Where Applicable.\
Where a grant involves public authorities, public authority data, public-sector participants, public finance readers, regulators, emergency-management bodies, public infrastructure operators, or public authority-facing materials, grant terms shall be reviewed for capacity classification, confidentiality, public reference permissions, official-capacity verification, data rights, publication rights, non-endorsement, no-delegation, no-public-warning, no-emergency-command, no-regulatory-approval, no-procurement-approval, no-funding-approval, no-public-finance-approval, and no-sovereign-obligation boundaries.

356.14 Grant Safeguards Terms Where Applicable.\
Where a grant involves communities, Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, sacred-site information, protected participants, youth, vulnerable persons, remote communities, health-sensitive groups, community-protected data, or public-safe mapping risk, grant terms shall include safeguards and protected knowledge controls. Such controls may include custodial authority, consent or authorization, non-extraction, attribution, confidentiality, access restrictions, AI-use restrictions, publication limits, withdrawal rights, correction rights, community review, geospatial protections, and harm prevention.

356.15 Grant Cross-Border, Sanctions, Export-Control, and Controlled Technology Review Where Applicable.\
Where a grant involves cross-border activity, foreign funders, foreign partners, cloud services, AI providers, data transfer, controlled technology, export-controlled materials, sanctions exposure, national security sensitivity, public-sector sensitivity, cyber tools, encryption, satellite or remote sensing, AI-RAN, O-RAN, DePIN, drones, robotics, quantum-adjacent systems, or other dual-use matters, GCRI Canada shall conduct cross-border, sanctions, export-control, and controlled technology review. Review shall determine whether the grant may proceed, be restricted, be licensed, be modified, or be denied.

356.16 Grant Non-Execution Boundary.\
Every program grant shall preserve GCRI Canada’s non-execution boundary. Grant terms shall not require GCRI Canada to operate infrastructure, deploy systems, manage public authority functions, issue public warnings, command emergencies, procure providers, select vendors, arrange finance, underwrite insurance, lend, rate, certify, accredit, recognize, determine maturity, control National Consortium Companies, control Project SPVs, or execute enterprise activities. Execution-adjacent terms shall be removed, re-scoped, routed to separate competent actors, or rejected.

356.17 Grant Closeout.\
Grant closeout shall include final financial reporting, deliverable reporting, restricted-fund reconciliation, budget variance, unspent funds, return or reallocation where required, data disposition, access revocation, publication status, IP status, repository status, technical asset status, public authority reference status, safeguards status, incidents, corrections, archive status, and lessons learned. Grant closeout shall be completed according to grant terms, Board policy, and applicable law.

356.18 Grant Records.\
GCRI Canada shall maintain grant records, including program grant purpose records, eligibility records, application authority records, acceptance authority records, grant agreement reviews, grant budgets, deliverable records, reporting records, data rights records, publication rights records, IP terms, research integrity terms, public authority terms, safeguards terms, cross-border / sanctions / export-control / controlled technology reviews, non-execution boundary records, closeout records, financial reports, correspondence, corrections, amendments, returns, reallocations, and archives.

***

### Section 357. Institutional Membership Subscriptions

357.1 Institutional Membership Subscription Purpose.\
GCRI Canada may offer institutional membership subscriptions or institutional subscriptions as public-benefit access, learning, participation, publication, controlled-material, Academy, benchmarking, capability-formation, or ecosystem navigation mechanisms for eligible institutions. Institutional subscriptions shall support public-good learning, evidence literacy, methods literacy, observability literacy, ontology literacy, data / AI / cyber literacy, public-safe publication literacy, technical baseline awareness, public-good software awareness, public authority learning, community safeguards, and Nexus-compatible public-benefit participation. Institutional subscriptions shall not create governance control, statutory membership rights unless separately established by law and record, public authority access purchase, provider preference, certification, recognition, finance-readiness, procurement advantage, public authority endorsement, maturity status, or authority to bind GCRI Canada.

357.2 Subscription Eligibility.\
Eligibility for institutional subscriptions shall be determined according to public-benefit alignment, legal status, capacity, role, intended use, conflict status, sanctions, export-control, data / AI / cyber requirements, public authority capacity where applicable, protected knowledge obligations, provider neutrality, sponsor non-control, and ability to comply with subscription terms. Eligible subscribers may include universities, laboratories, nonprofit institutions, public authorities in appropriate capacity, public-sector readers, community institutions, providers under provider-neutral rules, hosts, sponsors, donors, funders, civil society bodies, research networks, and other approved institutions. Eligibility shall not imply endorsement or preferred status.

357.3 Subscription Fee Schedule.\
GCRI Canada may establish subscription fee schedules based on institution type, size, geography, access class, program access, publication access, Academy access, benchmarking access, controlled-material access where authorized, public-benefit considerations, accessibility, hardship, or other lawful criteria. Fee schedules shall be approved by competent authority and shall be consistent with nonprofit purposes, non-distribution, public-benefit access, anti-capture, and financial sustainability. Fee variations, waivers, discounts, or sponsorship-supported subscriptions shall be recorded and conflict-reviewed where material.

357.4 Subscription Benefits.\
Subscription benefits may include access to publications, briefings, Academy materials, training sessions, public-safe summaries, controlled summaries where authorized, benchmarking subscriptions, market baseline libraries, technical baseline materials, public-good software documentation, public authority learning materials, competence-cell pathways, event access, office hours, curated learning pathways, and ecosystem navigation. Benefits shall be described accurately and shall not include governance rights, Board influence, research outcome control, public authority access purchase, provider preference, procurement advantage, finance-readiness, certification, recognition, maturity status, or preferential correction treatment.

357.5 Subscription Access Classes.\
GCRI Canada may establish subscription access classes, including public access, standard institutional access, learning access, Academy access, controlled-material access, benchmarking access, public authority learning access, safeguards-limited access, technical access, repository access, data-room access, controlled-room access, and other approved classes. Access classes shall be governed by classification, confidentiality, data rights, AI-use rules, public authority terms, protected knowledge safeguards, cyber sensitivity, infrastructure sensitivity, finance sensitivity, export controls, sanctions, and closeout obligations. Access shall be revoked where terms are breached.

357.6 Subscription Training Access.\
Institutional subscriptions may include access to training, Academy modules, evidence literacy, methods literacy, observability literacy, ontology literacy, AI governance literacy, cybersecurity literacy, data governance literacy, public-safe publication literacy, public authority literacy, safeguards literacy, technical baseline literacy, and Nexus architecture literacy. Subscription training access shall remain subject to credential non-inflation. Attendance or completion shall not constitute professional certification, regulated credential, public authority qualification, procurement eligibility, provider recognition, finance-readiness, recognition, maturity, or authority to bind GCRI Canada.

357.7 Subscription Publication Access.\
Institutional subscriptions may include access to public, public-safe, controlled, or restricted publications according to access class and authorization. Publication access shall be governed by confidentiality, redistribution limits, citation rules, AI-use restrictions, public authority terms, protected knowledge safeguards, public-safe status, and correction path. Subscription access to publications shall not authorize republication, endorsement claims, public authority claims, provider marketing claims, finance-readiness claims, certification claims, procurement claims, or recognition claims.

357.8 Subscription Controlled-Material Access Where Authorized.\
Controlled-material access may be granted only where authorized by subscription class, approval, room rules, data rights, confidentiality, public authority terms, protected knowledge safeguards, cyber controls, infrastructure controls, finance-boundary controls, and need-to-know. Controlled materials may include controlled summaries, controlled annexes, technical notes, benchmark materials, public authority learning materials, data-room materials, or controlled playbooks. Controlled-material access shall not authorize download, redistribution, AI upload, external publication, provider marketing, public authority overclaim, finance reliance, certification reliance, or procurement use beyond recorded terms.

357.9 Subscription Renewal.\
Institutional subscriptions may renew according to subscription terms, payment status, eligibility, compliance, access needs, conflict review, data / AI / cyber posture, sanctions, export-control, protected knowledge obligations, public authority capacity, and program availability. Renewal shall not be automatic where risk, breach, nonpayment, misuse, overclaim, provider preference, sponsor control, or public authority misdescription exists. Renewal records shall identify access class, fees, benefits, restrictions, and changes.

357.10 Subscription Termination.\
GCRI Canada may terminate, suspend, restrict, or decline renewal of an institutional subscription for breach of terms, nonpayment, misuse of materials, public authority misdescription, finance-readiness overclaim, certification overclaim, procurement implication, provider preference, sponsor-control conduct, unauthorized AI processing, data leakage, confidentiality breach, protected knowledge misuse, cyber risk, sanctions issue, export-control issue, harassment, misconduct, conflict, or inconsistency with public-benefit purpose. Termination shall include access revocation, data disposition, controlled-material return or deletion where required, and correction of public claims.

357.11 Subscription Refunds Where Applicable.\
Refunds, credits, fee adjustments, or no-refund terms shall be governed by subscription terms, applicable law, Board policy, and fairness. Refund treatment may account for access already provided, program cancellation, termination for breach, hardship, mistaken payment, duplicate payment, or service unavailability. Refunds shall not be used as disguised private benefit, inducement, sponsor benefit, provider preference, or settlement of improper claims without authority.

357.12 No Subscription as Governance Control.\
No institutional subscription shall confer governance control, Board seat, voting right, statutory membership right, fiduciary authority, committee authority, council authority, publication authority, budget authority, program approval authority, hiring authority, research control, methods control, evidence control, public authority access control, sponsor control, provider control, or Nexus interface control unless a separate lawful record expressly creates a distinct role. Subscription participation shall not alter GCRI Canada’s legal separateness or nonprofit governance.

357.13 No Subscription as Public Authority Access Purchase.\
No institutional subscription shall be sold, described, or used as a purchase of public authority access, regulator access, public finance reader access, emergency-management access, public infrastructure operator access, ministry access, municipal access, Crown entity access, public-sector influence, public-private partnership status, funding influence, procurement influence, or sovereign relationship. Public authority learning and public-sector engagement, where any, shall be capacity-classified, public-benefit aligned, and boundary-controlled.

357.14 No Subscription as Provider Preference.\
No institutional subscription shall confer provider preference, vendor status, preferred supplier status, public-good provider status, Nexus-approved provider status, procurement eligibility, benchmark advantage, challenge advantage, adoption-window advantage, lab advantage, public authority endorsement, finance-readiness, certification, recognition, maturity, or marketing approval. Providers that subscribe shall be treated under provider neutrality and may not use subscription status as endorsement.

357.15 No Subscription as Certification, Recognition, Finance-Readiness, Procurement Advantage, or Public Authority Endorsement.\
No subscription, subscription tier, subscription badge, access class, attendance, completion, controlled-material access, benchmarking access, Academy access, public authority learning access, event access, publication access, or subscription renewal shall constitute certification, accreditation, compliance approval, recognition, standing, maturity status, Nexus Grid status, GRF recognition, finance-readiness, insurance-readiness, bankability, investment suitability, rating, public finance approval, procurement advantage, public authority endorsement, public authority approval, public warning, emergency command, or authority to speak for GCRI Canada. Required limitation language shall be included where material.

357.16 Subscription Records.\
GCRI Canada shall maintain subscription records, including institutional membership subscription purpose records, eligibility records, fee schedules, benefit records, access class records, training access records, publication access records, controlled-material access records, renewal records, termination records, refund records, no-governance-control records, no-public-authority-access-purchase records, no-provider-preference records, no-certification / no-recognition / no-finance-readiness / no-procurement-advantage / no-public-authority-endorsement records, subscriber agreements, access logs where appropriate, misuse records, corrections, closeouts, and archives.

### Section 358. Challenge Funds and Prizes

358.1 Challenge Fund Purpose.\
GCRI Canada may establish challenge funds as public-benefit, mission-aligned, non-executing funding mechanisms to stimulate research, evidence improvement, methods development, observability methods, ontology stewardship, data governance, AI governance, cybersecurity, public-good software, open technical baselines, public-safe publication, Academy materials, competence-cell materials, public authority learning, community safeguards, replication, validation, benchmarking, and Nexus-compatible technical capability. Challenge funds shall be governed by recorded rules, eligibility criteria, selection criteria, judging independence, conflict controls, sponsor and donor controls, provider-neutrality controls, public authority boundaries, data / AI / cyber terms, IP terms, payment controls, tax treatment, correction, cancellation, and closeout. A challenge fund shall not be an investment fund, venture fund, procurement vehicle, provider-selection mechanism, certification program, recognition program, maturity program, finance-readiness program, public finance program, brokerage arrangement, or execution vehicle.

358.2 Prize Purpose.\
GCRI Canada may award prizes to recognize or support public-benefit outputs, including evidence records, reproducibility improvements, methods improvements, software modules, technical baseline contributions, ontology contributions, public-safe mapping methods, cybersecurity improvements, AI governance tools, data governance tools, accessibility tools, Academy materials, community safeguards tools, benchmark improvements, vulnerability disclosures, negative-test capture, public-good documentation, or other approved outputs. A prize shall be used to encourage contribution, learning, integrity, and public-good capability, and shall not be used to purchase institutional endorsement, research findings, procurement position, provider preference, finance-readiness, certification, recognition, maturity status, public authority approval, or capital-reader advantage.

358.3 Public-Benefit Alignment.\
Every challenge fund and prize shall be reviewed for public-benefit alignment before launch, award, publication, or closeout. Public-benefit alignment shall assess whether the challenge advances GCRI Canada’s research, evidence, methods, observability, ontology, public-good software, open technical baseline, data / AI / cyber, public-safe publication, Academy, safeguards, public authority learning, or Nexus-compatible mission. Challenge funds and prizes primarily serving sponsor marketing, provider advantage, private commercialization, public authority access purchase, procurement steering, capital promotion, talent capture, data extraction, protected knowledge extraction, or institutional overclaim shall be denied, re-scoped, restricted, or cancelled.

358.4 Challenge Rules.\
Each challenge fund or prize program shall have written rules before launch. Challenge rules shall identify purpose, scope, eligible participants, prohibited participants where applicable, judging criteria, selection process, award conditions, deliverables, permitted tools, prohibited tools, data rules, AI-use rules, cyber rules, IP and contribution terms, confidentiality, public statement limits, public authority reference controls, sponsor and provider controls, conflicts, code of conduct, sanctions, export-control, controlled technology review where applicable, prize payment, tax treatment, correction, cancellation, dispute handling, and closeout. Challenge rules shall be clear enough to prevent reliance on informal promises, promotional descriptions, sponsor expectations, or provider interpretations.

358.5 Eligibility Criteria.\
Eligibility criteria shall be lawful, mission-aligned, fair, transparent where appropriate, and proportionate to the challenge purpose. Criteria may address legal status, age where applicable, jurisdiction, public-benefit relevance, technical capability, research integrity, conflict status, sponsor or provider relationship, public authority capacity, sanctions, export-control, controlled technology, data / AI / cyber capability, safeguards obligations, IP authority, code-of-conduct history, and ability to comply with challenge terms. Eligibility shall not imply endorsement, provider preference, procurement status, finance-readiness, recognition, maturity, certification, or public authority approval.

358.6 Selection Criteria.\
Selection criteria shall be recorded before judging and shall be tied to public-benefit purpose, evidence quality, method quality, reproducibility, security, accessibility, public-safe design, technical merit, safeguards compliance, documentation quality, maintainability, interoperability, correctionability, or other approved criteria. Selection criteria shall avoid hidden sponsor preferences, provider favouritism, procurement steering, finance-readiness signalling, recognition inflation, or maturity implication. Selection criteria may include negative-result value and failure-learning value where appropriate.

358.7 Judging Independence.\
Judging shall be independent, conflict-reviewed, and proportionate to the challenge risk. Judges shall disclose conflicts, recuse where required, follow recorded criteria, protect confidential information, preserve sponsor and provider neutrality, avoid public authority overclaim, and refrain from using judging status for personal, institutional, financial, provider, sponsor, or public authority advantage. Sponsor, donor, funder, provider, host, or public authority participation in judging shall be limited, disclosed, controlled, or prohibited where independence, public trust, competition, procurement, finance-boundary, or public authority-boundary risk exists.

358.8 Conflict Review.\
Challenge funds and prizes shall be subject to conflict review covering applicants, nominees, participants, judges, reviewers, sponsors, donors, funders, providers, hosts, public authorities, universities, laboratories, Board members, officers, staff, contractors, fellows, advisors, National Consortium Companies, Project SPVs, and related persons. Conflicts may require disclosure, recusal, independent review, adjusted judging, revised criteria, participant exclusion, award denial, award suspension, award withdrawal, or public-safe disclosure where material. Conflict review shall be recorded.

358.9 Sponsor and Donor Role Review.\
Sponsor and donor roles in challenge funds and prizes shall be reviewed to ensure support-without-control. Sponsors and donors shall not control challenge design, eligibility, selection, judging, scoring, award outcome, public authority access, provider references, publication timing, correction, cancellation, or public claims except through limited administrative conditions approved by GCRI Canada and consistent with this Bylaw. Sponsor and donor acknowledgments shall be factual, proportionate, approved, non-controlling, and shall not imply that funds purchase outcomes, access, recognition, certification, finance-readiness, or procurement advantage.

358.10 Provider Participation Review.\
Provider participation shall be reviewed for provider-neutrality, procurement-neutrality, conflict, competition, benchmark integrity, public authority reference, data / AI / cyber, IP, and public claims risk. Providers may participate as applicants, contributors, sponsors, technical supporters, tool providers, judges, observers, or hosts only under recorded rules that prevent provider preference, procurement advantage, benchmark manipulation, challenge capture, certification implication, finance-readiness influence, public authority access purchase, recognition, maturity, or misuse of GCRI Canada’s name. Provider participation shall not be marketed as endorsement.

358.11 Public Authority Boundary Review.\
Challenge funds and prizes involving public authorities, public authority data, public authority judges, public finance readers, regulators, emergency-management bodies, infrastructure operators, public health bodies, public safety bodies, public-sector hosts, or public authority-facing materials shall undergo public authority boundary review. Review shall confirm capacity classification, permitted references, confidentiality, non-endorsement, no-delegation, no-public-warning, no-emergency-command, no-regulatory-approval, no-procurement-approval, no-funding-approval, no-public-finance-approval, and no-sovereign-obligation language. Public authority participation shall not make any prize official public authority approval.

358.12 Data / AI / Cyber and IP Terms.\
Challenge funds and prizes shall include data / AI / cyber and IP terms proportionate to risk. Such terms shall address permitted data, prohibited data, personal information, public authority data, protected knowledge, cyber-sensitive materials, infrastructure-sensitive materials, finance-sensitive evidence, controlled technology, approved tools, AI-use restrictions, model-training restrictions, prompt and retrieval rules, repository rules, secrets, vulnerability disclosure, incident reporting, ownership, licenses, contribution rights, third-party rights, open-source obligations, moral rights where applicable, confidentiality, publication review, takedown, and correction. Submissions lacking clear authority or creating unacceptable risk may be rejected or quarantined.

358.13 Prize Payment Controls.\
Prize payments shall be approved, documented, and paid according to challenge rules, payment authority, budget, restricted-fund rules, tax requirements, sanctions screening, export-control review where applicable, conflict controls, and accounting procedures. Prize payments may be cash, reimbursement, stipend, award, in-kind support, credits, technical support, publication opportunity, or other lawful benefit. Payment shall not be contingent on capital raised, procurement awarded, insurance placed, loan closed, public finance approved, securities sold, or transaction completed.

358.14 Tax Treatment.\
Prize, award, bounty, stipend, reimbursement, scholarship, fellowship, credit, in-kind benefit, or other challenge-related payment shall be reviewed for applicable tax, reporting, withholding, accounting, receipting, and classification requirements. GCRI Canada may require recipients to provide information needed for lawful payment and reporting. Recipients may be responsible for their own tax treatment where applicable. Tax treatment shall be recorded and shall not be used to disguise compensation, private benefit, sponsor benefit, provider benefit, or improper influence.

358.15 No Prize as Investment Selection, Procurement Selection, Certification, Provider Endorsement, Recognition, Finance-Readiness, or Public Authority Approval.\
No challenge fund award, prize, shortlist, finalist status, winner status, judging note, score, badge, certificate of participation, public mention, public-safe summary, technical note, demo selection, or challenge output shall constitute investment selection, investment recommendation, securities advice, procurement selection, vendor selection, provider endorsement, provider preference, certification, accreditation, compliance approval, recognition, standing, maturity status, Nexus Grid status, GRF recognition, finance-readiness, insurance-readiness, bankability, underwriting approval, lending approval, rating, public finance approval, public authority approval, public authority endorsement, public warning, emergency command, or execution instruction. Required limitation language shall be included where material.

358.16 Challenge Correction or Cancellation.\
GCRI Canada may correct, suspend, cancel, re-scope, re-open, re-judge, withdraw, or terminate a challenge fund or prize where rules are defective, conflicts emerge, sponsor or provider influence appears, public authority misdescription occurs, data / AI / cyber risk arises, protected knowledge risk arises, research integrity concerns arise, judging integrity is compromised, market-sensitive information is exposed, public-safe publication risk arises, legal risk arises, payment risk arises, finance overclaim occurs, certification implication occurs, procurement implication occurs, or public-benefit purpose can no longer be satisfied. Correction or cancellation shall be documented and, where appropriate, communicated through public-safe or controlled notice.

358.17 Challenge Fund and Prize Records.\
GCRI Canada shall maintain challenge fund and prize records, including challenge fund purpose records, prize purpose records, public-benefit alignment reviews, challenge rules, eligibility criteria, selection criteria, judging independence records, conflict reviews, sponsor and donor role reviews, provider participation reviews, public authority boundary reviews, data / AI / cyber and IP terms, prize payment records, tax treatment records, no-investment-selection / no-procurement-selection / no-certification / no-provider-endorsement / no-recognition / no-finance-readiness / no-public-authority-approval records, correction records, cancellation records, notices, closeouts, and archives.

***

### Section 359. In-Kind Contributions, Valuation, Caps, Ownership, Custody, Use Rights, Data Review, Cyber Review, IP Review, Public Claims Review, and Closeout

359.1 In-Kind Contribution Purpose.\
GCRI Canada may accept in-kind contributions where such contributions support public-benefit research, evidence, methods, observability, ontology, public-good software, open technical baselines, data / AI / cyber controls, Academy programs, fellowships, training, community safeguards, public authority learning, labs, challenges, benchmarking, publication, accessibility, translation, infrastructure continuity, or other approved purposes. In-kind contributions shall be accepted only where lawful, mission-aligned, reviewed, documented, valued where required, classified, conflict-controlled, public-safe, and consistent with support-without-control. In-kind contributions shall not purchase control, endorsement, certification, provider preference, procurement advantage, finance-readiness influence, recognition, maturity, public authority access, or research outcomes.

359.2 Eligible In-Kind Contributions.\
Eligible in-kind contributions may include equipment, compute credits, cloud credits, software licenses, data room tools, facilities, lab access, staff time, professional services, technical assistance, sensors, AI-RAN equipment, O-RAN equipment, cybersecurity tools, hardware, connectivity, technical infrastructure, datasets, translation, accessibility support, publication support, training support, event support, repository support, or other approved non-cash support. Eligibility shall be determined by public-benefit fit, safety, legality, data / AI / cyber risk, IP risk, public authority implications, sponsor or provider influence, maintenance burden, and closeout feasibility.

359.3 Equipment.\
Equipment contributions may include computers, servers, networking equipment, lab equipment, sensors, storage devices, audiovisual equipment, accessibility equipment, test devices, or other physical assets. Equipment shall be reviewed for ownership, custody, condition, security, warranty, maintenance, insurance, safety, data storage, export-control, sanctions, controlled technology, depreciation, return, disposal, and use limits. Equipment shall not be accepted where it creates unmanaged operational control, unsafe dependency, provider capture, public authority confusion, or unacceptable maintenance burden.

359.4 Compute Credits.\
Compute credits may be accepted to support research, public-good software, AI governance, benchmarking, model evaluation, verifiable compute, data processing, cybersecurity testing, observability methods, technical baselines, or other approved technical work. Compute credits shall be reviewed for provider terms, data rights, model-training restrictions, confidentiality, public authority data restrictions, protected knowledge restrictions, cross-border processing, security, billing risk, expiry, overage, export-control, sanctions, and closeout. Compute credits shall not make the provider preferred or endorsed.

359.5 Cloud Credits.\
Cloud credits may be accepted for storage, hosting, development, testing, controlled environments, repositories, dashboards, maps, Academy systems, backups, or other approved purposes. Cloud credits shall be reviewed for security, privacy, data residency, access controls, identity management, logging, encryption, vendor lock-in, public authority data, protected knowledge, cyber-sensitive materials, infrastructure-sensitive materials, billing risk, service continuity, exit readiness, and deletion. Cloud credit use shall not become uncontrolled dependence or shadow infrastructure.

359.6 Software Licenses.\
Software licenses may be accepted where they support approved work and are compatible with GCRI Canada’s public-benefit purpose, data / AI / cyber controls, IP obligations, security, publication posture, and records. Software licenses shall be reviewed for license scope, user limits, data use, AI training, telemetry, confidentiality, export controls, audit rights, redistribution, open-source compatibility, public authority data, protected knowledge, renewal, termination, and exit. License access shall not imply provider endorsement.

359.7 Data Room Tools.\
Data room tools, controlled-room tools, secure collaboration tools, document platforms, repository tools, dashboard platforms, and review platforms may be accepted where reviewed and approved. Review shall address access controls, audit logs, no-download controls, watermarks, permissions, data residency, encryption, AI features, indexing, search, export, retention, deletion, public authority terms, protected knowledge, cyber risk, finance-sensitive evidence, and closeout. Data room tool contributions shall not create finance-reader activity, brokerage, investment solicitation, or public authority delegation.

359.8 Facilities and Lab Access.\
Facilities and lab access may be accepted for research, training, technical testing, Academy programs, public authority learning, controlled-room work, community engagement, hackathons, challenges, benchmarking, or host activations. Facility access shall be reviewed for safety, insurance, accessibility, security, public authority context, infrastructure sensitivity, equipment, data handling, confidentiality, public references, sponsor or host claims, incident procedures, and closeout. Facility hosting shall not imply host endorsement, public authority approval, procurement approval, finance-readiness, certification, recognition, or maturity.

359.9 Staff Time.\
Staff time or seconded time may be accepted where lawful and consistent with public-benefit purpose, conflict controls, confidentiality, IP, data / AI / cyber controls, public authority terms, sponsor non-control, provider neutrality, employment or contractor law, and closeout. Seconded or contributed personnel shall be trained, role-classified, access-controlled, and subject to GCRI Canada policies where applicable. Contributed staff shall not control findings, methods, publications, technical baselines, public authority access, provider references, or correction decisions.

359.10 Sensors, AI-RAN Equipment, Cybersecurity Tools, Hardware, Connectivity, or Technical Infrastructure.\
Sensors, AI-RAN equipment, O-RAN equipment, DePIN equipment, cybersecurity tools, hardware, connectivity, testbeds, networking infrastructure, compute infrastructure, edge devices, telemetry devices, remote-sensing tools, or other technical infrastructure may be accepted only after technical, cyber, safety, privacy, public authority, infrastructure sensitivity, controlled technology, export-control, sanctions, ownership, custody, maintenance, data rights, and public-safe review. Such contributions shall not make GCRI Canada an operator of mission-critical systems or create provider preference, certification, procurement approval, finance-readiness, public warning, or emergency command.

359.11 Dataset Contributions.\
Dataset contributions shall be reviewed for source, provenance, ownership, license, consent, lawful basis, privacy, personal information, public authority terms, protected knowledge, community safeguards, data quality, bias, limitations, AI-use restrictions, model-training restrictions, cross-border transfer, re-identification risk, cyber sensitivity, infrastructure sensitivity, health sensitivity, finance sensitivity, publication rights, retention, deletion, and correction. Dataset contributions lacking adequate rights, safeguards, or public-safe posture shall be rejected, quarantined, restricted, or returned.

359.12 Valuation Requirement.\
In-kind contributions shall be valued where required for accounting, tax, grant reporting, donor recognition, sponsorship benefit schedules, insurance, asset management, restricted-fund reporting, or Board oversight. Valuation shall be reasonable, documented, and based on fair value, donor-provided value subject to review, market comparison, cost basis, replacement cost, professional valuation where appropriate, or other approved method. Valuation shall not inflate donor recognition, sponsor benefit, provider status, public-good claim, or public trust.

359.13 Ownership Determination.\
Before or upon acceptance, GCRI Canada shall determine whether an in-kind contribution is owned by GCRI Canada, loaned to GCRI Canada, licensed to GCRI Canada, made available for limited use, hosted by another party, shared under contract, or controlled by a third party. Ownership determination shall address title, transfer, retention, insurance, risk of loss, responsibility for maintenance, return, disposal, IP, data, and closeout. Ambiguity in ownership shall be resolved before material reliance.

359.14 Custody Determination.\
Custody determination shall identify who physically, digitally, legally, or operationally controls contributed equipment, software, data, credits, facilities, tools, datasets, infrastructure, or other assets. Custody shall include storage location, access rights, administrators, logs, security, insurance, incident response, return, deletion, and closeout. GCRI Canada shall not assume custody of sensitive assets without adequate controls and records.

359.15 Use Rights.\
Use rights shall define what GCRI Canada may do with the in-kind contribution, including internal use, public-benefit use, research use, testing, modification, publication, redistribution, sublicensing, derivative works, repository use, AI processing, model training, dashboard display, map display, data sharing, public authority learning, controlled-room use, or public-safe release. Use rights shall identify prohibited uses, duration, revocation, attribution, confidentiality, public claims, sublicensing, and closeout. GCRI Canada shall not use contributions beyond recorded rights.

359.16 Maintenance and Support Terms.\
Maintenance and support terms shall identify who maintains, supports, patches, updates, secures, replaces, repairs, upgrades, monitors, decommissions, or pays for contributed equipment, software, cloud resources, compute credits, data room tools, connectivity, datasets, or facilities. Terms shall address service levels where any, vulnerability response, incident response, support expiration, renewal, dependencies, handoff, exit readiness, and closeout. Lack of maintenance capacity may justify refusal or restricted acceptance.

359.17 Data Review.\
In-kind contributions involving data, datasets, logs, telemetry, documents, public authority materials, protected knowledge, personal information, AI outputs, model outputs, dashboards, maps, or technical records shall undergo data review. Data review shall address lawful basis, rights, consent, public authority terms, protected knowledge, privacy, classification, retention, deletion, AI-use restrictions, publication rights, data quality, limitations, cross-border transfer, and correction path. Data review shall occur before data is ingested into approved systems where feasible.

359.18 Cybersecurity Review.\
In-kind contributions involving software, hardware, cloud services, compute credits, connectivity, sensors, repositories, cybersecurity tools, data room tools, AI systems, APIs, SDKs, infrastructure, or datasets shall undergo cybersecurity review proportionate to risk. Review shall address vulnerabilities, malware, credentials, access controls, logging, encryption, patching, supply chain risk, dependency risk, secure configuration, network exposure, public repository exposure, incident response, and decommissioning. Unreviewed contributions shall not be connected to GCRI Canada systems.

359.19 IP Review.\
In-kind contributions involving software, code, documentation, datasets, models, prompts, schemas, APIs, SDKs, hardware designs, technical baselines, methods, publications, training materials, or other intellectual property shall undergo IP review. Review shall address ownership, license, sublicensing, open-source compatibility, third-party rights, patent rights, trade secrets, moral rights where applicable, attribution, confidentiality, public release, derivative works, takedown, and correction. Contributions with unclear rights may be rejected, quarantined, or restricted.

359.20 Public Claims Review.\
In-kind contributions shall be reviewed for public claims before acknowledgment, publication, website listing, sponsor recognition, provider reference, host reference, public authority reference, report reference, or social media reference. Public claims review shall prevent statements that imply control, endorsement, certification, provider preference, procurement advantage, finance-readiness influence, recognition, maturity, public authority approval, public authority access, public warning, emergency command, or technical superiority. Approved language shall be factual and limited.

359.21 Export-Control and Sanctions Review Where Applicable.\
In-kind contributions involving controlled technology, foreign parties, restricted parties, dual-use equipment, encryption, cyber tools, AI-RAN, O-RAN, DePIN, sensors, drones, robotics, satellite or remote-sensing materials, quantum-adjacent systems, advanced compute, datasets, software, technical assistance, or cross-border transfer shall undergo export-control, sanctions, controlled technology, national security, and public-sector sensitivity review where applicable. Contributions shall be refused, restricted, licensed, segregated, or escalated where required.

359.22 In-Kind Contribution Caps Where Appropriate.\
GCRI Canada may impose caps on in-kind contributions by donor, sponsor, provider, host, tool type, program, value, dependency, access, duration, or benefit to prevent capture, dependency, undue influence, private benefit, vendor lock-in, public claims inflation, provider preference, sponsor control, or distorted budgeting. Caps may apply to cloud credits, compute credits, software licenses, staff time, facilities, data access, technical infrastructure, or services. Exceptions shall be recorded and risk-reviewed.

359.23 No In-Kind Contribution as Control, Endorsement, Certification, Provider Preference, Procurement Advantage, Finance-Readiness Influence, or Public Authority Access.\
No in-kind contribution shall confer or imply governance control, Board influence, officer influence, program control, research control, publication control, technical baseline control, data access control, public authority access, provider endorsement, provider preference, procurement advantage, certification, accreditation, recognition, maturity, finance-readiness influence, insurance-readiness influence, public finance influence, public authority endorsement, public warning, emergency command, or authority to bind GCRI Canada. In-kind support shall remain support-without-control.

359.24 In-Kind Closeout and Return.\
In-kind contribution closeout shall address use completed, use not completed, remaining credits, equipment return, equipment disposal, data disposition, access revocation, software license termination, cloud account closure, compute account closure, facility exit, staff offboarding, repository access removal, public claims correction, support termination, ownership transfer, maintenance termination, incident review, and archival. Closeout shall be documented and shall preserve confidentiality, data rights, IP, public authority terms, protected knowledge, cybersecurity, and correctionability.

359.25 In-Kind Contribution Records.\
GCRI Canada shall maintain in-kind contribution records, including in-kind purpose records, eligible contribution records, equipment records, compute credit records, cloud credit records, software license records, data room tool records, facility and lab access records, staff time records, sensor / AI-RAN / cybersecurity / hardware / connectivity / infrastructure records, dataset contribution records, valuation records, ownership records, custody records, use-right records, maintenance and support records, data review records, cybersecurity review records, IP review records, public claims review records, export-control and sanctions review records, contribution cap records, no-control / no-endorsement / no-certification / no-provider-preference / no-procurement-advantage / no-finance-readiness-influence / no-public-authority-access records, closeout and return records, corrections, and archives.

***

### Section 360. Training, Fellowship, Academy, and Cost-Recovery Fees

360.1 Training Fee Purpose.\
GCRI Canada may charge training fees to recover or support the cost of role-based training, Academy modules, public authority learning sessions, competence-cell training, train-the-trainer pathways, public-safe publication training, data / AI / cyber training, research integrity training, safeguards training, technical baseline training, public-good software training, and other approved learning activities. Training fees shall support public-benefit learning and institutional sustainability, and shall not be used to sell certification, professional status, procurement eligibility, provider preference, finance-readiness, recognition, maturity, public authority access, or authority to bind GCRI Canada.

360.2 Fellowship Fee or Stipend Structure Where Applicable.\
Fellowship programs may include stipends, scholarships, reimbursements, institutional support, tuition-like fees, administrative fees, sponsored seats, cost-sharing, or other lawful financial structures where approved and consistent with public-benefit purpose. Any fee or stipend structure shall be recorded, fair, transparent where appropriate, conflict-reviewed, tax-reviewed, and designed to avoid improper private benefit, pay-to-play fellowship access, credential purchase, sponsor capture, provider advantage, or community exclusion. Fellowship participation shall remain subject to selection, scope, duties, training, records, and closeout.

360.3 Academy Fee Purpose.\
Academy fees may be charged for public-benefit learning, curriculum access, training delivery, platform access, controlled materials where authorized, workshops, learning cohorts, public authority learning sessions, competence-cell pathways, public-safe playbooks, translation, accessibility support, and related Academy services. Academy fees shall be used to sustain learning infrastructure and shall not purchase certification, regulated credential, public authority qualification, procurement advantage, finance-readiness, recognition, maturity, provider approval, or public authority endorsement.

360.4 Cost-Recovery Fee Purpose.\
GCRI Canada may charge cost-recovery fees to recover reasonable costs associated with programs, controlled rooms, data rooms, publication access, benchmarking subscriptions, technical support, lab access, challenge administration, software maintenance, repository support, public authority learning, translation, accessibility, travel, materials, facility costs, staff time, contractor time, security controls, data / AI / cyber controls, legal review, or other approved program costs. Cost recovery shall be reasonable, documented, and not contingent on capital raised, procurement awarded, certification issued, recognition granted, finance-readiness outcome, public authority approval, or transaction completion.

360.5 Fee Approval.\
Fees shall be approved by the Board, an authorized officer, or another competent authority under policy or delegation. Fee approval shall consider public-benefit purpose, affordability, accessibility, cost basis, market context where relevant, restricted-fund conditions, donor or sponsor support, public authority context, tax treatment, accounting treatment, refund terms, scholarship or waiver needs, anti-capture risk, provider-neutrality risk, and credential non-inflation. Material fee structures, high-risk access fees, public authority-facing fees, controlled-material fees, and benchmarking fees may require heightened approval.

360.6 Fee Schedule.\
GCRI Canada may maintain fee schedules for training, Academy programs, fellowships, subscriptions, benchmarking, controlled-material access, cost recovery, labs, challenges, public authority learning, technical support, publication access, or related activities. Fee schedules may vary by institution type, geography, size, public-benefit role, access class, program class, need, hardship, public authority capacity, community role, student or fellow status, developing-context considerations, or other lawful criteria. Fee schedules shall be documented and shall not create hidden pay-to-play channels.

360.7 Scholarship and Waiver Authority.\
GCRI Canada may provide scholarships, waivers, discounts, subsidized seats, public-interest seats, community seats, fellow seats, public authority learning support, accessibility support, or other fee relief where aligned with public-benefit purpose and approved by competent authority. Scholarship and waiver decisions shall be fair, recorded, conflict-reviewed where material, and designed to support access without creating improper private benefit, sponsor influence, provider advantage, public authority access purchase, or undisclosed preferential treatment.

360.8 Sponsored Seat Controls.\
Sponsored seats may be permitted where a sponsor, donor, funder, public authority, university, laboratory, host, or partner supports participation costs for eligible participants. Sponsored seats shall be governed by recorded terms, eligibility, selection independence, no-control language, no-public-authority-access-purchase language, no-provider-preference language, no-credential-purchase language, confidentiality, public claims controls, and conflict review. Sponsors shall not control learning outcomes, participant records, certification-like statements, research conclusions, public authority access, or public references.

360.9 Public-Interest Seat Controls.\
Public-interest seats may be reserved or supported for community participants, Indigenous / local / territorial participants, public-sector learners, students, early-career participants, researchers, nonprofit participants, accessibility needs, developing-context participants, or other mission-aligned participants. Public-interest seat controls shall support equitable access, non-extraction, dignity, safeguards, transparency where appropriate, and avoidance of tokenization. Public-interest participation shall not be used to manufacture legitimacy, sponsor value, provider value, public authority endorsement, recognition, maturity, or finance-readiness claims.

360.10 No Fee as Credential Purchase.\
No fee, tuition-like payment, subscription, cost-recovery payment, sponsored seat, public-interest seat, fellowship fee, Academy fee, training fee, benchmarking fee, lab fee, challenge fee, or controlled-material fee shall purchase a credential, badge, certificate, completion status, training status, competence status, fellowship status, public authority qualification, professional qualification, or authority to speak for GCRI Canada. Any completion, attendance, or competence record shall be governed by the credential non-inflation rule.

360.11 No Fee as Professional Certification.\
No fee paid to GCRI Canada shall constitute or purchase professional certification, regulated credential, licensure, accreditation, continuing professional status, public authority qualification, procurement eligibility, provider approval, finance-readiness, insurance-readiness, bankability, investment suitability, recognition, maturity status, Nexus Grid status, GRF recognition, or public authority endorsement unless a separate lawful and competent credentialing system is expressly established and the fee is lawfully tied to that system under recorded rules. By default, GCRI Canada fees support learning or cost recovery only.

360.12 No Fee as Governance Control.\
No fee, subscription, sponsorship, donation, grant, training payment, Academy payment, fellowship payment, benchmarking subscription, cost-recovery payment, or controlled-material access payment shall confer governance control, Board rights, voting rights, statutory membership rights, officer authority, committee authority, council authority, publication authority, program approval authority, research control, methods control, public authority access control, provider control, sponsor control, or Nexus interface control unless a separate lawful governance record expressly provides otherwise.

360.13 No Fee as Provider Preference, Public Authority Access, Finance-Readiness, Procurement Advantage, Recognition, or Maturity.\
No fee shall confer or imply provider preference, preferred vendor status, procurement advantage, tender eligibility, public authority access, regulator access, public finance reader access, public authority endorsement, finance-readiness, insurance-readiness, bankability, investment suitability, underwriting approval, lending approval, rating, public finance approval, recognition, standing, maturity, certification, accreditation, Nexus-compatible status, Nexus Grid status, GRF recognition, public warning, emergency command, or execution authority. Public materials and invoices shall avoid language that could imply such benefits.

360.14 Tax, Invoice, Receipt, Refund, and Accounting Treatment.\
Fees shall be invoiced, receipted, accounted for, refunded, deferred, recognized, and reported according to applicable law, accounting standards, tax treatment, Board policy, restricted-fund rules, donor or sponsor terms, and contract terms. Invoices and receipts shall identify fee purpose, payer, amount, tax treatment where applicable, access class where applicable, program, restrictions, refund terms, and records location. Refunds shall be handled consistently and shall not be used as disguised private benefit or preferential treatment.

360.15 Training, Fellowship, Academy, and Cost-Recovery Fee Records.\
GCRI Canada shall maintain training, fellowship, Academy, and cost-recovery fee records, including training fee purpose records, fellowship fee or stipend structure records, Academy fee records, cost-recovery fee records, fee approvals, fee schedules, scholarship and waiver records, sponsored seat records, public-interest seat records, no-credential-purchase records, no-professional-certification records, no-governance-control records, no-provider-preference / no-public-authority-access / no-finance-readiness / no-procurement-advantage / no-recognition / no-maturity records, tax records, invoice records, receipt records, refund records, accounting records, corrections, closeouts, and archives.

***

### Section 361. Publication, Drill, Scholarship, Translation, Open-Source Maintenance, and Infrastructure Underwriting

361.1 Underwriting Purpose.\
GCRI Canada may accept underwriting, sponsorship, donor support, grant support, restricted funding, cost support, in-kind support, or other support for publications, drills, exercises, scholarships, translation, accessibility, open-source maintenance, public-good infrastructure, technical asset continuity, public-safe publication, Academy materials, fellowships, community safeguards, and related public-benefit activities. Underwriting shall be support-without-control and shall not confer veto rights, suppression rights, outcome purchase, public authority access, provider preference, certification, recognition, finance-readiness, procurement advantage, research conclusion control, publication control, public-good asset control, or institutional endorsement.

361.2 Publication Underwriting.\
Publication underwriting may support reports, whitepapers, technical notes, public-safe summaries, controlled summaries, websites, articles, decks, datasets, software documentation, dashboards, maps, Academy materials, public authority learning materials, translations, accessibility formats, or public-safe communications. Publication underwriting shall preserve editorial independence, research independence, evidence integrity, methods integrity, public-safe review, correctionability, sponsor and provider neutrality, and public authority boundaries. Underwriters may be acknowledged only through approved language and shall not control content, findings, timing, distribution, or correction except for narrow lawful confidentiality or factual-review conditions approved by GCRI Canada.

361.3 Drill and Exercise Underwriting.\
Drill and exercise underwriting may support tabletop exercises, public authority learning exercises, data / AI / cyber exercises, public-safe publication drills, incident response drills, dashboard exercises, map exercises, repository drills, controlled-room exercises, Academy exercises, safeguards exercises, and technical continuity exercises. Such underwriting shall not make GCRI Canada an emergency commander, public warning issuer, public authority, infrastructure operator, public safety agency, public health agency, or operational response body. Drill underwriting shall include public authority boundary language where material.

361.4 Scholarship Underwriting.\
Scholarship underwriting may support scholarships, fee waivers, public-interest seats, community participation, student participation, early-career participation, public authority learning, accessibility, travel, translation, assistive technology, or other public-benefit participation supports. Scholarship underwriting shall preserve selection independence, dignity, non-extraction, equity, accessibility, and conflict controls. Underwriters shall not select recipients unless expressly approved under conflict-controlled rules, and shall not purchase credentials, public authority access, community legitimacy, provider recognition, finance-readiness, or institutional endorsement.

361.5 Translation Underwriting.\
Translation underwriting may support translation, localization, multilingual access, plain-language summaries, accessibility formats, culturally appropriate materials, public authority learning materials, community-facing materials, controlled summaries, and public-safe publications. Translation underwriting shall preserve accuracy, controlled vocabulary, legal meaning, public-safe limitations, public authority boundary language, finance-boundary language, certification-boundary language, procurement-boundary language, protected knowledge safeguards, and correction. Underwriters shall not control translation choices to create political, commercial, provider, sponsor, public authority, or finance-readiness advantage.

361.6 Accessibility Underwriting.\
Accessibility underwriting may support accessible formats, captioning, sign-language interpretation, screen-reader compatibility, accessible websites, accessible documents, accessible dashboards, accessible maps, accessible training, assistive technologies, disability accommodations, plain-language summaries, remote participation, and accessibility review. Accessibility underwriting shall support meaningful public-benefit access and shall not be used to create sponsor reputation laundering, participant coercion, public authority endorsement, provider preference, recognition, certification, finance-readiness, or procurement advantage.

361.7 Open-Source Maintenance Underwriting.\
Open-source maintenance underwriting may support maintainers, dependency review, vulnerability management, documentation, issue triage, repository security, release engineering, tests, benchmark tools, SBOM practices where appropriate, license review, contribution review, deprecation, retirement, archival, and correction of public-good software and open technical assets. Underwriters shall not control roadmap, issue priority, security disclosure, licensing, access, maintainer appointments, provider references, public authority references, certification language, procurement language, finance-readiness language, or public-good asset governance except through approved public-benefit contribution pathways.

361.8 Public-Good Infrastructure Underwriting.\
Public-good infrastructure underwriting may support repositories, websites, dashboards, maps, data rooms, controlled rooms, Academy platforms, public-safe publication systems, observability methods infrastructure, verifiable compute tooling, Truth Engine-supporting methods, ontology registries, schema registries, evidence directories, backups, cybersecurity controls, storage, accessibility infrastructure, and technical asset continuity. Public-good infrastructure underwriting shall preserve security, continuity, public-safe controls, data rights, sponsor non-control, provider neutrality, and exit readiness. Underwriting shall not make the underwriter owner, operator, certifier, procurement authority, or finance-readiness decision-maker.

361.9 Sponsor, Donor, and Funder Acknowledgment Controls.\
Sponsor, donor, and funder acknowledgments for underwriting shall be factual, proportionate, approved, non-promotional where required, and consistent with contribution records, benefit schedules, public authority terms, protected knowledge safeguards, confidentiality, and public-safe publication. Acknowledgment shall not imply endorsement by GCRI Canada, endorsement of GCRI Canada by the underwriter, sponsor control, public authority approval, provider preference, procurement advantage, certification, recognition, finance-readiness, maturity, or public authority access.

361.10 Editorial Independence.\
Editorial independence shall apply to underwritten publications, translations, public-safe summaries, learning materials, reports, whitepapers, websites, decks, articles, datasets, software documentation, dashboards, maps, and public communications. GCRI Canada shall retain authority over content, language, evidence support, methods support, limitations, disclaimers, publication timing, public-safe status, correction, withdrawal, retraction, and archive status, subject only to lawful confidentiality, privacy, protected knowledge, public authority, IP, sanctions, export-control, and legal review conditions. Underwriters shall not dictate conclusions.

361.11 Research Independence.\
Research independence shall apply to underwritten research, drills, exercises, scholarships, open-source maintenance, labs, challenges, benchmarking, Academy materials, and public-good infrastructure. GCRI Canada shall preserve control over research design, methods, evidence classification, negative-result capture, analysis, publication review, limitations, correction, withdrawal, retraction, and archive status. Underwriting shall not purchase findings, suppress findings, predetermine results, or distort public-benefit outputs.

361.12 Public-Safe Publication Review.\
Underwritten outputs shall undergo public-safe publication review where they will be public, public authority-facing, sponsor-facing, provider-facing, capital-reader-facing, community-facing, dataset-based, software-based, dashboard-based, map-based, AI-assisted, cyber-sensitive, infrastructure-sensitive, finance-sensitive, or protected-knowledge-sensitive. Review shall assess evidence support, methods support, controlled vocabulary, disclaimers, public authority references, sponsor and provider references, finance-boundary language, certification-boundary language, procurement-boundary language, data / AI / cyber safety, protected knowledge safeguards, and correction path.

361.13 No Underwriting as Veto, Suppression Right, Outcome Purchase, Public Authority Access, Provider Preference, Certification, Recognition, Finance-Readiness, or Procurement Advantage.\
No underwriting shall confer veto rights, suppression rights, approval rights over findings, research outcome purchase, evidence conclusion purchase, method design purchase, publication conclusion purchase, standards outcome purchase, technical baseline control, public authority access, provider preference, procurement advantage, certification, accreditation, recognition, maturity, finance-readiness, insurance-readiness, bankability, underwriting approval, lending approval, rating, public finance approval, public authority endorsement, public warning, emergency command, or execution authority. Any term purporting to grant such benefit shall be prohibited unless lawfully re-scoped into an acceptable, non-controlling administrative condition.

361.14 Underwriting Closeout.\
Underwriting closeout shall identify support received, value where required, supported activity, benefits delivered, benefits not delivered, restrictions satisfied, outputs produced, disclosures made, acknowledgments made, conflicts managed, publications issued, corrections made, unused funds or assets, return or reallocation where applicable, data disposition, technical asset status, and archive status. Closeout shall confirm that underwriting remained support-without-control and did not create prohibited influence, provider preference, public authority overclaim, finance-readiness, certification, procurement advantage, recognition, or maturity status.

361.15 Underwriting Records.\
GCRI Canada shall maintain underwriting records, including underwriting purpose records, publication underwriting records, drill and exercise underwriting records, scholarship underwriting records, translation underwriting records, accessibility underwriting records, open-source maintenance underwriting records, public-good infrastructure underwriting records, sponsor / donor / funder acknowledgment control records, editorial independence records, research independence records, public-safe publication review records, no-veto / no-suppression / no-outcome-purchase / no-public-authority-access / no-provider-preference / no-certification / no-recognition / no-finance-readiness / no-procurement-advantage records, closeout records, corrections, withdrawals, and archives.

***

### Section 362. Donation Acceptance, Grant Acceptance, Sponsorship Acceptance, and Support Acceptance Tests

362.1 Acceptance Test Purpose.\
GCRI Canada shall apply acceptance tests to donations, grants, sponsorships, underwriting, subscriptions, in-kind contributions, restricted funds, cost-recovery arrangements, program support, public authority support, provider support, host support, partner support, and other forms of financial or non-financial support. Acceptance tests shall determine whether proposed support is lawful, public-benefit aligned, nonprofit-compatible, financially prudent, administratively feasible, research-integrity-preserving, public-safe, anti-capture-compliant, data / AI / cyber-compliant, privacy-respecting, IP-compatible, safeguards-compliant, public authority-boundary-compliant, finance-boundary-compliant, certification-boundary-compliant, procurement-neutral, provider-neutral, and correctionable. Support failing acceptance tests shall be refused, restricted, returned, modified, terminated, or escalated.

362.2 Legal Compliance Test.\
The legal compliance test shall assess whether proposed support complies with applicable corporate, nonprofit, tax, contract, fundraising, anti-corruption, sanctions, export-control, privacy, data protection, employment, charity where applicable, consumer protection, competition, procurement, securities, insurance, lending, public finance, intellectual property, public authority, and other laws. Support shall not be accepted where compliance cannot be reasonably established or where support would require GCRI Canada to act outside its lawful purposes, Articles, this Bylaw, or approved authority.

362.3 Public-Benefit Purpose Test.\
The public-benefit purpose test shall assess whether proposed support advances GCRI Canada’s public-benefit mission, including research, evidence, methods, observability, ontology, public-good software, open technical baselines, data / AI / cyber governance, public-safe publication, Academy, fellowships, training, community safeguards, public authority learning, technical asset continuity, or Nexus-compatible public-good work. Support primarily intended to produce private gain, sponsor reputation laundering, provider advantage, procurement influence, finance-readiness influence, recognition, maturity, certification, political influence, or public authority access shall be refused or re-scoped.

362.4 Nonprofit and Tax Compatibility Test.\
The nonprofit and tax compatibility test shall assess whether proposed support is compatible with GCRI Canada’s nonprofit, non-share, non-distributing posture, accounting treatment, tax treatment, receipting treatment where applicable, restricted-fund treatment, donor acknowledgment treatment, benefit schedule, private benefit limits, and reporting obligations. Support shall not be accepted if it would create impermissible private inurement, disguised distribution, unlawful benefit, unmanageable tax exposure, misleading receipt, or inconsistency with nonprofit financial controls.

362.5 Non-Charitable Posture Compatibility Test Unless Charitable Status Lawfully Changes.\
Unless and until GCRI Canada lawfully adopts charitable status or another legally distinct tax status, support shall be reviewed for compatibility with GCRI Canada’s non-charitable nonprofit posture. Communications, receipts, donor materials, sponsor materials, public summaries, and fundraising language shall not imply charitable tax status, charitable receipt eligibility, charitable regulatory status, or charitable treatment unless legally accurate. If GCRI Canada’s status changes lawfully, the Board shall update acceptance tests, receipting rules, public language, and compliance controls accordingly.

362.6 No Private Inurement Test.\
The no private inurement test shall assess whether proposed support would improperly benefit a director, officer, member, employee, contractor, fellow, advisor, donor, sponsor, provider, host, partner, public authority participant, related party, National Consortium Company, Project SPV, capital actor, or other private person. The test shall examine compensation, benefits, access, public references, contracts, provider advantage, research outcomes, data access, public authority access, finance-readiness influence, certification influence, procurement advantage, recognition, maturity, and residual benefits. Support creating improper private inurement shall be refused, restructured, or returned.

362.7 Anti-Capture Test.\
The anti-capture test shall assess whether proposed support could capture or unduly influence GCRI Canada governance, Board decisions, officer decisions, research agenda, evidence records, methods, ontology, public-good software, technical baselines, publications, public authority interfaces, data access, program access, benchmarking, challenge outcomes, dockets, Grid inputs, GRF-compatible inputs, GRA-facing technical inputs, Nexus interface outputs, or corrections. Capture risk may arise from funding concentration, restricted conditions, in-kind dependency, provider dependency, public authority pressure, sponsor benefits, affiliate aggregation, or reputational reliance. Support with unmanageable capture risk shall be refused or capped.

362.8 No Control-for-Cash Test.\
The no control-for-cash test shall determine whether proposed support requires or implies that money, in-kind value, credits, services, sponsorship, subscription, donation, grant, underwriting, or other support will purchase control, access, influence, favourable treatment, publication language, public authority access, provider preference, procurement advantage, certification, finance-readiness, recognition, maturity, benchmark outcome, challenge outcome, research conclusion, or standards outcome. Any control-for-cash term, side letter, informal promise, marketing statement, or expectation shall be rejected and corrected.

362.9 Research Independence Test.\
The research independence test shall assess whether proposed support preserves independent research design, methods, evidence selection, source discipline, analysis, negative-result capture, authorship, conflicts, publication review, public-safe status, correction, withdrawal, retraction, and archive status. Support shall not grant sponsor, donor, funder, provider, host, public authority, or partner control over findings, methods, evidence, conclusions, or publication except for narrow lawful confidentiality, privacy, IP, public authority, protected knowledge, sanctions, export-control, or legal review conditions.

362.10 Public Authority Boundary Test.\
The public authority boundary test shall assess whether proposed support involves public authorities, public authority data, public authority names, public authority facilities, public finance readers, regulators, emergency-management bodies, public infrastructure operators, public health bodies, public safety bodies, utilities, ports, telecom systems, energy systems, water systems, food systems, health systems, cyber bodies, or public-sector hosts. The test shall ensure no public authority delegation, no public warning authority, no emergency command, no regulatory approval, no procurement approval, no funding approval, no public finance approval, no sovereign obligation, and no misleading official status.

362.11 Finance, Insurance, Securities, Lending, Underwriting, Rating, Public Finance, Procurement, and Certification Boundary Test.\
The regulated-perimeter boundary test shall assess whether proposed support could create or imply investment advice, securities offering, solicitation, capital raising, brokerage, finder activity, insurance placement, underwriting, lending, guarantee, rating, public finance approval, procurement steering, vendor selection, certification, accreditation, compliance approval, finance-readiness, insurance-readiness, bankability, recognition, maturity, or provider endorsement. Support shall be refused, re-scoped, restricted, or accompanied by limitation language where such risk cannot be controlled.

362.12 Provider Neutrality Test.\
The provider neutrality test shall assess whether proposed support would prefer, endorse, select, rank, certify, promote, exclude, or disadvantage any provider, vendor, cloud provider, AI provider, cybersecurity provider, telecom provider, AI-RAN provider, O-RAN provider, DePIN provider, software provider, data provider, consultant, contractor, National Consortium Company, Project SPV, or commercial actor. Provider participation shall be allowed only where consistent with neutrality, competition compliance, public-benefit purpose, and approved public claims.

362.13 Sponsor and Donor Influence Test.\
The sponsor and donor influence test shall assess whether sponsor or donor benefits, recognition, naming rights, access, reporting, event visibility, public authority interface, publication rights, data access, lab participation, challenge involvement, benchmark involvement, Academy access, or public claims could produce undue influence or public misperception. Sponsor and donor benefits shall be proportionate, recorded, non-controlling, and subject to approved language. Excessive or misleading benefits shall be refused or reduced.

362.14 Data / AI / Cyber / Privacy Test.\
The data / AI / cyber / privacy test shall assess whether proposed support involves data, AI tools, cloud services, software, hardware, repositories, dashboards, maps, models, compute, telemetry, sensors, public authority data, personal information, protected knowledge, cyber-sensitive data, infrastructure-sensitive data, health-sensitive data, finance-sensitive evidence, controlled technology, cross-border transfer, or public-safe outputs. Support shall not be accepted unless data rights, privacy, security, AI-use restrictions, cyber controls, incident response, publication controls, and correction paths are adequate.

362.15 IP and Public-Good Asset Test.\
The IP and public-good asset test shall assess ownership, license, background IP, foreground IP, derivative works, open-source compatibility, patent rights, moral rights where applicable, attribution, confidentiality, public release, repository rights, technical baseline rights, public-good software rights, documentation rights, takedown rights, and correction rights. Support shall not be accepted where IP terms would capture public-good assets, prevent correction, block public-safe publication, create provider lock-in, undermine technical continuity, or conflict with open technical baseline stewardship.

362.16 Community Safeguards and Protected Knowledge Test.\
The community safeguards and protected knowledge test shall assess whether proposed support involves communities, Indigenous knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, sacred-site information, community-protected data, protected participants, youth, vulnerable persons, remote communities, health-sensitive groups, or public-safe mapping risk. Support shall not be accepted where it would extract protected knowledge, pressure participation, tokenize communities, disclose sensitive locations, create re-identification risk, override custodial authority, or undermine withdrawal and correction rights.

362.17 Sanctions, Export-Control, Controlled Technology, and Reputation Test.\
The sanctions, export-control, controlled technology, and reputation test shall assess restricted parties, restricted jurisdictions, controlled goods, controlled software, controlled technical assistance, dual-use technology, encryption, cyber tools, AI-RAN, O-RAN, DePIN, drones, robotics, satellite or remote sensing, quantum-adjacent systems, advanced compute, national security sensitivity, public-sector sensitivity, corruption risk, human rights risk, reputational risk, and alignment with public-benefit mission. Support shall be denied, restricted, licensed, escalated, or terminated where risk cannot be controlled.

362.18 Acceptance, Refusal, Restriction, Return, or Termination.\
After applying acceptance tests, GCRI Canada may accept support, accept with restrictions, require modification, impose caps, require approved language, require conflict controls, require public-safe controls, require data / AI / cyber controls, require safeguards controls, require Board approval, refuse support, return support, suspend support, terminate support, or issue correction or clarification. Acceptance is not final if later facts reveal misrepresentation, legal risk, public-safe risk, capture risk, data risk, protected knowledge risk, sanctions risk, provider preference, or prohibited influence.

362.19 Acceptance Test Records.\
GCRI Canada shall maintain acceptance test records, including acceptance test purpose records, legal compliance tests, public-benefit purpose tests, nonprofit and tax compatibility tests, non-charitable posture compatibility tests, no-private-inurement tests, anti-capture tests, no-control-for-cash tests, research independence tests, public authority boundary tests, finance / insurance / securities / lending / underwriting / rating / public finance / procurement / certification boundary tests, provider neutrality tests, sponsor and donor influence tests, data / AI / cyber / privacy tests, IP and public-good asset tests, community safeguards and protected knowledge tests, sanctions / export-control / controlled technology / reputation tests, acceptance records, refusal records, restriction records, return records, termination records, corrections, and archives.

***

### Section 363. No Control-for-Cash, No Pay-to-Play, No Procurement Steering, No Outcome Purchase, No Veto Rights, No Suppression Rights, No Standards Outcome Purchase, and No Preferential Treatment

363.1 No Control-for-Cash Rule.\
GCRI Canada shall not sell, trade, grant, imply, or permit control over governance, Board decisions, officer decisions, research agenda, evidence records, methods, ontology, public-good software, open technical baselines, publications, public authority access, program access, data access, dockets, Grid inputs, GRF-compatible inputs, GRA-facing technical inputs, Nexus interface outputs, corrections, staffing, awards, benchmarks, challenges, labs, Academy materials, or public-safe outputs in exchange for cash, grants, donations, sponsorships, subscriptions, fees, in-kind support, credits, services, public authority support, provider support, host support, capital support, or other value. Any attempted control-for-cash arrangement shall be refused, corrected, unwound, terminated, or publicly clarified where necessary.

363.2 No Pay-to-Play Rule.\
No person or institution shall obtain GCRI Canada governance rights, public authority access, provider preference, publication influence, research influence, technical baseline influence, challenge advantage, benchmark advantage, Academy credential, competence status, curated introduction, capital-reader access, Nexus interface status, recognition, maturity, certification, finance-readiness, procurement advantage, or preferential treatment by paying money or providing value. Fees, subscriptions, sponsorships, donations, grants, underwriting, and in-kind contributions may support public-benefit activities only within approved, non-controlling, public-safe, and role-separated terms.

363.3 No Access-for-Money Rule.\
GCRI Canada shall not sell access to public authorities, regulators, public finance readers, emergency-management bodies, public infrastructure operators, public health bodies, public safety bodies, utilities, ports, telecom systems, energy systems, water systems, food systems, health systems, cyber bodies, Board members, officers, fellows, councils, committees, communities, protected knowledge custodians, capital readers, National Consortium Companies, Project SPVs, GRF-compatible processes, GRA interfaces, Nexus Rails, Nexus Grid, or Nexus interface actors. Any access provided through programs shall be public-benefit aligned, capacity-classified, boundary-controlled, and not contingent on payment beyond lawful, non-controlling program fees or cost recovery.

363.4 No Procurement Steering.\
GCRI Canada shall not steer procurement toward or away from any provider, vendor, sponsor, donor, funder, host, partner, software, platform, cloud provider, AI provider, cybersecurity provider, telecom provider, AI-RAN provider, O-RAN provider, DePIN provider, consultant, contractor, National Consortium Company, Project SPV, or commercial actor. Procurement steering includes shaping requirements, timing introductions, controlling access, framing comparisons, designing benchmarks, structuring challenges, operating capability maps, publishing technical notes, or making public statements in a manner that creates procurement advantage. Public authorities and purchasers remain responsible for their own lawful procurement.

363.5 No Provider Steering.\
GCRI Canada shall not steer participants, public authorities, hosts, sponsors, donors, funders, communities, universities, laboratories, National Working Groups, consortiums, National Consortium Companies, Project SPVs, capital readers, or other actors toward or away from specific providers except through neutral, recorded, public-benefit, non-procurement information where appropriate. Provider steering includes endorsement, exclusion, ranking, preferred-provider language, selective introductions, benchmark manipulation, public authority access routing, sponsor-favoured routing, or technical baseline language designed to advantage a provider.

363.6 No Outcome Purchase.\
No donor, sponsor, funder, provider, host, partner, subscriber, participant, public authority, capital actor, National Consortium Company, Project SPV, or other person shall purchase outcomes from GCRI Canada. Prohibited purchased outcomes include favourable research findings, evidence conclusions, methods conclusions, publication conclusions, challenge awards, benchmark results, public authority references, technical baseline terms, provider references, certification-like language, recognition-like language, maturity-like language, finance-readiness language, procurement language, Nexus interface language, or correction decisions.

363.7 No Research Finding Purchase.\
GCRI Canada shall not accept support conditioned on a predetermined research finding, favourable conclusion, omission of negative results, suppression of uncertainty, selective source use, sponsor approval of findings, provider approval of findings, public authority implication, or refusal to correct. Research funding shall preserve research integrity, source discipline, methods discipline, negative-result capture, limitation disclosure, public-safe review, and correctionability. Any attempted research finding purchase shall be rejected and recorded.

363.8 No Evidence Conclusion Purchase.\
GCRI Canada shall not permit evidence conclusions, confidence notes, source classifications, proof packs, evidence packs, public-safe summaries, dashboard notes, map notes, observability records, Truth Engine outputs, verifiable intelligence records, or technical evidence inputs to be purchased, dictated, suppressed, or shaped by funders, sponsors, providers, public authorities, capital actors, or participants. Evidence conclusions shall be based on evidence records, methods records, review, limitations, and correction.

363.9 No Method Design Purchase.\
GCRI Canada shall not permit methods, scoring logic, benchmark criteria, validation criteria, replication criteria, challenge rules, dashboard methods, map methods, ontology structures, technical baselines, evidence classifications, public-safe publication methods, AI governance methods, cybersecurity methods, or data governance methods to be purchased or designed to advantage a sponsor, donor, provider, funder, host, public authority, investor, insurer, lender, National Consortium Company, Project SPV, or participant. Method design shall be public-benefit, evidence-based, transparent where appropriate, limitation-bearing, and correctionable.

363.10 No Publication Conclusion Purchase.\
No publication conclusion, report finding, whitepaper thesis, article position, public-safe summary, media statement, website text, deck language, dataset note, software release note, dashboard label, map label, public authority-facing statement, sponsor-facing statement, provider-facing statement, or capital-reader statement shall be purchased, pre-agreed, suppressed, or altered to provide private benefit, public authority implication, finance-readiness implication, certification implication, procurement advantage, recognition, maturity, provider preference, sponsor value, or investor signal.

363.11 No Public Authority Access Purchase.\
No person or institution shall purchase public authority access, regulator access, public finance reader access, emergency-management access, public infrastructure operator access, public-sector room access, public authority learning placement, official-capacity appearance, public authority quote, public authority logo use, public authority data access, public authority dashboard access, public authority briefing, public-private partnership implication, public finance approval, procurement advantage, funding influence, or sovereign relationship through GCRI Canada. Public authority participation shall be governed by capacity classification and public-benefit purpose.

363.12 No Docket or Grid Input Purchase.\
No person or institution shall purchase inclusion, advancement, priority, favourable language, evidence classification, readiness language, correction suppression, public-safe summary, Grid evidence input, activation docket input, host readiness input, Nexus Observatory input, Nexus Rails input, GRF-compatible input, GRA-facing input, or Nexus interface input. Any evidence or methods input provided by GCRI Canada shall be based on recorded evidence, methods, review, limitations, and correction, not payment or influence.

363.13 No Standards Outcome Purchase.\
No sponsor, donor, funder, provider, host, public authority, subscriber, participant, National Consortium Company, Project SPV, or other actor shall purchase standards language, protocol language, ontology language, technical baseline language, interoperability profile language, conformance pathway, compatibility note, divergence log, benchmark criterion, or public-good software roadmap outcome. Any standards-adjacent or baseline-adjacent work supported by funding shall be independently governed, conflict-reviewed, transparent where appropriate, and correctionable.

363.14 No Recognition Purchase.\
No support, payment, subscription, sponsorship, donation, grant, in-kind contribution, challenge participation, fellowship support, Academy fee, benchmark subscription, curated introduction, host activation, adoption window, lab participation, or public authority participation shall purchase recognition, standing, legitimacy, GRF recognition, public-good status, Nexus-compatible status, public trust status, maturity status, or public authority endorsement. Recognition-like matters, where separately governed, shall remain with competent bodies and records and shall not be sold by GCRI Canada.

363.15 No Finance-Readiness Purchase.\
No person or institution shall purchase finance-readiness, insurance-readiness, bankability, investability, underwriting approval, lending approval, rating, public finance approval, capital-reader status, GRA-facing favourable language, Nexus Rails favourable input, proof pack conclusion, investor introduction, capital placement, guarantee support, or transaction support from GCRI Canada. Finance-sensitive support shall be limited to technical evidence inputs, public-benefit learning, and non-reliance-controlled records where authorized.

363.16 No Certification Purchase.\
No person or institution shall purchase certification, accreditation, compliance approval, conformity assessment, safety approval, cybersecurity certification, AI certification, software certification, infrastructure certification, provider certification, procurement qualification, professional certification, regulated credential, Academy credential, or competence-cell credential from GCRI Canada by payment, sponsorship, donation, subscription, grant, in-kind contribution, challenge participation, or program participation. Any certification-like process, if ever lawfully established, shall be separate, competent, independent, conflict-controlled, and expressly authorized.

363.17 No Veto Rights.\
No donor, sponsor, funder, provider, host, partner, public authority, subscriber, participant, capital actor, National Consortium Company, Project SPV, or other external actor shall hold veto rights over GCRI Canada Board decisions, officer decisions, research findings, evidence conclusions, methods, publications, technical baselines, software releases, public authority references, sponsor references, provider references, correction, withdrawal, retraction, archive status, challenge outcomes, benchmark outputs, dockets, Grid inputs, GRF-compatible inputs, GRA-facing inputs, Nexus interface outputs, or public-safe statements except for narrow rights expressly required by law or contract to protect confidentiality, IP, privacy, protected knowledge, public authority terms, sanctions, export controls, or legal compliance.

363.18 No Suppression Rights.\
No donor, sponsor, funder, provider, host, partner, public authority, subscriber, participant, capital actor, National Consortium Company, Project SPV, or other external actor shall have suppression rights over GCRI Canada findings, evidence, methods, publications, negative results, limitations, corrections, withdrawals, retractions, public-safe summaries, public-safe notices, software vulnerabilities, benchmark defects, challenge corrections, public authority misdescription corrections, sponsor overclaim corrections, provider overclaim corrections, finance overclaim corrections, or certification / procurement overclaim corrections except where lawful confidentiality, privacy, protected knowledge, public authority terms, security, sanctions, export-control, or legal obligations require controlled handling.

363.19 No Preferential Treatment.\
No person or institution shall receive preferential treatment inconsistent with GCRI Canada’s public-benefit purpose, governance, policies, eligibility rules, conflict controls, provider neutrality, sponsor non-control, public authority boundaries, finance-boundary discipline, certification-boundary discipline, procurement neutrality, safeguards, data / AI / cyber controls, or program rules. Preferential treatment includes accelerated access, hidden access, favourable public language, priority review, suppressed correction, selective publication, provider preference, benchmark advantage, challenge advantage, fellowship advantage, Academy advantage, technical baseline influence, public authority access, or curated introduction based on value provided rather than approved public-benefit criteria.

363.20 Violation Response, Correction, Refusal, Return, Termination, or Public Clarification.\
Where GCRI Canada identifies attempted or actual control-for-cash, pay-to-play, access-for-money, procurement steering, provider steering, outcome purchase, research finding purchase, evidence conclusion purchase, method design purchase, publication conclusion purchase, public authority access purchase, docket or Grid input purchase, standards outcome purchase, recognition purchase, finance-readiness purchase, certification purchase, veto right, suppression right, or preferential treatment, GCRI Canada shall respond proportionately. Response may include refusal, restriction, return of funds, amendment, termination, access revocation, award withdrawal, correction, public-safe clarification, controlled notice, Board review, conflict review, legal review, incident review, or archive note.

363.21 Control-for-Cash and Pay-to-Play Records.\
GCRI Canada shall maintain control-for-cash and pay-to-play records, including no-control-for-cash records, no-pay-to-play records, no-access-for-money records, no-procurement-steering records, no-provider-steering records, no-outcome-purchase records, no-research-finding-purchase records, no-evidence-conclusion-purchase records, no-method-design-purchase records, no-publication-conclusion-purchase records, no-public-authority-access-purchase records, no-docket-or-Grid-input-purchase records, no-standards-outcome-purchase records, no-recognition-purchase records, no-finance-readiness-purchase records, no-certification-purchase records, no-veto-right records, no-suppression-right records, no-preferential-treatment records, violation response records, correction records, refusal records, return records, termination records, clarification records, and archives.

***

### Section 364. Sponsor Non-Control, Donor Non-Control, Funder Non-Control, Provider Non-Control, and Support-Without-Control

364.1 Support-Without-Control Principle.\
All support provided to GCRI Canada, including donations, grants, sponsorships, underwriting, subscriptions, program fees, cost recovery, in-kind contributions, credits, equipment, cloud services, compute services, software licenses, staff time, facilities, public authority support, host support, provider support, partner support, public-good technical support, and other financial or non-financial support, shall be governed by the support-without-control principle. Support may enable lawful public-benefit work, but shall not control or distort GCRI Canada governance, research, evidence, methods, observability, ontology, public-good software, open technical baselines, public-safe publication, public authority learning, Nexus interface outputs, corrections, or institutional boundaries.

364.2 Sponsor Non-Control.\
Sponsors shall not control GCRI Canada’s Board decisions, officer decisions, program approvals, research agenda, evidence conclusions, methods, ontology, public-good software, technical baselines, publications, public authority access, provider references, participant selection, challenge outcomes, benchmark outputs, Academy content, fellowship selection, competence-cell content, dockets, Grid inputs, GRF-compatible inputs, GRA-facing inputs, Nexus interface outputs, corrections, withdrawals, retractions, or archive status. Sponsor benefits shall be limited to approved, recorded, proportionate, non-controlling benefits. Sponsor acknowledgment shall not imply endorsement, authority, approval, finance-readiness, certification, procurement advantage, recognition, or maturity.

364.3 Donor Non-Control.\
Donors shall not control GCRI Canada governance, strategy, staffing, programs, research questions, evidence selection, methods, findings, publications, public authority access, technical baselines, public-good software, data access, protected knowledge, public-safe review, corrections, or Nexus interface outputs. Donor restrictions may be accepted only where lawful, public-benefit aligned, administratively feasible, and consistent with this Bylaw. Donor recognition shall be factual and shall not imply governance rights, research control, public authority access purchase, provider preference, finance-readiness influence, certification influence, recognition purchase, procurement advantage, or public authority endorsement.

364.4 Funder Non-Control.\
Funders, including grantors, philanthropic institutions, public funders, private funders, institutional supporters, and program funders, shall not control findings, methods, evidence, publications, technical baselines, software, public authority access, program outcomes, challenge outcomes, benchmark results, data access, correction, or public-safe summaries except through lawful and accepted grant conditions consistent with research integrity, public-safe publication, data rights, public authority terms, protected knowledge, and legal compliance. Funder reporting shall not become outcome control or suppression control.

364.5 Provider Non-Control.\
Providers, vendors, technology companies, cloud providers, AI providers, cybersecurity providers, telecom providers, AI-RAN providers, O-RAN providers, DePIN providers, software providers, data providers, consultants, contractors, National Consortium Companies, Project SPVs, and other enterprise actors shall not control GCRI Canada methods, baselines, software, evaluations, benchmarks, challenges, publications, public authority access, provider references, procurement language, finance-readiness language, certification language, recognition language, maturity language, or correction decisions. Provider support shall be contribution-only and provider-neutral unless a separate lawful contract defines limited services without institutional control.

364.6 Host Non-Control.\
Hosts, including universities, laboratories, public authorities, facilities, community institutions, infrastructure hosts, data-room hosts, controlled-room hosts, Academy hosts, lab hosts, and technical testing hosts, shall not control GCRI Canada governance, findings, methods, evidence, publications, public-safe summaries, public authority references, sponsor references, provider references, program outcomes, dockets, Grid inputs, technical baselines, software releases, corrections, or Nexus interface outputs. Host participation shall be governed by host activation records, agreements, public-safe publication posture, and role separation. Hosting shall not imply endorsement, public authority approval, procurement approval, finance-readiness, certification, recognition, or maturity.

364.7 Investor, Insurer, Lender, and Capital Actor Non-Control.\
Investors, insurers, lenders, guarantors, public finance institutions, capital readers, development finance actors, philanthropic finance actors, blended finance actors, rating-adjacent actors, underwriters, and other capital actors shall not control GCRI Canada technical evidence inputs, proof packs, finance-boundary language, GRA-facing technical inputs, Nexus Rails inputs, public authority learning materials, publications, dashboards, maps, dockets, Grid inputs, certification language, recognition language, maturity language, or correction decisions. Capital actors may read or receive technical evidence only within non-reliance, regulated-perimeter, and access-controlled terms. GCRI Canada shall not become their agent, arranger, broker, underwriter, or adviser.

364.8 Public Authority Non-Control Except Through Lawful Public Authority Action Outside GCRI Canada Governance.\
Public authorities, regulators, ministries, municipalities, Crown entities, emergency-management bodies, public finance bodies, public infrastructure operators, public health bodies, public safety bodies, utilities, ports, telecom systems, energy systems, water systems, food systems, health systems, cyber bodies, and public-sector participants shall not control GCRI Canada governance, Board decisions, officer decisions, research findings, methods, evidence, public-good software, technical baselines, publications, corrections, dockets, Grid inputs, GRF-compatible inputs, GRA-facing inputs, or Nexus interface outputs by participation, funding, data contribution, attendance, hosting, public authority learning, regulator listening, or public finance reading. Nothing in this Section prevents a public authority from taking lawful public authority action within its own authority outside GCRI Canada governance, provided such action is not misdescribed as GCRI Canada action or delegation.

364.9 No Control Over Board Decisions.\
No sponsor, donor, funder, provider, host, partner, subscriber, public authority, investor, insurer, lender, capital actor, university, laboratory, community participant, National Consortium Company, Project SPV, fellow, advisor, council, committee, working party, or participant shall control Board decisions unless such person lawfully serves as a director and acts solely in accordance with fiduciary duties, applicable law, the Articles, this Bylaw, conflict rules, and Board procedures. External support, relationship, access, or influence shall not create Board control.

364.10 No Control Over Officer Decisions.\
No external supporter, sponsor, donor, funder, provider, host, partner, public authority, capital actor, subscriber, participant, fellow, advisor, committee, council, National Consortium Company, or Project SPV shall control officer decisions, management decisions, approvals, publication decisions, program decisions, payment decisions, access decisions, correction decisions, or delegated authority. Officers shall act within lawful delegation and institutional duties, not external pressure or private benefit.

364.11 No Control Over Research Agenda Except Through Accepted, Labeled, and Governed Program Scope.\
External support may inform or fund a research topic only through an accepted, labeled, governed, public-benefit program scope approved under this Bylaw. Such scope may define subject matter, deliverables, timetable, and support conditions, but shall not control findings, evidence, methods, conclusions, limitations, publication, negative-result capture, correction, withdrawal, retraction, or archive status. Sponsored or funded research shall be disclosed or controlled where material and shall remain subject to research integrity.

364.12 No Control Over Findings, Methods, Evidence, Publications, Software, Technical Baselines, Public Authority Access, Docket Inputs, Grid Inputs, GRF Inputs, GRA Inputs, or Nexus Interface Outputs.\
No sponsor, donor, funder, provider, host, partner, public authority, capital actor, subscriber, participant, fellow, advisor, committee participant, council participant, National Consortium Company, Project SPV, or related party shall control GCRI Canada findings, methods, evidence, publications, software, technical baselines, public authority access, activation docket inputs, Nexus Grid inputs, GRF-compatible inputs, GRA-facing inputs, Nexus Rails inputs, Nexus Observatory methods, Nexus Risk Management inputs, Nexus Academy materials, public-safe summaries, corrections, or Nexus interface outputs. Any attempted control shall be refused, corrected, escalated, and recorded.

364.13 No Control Through Aggregated Seats, Affiliates, Related Parties, Sponsored Participants, or In-Kind Dependency.\
Control shall not be exercised indirectly through aggregated seats, affiliates, related parties, sponsored participants, funded fellows, funded researchers, contributed staff, vendor dependencies, cloud credits, compute credits, software licenses, host dependencies, data dependencies, public authority pressure, coordinated donors, sponsor coalitions, provider consortia, advisory bodies, councils, committees, or informal networks. GCRI Canada shall monitor concentration, dependency, related-party aggregation, voting semantics where any, advisory influence, funding concentration, technical dependency, and public claims to prevent indirect capture.

364.14 Support-Without-Control Records.\
GCRI Canada shall maintain support-without-control records, including support-without-control principle records, sponsor non-control records, donor non-control records, funder non-control records, provider non-control records, host non-control records, investor / insurer / lender / capital actor non-control records, public authority non-control records, no-control-over-Board-decisions records, no-control-over-officer-decisions records, accepted governed research scope records, no-control-over-findings / methods / evidence / publications / software / technical baselines / public authority access / docket inputs / Grid inputs / GRF inputs / GRA inputs / Nexus interface outputs records, indirect control and aggregation review records, corrections, refusals, restrictions, returns, terminations, public-safe clarifications, and archives.

### Section 365. Influence Caps, Sponsor Concentration, Donor Aggregation, Related-Party Funding, and Capture Controls

365.1 Influence Cap Purpose.\
GCRI Canada shall maintain influence caps, concentration reviews, aggregation rules, related-party funding review, dependency review, and capture controls to ensure that no sponsor, donor, funder, provider, host, public authority participant, capital actor, related party, affiliate group, coordinated group, or in-kind contributor acquires direct or indirect control, disproportionate influence, privileged access, preferential treatment, or institutional leverage over GCRI Canada’s governance, research, evidence, methods, observability, ontology, public-good software, open technical baselines, publications, programs, public authority interfaces, Nexus interface outputs, correction decisions, or public-benefit priorities. Influence caps shall function as mission-lock, independence, anti-capture, public trust, research integrity, provider-neutrality, procurement-neutrality, finance-boundary, certification-boundary, public authority-boundary, data / AI / cyber continuity, and correctionability controls.

365.2 Sponsor Concentration Review.\
GCRI Canada shall review sponsor concentration where one sponsor, sponsor group, sponsor-affiliated group, sponsor-funded network, sponsor-controlled entity, sponsor-aligned provider, or sponsor-related person provides or is expected to provide material financial support, in-kind support, visibility support, facility support, technical support, program support, event support, Academy support, challenge support, benchmarking support, public-good software support, or public authority learning support. Sponsor concentration review shall assess dependence, visibility pressure, public claims risk, benefit inflation, program capture, publication influence, public authority access implications, provider preference, finance-readiness influence, certification influence, procurement advantage, and public perception. Where concentration risk is material, GCRI Canada may cap, diversify, ring-fence, disclose, restrict benefits, require Board review, or refuse support.

365.3 Donor Concentration Review.\
GCRI Canada shall review donor concentration where a donor, donor family, donor-advised structure, philanthropic institution, related donor network, affiliated donor group, or coordinated donor group provides or is expected to provide material funds, restricted funds, unrestricted funds, scholarships, underwriting, endowment-like support, public-good asset support, or other support. Donor concentration review shall assess whether the support could shape institutional priorities, research agenda, publication posture, public authority interface, program access, staffing, technical asset direction, correction decisions, public-safe messaging, or institutional independence. Donor concentration shall not be used to purchase mission drift, prestige transfer, protected knowledge access, public authority access, recognition, finance-readiness, certification, or procurement advantage.

365.4 Funder Concentration Review.\
GCRI Canada shall review funder concentration where a grantor, public funder, philanthropic funder, institutional funder, development funder, public authority funder, or program funder becomes sufficiently material that GCRI Canada could be pressured to align outputs, staffing, programs, public authority references, publications, data practices, technical baselines, or Nexus interface inputs with funder priorities rather than public-benefit purpose. Funder concentration review shall assess restricted-fund risk, reporting pressure, deliverable pressure, renewal pressure, suppression risk, negative-result risk, public authority misdescription risk, and sustainability risk. Funding shall not become governance by grant.

365.5 Provider Concentration Review.\
GCRI Canada shall review provider concentration where one provider, provider group, vendor, cloud provider, AI provider, cybersecurity provider, telecom provider, AI-RAN provider, O-RAN provider, DePIN provider, software provider, data provider, consultant, contractor, repository provider, platform provider, National Consortium Company, Project SPV, or provider-affiliated network becomes material to GCRI Canada’s systems, programs, technical assets, publications, labs, challenges, benchmarks, public authority learning, or operational continuity. Provider concentration review shall assess vendor lock-in, provider preference, procurement implication, benchmark integrity, public authority perception, public-safe publication risk, technical dependency, data portability, exit readiness, and correction capacity.

365.6 Host Dependency Review.\
GCRI Canada shall review host dependency where a host institution, facility, university, laboratory, public authority host, community host, infrastructure host, controlled-room host, data-room host, Academy host, lab host, or technical testing host becomes material to GCRI Canada’s programs, public visibility, evidence access, data access, public authority interface, community relationship, or technical capability. Host dependency review shall assess whether host terms, facilities, public claims, public authority status, data control, access control, publication conditions, provider relationships, sponsor relationships, or institutional prestige could create capture, endorsement implication, public authority confusion, procurement advantage, finance-readiness implication, certification implication, or inability to correct.

365.7 In-Kind Dependency Review.\
GCRI Canada shall review in-kind dependency where equipment, compute credits, cloud credits, software licenses, data room tools, staff time, technical infrastructure, datasets, sensors, AI-RAN equipment, cybersecurity tools, facilities, connectivity, translation support, accessibility support, publication support, or other non-cash support becomes material to program continuity, public-good technical assets, data / AI / cyber controls, publication schedules, public authority learning, Academy programs, labs, challenges, benchmarking, or Nexus interface outputs. In-kind dependency review shall assess maintenance risk, provider lock-in, cost cliff, renewal pressure, data rights, cyber risk, IP risk, public claims risk, and sponsor or provider influence.

365.8 Cloud, Compute, AI Provider, Cybersecurity Provider, Repository Provider, and Critical Supplier Dependency Review.\
GCRI Canada shall conduct heightened dependency review for cloud, compute, AI provider, cybersecurity provider, repository provider, data room provider, identity provider, communications provider, observability provider, dashboard provider, map provider, backup provider, payment provider, and other critical suppliers. Review shall address service continuity, exit readiness, data portability, data residency, AI training restrictions, cyber controls, incident response, access controls, pricing changes, vendor concentration, sanctions, export controls, controlled technology, public authority data, protected knowledge, and public-good asset continuity. Critical supplier dependency shall not be allowed to compromise institutional independence or correctionability.

365.9 Related-Party Funding Review.\
GCRI Canada shall review funding, sponsorship, donations, in-kind support, fees, contracts, grants, underwriting, subscriptions, fellowships, scholarships, awards, reimbursements, procurement, or program support involving directors, officers, members where any, employees, contractors, fellows, advisors, committee participants, council participants, public authority participants, providers, sponsors, hosts, donors, funders, partners, relatives, affiliates, controlled entities, related organizations, National Consortium Companies, Project SPVs, or other related parties. Related-party funding review shall require disclosure, conflict review, recusal where required, fairness review, public-benefit rationale, no-private-inurement review, no-control review, and recordkeeping.

365.10 Aggregation of Related Donors, Sponsors, Providers, Affiliates, Controlled Entities, Sponsored Seats, and Coordinated Participants.\
For influence cap, concentration, and capture purposes, GCRI Canada may aggregate related donors, sponsors, providers, affiliates, controlled entities, parent entities, subsidiaries, common-control entities, coordinated participants, sponsored seats, funded fellows, contributed staff, shared advisors, related public claims, related in-kind support, related subscriptions, and persons acting in concert. Aggregation may apply even where support is formally separated across different contracts, programs, events, seats, accounts, contributors, or entities. Aggregation shall prevent indirect control, benefit splitting, threshold evasion, influence laundering, public authority access purchase, provider preference, and sponsor capture.

365.11 Capture Risk Classification.\
GCRI Canada shall classify capture risk as appropriate to the amount, concentration, source, terms, dependency, public visibility, public authority relevance, provider involvement, data / AI / cyber relevance, technical asset dependency, restricted-fund terms, public claims, benefit schedule, conflict profile, and strategic importance of the support. Capture risk classifications may include low, moderate, elevated, high, severe, unmanageable, or another Board-approved scale. Classification shall determine review level, Board oversight, mitigation, public language, access controls, benefit limits, diversification requirements, and termination triggers.

365.12 Mitigation Measures.\
Mitigation measures may include caps, diversification, ring-fencing, independent review, recusal, access restriction, benefit reduction, public acknowledgment limits, public-safe disclosure, provider-neutrality language, sponsor non-control language, no-public-authority-access language, no-procurement language, no-finance-readiness language, no-certification language, independent administration, clean-team structures, separate accounts, restricted delegation, publication review, dependency exit planning, technical migration planning, contract amendments, or refusal of support. Mitigation shall be proportionate and shall preserve public-benefit purpose over revenue maximization.

365.13 Refusal, Diversification, Ring-Fencing, Recusal, Access Restriction, Disclosure, or Termination.\
Where influence or capture risk is material, GCRI Canada may refuse support, diversify funding, ring-fence funds, ring-fence programs, restrict access, reduce benefits, impose recusal, require independent review, prohibit public claims, impose public-safe disclosure, terminate support, return funds, discontinue in-kind use, revoke access, change suppliers, suspend programs, or publicly clarify boundaries. These measures may be taken before acceptance, during performance, at renewal, at publication, upon incident, or during closeout.

365.14 Board Review of High Capture Risk.\
High, severe, or unmanageable capture risk shall be escalated to the Board or a Board-authorized committee. Board review shall consider mission lock, legal compliance, nonprofit character, public-benefit purpose, independence, research integrity, financial sustainability, technical dependency, public authority implications, provider neutrality, sponsor non-control, finance-boundary discipline, certification-boundary discipline, procurement neutrality, public-safe publication, data / AI / cyber continuity, protected knowledge safeguards, public trust, and correctionability. The Board may approve, condition, restrict, refuse, terminate, or require further review.

365.15 Influence Cap and Capture Records.\
GCRI Canada shall maintain influence cap and capture records, including influence cap purpose records, sponsor concentration reviews, donor concentration reviews, funder concentration reviews, provider concentration reviews, host dependency reviews, in-kind dependency reviews, cloud / compute / AI provider / cybersecurity provider / repository provider / critical supplier dependency reviews, related-party funding reviews, aggregation records, capture risk classifications, mitigation records, refusal records, diversification records, ring-fencing records, recusal records, access restriction records, disclosure records, termination records, Board review records, corrections, closeouts, and archives.

***

### Section 366. Public Acknowledgment, Sponsor Benefits, Visibility, Participation, Preview Windows, Training Seats, and Non-Endorsement Language

366.1 Acknowledgment Purpose.\
GCRI Canada may publicly acknowledge sponsors, donors, funders, grantors, hosts, providers, partners, contributors, underwriters, in-kind supporters, scholarship supporters, public-good infrastructure supporters, open-source maintenance supporters, Academy supporters, challenge supporters, translation supporters, accessibility supporters, and other supporters where acknowledgment is lawful, accurate, proportionate, public-benefit aligned, approved, and consistent with contribution records. Acknowledgment shall support transparency and stewardship, not endorsement, control, preferred status, public authority approval, provider preference, finance-readiness, certification, procurement advantage, recognition, maturity, or public authority access.

366.2 Public Acknowledgment Authority.\
Public acknowledgment may be made only by authorized persons and only using approved language, approved channels, approved logo or name treatment, and approved benefit schedules where applicable. Public acknowledgment authority shall distinguish routine acknowledgment, event acknowledgment, report acknowledgment, website listing, social media mention, sponsor page listing, donor recognition, public authority reference, provider reference, host reference, and controlled-room reference. No person shall create public acknowledgment by informal email, deck language, social media post, event remarks, logo placement, badge, website edit, or public statement without authority.

366.3 Sponsor Benefit Schedule.\
A sponsor benefit schedule shall identify permitted benefits, prohibited benefits, acknowledgment language, logo use, event visibility, speaking opportunities, participation opportunities, preview windows, training seats, controlled-room access where authorized, reporting, public-safe summaries, confidentiality, public authority limits, provider limits, finance-boundary limits, certification-boundary limits, procurement-boundary limits, and correction rights. Sponsor benefits shall be proportionate to support, mission-aligned, non-controlling, non-exclusive unless justified, and designed to avoid improper private benefit.

366.4 Donor Benefit Schedule.\
A donor benefit schedule may identify permitted donor stewardship benefits, recognition, reports, briefings, access to public or controlled materials where lawful, event invitations, learning opportunities, acknowledgment language, anonymity where applicable, confidentiality, restrictions, and correction rights. Donor benefits shall not confer governance rights, research control, public authority access, provider preference, finance-readiness influence, certification influence, procurement advantage, recognition purchase, maturity status, or outcome control.

366.5 Funder Benefit Schedule.\
A funder benefit schedule may identify grant reporting, deliverable reporting, use-of-funds reporting, public-safe summaries, acknowledgment language, briefing rights, review rights limited to accuracy or confidentiality where appropriate, public release terms, and closeout obligations. Funder benefits shall be tied to lawful reporting and stewardship, not control over conclusions, evidence, methods, publications, technical baselines, software, public authority access, provider preference, correction decisions, or Nexus interface outputs.

366.6 Visibility Benefits.\
Visibility benefits may include name listing, logo placement, report acknowledgment, event acknowledgment, website listing, program page acknowledgment, public-safe social media acknowledgment, sponsor slide listing, donor listing, scholarship supporter listing, open-source maintenance supporter listing, or other approved forms of visibility. Visibility benefits shall be factual, proportionate, non-misleading, public-safe, and shall not imply endorsement, public authority approval, procurement advantage, finance-readiness, certification, recognition, maturity, provider preference, or institutional control.

366.7 Logo and Name Placement.\
Logo and name placement shall require approval, applicable permission, correct use, public-safe context, and boundary language where needed. Logo placement shall not imply that the supporter owns, controls, endorses, certifies, approves, finances, insures, underwrites, procures, or governs GCRI Canada, any program, any output, any provider, any public authority relationship, any Nexus interface, any technical baseline, or any public-good asset. Public authority logos shall be subject to heightened review and shall not be used unless authorized.

366.8 Speaking or Participation Opportunities.\
Speaking or participation opportunities may be provided where they support public-benefit learning, stewardship, technical contribution, public authority learning, research discussion, Academy delivery, challenge activity, community safeguards, or program transparency. Such opportunities shall be governed by topic limits, conflict controls, public statement limits, public authority boundaries, provider neutrality, sponsor non-control, publication review, and moderation where appropriate. Speaking opportunities shall not be sold as influence, endorsement, public authority access, procurement positioning, finance-readiness signalling, certification, recognition, or maturity.

366.9 Training Seats.\
Training seats may be provided as sponsor benefits, donor benefits, public-interest seats, institutional subscription benefits, fellowship support, Academy access, competence-cell access, public authority learning access, or cost-recovery arrangements. Training seats shall be governed by eligibility, access class, credential non-inflation, attendance records, confidentiality, public claims limits, and no-certification language. A training seat shall not confer professional certification, regulated credential, public authority qualification, procurement eligibility, provider recognition, finance-readiness, recognition, maturity, or authority to speak for GCRI Canada.

366.10 Preview Windows.\
Preview windows may allow defined supporters, reviewers, public authorities, funders, sponsors, providers, hosts, communities, or affected stakeholders to review draft materials, factual references, confidential information, public authority references, protected knowledge, data rights, or public-safe language before release. Preview windows shall be time-limited, scope-limited, documented, and shall not create veto rights, suppression rights, outcome control, publication control, research control, public authority approval, finance-readiness influence, certification influence, procurement advantage, provider preference, or recognition purchase. Comments may be accepted, rejected, or recorded at GCRI Canada’s discretion subject to law and approved terms.

366.11 Advisory Participation.\
Advisory participation may be offered where it supports public-benefit learning, expert input, technical review, safeguards review, public authority listening, community input, or program stewardship. Advisory participation shall be governed by appointment records, mandate, confidentiality, conflicts, public statement limits, output limits, non-fiduciary status, non-governance status, no-public-authority-status-by-advisory-role language, no-certification authority, no-finance-readiness authority, no-procurement authority, no-protocol authority, and correction path. Advisory participation shall not be a paid influence benefit.

366.12 Controlled-Room Participation Where Authorized.\
Controlled-room participation may be provided only where authorized by program rules, data rights, confidentiality, access class, public authority terms, protected knowledge safeguards, cyber controls, infrastructure controls, finance-sensitive handling rules, and need-to-know. Controlled-room participation shall not authorize download, republication, AI upload, external disclosure, capital solicitation, public authority overclaim, provider marketing, certification reliance, procurement use, or finance reliance beyond recorded terms. Access may be revoked for misuse or risk.

366.13 No Benefit That Creates Control.\
No acknowledgment, visibility benefit, speaking opportunity, training seat, preview window, advisory participation, controlled-room participation, report access, dashboard access, data room access, event access, public-safe briefing, logo placement, or donor report shall create control over GCRI Canada governance, research, evidence, methods, publications, software, technical baselines, public authority access, dockets, Grid inputs, GRF inputs, GRA inputs, Nexus interface outputs, corrections, or program decisions. Benefits creating control shall be prohibited, modified, refused, or terminated.

366.14 No Benefit That Implies Endorsement.\
No supporter benefit shall imply that GCRI Canada endorses, approves, certifies, recommends, ranks, recognizes, guarantees, prefers, validates, accredits, or promotes the supporter, provider, sponsor, donor, funder, host, public authority, technology, service, product, project, National Consortium Company, Project SPV, or capital actor. Any public language that could imply endorsement shall include non-endorsement language or be revised.

366.15 No Benefit That Implies Public Authority Approval.\
No acknowledgment, benefit, event, report, public authority participation, logo placement, quote, photograph, controlled-room access, public authority learning session, preview window, or public-safe summary shall imply public authority approval, public authority adoption, public warning, emergency command, regulatory approval, procurement approval, funding approval, public finance approval, public-private partnership, sovereign obligation, or official status unless expressly authorized by competent public authority record and approved by GCRI Canada.

366.16 No Benefit That Implies Provider Preference, Certification, Recognition, Finance-Readiness, Procurement Advantage, or Public Authority Access Purchase.\
No benefit shall imply provider preference, preferred vendor status, procurement advantage, certification, accreditation, compliance approval, recognition, standing, maturity status, Nexus Grid status, GRF recognition, finance-readiness, insurance-readiness, bankability, investment suitability, underwriting approval, lending approval, rating, public finance approval, public authority access purchase, regulator access purchase, public finance reader access purchase, emergency-management access purchase, or official Nexus-compatible status. Benefit language shall be reviewed before publication.

366.17 Required Non-Endorsement Language.\
Acknowledgment and benefit materials shall include non-endorsement language where material. Such language may state that support, sponsorship, donation, funding, participation, hosting, contribution, or access does not constitute endorsement, control, certification, procurement approval, finance-readiness, public authority approval, provider preference, recognition, maturity, public warning, emergency command, investment recommendation, insurance approval, rating, or authority to bind GCRI Canada. Non-endorsement language shall be proximate and clear where public misunderstanding is reasonably possible.

366.18 Acknowledgment and Benefit Records.\
GCRI Canada shall maintain acknowledgment and benefit records, including acknowledgment purpose records, public acknowledgment authority records, sponsor benefit schedules, donor benefit schedules, funder benefit schedules, visibility benefit records, logo and name placement records, speaking or participation opportunity records, training seat records, preview window records, advisory participation records, controlled-room participation records, no-control benefit records, no-endorsement benefit records, no-public-authority-approval benefit records, no-provider-preference / no-certification / no-recognition / no-finance-readiness / no-procurement-advantage / no-public-authority-access-purchase records, required non-endorsement language, corrections, withdrawals, terminations, and archives.

***

### Section 367. Billing, Payment, Refunds, Taxes, Receipts, Non-Charitable Payment Treatment, and Commercial Mechanics

367.1 Billing Authority.\
GCRI Canada may bill, invoice, collect, receipt, refund, credit, defer, recognize, and account for fees, subscriptions, sponsorships, grants, donations, in-kind values where tracked, cost-recovery charges, Academy fees, training fees, benchmarking subscriptions, publication access fees, controlled-material access fees, fellowship fees where applicable, challenge fees where applicable, program fees, event fees, and other approved amounts only through authorized processes. Billing authority shall be exercised consistently with nonprofit purpose, public-benefit alignment, non-charitable payment treatment unless charitable status lawfully changes, tax compliance, restricted-fund tracking, anti-capture controls, support-without-control, and accurate public claims.

367.2 Invoice Requirements.\
Invoices shall identify GCRI Canada, payer, amount, currency, applicable tax where any, description, program or service, payment terms, due date, restrictions where applicable, refund terms where applicable, access class where applicable, and any required limitation language. Invoices shall not use language that implies charitable receipting where unavailable, professional certification, public authority access, provider preference, procurement advantage, finance-readiness, recognition, maturity, public authority approval, investment opportunity, securities offering, insurance placement, rating, or regulated advice.

367.3 Payment Terms.\
Payment terms shall be reasonable, recorded, and appropriate to the type of fee, subscription, sponsorship, grant, donation, cost-recovery arrangement, program, event, training, Academy, benchmarking, controlled-material access, or other arrangement. Payment terms may include due dates, late payment treatment, suspension rights, cancellation rights, refund rules, credit rules, tax treatment, invoice dispute procedures, currency rules, and access consequences. Payment terms shall not create success fees, brokerage fees, finder fees, capital placement fees, procurement-contingent fees, insurance placement fees, underwriting compensation, or transaction-based compensation.

367.4 Accepted Payment Methods.\
GCRI Canada may accept payment methods approved by policy or authorized financial personnel, including bank transfer, cheque where permitted, credit card, approved payment processor, electronic funds transfer, wire transfer, online payment, institutional purchase order, grant disbursement, donor-advised disbursement, or other lawful method. Payment methods shall be assessed for fraud risk, fees, reconciliation, chargeback risk, sanctions, cross-border implications, privacy, data security, and accounting treatment. Unapproved wallets, personal accounts, informal accounts, or side-channel payments are prohibited.

367.5 Refund Policy.\
GCRI Canada shall maintain refund rules for subscriptions, training, Academy programs, events, cost-recovery fees, benchmarking subscriptions, controlled-material access, fellowship-related fees where applicable, challenge fees where applicable, sponsorship benefits, donations where lawfully refundable, and other payments. Refund rules shall be fair, lawful, documented, and consistent with agreements, restrictions, access already provided, program cancellation, hardship, error, breach, termination, tax treatment, and accounting. Refunds shall not be used to confer preferential treatment, conceal error, avoid correction, or provide improper private benefit.

367.6 Credit Policy Where Applicable.\
GCRI Canada may provide credits, carry-forwards, substitution rights, seat transfers, access extensions, program substitutions, or future-use credits where lawful and approved. Credits shall be documented, time-limited where appropriate, accounting-controlled, and consistent with program rules, access class, data / AI / cyber controls, public authority terms, protected knowledge safeguards, and refund policy. Credits shall not confer hidden benefits, procurement advantage, public authority access, certification, finance-readiness, recognition, maturity, or provider preference.

367.7 Taxes.\
GCRI Canada shall review tax treatment for revenues, fees, grants, donations, sponsorships, subscriptions, in-kind contributions, reimbursements, prizes, awards, stipends, fellowships, scholarships, contractor payments, employee payments, foreign payments, sales taxes, GST/HST, withholding, payroll taxes, cross-border taxes, and other taxes where applicable. Tax treatment shall be documented and may require professional advice. Tax compliance shall not be treated as optional or as a marketing matter.

367.8 Sales Tax, GST/HST, or Other Tax Treatment Where Applicable.\
Where sales tax, GST/HST, VAT, provincial tax, foreign tax, or other transaction tax applies or may apply, GCRI Canada shall determine collection, invoicing, remittance, exemption, zero-rating, place-of-supply, registration, filing, and record obligations. Tax treatment may differ by training, subscriptions, digital access, publications, software, events, sponsorships, cost recovery, cross-border services, or grants. Public-facing materials shall not misstate tax treatment.

367.9 Donation Receipts Only Where Lawful and Authorized.\
Donation receipts, charitable receipts, tax receipts, donor acknowledgments, or contribution receipts shall be issued only where lawful, accurate, and authorized. Unless GCRI Canada has lawful charitable status or other lawful receipting authority, it shall not issue or imply charitable tax receipts. Acknowledgment of payment is not the same as a charitable tax receipt. Receipts shall distinguish donations, sponsorships, subscriptions, fees, cost recovery, grants, in-kind contributions, and other payments accurately.

367.10 Non-Charitable Payment Treatment Unless Charitable Status Is Lawfully Obtained.\
Unless and until GCRI Canada lawfully obtains charitable status or another applicable status that permits charitable receipting, payments to GCRI Canada shall be treated as non-charitable payments for receipting and public language purposes. GCRI Canada shall avoid language suggesting charitable tax deductibility, registered charity status, charitable donation receipt eligibility, or charitable regulatory status unless legally accurate. If status changes lawfully, the Board shall approve updated payment language, receipting procedures, tax controls, and donor communications.

367.11 Revenue Recognition.\
Revenue recognition shall follow applicable accounting standards and approved accounting policy. Revenue from grants, donations, sponsorships, subscriptions, fees, cost recovery, in-kind contributions where recognized, training, Academy access, benchmarking subscriptions, controlled-material access, publication access, and program fees shall be recognized according to restriction, performance obligation, period, access delivery, deliverable completion, or other applicable treatment. Revenue recognition shall not be manipulated to improve optics, satisfy funders, conceal restricted-fund issues, or misstate financial condition.

367.12 Restricted Revenue Tracking.\
Restricted revenue shall be tracked by source, purpose, restriction, eligible cost, period, deliverable, budget, reporting requirement, and closeout. Tracking shall distinguish restricted revenue from unrestricted revenue and shall prevent improper use, premature recognition, misallocation, or misleading reporting. Restricted revenue shall not be treated as freely available operating cash unless the restriction permits such use.

367.13 Subscription Renewal and Cancellation.\
Subscription renewal and cancellation shall be governed by subscription terms, notice requirements, payment status, eligibility, access class, misuse history, public claims conduct, data / AI / cyber compliance, sanctions, export-control, public authority capacity, protected knowledge obligations, and refund or credit rules. Renewal shall not be used to confer endorsement or preferred status. Cancellation shall include access revocation, controlled-material handling, invoice closeout, refund or credit treatment where applicable, and correction of public claims where needed.

367.14 Currency, Foreign Exchange, and Cross-Border Payment Controls.\
GCRI Canada may receive and make payments in Canadian dollars or other approved currencies. Currency and foreign exchange controls shall address exchange rate treatment, bank fees, cross-border taxes, sanctions screening, restricted jurisdictions, documentation, accounting, restricted funds, donor terms, grant terms, and fraud risk. Foreign exchange shall not be used for speculation, investment trading, capital placement, or treasury activity inconsistent with nonprofit stewardship.

367.15 Sanctions Screening for Payments.\
Payments, refunds, grants, awards, stipends, scholarships, fellowships, sponsorships, donations, subscriptions, in-kind contributions, vendor payments, and cross-border transfers shall be subject to sanctions, restricted-party, export-control, controlled technology, anti-corruption, anti-money-laundering-adjacent, or reputation screening where risk warrants or law requires. Payments shall be refused, delayed, restricted, returned, or escalated where screening identifies material risk.

367.16 Payment Dispute Handling.\
Payment disputes, invoice disputes, refund disputes, credit disputes, chargebacks, payment errors, duplicate payments, tax disputes, restricted-fund disputes, subscription disputes, sponsorship payment disputes, grant payment disputes, and cost-recovery disputes shall be handled through recorded procedures. Dispute handling shall include intake, record review, authority review, communication, correction, refund or credit decision, access adjustment where applicable, accounting entry, and closeout. Payment disputes shall not be used to negotiate prohibited benefits or suppress corrections.

367.17 Billing, Payment, Tax, Receipt, Refund, and Revenue Records.\
GCRI Canada shall maintain billing, payment, tax, receipt, refund, and revenue records, including billing authority records, invoices, payment terms, accepted payment method records, refund records, credit records, tax records, sales tax / GST/HST / other tax treatment records, donation receipt authority records, non-charitable payment treatment records, revenue recognition records, restricted revenue tracking records, subscription renewal and cancellation records, currency / foreign exchange / cross-border payment records, sanctions screening records, payment dispute records, corrections, reversals, write-offs, and archives.

***

### Section 368. Procurement and Contracting Controls

368.1 Procurement Control Purpose.\
GCRI Canada shall maintain procurement controls to ensure that purchases, vendors, contractors, consultants, software, cloud services, AI systems, cybersecurity tools, data room tools, repositories, professional services, facilities, equipment, public-good technical assets, Academy services, publication services, translation services, accessibility services, insurance, legal services, accounting services, audit services, and other goods or services are acquired lawfully, prudently, fairly where appropriate, conflict-reviewed, value-conscious, secure, privacy-respecting, public-benefit aligned, provider-neutral, and auditable. Procurement controls shall also ensure that GCRI Canada’s own procurement does not create confusion with public authority procurement or imply public-sector vendor approval.

368.2 Contracting Control Purpose.\
GCRI Canada shall maintain contracting controls to ensure that contracts accurately define purpose, scope, authority, deliverables, price, payment, confidentiality, IP, data rights, AI-use rules, cybersecurity, privacy, public authority terms, protected knowledge, publication rights, termination, records, dispute handling, liability, insurance, sanctions, export controls, controlled technology, public-safe obligations, and correction paths. Contracting controls shall prevent unauthorized commitments, hidden side letters, prohibited benefits, provider capture, sponsor control, public authority confusion, finance-boundary drift, certification implication, procurement implication, and unmanageable data or technical risk.

368.3 Procurement Policy.\
The Board or authorized officers may adopt procurement policies establishing thresholds, competitive process requirements, sole-source rules, conflict review, related-party review, vendor due diligence, security review, privacy review, data processor review, AI provider review, cloud provider review, public-good asset review, IP review, contract approval authority, payment controls, record requirements, and exceptions. Procurement policy shall be proportionate to GCRI Canada’s size, stage, resources, risks, restricted funds, grant conditions, public authority terms, and program needs.

368.4 Fairness and Value-for-Money.\
Procurement decisions shall consider public-benefit purpose, fitness for use, total cost, quality, security, privacy, reliability, accessibility, interoperability, open standards, exit readiness, support, maintenance, vendor risk, restricted-fund compliance, sustainability, and value-for-money. Value-for-money does not require lowest price in all cases, but selection shall be reasoned and recorded where material. Procurement shall not be used to reward sponsors, donors, funders, providers, directors, officers, related parties, public authority relationships, or preferred networks without legitimate justification.

368.5 Conflict Review.\
Procurement and contracting shall be subject to conflict review where directors, officers, employees, contractors, fellows, advisors, committee participants, council participants, sponsors, donors, funders, providers, hosts, public authorities, universities, laboratories, National Consortium Companies, Project SPVs, relatives, affiliates, or related persons have a financial, personal, professional, institutional, or strategic interest. Conflict review may require disclosure, recusal, independent review, competitive process, Board approval, contract restrictions, public-safe disclosure, or refusal.

368.6 Related-Party Review.\
Related-party contracts, purchases, grants, donations, sponsorships, subscriptions, fellowships, awards, reimbursements, consulting arrangements, software arrangements, facility arrangements, or in-kind arrangements shall be reviewed for fairness, necessity, market reasonableness, public-benefit purpose, no-private-inurement, conflict, disclosure, approval authority, and records. Related-party contracting shall not be used to route funds, create hidden compensation, reward influence, purchase outcomes, or create capture.

368.7 Competitive Process Where Appropriate.\
GCRI Canada may use a competitive process where appropriate for material purchases, recurring services, professional services, technology systems, cloud services, AI providers, cybersecurity providers, repositories, data room tools, publication services, facilities, equipment, and other procurements. Competitive processes may include quotations, proposals, requests for information, requests for proposals, market scans, technical evaluations, security evaluations, or value comparisons. Competition may be waived where impractical, low-value, urgent, sole-source justified, restricted-fund constrained, security-sensitive, continuity-driven, or otherwise justified and recorded.

368.8 Sole-Source Justification Where Appropriate.\
Sole-source procurement may be permitted where a vendor has unique capabilities, continuity is required, compatibility is necessary, urgency exists, cost is low, security considerations require it, open-source maintenance requires named expertise, donor or grant terms lawfully restrict choice, or competitive process would not serve public-benefit purpose. Sole-source justification shall be recorded and conflict-reviewed where material. Sole-source shall not be used to create provider preference, sponsor reward, procurement steering, or related-party benefit.

368.9 Vendor Due Diligence.\
Vendor due diligence shall be proportionate to risk and may include legal existence, reputation, references, financial stability, insurance, security posture, privacy posture, data rights, AI-use terms, sanctions, export-control, controlled technology, subcontractors, conflicts, public authority experience, accessibility, support capacity, exit readiness, and contractual terms. Vendor due diligence shall be heightened for critical suppliers, data processors, AI providers, cloud providers, cybersecurity providers, repository providers, public authority data handlers, protected knowledge handlers, and finance-sensitive evidence handlers.

368.10 Security and Privacy Review.\
Procurements involving systems, software, cloud services, AI tools, repositories, data rooms, dashboards, maps, communications tools, storage, identity systems, public authority data, personal information, protected knowledge, cyber-sensitive data, infrastructure-sensitive data, or technical assets shall undergo security and privacy review. Review shall assess access controls, MFA, encryption, logging, data residency, subprocessors, incident notification, vulnerability management, AI features, data reuse, retention, deletion, breach history, and exit readiness.

368.11 Data Processor Review.\
Where a vendor processes personal information, rights-bearing data, public authority data, protected knowledge, research data, telemetry, dashboards, maps, controlled records, or other data for GCRI Canada, GCRI Canada shall conduct data processor review and require appropriate contractual controls. Controls may include processing instructions, confidentiality, security, subprocessors, cross-border transfer, retention, deletion, breach notification, audit rights where appropriate, AI-use restrictions, model-training prohibitions where required, and return or deletion on closeout.

368.12 AI Provider Review.\
AI providers, AI assistants, model providers, embedding providers, retrieval providers, agentic tools, transcription tools, translation tools, coding assistants, summarization tools, and AI-enabled platforms shall undergo AI provider review before use with GCRI Canada materials. Review shall address data use, training, retention, logging, confidentiality, model identity, output ownership, hallucination risk, prompt injection, data leakage, public authority data, protected knowledge, cyber-sensitive materials, export controls, access controls, incident response, and human review requirements. Unapproved AI systems shall not be used for restricted materials.

368.13 Cloud Provider Review.\
Cloud providers and hosted infrastructure providers shall undergo cloud provider review proportionate to risk. Review shall address data residency, encryption, identity and access management, logging, backup, resilience, service levels, subprocessors, cross-border transfers, compliance posture, breach notification, vulnerability management, lock-in, exit readiness, billing risk, public authority data, protected knowledge, cyber-sensitive materials, infrastructure-sensitive materials, and technical continuity. Cloud procurement shall not create unmanaged dependency.

368.14 Export-Control and Sanctions Review.\
Procurement and contracting involving foreign parties, controlled technology, encryption, cyber tools, AI-RAN, O-RAN, DePIN, drones, robotics, satellite or remote-sensing materials, quantum-adjacent systems, advanced compute, datasets, software, technical assistance, public-sector sensitivity, or restricted jurisdictions shall undergo export-control, sanctions, national security, controlled technology, and reputation review where applicable. Contracts may require restrictions, licenses, denied-party screening, access limits, data localization, or refusal.

368.15 Public-Good Asset and IP Review.\
Procurements affecting public-good software, open technical baselines, schemas, APIs, SDKs, dashboards, maps, datasets, models, prompts, documentation, technical baselines, ontology files, publications, training materials, or other public-good assets shall undergo IP and public-good asset review. Review shall address ownership, license, background IP, foreground IP, open-source obligations, sublicensing, moral rights, patent rights, attribution, repository release, public-safe publication, takedown, maintenance, and correction. Contracts shall not capture public-good assets improperly.

368.16 Contract Approval Authority.\
Contracts shall be approved by authorized persons according to the signing authority matrix, expenditure thresholds, risk class, restricted-fund rules, grant terms, public authority terms, data / AI / cyber sensitivity, IP significance, contract value, duration, legal exposure, public-safe risk, and Board policies. Contract approval may require legal, finance, security, privacy, safeguards, public authority, IP, or Board review. Unauthorized contracts, side letters, oral commitments, or informal amendments are prohibited.

368.17 Required Contract Terms.\
Contracts shall include terms appropriate to the transaction, including scope, deliverables, fees, payment, taxes, confidentiality, data rights, privacy, cybersecurity, AI-use restrictions, IP, publication rights, public authority terms, protected knowledge terms, records, audit rights where appropriate, conflicts, sanctions, export controls, insurance, limitation of liability, indemnity where appropriate, termination, suspension, access revocation, data return or deletion, incident notification, non-endorsement, no-public-authority-delegation, no-procurement-approval, no-certification, no-finance-readiness, and correction obligations where relevant.

368.18 No Procurement by GCRI Canada as Public Authority Procurement.\
GCRI Canada’s procurement is private nonprofit procurement for its own public-benefit operations and programs, not public authority procurement, public-sector tendering, public works procurement, public finance procurement, regulatory approval, or public procurement approval. No vendor selected by GCRI Canada shall represent that it has been selected, approved, prequalified, or endorsed by a public authority or public procurement process because of a GCRI Canada contract. Public authorities remain responsible for their own procurement.

368.19 No Contracting That Creates Provider Preference or Public Authority Confusion.\
GCRI Canada shall not contract in a manner that creates provider preference, preferred vendor status, public authority approval implication, procurement steering, certification implication, finance-readiness implication, recognition implication, maturity implication, public warning implication, or public authority delegation. Vendor references shall be factual and limited. Contracts may prohibit vendors from using GCRI Canada name, logos, materials, public authority relationships, or Nexus references for marketing without approval.

368.20 Procurement and Contracting Records.\
GCRI Canada shall maintain procurement and contracting records, including procurement control purpose records, contracting control purpose records, procurement policies, fairness and value-for-money records, conflict reviews, related-party reviews, competitive process records, sole-source justifications, vendor due diligence records, security and privacy reviews, data processor reviews, AI provider reviews, cloud provider reviews, export-control and sanctions reviews, public-good asset and IP reviews, contract approval records, required contract term records, no-public-authority-procurement records, no-provider-preference / no-public-authority-confusion records, contracts, amendments, renewals, terminations, disputes, corrections, and archives.

***

### Section 369. Fraud Controls, Anti-Corruption, Gifts, Hospitality, Expense Reimbursement, and Financial Incident Response

369.1 Fraud Control Purpose.\
GCRI Canada shall maintain fraud controls, anti-corruption controls, gift and hospitality controls, expense reimbursement controls, corporate card controls, financial misconduct intake, financial incident response, recovery, correction, disclosure, and remediation processes to protect funds, assets, public-good technical assets, records, public trust, research integrity, public authority relationships, donor trust, sponsor integrity, provider neutrality, nonprofit character, and institutional continuity. Fraud controls shall apply to cash, payments, invoices, grants, donations, sponsorships, subscriptions, in-kind contributions, procurement, reimbursements, payroll where applicable, contractor payments, awards, stipends, scholarships, challenge prizes, cloud credits, software credits, technical assets, and records.

369.2 Fraud Prevention.\
Fraud prevention shall include segregation of duties, approval thresholds, dual approval, vendor verification, bank detail verification, restricted-fund controls, budget controls, payment limits, MFA, access controls, reconciliation, invoice review, receipt requirements, procurement controls, conflict disclosure, related-party review, gift and hospitality limits, staff training, whistleblowing or reporting channels where adopted, and Board oversight. Prevention measures shall be proportionate to GCRI Canada’s size, risk, resources, and activity.

369.3 Fraud Detection.\
Fraud detection may include bank reconciliations, budget variance review, invoice review, duplicate payment review, unusual transaction review, vendor master review, credit card review, restricted-fund review, expense review, audit or review engagement, access logs, payment logs, grant reporting review, subscription reconciliation, and incident reporting. Suspected fraud indicators shall be escalated promptly. Detection shall include attempted fraud, phishing, invoice redirection, payment diversion, fake vendor, false reimbursement, false grant report, and misuse of in-kind contributions.

369.4 Fraud Reporting.\
Directors, officers, employees, contractors, fellows, advisors, committee participants, council participants, program stewards, financial personnel, and other authorized persons shall report suspected fraud, attempted fraud, financial misconduct, bribery, kickbacks, payment diversion, false claims, false invoices, expense abuse, gift abuse, restricted-fund misuse, procurement abuse, related-party abuse, sponsor benefit abuse, provider benefit abuse, or financial records manipulation through approved channels. Reports shall be handled confidentially where appropriate and without retaliation.

369.5 Anti-Corruption.\
GCRI Canada shall not engage in corruption, bribery, improper inducements, improper gifts, improper hospitality, kickbacks, facilitation payments where prohibited, pay-to-play, public authority access purchase, procurement influence purchase, finance-readiness influence purchase, certification influence purchase, recognition purchase, or outcome purchase. Anti-corruption controls shall apply to public authorities, sponsors, donors, funders, providers, hosts, partners, vendors, public finance readers, capital actors, universities, laboratories, communities, and all persons acting for or with GCRI Canada.

369.6 Bribery Prohibition.\
No person acting for or with GCRI Canada shall offer, promise, give, request, accept, or authorize a bribe, improper payment, improper benefit, hidden commission, personal benefit, gift, hospitality, contribution, job, contract, fellowship, scholarship, award, training seat, travel, donation, sponsorship, or in-kind benefit intended to influence a decision, obtain improper advantage, secure public authority access, steer procurement, influence finance, obtain certification, obtain recognition, suppress findings, alter publications, or affect GCRI Canada records.

369.7 Kickback Prohibition.\
Kickbacks are prohibited. No director, officer, employee, contractor, fellow, advisor, reviewer, judge, committee participant, council participant, public authority participant, sponsor, provider, donor, funder, host, vendor, or partner shall receive or provide undisclosed value in exchange for contracts, payments, awards, grants, prizes, procurement, curated introductions, provider references, public authority access, finance-sensitive introductions, certifications, recognition, maturity language, or favourable treatment. Suspected kickbacks shall be escalated and investigated.

369.8 Facilitation Payment Prohibition Where Applicable.\
Facilitation payments shall be prohibited where unlawful and shall not be used to accelerate permits, public authority access, procurement, customs, visas, logistics, payments, registrations, inspections, approvals, public finance, or other public or private actions. Where a payment is demanded under duress or safety threat, the matter shall be reported promptly, recorded, legally reviewed, and remediated. GCRI Canada shall not normalize unofficial payments.

369.9 Gifts and Hospitality Policy.\
GCRI Canada shall maintain gift and hospitality rules appropriate to its public-benefit mission and risk. Gifts and hospitality shall be modest, lawful, occasional, transparent, not cash or cash-equivalent unless expressly allowed for an approved purpose, not intended to influence decisions, not linked to procurement, finance, public authority access, certification, recognition, challenge awards, benchmark outcomes, publications, or program approvals, and consistent with public authority rules where public officials are involved. Gifts or hospitality creating risk shall be refused, returned, donated, disclosed, or recorded.

369.10 Gift Register.\
GCRI Canada may maintain a gift register recording gifts offered, received, accepted, declined, returned, donated, or disposed of where required by policy or risk. The gift register may identify date, giver, recipient, value, description, purpose, related program, public authority relevance, sponsor or provider relevance, decision pending, approval, disposition, and conflicts. Gift register records shall be confidential or public-safe according to classification and law.

369.11 Hospitality Register.\
GCRI Canada may maintain a hospitality register recording meals, travel, lodging, event access, entertainment, hosted meetings, receptions, or other hospitality offered or received where required by policy or risk. The hospitality register may identify host, recipient, value, purpose, public authority involvement, sponsor or provider involvement, procurement or funding relevance, approval, and conflict review. Hospitality shall not be used to purchase influence or create public authority access.

369.12 Expense Reimbursement Policy.\
GCRI Canada shall maintain expense reimbursement rules requiring business purpose, receipts or reasonable support, approval, funding source, program allocation, compliance with budget, restricted-fund rules, travel rules, gift rules, public authority rules, and conflict rules. Reimbursements shall be reasonable, documented, and timely. Reimbursements shall not be used to provide hidden compensation, improper private benefit, political benefit, sponsor benefit, provider benefit, public authority influence, or procurement advantage.

369.13 Travel and Event Expense Controls.\
Travel and event expenses shall be authorized, reasonable, mission-aligned, budgeted where required, and consistent with public-benefit purpose, accessibility, safety, public authority rules, sponsor rules, donor rules, grant rules, and conflicts. Travel support for fellows, community participants, public authority participants, trainers, speakers, or staff shall be documented and shall not be used to buy participation, public authority endorsement, protected knowledge, research outcomes, procurement advantage, finance-readiness influence, certification influence, recognition, or maturity status.

369.14 Corporate Card Controls.\
Corporate cards, purchasing cards, virtual cards, and payment cards shall be issued only to authorized persons, subject to limits, permitted-use rules, receipt requirements, reconciliation, review, dispute handling, cancellation, and offboarding. Cards shall not be used for personal expenses, cash advances unless expressly authorized, political contributions, prohibited gifts, undocumented expenses, unapproved subscriptions, shadow IT, unapproved AI tools, or restricted purchases. Card misuse shall trigger review and corrective action.

369.15 Financial Misconduct Intake.\
GCRI Canada shall maintain intake procedures for financial misconduct allegations, including fraud, theft, bribery, kickbacks, false invoices, expense abuse, restricted-fund misuse, procurement abuse, sponsor benefit abuse, provider benefit abuse, payment diversion, false reporting, revenue misstatement, tax receipt misuse, donor condition breach, or financial records manipulation. Intake shall capture facts, records, persons involved, funds affected, urgency, legal risk, public authority relevance, data / AI / cyber relevance, protected knowledge relevance, and immediate containment needs.

369.16 Financial Incident Response.\
Financial incident response shall include containment, preservation of records, access restriction, payment hold, bank notification, vendor notification where appropriate, insurer notification where appropriate, legal review, Board escalation where material, investigation, recovery efforts, correction of records, disclosure review, remediation, and closeout. Incidents involving cyber compromise, data leakage, public authority funds, grant funds, restricted funds, donor funds, sponsor funds, public claims, or protected knowledge shall be coordinated with applicable incident procedures.

369.17 Investigation, Recovery, Correction, Disclosure, and Remediation.\
Investigations shall be fair, documented, confidential where appropriate, and proportionate to risk. GCRI Canada may seek recovery, reverse payments, terminate contracts, discipline personnel, revoke access, report to authorities where required, notify insurers, correct financial statements, correct donor reports, correct public claims, return funds, update controls, retrain personnel, and revise policies. Disclosure shall be made where required by law, grant terms, donor terms, public authority terms, audit requirements, insurance, or Board decision.

369.18 Fraud, Anti-Corruption, Gift, Hospitality, Expense, and Incident Records.\
GCRI Canada shall maintain fraud, anti-corruption, gift, hospitality, expense, and incident records, including fraud control purpose records, fraud prevention records, fraud detection records, fraud reports, anti-corruption records, bribery prohibition records, kickback prohibition records, facilitation payment records, gift policy records, gift registers, hospitality registers, expense reimbursement records, travel and event expense records, corporate card records, financial misconduct intake records, financial incident response records, investigation records, recovery records, correction records, disclosure records, remediation records, discipline records, closeouts, and archives.

***

### Section 370. Donor Reporting, Quarterly Public-Safe Scoreboard, Annual Audit-Ready Donor Report, Release Calendar, and Public-Safe Financial Summaries

370.1 Donor Reporting Purpose.\
GCRI Canada may provide donor reporting to support stewardship, transparency, accountability, restricted-fund compliance, public-benefit explanation, deliverables tracking, use-of-funds accountability, public-safe impact communication, and relationship management. Donor reporting shall be accurate, evidence-supported, limitation-bearing, non-promotional where required, boundary-compliant, and correctionable. Donor reporting shall not become outcome purchase confirmation, sponsor control, public authority access proof, provider preference, finance-readiness confirmation, certification, recognition, maturity, procurement advantage, or public authority approval.

370.2 Funder Reporting Purpose.\
Funder reporting may be provided to grantors, philanthropic funders, public funders, institutional funders, development funders, program funders, or other funding bodies according to law, agreement, Board policy, or approved stewardship practice. Funder reporting shall distinguish activities, deliverables, expenditures, limitations, changes, corrections, risks, and closeout. Funder reporting shall not permit funders to control findings, suppress results, distort methods, steer public authority engagement, or influence regulated-perimeter outputs.

370.3 Sponsor Reporting Purpose.\
Sponsor reporting may describe benefits delivered, support used, activities supported, public-safe outputs, acknowledgments, event participation, training seats, public-good deliverables, publication status, and closeout. Sponsor reporting shall be consistent with benefit schedules and sponsor non-control. Sponsor reports shall not imply that sponsorship purchased research findings, public authority access, provider preference, procurement advantage, finance-readiness, certification, recognition, maturity, public authority approval, or publication control.

370.4 Grantor Reporting Purpose.\
Grantor reporting shall satisfy lawful and accepted grant conditions, including financial reporting, deliverable reporting, milestone reporting, restricted-fund reporting, use-of-funds reporting, variance reporting, data rights reporting, publication reporting, safeguards reporting, and closeout. Grantor reports shall be supported by program records and financial records. Where grantor reporting involves public authority data, protected knowledge, sensitive data, or controlled technology, reporting shall follow applicable handling and redaction rules.

370.5 Report Content Controls.\
Reports to donors, funders, sponsors, grantors, public authorities, or public-safe audiences shall be reviewed for accuracy, source support, financial support, milestone status, deliverable status, public authority references, sponsor references, provider references, protected knowledge, privacy, cyber sensitivity, infrastructure sensitivity, finance-boundary language, certification-boundary language, procurement-boundary language, recognition-boundary language, maturity-boundary language, public warning language, limitations, and correction path. Report content shall not overstate impact, completion, independence, public authority support, finance readiness, certification, procurement significance, or sponsor influence.

370.6 Use-of-Funds Reporting.\
Use-of-funds reporting shall describe how funds were spent or allocated according to budget, restrictions, grant terms, donor terms, sponsor terms, program records, and accounting records. Use-of-funds reporting may include categories, amounts, periods, remaining balances, restricted-fund status, variance, eligible costs, and closeout. Use-of-funds reporting shall not misclassify restricted funds, conceal ineligible costs, overstate deliverables, or imply donor or sponsor control.

370.7 Milestone Reporting.\
Milestone reporting may describe program intake, approval, launch, evidence readiness, methods readiness, data / AI / cyber readiness, safeguards review, public authority boundary review, finance-boundary review, host readiness, adoption window, sprint, lab, challenge, publication review, controlled release, public-safe release, closeout, and correction milestones. Milestone reporting shall state status accurately and shall not imply certification, procurement approval, finance-readiness, recognition, maturity, public authority approval, public warning, or execution authority.

370.8 Deliverables Reporting.\
Deliverables reporting may describe research notes, evidence records, methods notes, observability records, ontology updates, software releases, technical baselines, datasets, dashboards, maps, Academy materials, fellowships, training records, competence-cell materials, public-safe playbooks, challenge outputs, benchmark outputs, public authority learning materials, and closeout reports. Deliverables reporting shall identify limitations, publication status, access status, versions, corrections, and non-deliverables. Deliverables shall not be reported as approvals, certifications, finance-readiness determinations, procurement decisions, recognition, maturity, or public authority actions.

370.9 Impact Reporting With Evidence and Limitation Controls.\
Impact reporting shall be evidence-supported, limitation-bearing, proportionate, and public-safe. Impact may include learning outputs, evidence records, methods improvements, software maintenance, training completion, accessibility improvements, safeguards processes, public authority learning participation, public-safe publications, technical asset continuity, corrections, replication results, or capability formation. Impact reporting shall avoid inflated causality, unsupported social impact claims, sponsor value claims, public authority adoption claims, finance-readiness claims, certification claims, procurement claims, recognition claims, maturity claims, or provider superiority claims.

370.10 No Report as Outcome Purchase Confirmation.\
No donor report, funder report, sponsor report, grantor report, scoreboard, public-safe financial summary, use-of-funds report, milestone report, deliverables report, impact report, closeout report, or annual donor report shall confirm or imply that support purchased outcomes, findings, evidence conclusions, methods, publications, public authority access, provider preference, procurement advantage, finance-readiness, certification, recognition, maturity, Nexus interface status, public warning, emergency command, or execution authority. Reports shall confirm stewardship, not purchased results.

370.11 No Report as Recognition, Finance-Readiness, Certification, Procurement, or Public Authority Approval.\
No report shall constitute or be represented as GRF recognition, Nexus Grid maturity, public legitimacy, finance-readiness, insurance-readiness, bankability, investability, underwriting approval, lending approval, public finance approval, rating, certification, accreditation, compliance approval, procurement approval, provider selection, public authority approval, public authority endorsement, public warning, emergency command, public-private partnership, sovereign obligation, or execution instruction. Required limitation language shall be included where material.

370.12 Quarterly Public-Safe Scoreboard Where Approved.\
GCRI Canada may publish a quarterly public-safe scoreboard where approved by the Board or authorized officer. The scoreboard may summarize public-safe information regarding programs, publications, training, technical assets, evidence records, methods records, software maintenance, corrections, donor-supported activities, accessibility, safeguards, and institutional progress. Scoreboard content shall be aggregated, limitation-bearing, non-sensitive, non-promotional, non-certifying, non-finance, non-procurement, public authority-boundary-compliant, and correctionable. A scoreboard shall not rank providers, rate projects, certify outputs, or signal finance-readiness.

370.13 Annual Audit-Ready Donor Report.\
GCRI Canada may prepare an annual audit-ready donor report to provide donors, funders, sponsors, grantors, Board members, members where any, and approved stakeholders with structured information on funds received, use of funds, restricted funds, programs supported, deliverables, limitations, public-safe impact, corrections, and closeout status. Audit-ready means record-supported and capable of verification; it does not necessarily mean audited unless an audit has occurred. The report shall not imply charitable receipting, public authority approval, finance-readiness, certification, procurement approval, recognition, or maturity.

370.14 Release Calendar.\
GCRI Canada may maintain a release calendar for donor reports, funder reports, sponsor reports, grantor reports, scoreboards, public-safe financial summaries, annual reports, public-safe summaries, restricted reports, and closeout reports. The release calendar shall coordinate review, approvals, redactions, public-safe checks, financial verification, public authority reference review, sponsor and provider reference review, and correction. Release timing shall not be manipulated to serve capital markets, procurement processes, sponsor marketing, provider advantage, or public authority misinterpretation.

370.15 Public-Safe Financial Summaries.\
Public-safe financial summaries may describe revenues, expenses, program categories, grants, donations, sponsorships, subscriptions, in-kind support where tracked, restricted funds, unrestricted funds, reserves, use-of-funds categories, and stewardship practices. Public-safe financial summaries shall be accurate, non-misleading, limitation-bearing, and approved. They shall not disclose confidential donor information, protected knowledge, public authority-sensitive information, cyber-sensitive information, infrastructure-sensitive information, finance-sensitive evidence, or personal information unless authorized and reviewed.

370.16 Redaction, Confidentiality, and Protected Information Controls.\
Reports, scoreboards, and financial summaries shall be reviewed for redaction, confidentiality, protected knowledge, personal information, public authority-sensitive information, cyber-sensitive information, infrastructure-sensitive information, finance-sensitive evidence, legal privilege, donor anonymity, sponsor confidentiality, grantor confidentiality, vendor confidentiality, and contractual restrictions. Redactions shall preserve public-safe meaning and avoid misleading omissions. Controlled reports shall not be republished without approval.

370.17 Correction and Supersession of Donor Reports.\
Donor, funder, sponsor, grantor, scoreboard, annual donor report, and public-safe financial summary outputs shall remain correctionable and supersedable. Correction or supersession shall occur where financial records change, errors are found, restrictions are misdescribed, deliverables are misstated, public authority references are inaccurate, sponsor or provider references are misleading, impact is overstated, public-safe issues arise, protected information is disclosed, or boundary language is insufficient. Corrections may be public-safe or controlled according to audience and risk.

370.18 Donor, Funder, Sponsor, Grantor, Scoreboard, and Public-Safe Financial Summary Records.\
GCRI Canada shall maintain donor, funder, sponsor, grantor, scoreboard, and public-safe financial summary records, including donor reporting purpose records, funder reporting purpose records, sponsor reporting purpose records, grantor reporting purpose records, report content control records, use-of-funds reports, milestone reports, deliverables reports, impact reporting records, no-outcome-purchase-confirmation records, no-recognition / no-finance-readiness / no-certification / no-procurement / no-public-authority-approval records, quarterly public-safe scoreboard records, annual audit-ready donor reports, release calendars, public-safe financial summaries, redaction records, confidentiality records, protected information controls, correction records, supersession records, releases, withdrawals, closeouts, and archives.

***

### Section 371. Financial, Grant, Donation, Sponsorship, In-Kind, Expense, Audit, Tax, and Closeout Records

371.1 Financial Record Requirement.\
GCRI Canada shall maintain financial, grant, donation, sponsorship, in-kind, expense, audit, tax, procurement, subscription, fee, fraud, reporting, and closeout records sufficient to support lawful governance, nonprofit accountability, Board oversight, auditability, tax compliance, restricted-fund compliance, public-benefit stewardship, anti-capture controls, sponsor non-control, provider neutrality, public authority boundary discipline, research integrity, data / AI / cyber continuity, public-safe publication, correctionability, and institutional memory. Financial records shall be accurate, complete, timely, classified, retained, protected, and disposed of according to applicable law, policy, and record status.

371.2 Budget Records.\
Budget records shall include annual budgets, interim budgets, multi-year financial plans, budget amendments, emergency budget amendments, reserve targets, runway targets, program budgets, restricted-fund budgets, grant budgets, sponsorship budgets, Academy budgets, fellowship budgets, challenge budgets, benchmarking budgets, technical asset budgets, data / AI / cyber budgets, legal and risk budgets, variance reviews, Board approvals, officer approvals, assumptions, corrections, and archives. Budget records shall distinguish approved planning from enforceable commitments.

371.3 Account Records.\
Account records shall include chart of accounts, general ledger, sub-ledgers, restricted-fund accounts, unrestricted-fund accounts, accounts payable, accounts receivable, revenue records, expense records, payroll records where applicable, contractor payment records, prepaid expenses, deferred revenue, fixed asset records, in-kind contribution records where recognized, reserve accounts, and program-level accounting. Account records shall be sufficient to trace transactions to authority, purpose, funding source, program, restriction, and closeout.

371.4 Bank Records.\
Bank records shall include bank account opening records, closing records, signatory records, online banking administrator records, statements, transaction records, wire records, EFT records, cheque records where applicable, credit card records, payment processor records, foreign exchange records, bank fee records, bank reconciliations, bank detail change records, fraud alerts, payment holds, and account access revocation records. Bank records shall be protected from unauthorized access and retained according to law and policy.

371.5 Reconciliation Records.\
Reconciliation records shall include bank reconciliations, credit card reconciliations, payment processor reconciliations, restricted-fund reconciliations, grant reconciliations, donation reconciliations, sponsorship reconciliations, subscription reconciliations, in-kind reconciliations where tracked, accounts payable reconciliations, accounts receivable reconciliations, payroll reconciliations where applicable, reserve reconciliations, and closeout reconciliations. Reconciliation differences shall be investigated, corrected, and documented.

371.6 Financial Statement Records.\
Financial statement records shall include annual financial statements, interim financial statements, management reports, Board financial reports, quarterly reports where prepared, monthly reports where prepared, balance sheets, statements of operations, cash flow statements where applicable, notes, supporting schedules, restricted-fund schedules, budget-to-actual reports, reserve reports, runway reports, management representations, Board approvals, corrections, restatements, and archive copies. Financial statements shall be traceable to books and records.

371.7 Audit or Review Engagement Records.\
Audit or review engagement records shall include auditor or reviewer appointment records, engagement letters, independence records, management representations, working paper requests, audit schedules, review schedules, confirmations, findings, management letters, control recommendations, Board responses, corrective action plans, final reports, member materials where applicable, funder materials where applicable, and closeout records. Audit or review records may be confidential, privileged, restricted, or controlled according to law and engagement terms.

371.8 Tax Records.\
Tax records shall include tax registrations, filings, GST/HST records where applicable, sales tax records, payroll tax records where applicable, withholding records, information returns, donor receipt records where lawful, non-charitable payment treatment records, tax correspondence, professional advice, tax assessments, remittance records, exemption records, refund records, tax disputes, cross-border tax records, and retention schedules. Tax records shall be accurate and consistent with GCRI Canada’s legal status.

371.9 Grant Records.\
Grant records shall include applications, proposals, budgets, approvals, grant agreements, restrictions, deliverables, reporting obligations, data rights, publication rights, IP terms, public authority terms, safeguards terms, cross-border reviews, sanctions reviews, export-control reviews, controlled technology reviews, financial reports, program reports, amendments, correspondence, restricted-fund records, variance reviews, closeout reports, return or reallocation records, corrections, and archives.

371.10 Donation Records.\
Donation records shall include donor identity where not anonymous, donor restrictions, donor conditions, donor due diligence where appropriate, acceptance tests, donation agreements, acknowledgment language, receipts where lawful, non-charitable payment treatment where applicable, donor benefit schedules where any, anonymity requests, conflicts, public recognition, restricted-fund records, use-of-funds records, donor reports, refunds or returns, corrections, and closeout.

371.11 Sponsorship Records.\
Sponsorship records shall include sponsor identity, sponsorship agreements, sponsorship purpose, benefit schedules, acknowledgment language, logo and name permissions, visibility benefits, event benefits, training seats, preview windows, controlled-room access where authorized, conflicts, sponsor non-control reviews, provider-neutrality reviews, public authority boundary reviews, finance-boundary reviews, certification-boundary reviews, procurement-boundary reviews, payments, in-kind support, reports, corrections, terminations, and closeout.

371.12 Restricted Fund Records.\
Restricted fund records shall include restrictions, source, purpose, eligible costs, prohibited costs, budget, transfers, expenditures, approvals, reports, variance reviews, amendments, releases, returns, reallocations, cy-près-style handling where lawful, Board approvals, donor or grantor approvals where required, closeout, and archive status. Restricted fund records shall be sufficient to demonstrate compliance and to correct misuse or misclassification.

371.13 In-Kind Contribution Records.\
In-kind contribution records shall include contribution description, contributor, value where required, valuation method, ownership, custody, use rights, maintenance terms, support terms, data review, cybersecurity review, IP review, public claims review, export-control and sanctions review, contribution caps, public acknowledgment, no-control language, asset records, access records, return, disposal, termination, correction, and closeout.

371.14 Subscription and Fee Records.\
Subscription and fee records shall include subscriber identity, eligibility, subscription class, access class, fee schedule, invoices, payments, refunds, credits, renewals, cancellations, training access, publication access, controlled-material access, benchmarking access, public authority learning access, terms, public claims limits, misuse records, tax treatment, revenue recognition, restricted revenue treatment where any, and closeout.

371.15 Procurement and Contract Records.\
Procurement and contract records shall include procurement requests, approvals, competitive process records, quotes, proposals, sole-source justifications, conflict reviews, related-party reviews, vendor due diligence, security reviews, privacy reviews, data processor reviews, AI provider reviews, cloud provider reviews, export-control and sanctions reviews, public-good asset and IP reviews, contracts, amendments, renewals, terminations, deliverables, invoices, acceptance records, payment records, disputes, corrections, and closeout.

371.16 Expense Records.\
Expense records shall include expense policies, reimbursement requests, receipts, business purpose, program allocation, funding source, approval, travel records, event records, corporate card statements, cardholder certifications, gift and hospitality records, expense exceptions, denied expenses, repayment records, tax treatment, and corrections. Expense records shall be sufficient to prevent self-approval, improper private benefit, restricted-fund misuse, fraud, and undocumented spending.

371.17 Fraud and Financial Incident Records.\
Fraud and financial incident records shall include reports, intake records, evidence preservation records, containment actions, payment holds, bank notices, insurer notices, legal review, Board escalation, investigation records, recovery efforts, disciplinary records, access revocation, financial statement corrections, donor report corrections, public-safe corrections, control remediation, closure reports, and archives. Such records shall be confidential, protected, and disclosed only according to law, policy, Board authority, and need to know.

371.18 Donor and Funder Reporting Records.\
Donor and funder reporting records shall include donor reports, funder reports, sponsor reports, grantor reports, use-of-funds reports, milestone reports, deliverables reports, impact reports, public-safe scoreboards, annual audit-ready donor reports, release calendars, public-safe financial summaries, redaction records, confidentiality records, protected information controls, corrections, supersessions, withdrawals, and closeout.

371.19 Closeout Records.\
Closeout records shall include financial closeout, program closeout, grant closeout, donation closeout, sponsorship closeout, in-kind closeout, subscription closeout, procurement closeout, contract closeout, challenge closeout, fellowship closeout, restricted-fund closeout, access revocation, data disposition, asset return, unused fund handling, final reports, corrections, lessons learned, archive status, and secure disposal decisions. Closeout shall confirm whether obligations were satisfied, funds were handled correctly, records were retained, and public claims were corrected where needed.

371.20 Retention, Access, Confidentiality, and Secure Disposal of Financial Records.\
Financial records shall be retained according to applicable law, corporate requirements, nonprofit requirements, tax requirements, accounting requirements, audit requirements, grant terms, donor terms, sponsorship terms, public authority terms, contract terms, privacy obligations, data / AI / cyber requirements, protected knowledge obligations, litigation holds, insurance needs, correctionability, and institutional memory. Access shall be limited by role, authority, classification, need to know, confidentiality, privilege, security, public authority terms, and protected information controls. Secure disposal shall occur only after retention requirements, legal holds, audit needs, restricted-fund obligations, public authority terms, research integrity needs, and correctionability needs are satisfied, and shall be documented where material.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.therisk.global/organization/organization/governance/bylaws/gcri-ca/article-xv.-finance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.