# ARTICLE I. FOUNDATIONS

This article establishes the legal foundations of the GCRI US Bylaw.

It defines the nonprofit corporate governance framework of The Global Centre for Risk and Innovation - United States. It covers public-benefit governance, nonstock corporation structure, legal identity, United States legal seat, records governance, non-executing institutional authority, and the Corporation’s bounded North America role.

## Section 1. Title, Citation, Version, Status, Issue Date, and Effective Date

1.1 Instrument Title.\
This instrument shall be titled the “GCRI US Bylaw”. It is the principal internal governance bylaw of The Global Centre for Risk and Innovation - United States and shall be read as an adopted corporate governance instrument of the Corporation, not as a policy note, operating manual, strategic memorandum, public-facing charter, technical specification, fundraising document, promotional document, program description, public authority statement, finance-readiness instrument, certification manual, procurement instrument, or general Nexus ecosystem statement.

The Bylaw governs the Corporation’s internal legal authority, corporate identity, United States legal seat, board governance, officer authority, committee and council architecture, member and participant status where applicable, records discipline, evidence and methods governance, public-good technical stewardship, data and safeguards controls, Nexus interface discipline, non-execution perimeter, fiscal controls, public-safe publication, correctionability, and all other matters properly governed by bylaw, subject always to applicable law, the Articles or Certificate, and any superior legal requirement binding upon the Corporation.

This Bylaw shall be read as a United States nonprofit corporate governance instrument for a nonstock or non-share, non-distributing, public-benefit, non-executing institution. It shall not be read as an instrument that grants market authority, public authority status, finance authority, emergency authority, regulatory authority, procurement authority, certification authority, recognition authority, protocol authority, or execution authority to the Corporation.

1.2 Short Citation.\
This instrument may be cited as the “GCRI US Bylaw” or, where the context is internal to the Corporation and no ambiguity may reasonably arise, as the “Bylaw.” The short citation shall not be used in a manner that obscures, softens, expands, or misstates:

a) the official legal identity of the Corporation;

b) the Corporation’s United States seat and governing corporate-law posture;

c) the Corporation’s nonprofit, nonstock or non-share, non-distributing, public-benefit, tax-exempt or tax-exempt-compatible, and non-executing character;

d) the Corporation’s role as an upstream public-good research, evidence, methods, observability, ontology, technical truth, public-good software, open technical baseline, verifiable compute, verifiable intelligence, and research-integrity steward;

e) the Corporation’s all-states-and-territories operating posture, subject to applicable qualification, registration, charitable solicitation, tax, employment, privacy, public authority, contracting, grant, lobbying, political activity, sanctions, export-control, and local-law requirements;

f) the Corporation’s bounded United States and North America anchor role within the GCRI family and the Nexus public-good architecture;

g) the legal separateness of the Corporation from GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Universe, Nexus Standards, Nexus Observatory, Nexus Grid, Nexus Academy, Nexus Risk Management, Nexus Rails, Nexus Competence Cells, Global Nexus Consortium, Regional Nexus Consortiums, National Nexus Consortiums, National Consortium Companies, Project SPVs, Qualified Enterprise Providers, sponsors, hosts, vendors, funders, public authorities, universities, laboratories, contractors, operators, or other partners; or

h) the rule that GCRI US does not itself issue public recognition, finance-readiness determinations, protocol authority, certification, public authority action, procurement approval, investment recommendation, insurance approval, public warning, emergency command, regulated-market effect, or execution authority unless a future lawful instrument expressly and narrowly authorizes a function consistent with applicable law, the Articles or Certificate, and this Bylaw.

1.3 Version Identifier.\
Each adopted, amended, restated, consolidated, corrected, superseded, withdrawn, or archived form of this Bylaw shall bear a unique version identifier. The version identifier shall be recorded in the Corporation’s authoritative governance repository, minute book, bylaw register, amendment history, and any controlled circulation record through which the Bylaw is made available for governance, legal, audit, operational, technical, public-safe, grant, tax, institutional, or Nexus interface use.

The version identifier shall include, at minimum, a version number, date of issue, status classification, and effective-date reference. Where the Board determines that greater integrity controls are required, the version identifier may also include a repository reference, adoption resolution number, document-control number, hash, checksum, signature reference, certificate reference, or other tamper-evident marker approved for governance-record purposes.

A version identifier is an evidence-control device only. It shall not confer authority unless the corresponding text has been adopted and brought into force by competent authority in accordance with this Bylaw, the Articles or Certificate, applicable United States state nonprofit corporate law, and any other applicable legal requirement.

1.4 Status Classification.\
Each version of this Bylaw shall be assigned one and only one status classification at any time. The permitted status classifications are:

a) Draft, meaning a version under preparation, consultation, legal review, board review, member review where applicable, tax review, state-law review, technical reconciliation, Nexus role review, correction, or other pre-adoption handling, and having no operative effect except as a clearly identified non-binding working instrument;

b) Adopted, meaning a version formally approved by the competent adopting authority but not necessarily yet in force where the adoption record, applicable law, filing requirement, member approval requirement, transitional provision, deferred commencement date, tax condition, registration condition, or implementation condition provides otherwise;

c) In Force, meaning the current operative version of this Bylaw, binding upon the Corporation and its directors, officers, members where applicable, committees, councils, working groups, authorized delegates, employees, contractors, fellows, advisors, volunteers, contributors, and other persons within the scope of the Bylaw according to its terms;

d) Superseded, meaning a version replaced in whole or in part by a later adopted and in-force instrument, while remaining preserved for historical, legal, audit, interpretive, correction, transition, tax, grant, insurance, litigation, governance, and evidentiary purposes;

e) Withdrawn, meaning a draft, proposed, adopted, or circulated version removed from use by competent recorded act and having no operative effect except for archival, audit, correction, investigation, legal-hold, or historical-integrity purposes; and

f) Archived, meaning a version preserved as part of the Corporation’s institutional record and not available for present operative reliance unless restored, re-adopted, or expressly incorporated by competent recorded act.

No status classification shall arise by file name, folder location, email circulation, repository upload, draft watermark omission, board discussion, committee use, counsel review, partner reliance, sponsor use, public authority familiarity, operational practice, technical implementation, AI-assisted drafting, public-facing reference, grant narrative, website reference, or repeated institutional use. Status arises only by competent record.

1.5 Issue Date.\
Each version of this Bylaw shall state an issue date. The issue date shall identify the date on which the authenticated text was issued for the status assigned to it and deposited into the Corporation’s authoritative governance record.

The issue date shall not, by itself, establish legal effectiveness, operative force, adoption, amendment, supersession, withdrawal, public reliance, public authority meaning, finance-readiness implication, certification implication, recognition implication, procurement implication, or Nexus-compatible status. Where the issue date and effective date differ, the effective date shall govern operative effect.

Where the issue date, adoption date, and effective date are inconsistent, incomplete, or unclear, the matter shall be escalated to the Secretary, the Chair, and such legal, governance, audit, tax, or compliance authority as the Board may designate, and the most protective lawful interpretation shall apply pending correction.

1.6 Effective Date.\
Each adopted version of this Bylaw shall state an effective date. The effective date shall determine the date from which the relevant version or provision becomes operative, subject to:

a) applicable law;

b) the Articles or Certificate;

c) any required member approval;

d) any required filing, confirmation, statutory condition, tax condition, state-law condition, foreign-qualification condition, charitable-solicitation condition, or registration condition;

e) any transitional, deferred, conditional, phased, or savings provision approved by competent authority; and

f) any express limitation, suspension, hold, implementation condition, or compliance condition contained in the adoption record.

Where the adoption record does not state a separate effective date, the effective date shall be the date of formal adoption, unless applicable law, the Articles or Certificate, or the adopting resolution provides otherwise. No person shall rely on a draft effective date, proposed commencement schedule, working assumption, board-paper date, public announcement, repository update, website update, grant milestone, program launch, public authority meeting, Nexus reference, or operational implementation date as a substitute for the effective date recorded in the authoritative governance record.

1.7 Operative Text Rule.\
Only the authenticated, adopted, and in-force text of this Bylaw shall have operative effect. No draft, excerpt, table of contents, outline, summary, prompt, memorandum, comment, slide, board deck, legal mark-up, redline, unofficial consolidation, implementation checklist, translation, public-safe explanation, website description, email, message, repository note, AI-generated draft, training material, meeting note, policy template, program document, partner-facing communication, sponsor-facing communication, public authority briefing, university briefing, laboratory briefing, investor-facing material, grant narrative, or derivative communication shall be treated as operative bylaw text unless expressly adopted or incorporated by competent recorded act.

Where a public or controlled summary is prepared to explain this Bylaw, the summary shall be clearly identified as non-operative unless the Board expressly approves a different status. A summary shall not expand powers, soften boundaries, create reliance, change legal meaning, override the authenticated text, create public authority meaning, create finance-readiness meaning, create certification meaning, create procurement meaning, or convert GCRI US’s public-good stewardship role into execution authority.

1.8 Draft, Adopted, In Force, Superseded, Withdrawn, and Archived Statuses.\
The lifecycle status of this Bylaw and each version of this Bylaw shall be explicit, recorded, traceable, and capable of verification. No version shall move from one status to another except through the procedure required by this Bylaw, the Articles or Certificate, applicable law, and the relevant adoption, amendment, correction, supersession, withdrawal, or archival record.

A draft version shall remain non-operative even if it is complete, polished, circulated to directors, reviewed by counsel, discussed by the Board, used for planning, referenced in a meeting, stored in an official repository, or relied upon by a program team. An adopted version shall not be treated as in force until the applicable effective conditions are satisfied. A superseded version shall not be used for current authority except to interpret historical actions taken while it was in force or where the Board expressly authorizes limited reference for transition, audit, investigation, correction, legal continuity, tax, grant, insurance, or records-continuity purposes.

1.9 No Operative Effect by Circulation Alone.\
Circulation of this Bylaw, or of any draft, excerpt, table of contents, redline, translation, public-safe summary, extracted clause, implementation checklist, working copy, AI-assisted draft, board-paper attachment, partner-facing version, sponsor-facing version, public authority version, grant version, or archived version, shall not create operative effect, governance authority, legal authority, delegation authority, institutional status, public-facing reliance, public authority meaning, finance-readiness implication, certification implication, recognition implication, procurement implication, protocol authority, Grid status, Docket status, provider preference, or Nexus-compatible status.

Any person circulating a non-operative version shall identify its status where there is any reasonable risk of confusion. Any circulation that creates or may create misunderstanding shall be subject to correction, withdrawal, access restriction, clarification, supersession notice, repository reconciliation, public or controlled notice where appropriate, and any other remedial action authorized under this Bylaw.

1.10 Record of Current In-Force Version.\
The Corporation shall maintain a record of the current in-force version of this Bylaw in its authoritative governance repository and corporate records. The record shall identify, at minimum:

a) the full instrument title;

b) the approved short citation;

c) the version identifier;

d) the status classification;

e) the issue date;

f) the adoption date;

g) the effective date;

h) the adopting authority;

i) the adoption resolution or approval record;

j) any member approval, filing, or legal condition where applicable;

k) any tax-exempt, charitable, public-benefit, state-registration, charitable-solicitation, or foreign-qualification condition where applicable;

l) any transitional, savings, deferred-effect, or phased-implementation provisions;

m) any prior version superseded in whole or in part;

n) any incorporated schedules, annexes, policies, registers, matrices, controlled vocabularies, or instruments having bylaw-authorized effect;

o) the authoritative repository location;

p) the repository custodian;

q) the access classification;

r) any public, internal, controlled, restricted, confidential, or archived publication status;

s) any correction, supersession, withdrawal, restatement, consolidation, or archival notation;

t) any integrity, signature, hash, certification, or tamper-evident reference used for authentication; and

u) any legally required filing, notice, register entry, corporate record, tax record, grant record, charitable-solicitation record, or statutory compliance record.

1.11 Custody of Authoritative Text.\
The Secretary, or such other officer or governance-record custodian as the Board may designate by recorded act, shall maintain custody of the authoritative current in-force text of this Bylaw. Custody includes responsibility for preserving the authenticated text, adoption record, amendment history, repository record, supersession chain, access classification, official copies, controlled copies, archival copies, and any correction or clarification record.

The custodian shall not alter the Bylaw except through a recorded process authorized by this Bylaw. Clerical formatting, pagination, typographical correction, cross-reference correction, numbering correction, or consolidation may be made only where permitted under the versioning and correction provisions of this Bylaw and shall not change substantive meaning, legal effect, institutional authority, role separation, tax posture, public authority boundary, finance boundary, certification boundary, provider neutrality, sponsor non-control, or non-execution boundary.

1.12 Authentication of the Bylaw.\
The authenticated version of this Bylaw may be evidenced by one or more of the following, as approved by the Board or required by law:

a) a certificate of adoption signed by the Chair, Secretary, or other authorized officer;

b) an adoption resolution recorded in the minute book;

c) a signed or sealed authoritative copy where a seal or signature process is used;

d) a repository entry approved for governance-record purposes;

e) a version-control and amendment-history record;

f) a hash, checksum, digital signature, or other integrity reference where used;

g) a filing, confirmation, or statutory record where applicable; or

h) such other authentication process as the Board may approve consistently with applicable law and this Bylaw.

Authentication shall confirm text identity and status. It shall not expand the authority of the Bylaw beyond its adopted terms.

1.13 Relationship Between Version and Authority.\
A later version number, more recent date, broader circulation, more complete drafting style, or more detailed text shall not supersede an earlier in-force version unless the later version has been validly adopted and brought into force. A draft marked with a higher version number shall remain non-operative unless adopted.

Where two versions appear to conflict, the Secretary shall determine the authoritative record in accordance with the adoption record, effective date, repository record, and applicable law. Pending determination, no person shall rely on the broader, riskier, more authority-expanding, more execution-facing, more public-facing, more finance-signaling, more certification-implying, more recognition-implying, more procurement-implying, more public-authority-implying, or more role-collapsing interpretation.

1.14 No Silent Amendment.\
This Bylaw shall not be amended, restated, corrected in a material way, superseded, localized, translated with operative effect, consolidated, withdrawn, or replaced by silent edit, repository overwrite, unapproved formatting change, informal consolidation, officer instruction, committee practice, board custom, counsel draft, staff implementation, project urgency, sponsor request, provider request, public authority expectation, university expectation, laboratory expectation, funder request, Nexus partner expectation, AI-assisted revision, public-facing update, grant narrative, or operational necessity.

Every amendment, restatement, material correction, supersession, localization, operative translation, withdrawal, or replacement shall be approved, recorded, authenticated, and deposited in accordance with this Bylaw, the Articles or Certificate, and applicable law.

1.15 Continuity of Prior Lawful Acts.\
Unless the adopting record expressly provides otherwise and applicable law permits, adoption, amendment, restatement, correction, supersession, or replacement of this Bylaw shall not invalidate lawful acts, records, delegations, decisions, appointments, resolutions, notices, publications, contracts, filings, or governance actions taken under a prior in-force bylaw while that prior bylaw was operative.

Prior acts shall remain subject to correction, clarification, limitation, withdrawal, supersession, investigation, remediation, ratification, re-performance, or nullification where required by applicable law, public-benefit purpose, fiduciary duty, nonprofit duty, tax-exempt or tax-exempt-compatible posture, evidence integrity, research integrity, public authority boundary discipline, finance-readiness boundary discipline, data or safeguards obligations, non-execution discipline, Nexus role separation, or this Bylaw.

1.16 Transitional Application.\
Where a new version of this Bylaw enters into force, the Board may approve transitional provisions for implementation. Transitional provisions may address:

a) policy adoption or replacement;

b) committee and council reconstitution;

c) officer appointment or delegation alignment;

d) records migration;

e) member, supporter, participant, contributor, public authority, provider, sponsor, donor, host, university, laboratory, and partner register alignment;

f) controlled vocabulary reconciliation;

g) repository migration;

h) public-facing claims review;

i) contract template revision;

j) public authority protocol alignment;

k) tax, grant, charitable-solicitation, lobbying, political activity, procurement-integrity, and state-registration alignment;

l) data, AI, cybersecurity, privacy, export-control, sanctions, civil rights, accessibility, research-integrity, and safeguards alignment;

m) research, evidence, methods, ontology, software, and technical baseline records alignment;

n) Nexus interface alignment;

o) correction of inconsistent prior materials; and

p) closeout of obsolete structures.

No transitional provision shall weaken the Corporation’s nonprofit character, nonstock or non-share character, non-distribution rule, public-benefit purpose, legal separateness, public-good stewardship burden, non-execution perimeter, GCRI / GRF / GRA role separation, public authority boundary, finance boundary, certification boundary, provider neutrality, sponsor support-without-control, data and safeguards obligations, validity-by-record, or correctionability.

1.17 Defective, Ambiguous, or Incomplete Version Records.\
Where a version record is defective, ambiguous, incomplete, inconsistent, inaccessible, corrupted, duplicated, incorrectly labeled, or inconsistent with the adoption record, the matter shall be escalated to the Secretary and, where material, to the Chair, the Board, legal counsel, or the appropriate governance committee. Pending correction, the Corporation shall apply the most protective lawful interpretation and shall avoid any interpretation that creates unauthorized governance authority, public authority meaning, finance-readiness implication, certification implication, procurement implication, recognition implication, protocol authority, provider preference, sponsor control, or execution authority.

1.18 Correction of Version Confusion.\
Where confusion arises concerning the current in-force version, the status of a draft, the effect of a superseded version, the use of an unauthorized copy, the existence of conflicting versions, or the meaning of an unofficial summary, the Corporation shall take corrective action proportionate to the risk. Corrective action may include:

a) repository correction;

b) access restriction;

c) withdrawal of unauthorized copies;

d) issuance of a controlled clarification;

e) issuance of a public-safe clarification where public reliance risk exists;

f) notice to directors, officers, members, committees, councils, staff, contractors, partners, sponsors, providers, public authorities, universities, laboratories, funders, hosts, or affected Nexus interfaces;

g) correction of downstream documents;

h) amendment, restatement, or supersession where required; and

i) archival preservation of the defective or superseded record for traceability.

1.19 Public-Facing Use of Bylaw Status.\
The Corporation may disclose the existence, adoption, amendment, or public-facing status of this Bylaw where lawful and appropriate. Any public-facing reference shall be accurate, current, scope-limited, and non-misleading. No public-facing statement shall imply that this Bylaw constitutes public authority approval, regulatory approval, procurement approval, finance-readiness approval, insurance approval, investment suitability, certification, recognition by GRF, finance-readiness by GRA, protocol authority, Nexus Grid admission, Nexus Docket approval, provider endorsement, sovereign mandate, federal endorsement, state endorsement, territorial endorsement, Tribal endorsement, local endorsement, university endorsement, laboratory endorsement, funder endorsement, sponsor control, or enterprise execution authority.

1.20 Governing Reading of Section 1.\
This Section shall be interpreted to preserve documentary integrity, United States corporate-law discipline, fiduciary accountability, legal certainty, traceability, validity-by-record, correctionability, public-benefit trust, and institutional continuity. No person shall rely on appearance, possession, circulation, repository visibility, authorship, seniority, technical centrality, sponsor use, funder use, provider use, public authority familiarity, partner reliance, repeated practice, operational convenience, AI-generated text, or strategic usefulness as a substitute for recorded status, lawful adoption, effective date, and authoritative custody.

The controlling rule is that this Bylaw has operative force only through lawful adoption, authenticated text, recorded status, and effective date. GCRI US shall remain a United States public-benefit, nonprofit, nonstock or non-share, non-distributing, non-executing, evidence, methods, observability, ontology, public-good R\&D, public-good software, open technical baseline, and research-integrity institution, and no document-control ambiguity shall be used to expand the Corporation into recognition, finance-readiness, certification, procurement, public authority action, protocol effect, regulated execution, or enterprise delivery.

## Section 2. Official Name, Short Name, Controlled Naming Protocol, and Name-Use Discipline

2.1 Official Legal Name.\
The official legal name of the Corporation shall be “The Global Centre for Risk and Innovation - United States”, or such exact legal name as is set forth in the Corporation’s Certificate of Incorporation, Articles of Incorporation, charter, or other governing constituting instrument filed or maintained under applicable United States state nonprofit corporation law.

The official legal name shall control in all matters requiring legal identity, including corporate filings, tax records, charitable solicitation registrations, state qualifications, bank accounts, insurance records, grant agreements, donation agreements, sponsorship agreements, contracts, employment records, contractor agreements, intellectual property records, data-processing agreements, public authority correspondence, litigation, regulatory correspondence, repository authentication, official minutes, board resolutions, officer certificates, public-safe notices, and any other instrument in which legal identity, authority, liability, tax status, fiduciary responsibility, or institutional separateness may reasonably matter.

No public-facing style, abbreviated reference, program name, campaign label, technical asset name, repository name, domain name, email address, logo, seal, badge, dataset label, software package, technical baseline, whitepaper, report, slide, controlled-room label, public authority briefing, or Nexus interface reference shall replace, modify, obscure, or expand the official legal name of the Corporation.

2.2 Approved Short Name.\
The approved short name of the Corporation shall be “GCRI US.” The short name may be used for convenience in internal governance, public communications, repository materials, program documents, technical materials, research outputs, public-safe publications, board papers, notices, controlled-room materials, Academy materials, Nexus interface materials, and other contexts where the official legal identity of the Corporation is clear or has already been stated.

The approved short name shall be used only as a reference to the Corporation itself. It shall not be used as a reference to GCRI Canada, The Global Centre for Risk and Innovation as a broader institutional family or public-good function, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, Global Nexus Consortium, Regional Nexus Consortiums, National Nexus Consortiums, National Consortium Companies, Project SPVs, Qualified Enterprise Providers, sponsors, hosts, public authorities, universities, laboratories, donors, funders, enterprise actors, or any other person or entity.

The approved short name shall not be used to imply that the Corporation has authority beyond its actual lawful authority, including authority to recognize, certify, approve, finance, insure, underwrite, rate, procure, regulate, command emergencies, issue public warnings, act as public authority, act as protocol authority, operate enterprise infrastructure, select providers, bind public authorities, bind investors, or bind any Nexus entity.

2.3 Use of “GCRI US.”\
The term “GCRI US” may be used as a controlled institutional reference only where the reference is accurate, current, scope-limited, and consistent with the Corporation’s official legal identity, United States seat, nonprofit character, public-benefit purpose, non-distribution rule, non-execution perimeter, public authority boundary, finance boundary, certification boundary, procurement boundary, role-separation obligations, and Nexus interface discipline.

Any use of “GCRI US” shall preserve the following meanings:

a) GCRI US is a United States nonprofit, nonstock or non-share, non-distributing, public-benefit corporation;

b) GCRI US is the United States anchor of the GCRI public-good function;

c) GCRI US may act as a bounded North America anchor for evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute, verifiable intelligence, safeguards, and public authority learning only where lawful and record-supported;

d) GCRI US is an upstream public-good research and technical-stewardship institution;

e) GCRI US is not a regulator, public authority, emergency command body, public warning authority, procurement authority, investment adviser, broker, dealer, finder, lender, insurer, underwriter, rating agency, bank, fund, marketplace, certification body by default, National Consortium Company, Project SPV, Qualified Enterprise Provider, operator, or enterprise execution vehicle; and

f) GCRI US does not become GRF, GRA, Nexus Standards, a protocol authority, a public authority, a capital intermediary, a certification authority, or an enterprise delivery actor by reason of authorship, contribution, participation, proximity, technical centrality, public visibility, sponsorship, funding, or Nexus alignment.

Where “GCRI US” is used in materials likely to be read by external persons, public authorities, sponsors, funders, universities, laboratories, providers, investors, insurers, capital readers, media, communities, or Nexus participants, the Corporation may require a full-name reference, status statement, non-execution statement, non-reliance statement, or controlled vocabulary note.

2.4 Use of “The Global Centre for Risk and Innovation - United States.”\
The full institutional name “The Global Centre for Risk and Innovation - United States” shall be used where precision, formality, legal identity, public authority clarity, funding clarity, tax clarity, contracting clarity, repository authenticity, or institutional separateness is required.

The full institutional name shall be used, unless the Secretary or another authorized officer approves a shorter reference, in:

a) the Certificate or Articles and any amendment thereto;

b) this Bylaw and any amendment, restatement, schedule, annex, or official certification;

c) board resolutions of constitutional, financial, tax, legal, public authority, or Nexus interface significance;

d) contracts, memoranda of understanding, grant agreements, donation agreements, sponsorship agreements, restricted-fund instruments, procurement documents, employment agreements, contractor agreements, data-processing agreements, intellectual property instruments, licensing instruments, and insurance documents;

e) IRS, state tax, charitable solicitation, corporate annual report, foreign qualification, registered agent, lobbying, political activity, grant compliance, and other legally sensitive filings or records;

f) bank, treasury, audit, financial statement, payment, receivables, payable, reimbursement, and reserve records;

g) public authority correspondence where institutional capacity, legal status, authority, or public meaning could be misunderstood;

h) public-safe notices concerning authority, corrections, status, claims, public authority participation, finance boundaries, provider neutrality, or legal separateness;

i) official repository authentication, software-release authority, controlled vocabulary, public-good asset registers, and technical baseline governance records; and

j) any context where use of “GCRI US” alone could create legal, public authority, finance, certification, procurement, recognition, tax, sponsor, provider, or Nexus role confusion.

2.5 No Alternate Legal Name Without Record.\
The Corporation shall not adopt, use, file, represent, publish, contract under, receive funds under, issue tax receipts under, open accounts under, register under, or conduct legal acts under any alternate legal name, assumed name, fictitious name, trade name, “doing business as” name, local name, state-specific name, territorial name, public-facing name, campaign name, program name, or North America name unless such use is lawful, authorized by competent corporate action where required, and recorded in the Corporation’s authoritative governance records.

No alternate name shall be used if it would:

a) obscure the Corporation’s official legal identity;

b) imply merger with GCRI Canada or any other GCRI entity;

c) imply that GCRI US is the whole of GCRI, GRF, GRA, Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Rails, Nexus Grid, Nexus Academy, any consortium, any National Consortium Company, any Project SPV, or any enterprise stack actor;

d) imply public authority, regulator, public warning, emergency command, procurement, finance, insurance, investment, lending, rating, certification, accreditation, recognition, standards, protocol, or execution authority not lawfully conferred;

e) create state, territorial, Tribal, local, federal, North America, or cross-border legal confusion;

f) create donor, funder, sponsor, provider, host, investor, university, laboratory, public authority, or community misunderstanding; or

g) weaken validity-by-record, correctionability, public-safe claims discipline, anti-capture controls, or legal separateness.

Any unauthorized alternate-name use shall be subject to correction, withdrawal, takedown, public or controlled clarification, contract correction, filing correction, repository correction, or other remedial action approved under this Bylaw.

2.6 Use of “GCRI North America” Only Where Specifically Authorized and Not Legally Confusing.\
The term “GCRI North America” shall not be treated as the legal name of the Corporation unless separately and lawfully adopted as such. The term may be used only as a controlled descriptive reference to a lawful, bounded, and record-supported North America evidence, methods, observability, ontology, technical-baseline, public-good software, research, public authority learning, or coordination function involving GCRI US, and only where the use does not create legal-identity ambiguity.

Use of “GCRI North America” shall require prior authorization under the Corporation’s name-use, public-safe claims, and controlled vocabulary procedures where the term appears in:

a) public-facing materials;

b) public authority materials;

c) sponsor, donor, funder, investor, insurer, lender, or capital-reader materials;

d) contracts, memoranda of understanding, partnership materials, or grant materials;

e) repository, software, dataset, or technical baseline materials;

f) Nexus Universe, Nexus Observatory, Nexus Standards, Nexus Rails, Nexus Grid, or Nexus Academy materials; or

g) cross-border materials involving Canada, Mexico, the Caribbean, Arctic, Great Lakes, Pacific, Atlantic, Gulf, border regions, Tribal or Indigenous interfaces, or other North America contexts.

“GCRI North America” shall not imply that GCRI US owns, governs, controls, represents, supervises, or binds GCRI Canada, Mexico-facing interfaces, Caribbean interfaces, Arctic interfaces, Indigenous governments or knowledge holders, regional Nexus bodies, national Nexus bodies, public authorities, universities, laboratories, enterprise actors, funders, sponsors, hosts, Project SPVs, National Consortium Companies, or Qualified Enterprise Providers.

Where the term is used, the Corporation may require a clarifying statement that GCRI US is a United States legal entity with a bounded North America anchor role and not a North America sovereign authority, treaty body, public authority, regulator, public finance authority, procurement authority, certification authority, recognition authority, finance-readiness authority, protocol authority, or enterprise execution vehicle.

2.7 Name Use in Contracts, Filings, IRS Records, State Registrations, Charitable Solicitation Registrations, Public Materials, Repositories, Board Papers, Program Materials, and Notices.\
The Corporation’s official legal name shall be used in all contracts, legal filings, IRS records, state registrations, charitable solicitation registrations, foreign qualification records, tax records, bank records, insurance records, grant agreements, donation agreements, sponsorship agreements, restricted-fund instruments, public authority correspondence, employment records, contractor records, repository governance records, formal board papers, official notices, and any instrument where legal identity, authority, liability, fiduciary duty, tax status, public-benefit purpose, or enforceability may be implicated.

The approved short name may be used in secondary references after the full name has been stated, provided that no ambiguity is created. Where a document is executed, filed, certified, or relied upon for legal effect, the full legal name shall appear in the execution block, signature block, certification block, title block, or other appropriate legal-identity field.

Any use of the Corporation’s name in a contract or filing shall be reviewed for consistency with:

a) the Corporation’s official legal identity;

b) the Corporation’s state of incorporation or organization;

c) registered agent and registered office records;

d) federal tax status records;

e) state tax, charitable solicitation, foreign qualification, and local registration requirements where applicable;

f) donor, grant, restricted-fund, sponsorship, or public support restrictions;

g) non-execution, public authority, finance, procurement, certification, recognition, and provider-neutrality boundaries;

h) data, AI, cyber, privacy, export-control, sanctions, research integrity, accessibility, civil rights, and safeguards obligations; and

i) any relevant Nexus interface, GCRI Canada interface, GRF interface, GRA interface, or public-good stack compatibility record.

No person shall use the Corporation’s name in a filing, contract, public authority communication, public-facing material, technical repository, software artifact, grant narrative, fundraising material, investor-facing material, sponsor deck, provider document, or Nexus interface record in a manner that implies a legal status, authority, purpose, role, endorsement, approval, recognition, readiness, certification, procurement implication, or public authority relationship not supported by competent records.

2.8 Translation, Abbreviation, Program Name, Campaign Label, Project Label, Technical Asset Name, Repository Name, and Operating-Style Controls.\
Translations, abbreviations, program names, campaign labels, project labels, technical asset names, repository names, operating styles, public-safe publication titles, domain names, account names, email aliases, data-room names, controlled-room names, software package names, dataset titles, benchmark names, proof-receipt labels, dashboards, maps, Academy labels, Nexus Universe labels, Nexus Observatory labels, or other derivative naming conventions shall be treated as controlled institutional naming surfaces.

No such naming surface shall:

a) misstate the Corporation’s legal identity;

b) imply that a program, project, repository, controlled room, software asset, technical baseline, dataset, report, whitepaper, or dashboard is a separate legal entity unless lawfully constituted and recorded;

c) imply that a technical asset, method, evidence artifact, proof receipt, ledger entry, signal, AI output, digital twin, benchmark, or dashboard has legal authority beyond its recorded status;

d) imply that a GCRI US program is a GRF recognition program, GRA finance-readiness program, Nexus Standards certification program, public authority program, procurement program, investment program, insurance program, emergency command program, or provider-selection program unless separately and lawfully structured and recorded;

e) imply public authority endorsement, public authority adoption, public funding, sovereign obligation, public warning authority, emergency readiness, public finance approval, procurement approval, or regulatory approval;

f) imply provider preference, sponsor control, donor control, funder control, commercial exclusivity, market status, investment suitability, bankability, insurability, rating, certification, or compliance approval; or

g) weaken public-safe claims discipline, validity-by-record, correctionability, anti-capture rules, or the GCRI / GRF / GRA role separation.

The Corporation may require review, approval, controlled vocabulary mapping, legal review, translation review, accessibility review, public-safe review, safeguards review, or repository review before any naming surface is used externally or in a controlled room.

2.9 Prohibition on Legal-Identity Ambiguity.\
No director, officer, member, participant, employee, contractor, fellow, advisor, volunteer, contributor, sponsor, donor, funder, provider, host, university, laboratory, public authority participant, partner, or other person shall use the Corporation’s name, short name, mark, logo, seal, badge, repository name, program name, report title, technical asset name, public-good software name, or Nexus reference in a manner that creates legal-identity ambiguity.

Legal-identity ambiguity includes any use that could reasonably cause a person to believe that:

a) GCRI US is GCRI Canada;

b) GCRI US is the same legal person as any other GCRI entity;

c) GCRI US is GRF, GRA, Nexus Standards, Nexus Network, Nexus Universe, Nexus Observatory, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Risk Management, or Nexus Competence Cells;

d) GCRI US owns, controls, supervises, represents, or binds any Nexus entity, consortium, National Consortium Company, Project SPV, provider, sponsor, host, public authority, university, laboratory, donor, funder, investor, insurer, lender, contractor, or operator;

e) GCRI US has public authority status, public finance status, procurement authority, emergency authority, public warning authority, certification authority, recognition authority, protocol authority, investment authority, insurance authority, banking authority, rating authority, or enterprise execution authority; or

f) a person using the Corporation’s name is authorized to bind, speak for, certify, approve, recognize, finance, procure, select, endorse, or act on behalf of GCRI US without written authority.

Where ambiguity exists, the narrower, less official, less authority-conferring, less finance-signaling, less certification-implying, less procurement-implying, less public-authority-implying, and more public-good-preserving interpretation shall govern pending correction.

2.10 Distinction From The Global Centre for Risk and Innovation Generally.\
The name of the Corporation shall not be used to collapse the distinction between The Global Centre for Risk and Innovation - United States as a United States legal entity and The Global Centre for Risk and Innovation as a broader mission family, public-good function, institutional architecture, or global evidence, methods, observability, ontology, public-good R\&D, and technical-stewardship concept.

References to the broader GCRI function may be used only where the context makes clear whether the reference concerns:

a) the Corporation as a United States legal entity;

b) GCRI Canada as a separate Canadian legal entity;

c) another national, regional, or specialized GCRI entity where lawfully constituted;

d) a shared doctrine, ontology, method, technical baseline, public-good software asset, research theme, or public-good function; or

e) a Nexus public-good stack interface.

No reference to the broader GCRI function shall create mutual authority to bind, shared liability, common treasury, shared tax status, common employer status, agency, partnership, joint venture, merger, branch status, parent-subsidiary status, or alter ego status among GCRI US, GCRI Canada, or any other GCRI-related entity.

2.11 Distinction From GCRI Canada.\
GCRI US shall preserve legal and public-description distinction from The Global Centre for Risk and Innovation - Canada. The two entities may share mission orientation, public-benefit doctrine, Nexus architecture alignment, controlled vocabulary, evidence structures, methods, ontology, public-good software, open technical baselines, Academy learning materials, public-safe publications, and interoperability commitments, but such alignment shall not create legal fusion.

Any use of the GCRI US name in relation to GCRI Canada shall preserve:

a) separate legal personality;

b) separate boards and fiduciary duties;

c) separate corporate records;

d) separate treasury, accounting, tax, grant, donation, sponsorship, and reporting obligations;

e) separate employment, contractor, volunteer, fellow, advisor, and service arrangements unless lawfully shared under written instrument;

f) separate authority to bind;

g) separate public claims;

h) separate compliance with United States and Canadian law respectively;

i) separate public authority interfaces; and

j) separate liability.

No shared name, logo, publication, event, platform, repository, dataset, technical baseline, controlled room, program, funder, sponsor, donor, advisor, director, officer, employee, contractor, public authority contact, or Nexus interface shall be used to imply that GCRI US and GCRI Canada are branches, agents, alter egos, parent and subsidiary, common employer, joint employer, merged entities, or one another’s fiduciary representatives unless an express lawful instrument provides otherwise.

2.12 Distinction From Other National or Regional GCRI Entities.\
GCRI US shall be distinguished from any other national, regional, state, territorial, sectoral, thematic, or specialized GCRI entity or interface that may be lawfully constituted or described from time to time. No other GCRI entity or interface shall use the GCRI US name in a manner that suggests authority over the Corporation, and the Corporation shall not use another GCRI name in a manner that suggests authority over that entity, except where expressly authorized by lawful instrument.

Where GCRI US participates in a shared GCRI mission, public-good asset, research line, public-safe publication, technical baseline, software project, controlled vocabulary, Nexus Universe activity, Nexus Observatory activity, or cross-border coordination, each participating entity’s name, capacity, contribution, authority, records, and limitation shall be separately identified where needed to prevent legal, public authority, finance, certification, procurement, tax, or liability confusion.

2.13 Distinction From The Global Risks Forum (GRF).\
GCRI US shall be distinguished from The Global Risks Forum (GRF). GRF is the public-good registry, recognition, maturity-records, standing, claims-discipline, stakeholder-formation, public-safe reporting, and public-facing legitimacy steward within the Nexus public-good stack.

GCRI US may provide evidence, methods, observability records, ontology references, technical baseline inputs, challenge signals, correction signals, Docket evidence inputs, Grid maturity evidence inputs, and public-safe technical summaries to GRF. Such support shall not permit use of the GCRI US name to imply that GCRI US issues GRF recognition, creates standing, determines public-facing maturity, approves public claims, confers public legitimacy, controls registry status, or substitutes for GRF.

No GCRI US document, logo, report, proof receipt, dataset, method, dashboard, Nexus Observatory output, Nexus Universe output, technical baseline, public-good software asset, or public authority learning material shall be described as GRF recognition, GRF maturity status, GRF standing, GRF claims approval, GRF registry entry, or GRF public legitimacy unless GRF has lawfully and expressly recorded that status.

2.14 Distinction From The Global Risks Alliance (GRA).\
GCRI US shall be distinguished from The Global Risks Alliance (GRA). GRA is the finance-readiness, capital-readability, proof-pack, insurance-readiness, diligence-translation, RNFD, NFD, UNFSD, capital-reader room, and regulated-perimeter discipline steward within the Nexus public-good stack.

GCRI US may provide technical evidence, method integrity notes, observability artifacts, node evidence, host-readiness evidence, uncertainty records, limitation notes, technical baselines, public-good software references, resilience evidence, and public authority learning context to GRA. Such support shall not permit use of the GCRI US name to imply that GCRI US issues finance-readiness determinations, capital-readability determinations, investment suitability, bankability, insurability, underwriting views, ratings, public finance approvals, capital commitments, securities offerings, brokerage, lending, insurance placement, or transaction recommendations.

No GCRI US artifact shall be labeled, marketed, represented, or used as a GRA proof pack, GRA finance-readiness determination, GRA capital-reader output, GRA insurance-readiness output, RNFD approval, NFD approval, UNFSD approval, investment memorandum, rating, underwriting basis, lending approval, public finance approval, or capital solicitation unless a competent GRA record and applicable law support the exact status and use.

2.15 Distinction From Nexus Network.\
GCRI US shall be distinguished from Nexus Network, which is the permanent public-good infrastructure rail connecting systemic-risk evidence, observability, standards discipline, public-safe claims, maturity records, readiness inputs, public authority capacity classification, finance-readiness interfaces, regional legitimacy, national mandate, investible infrastructure, Project SPVs, qualified providers, and open enterprise delivery.

GCRI US may contribute United States-relevant evidence, methods, ontology, observability systems, public-good software, open technical baselines, research integrity, technical review, and correction signals to Nexus Network. Such contribution shall not mean that GCRI US owns Nexus Network, operates Nexus Network as an enterprise system, controls all Nexus rails, admits assets to the Nexus Grid, approves Docket advancement, determines provider eligibility, or binds public authorities, consortiums, National Consortium Companies, Project SPVs, or Qualified Enterprise Providers.

Use of the Corporation’s name in connection with Nexus Network shall be role-specific, record-based, and non-executing.

2.16 Distinction From Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, and Nexus Competence Cells.\
GCRI US shall be distinguished from Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, and Nexus Competence Cells, each of which may have distinct functions, governance instruments, records, operating protocols, maturity concepts, authority surfaces, and public-facing meanings.

GCRI US may support those functions through evidence, methods, observability, ontology, public-good software, technical baselines, technical review, safeguarded data practices, public authority learning, research integrity, challenge methods, benchmark methods, public-safe publication inputs, Docket evidence inputs, Grid maturity evidence inputs, Academy technical learning inputs, and correction signals. Such support shall not permit the GCRI US name to imply that:

a) GCRI US is Nexus Standards or protocol authority;

b) GCRI US certifies conformance by default;

c) GCRI US operates the Nexus Observatory as a public warning authority or emergency command body;

d) GCRI US controls Nexus Universe or converts annual build evidence into permanent adoption;

e) GCRI US issues Nexus Risk Management decisions as public authority commands;

f) GCRI US operates Nexus Rails as finance execution rails;

g) GCRI US admits assets into Nexus Grid by itself;

h) GCRI US issues regulated Academy credentials by default; or

i) GCRI US converts competence-cell participation into certification, licensure, procurement qualification, public authority recognition, or provider preference.

Use of the Corporation’s name in these contexts shall preserve the rule that evidence support is not recognition, methods support is not certification, observability support is not public warning, finance-readiness input is not finance execution, Docket preparation is not Docket approval, and Grid input is not Grid integration.

2.17 Distinction From Global, Regional, National, State, Territorial, Tribal, Metropolitan, and Sectoral Nexus Consortiums.\
GCRI US shall be distinguished from Global Nexus Consortium, Regional Nexus Consortiums, National Nexus Consortiums, state or territorial Nexus consortiums, Tribal or Indigenous Nexus interfaces, metropolitan Nexus structures, sectoral Nexus bodies, public-good consortiums, leadership councils, investor councils, Helix councils, working groups, and any other consortium or coordinating body formed within or adjacent to the Nexus architecture.

GCRI US may participate in or support such consortiums through public-good evidence, methods, technical review, observability, ontology, public-good software, open technical baselines, research integrity, safeguards, controlled vocabulary, public authority learning, and correction signals. Such participation shall not permit use of the GCRI US name to imply that GCRI US:

a) controls the consortium;

b) serves as the consortium’s legal parent;

c) carries the consortium’s liabilities;

d) holds the consortium’s mandate;

e) serves as public authority for the consortium;

f) approves national mandate, regional mandate, state mandate, territorial mandate, Tribal mandate, public finance, procurement, recognition, certification, or provider status;

g) owns any National Consortium Company or Project SPV by default; or

h) converts consortium participation into legal authority, enterprise execution, or public authority adoption.

Regional public-good mandate, national consolidation, investible infrastructure, and open enterprise delivery shall remain distinct stages and shall not be collapsed by use of the GCRI US name.

2.18 Distinction From National Consortium Companies, State or Regional Operating Companies, Project SPVs, Qualified Enterprise Providers, Sponsors, Hosts, Donors, Public Authorities, Universities, Laboratories, and Enterprise Execution Actors.\
GCRI US shall be distinguished from all National Consortium Companies, state or regional operating companies, Project SPVs, Qualified Enterprise Providers, sponsors, hosts, donors, funders, public authorities, universities, laboratories, vendors, contractors, investors, insurers, lenders, banks, underwriters, operators, systems integrators, technology providers, cloud providers, telecommunications providers, AI providers, cybersecurity providers, sensor providers, infrastructure providers, media partners, and other enterprise execution actors.

The Corporation may collaborate with, receive support from, provide public-good evidence to, accept data from, host controlled-room participation with, publish public-safe summaries involving, or otherwise interact with such persons or entities where lawful and record-supported. Such interaction shall not permit any use of the GCRI US name that implies:

a) provider preference;

b) procurement advantage;

c) public authority endorsement;

d) investment suitability;

e) finance-readiness;

f) insurance-readiness;

g) bankability;

h) public finance approval;

i) rating;

j) certification;

k) recognition;

l) commercial exclusivity;

m) sponsorship control;

n) donor control;

o) research outcome control;

p) operational control;

q) ownership of enterprise assets;

r) merger, agency, partnership, joint venture, common treasury, or shared liability; or

s) authority to bind GCRI US.

No enterprise actor shall become constitutional to GCRI US or to Nexus by reason of early participation, funding, contribution, technical centrality, demonstration, benchmark performance, host relationship, public authority relationship, repository contribution, data-room access, controlled-room access, or proximity to leadership.

2.19 Mark, Logo, Seal, Badge, Dataset, Software, Report, Whitepaper, Technical Baseline, Public-Good Asset, and Public Statement Name-Use Controls.\
All marks, logos, seals, badges, dataset names, software names, report titles, whitepaper titles, technical baseline titles, public-good asset names, public statements, public-safe summaries, dashboards, maps, proof receipts, repository names, digital identifiers, domains, social media handles, event names, program names, Academy labels, and Nexus interface labels associated with GCRI US shall be governed name-use surfaces.

No mark, logo, seal, badge, dataset, software package, report, whitepaper, technical baseline, public-good asset, or public statement shall be used to imply legal status, authority, endorsement, certification, recognition, finance-readiness, procurement approval, public authority action, public warning, emergency command, protocol effect, Docket status, Grid status, provider preference, sponsor control, donor control, public-good ownership by a private party, or enterprise execution unless the exact meaning is supported by competent record and approved under applicable procedures.

The Corporation may adopt naming guides, mark-use rules, logo-use rules, seal-use rules, badge-use rules, public-safe claim rules, attribution rules, licensing rules, repository naming rules, software naming rules, dataset naming rules, technical baseline naming rules, and public statement templates to preserve institutional clarity and prevent misuse.

2.20 Unauthorized Name Use.\
Unauthorized name use includes any use of the Corporation’s official name, short name, abbreviation, mark, logo, seal, badge, report title, dataset name, software name, technical baseline, public-good asset, controlled vocabulary, repository name, public-safe statement, proof receipt, or Nexus reference without authority or outside the scope of authority granted.

Unauthorized name use may occur in contracts, filings, websites, public statements, social media, press materials, grant applications, fundraising materials, sponsor materials, investor materials, insurance materials, lending materials, procurement materials, public authority materials, provider materials, marketing materials, conference materials, academic materials, repository materials, code comments, dataset metadata, dashboards, maps, controlled rooms, data rooms, or AI-generated summaries.

The Corporation may respond to unauthorized name use through correction, restriction, withdrawal, takedown, access revocation, suspension, termination, contract remedy, legal notice, public-safe clarification, controlled clarification, repository correction, public authority clarification, funder notice, sponsor notice, provider notice, or other lawful action proportionate to the risk.

2.21 Misleading Use.\
Misleading use includes any name use that is technically accurate in form but misleading in implication, context, emphasis, omission, audience, timing, placement, visual design, co-branding, sequencing, metadata, hyperlinking, AI-generated summary, dashboard presentation, or public authority proximity.

Misleading use includes any communication that causes or could reasonably cause misunderstanding concerning:

a) the Corporation’s legal identity;

b) the Corporation’s United States seat;

c) the Corporation’s nonprofit or tax-exempt status;

d) the Corporation’s relationship with GCRI Canada;

e) the Corporation’s relationship with GRF, GRA, Nexus Standards, Nexus Network, or other Nexus bodies;

f) the Corporation’s authority over public authorities, funders, universities, laboratories, providers, sponsors, hosts, National Consortium Companies, Project SPVs, or enterprise actors;

g) the status of evidence, methods, technical baselines, software, datasets, dashboards, maps, benchmarks, proof receipts, Docket records, Grid records, or Academy records;

h) the existence of recognition, certification, finance-readiness, procurement approval, public authority approval, public warning authority, emergency readiness, provider preference, or commercial exclusivity; or

i) the role of sponsors, donors, funders, providers, hosts, or enterprise actors in institutional decision-making.

Misleading use shall be corrected even where no intent to mislead is proven.

2.22 Sponsor-Driven Use.\
Sponsors, donors, funders, grantmakers, in-kind contributors, supporters, or other financial contributors shall not use the Corporation’s name, marks, logos, reports, public-good assets, technical baselines, software, datasets, controlled vocabulary, public-safe summaries, or Nexus references except as expressly authorized under written terms or approved public acknowledgment rules.

Sponsor-driven use shall not imply:

a) governance rights;

b) editorial control;

c) research conclusion control;

d) method-control rights;

e) evidence-control rights;

f) publication veto or suppression rights;

g) public authority access rights;

h) Docket influence;

i) Grid influence;

j) finance-readiness influence;

k) recognition influence;

l) certification influence;

m) procurement advantage;

n) provider preference;

o) commercial exclusivity;

p) public-good authority;

q) protocol authority; or

r) institutional endorsement of the sponsor’s products, services, policies, investments, public positions, or commercial offerings.

Any sponsor acknowledgment shall be accurate, proportionate, non-misleading, and consistent with the support-without-control doctrine.

2.23 Provider-Driven Use.\
Providers, vendors, contractors, systems integrators, telecom operators, AI providers, cloud providers, cybersecurity providers, sensor providers, data providers, infrastructure providers, software providers, consultants, operators, National Consortium Companies, Project SPVs, and other enterprise actors shall not use the Corporation’s name or associated marks, logos, reports, public-good assets, technical baselines, software, datasets, dashboards, public-safe summaries, proof receipts, or Nexus references to imply preferred status, procurement advantage, public authority approval, technical certification, recognition, finance-readiness, investment suitability, insurance-readiness, bankability, Docket approval, Grid integration, or Nexus-compatible status unless the exact status is supported by competent record and authorized use.

Provider participation, technical contribution, benchmark performance, challenge participation, controlled-room access, data-room access, sponsorship, host relationship, public authority relationship, early involvement, repository contribution, or technical centrality shall not authorize provider-driven name use beyond the scope expressly approved.

The Corporation may require provider materials to include disclaimers, status limits, non-endorsement language, public authority boundary language, finance boundary language, certification boundary language, and correction obligations.

2.24 Public Authority-Confusing Use.\
No person shall use the Corporation’s name in a manner that implies federal, state, territorial, Tribal, local, municipal, county, port, utility, public health, emergency management, public safety, public works, telecom, water, energy, food, cyber, infrastructure, public finance, development finance, regulator, university, laboratory, or other public-sector approval, adoption, endorsement, funding, procurement, regulatory comfort, public warning authority, emergency readiness, sovereign obligation, statutory certification, public-private partnership, Docket approval, Grid approval, Academy credential recognition, or public authority delegation unless expressly and lawfully recorded by competent authority.

Where public authority participation is referenced, the communication shall identify the capacity of participation where needed to prevent misunderstanding, including whether the public authority or public-sector person participated as official participant, observer, technical contributor, regulator-listening participant, public finance reader, emergency-management participant, public infrastructure operator, academic representative, personal-capacity participant, invited guest, data provider, reviewer, simulation participant, controlled-room participant, Docket-context contributor, Grid-context contributor, or other recorded capacity.

Where capacity is unclear, the least official and least authority-conferring interpretation shall apply pending correction.

2.25 Finance-Signaling Use.\
No person shall use the Corporation’s name in a manner that signals or implies finance-readiness, investment suitability, bankability, insurability, underwriting support, rating, creditworthiness, public finance approval, capital-readability, routeability, securities offering, capital solicitation, lending approval, insurance placement, guarantee, tax credit approval, grant approval, MDB or DFI approval, sovereign finance approval, or public budget commitment.

GCRI US evidence, methods, observability records, host-readiness records, node records, technical baselines, public-good software, Nexus Observatory outputs, Nexus Universe outputs, proof receipts, Docket evidence inputs, Grid maturity inputs, and technical notes may support downstream finance-readiness work by the proper institution, including GRA where applicable, but shall not be labeled or marketed as finance-readiness determinations by GCRI US.

Any finance-adjacent reference shall preserve the distinction between upstream evidence production, downstream finance-readiness translation, and lawful capital execution by separate actors.

2.26 Certification-Implying Use.\
No person shall use the Corporation’s name to imply certification, accreditation, compliance approval, legal conformance, technical conformance approval, standards approval, regulatory safe harbor, professional credential, provider qualification, public authority approval, procurement eligibility, Docket approval, Grid integration, or Nexus-compatible status unless the exact status is authorized by a competent institution and recorded under the applicable procedure.

GCRI US may produce evidence, methods, public-good software, technical baselines, benchmark methods, test harnesses, evaluation sets, proof-receipt logic, model cards, dataset cards, system cards, public-safe technical summaries, and technical review notes. None of those outputs shall constitute certification merely because they are produced, maintained, published, referenced, or technically relied upon by GCRI US.

Where a GCRI US output is used in a certification, conformance, standards, procurement, or public authority context by another competent body, the GCRI US role shall be described as evidence, method, technical, or public-good support only unless a separate lawful instrument expressly provides otherwise.

2.27 Procurement-Implying Use.\
No person shall use the Corporation’s name to imply procurement approval, vendor selection, public contract award, preferred-provider status, public authority buying recommendation, public authority procurement compliance, bid advantage, sole-source justification, procurement readiness, public purchasing endorsement, or public-sector adoption.

GCRI US shall not select vendors for public authorities, rank providers for procurement purposes, approve procurements, issue buying recommendations, or use its public-good evidence role to confer market advantage. Technical participation, research collaboration, benchmark performance, sponsorship, public authority presence, host relationship, or Nexus involvement shall not be represented as procurement preference.

Any use of GCRI US materials in bid, procurement, vendor, grant, infrastructure, public authority, or market-facing contexts shall be subject to public-safe claims discipline and may require express written permission, non-endorsement language, and correction obligations.

2.28 North America Anchor Overclaim.\
No person shall use the Corporation’s bounded North America anchor role to imply North America-wide legal authority, regional sovereignty, treaty authority, intergovernmental authority, public authority status, regulatory authority, public finance authority, procurement authority, emergency command authority, public warning authority, certification authority, recognition authority, finance-readiness authority, protocol authority, enterprise execution authority, or control over GCRI Canada, Mexico-facing interfaces, Caribbean interfaces, Arctic interfaces, Indigenous interfaces, regional Nexus bodies, national Nexus bodies, public authorities, universities, laboratories, hosts, sponsors, providers, investors, insurers, lenders, National Consortium Companies, Project SPVs, or Qualified Enterprise Providers.

North America anchor language shall be limited to the Corporation’s lawful and record-supported role in evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute, verifiable intelligence, research integrity, public authority learning, cross-border evidence alignment, and safeguarded public-good technical infrastructure.

Any North America anchor reference shall be corrected if it suggests ownership, control, legal fusion, official public authority status, finance execution, regional regulator status, treaty body status, procurement authority, public warning role, emergency command role, or enterprise delivery role.

2.29 Correction, Withdrawal, Takedown, and Public Clarification for Misuse.\
Where the Corporation determines that its name, short name, mark, logo, seal, badge, program name, technical asset name, repository name, dataset name, software name, report title, whitepaper title, public-good asset, public statement, public-safe notice, proof receipt, dashboard, map, domain, social media reference, or Nexus reference has been used without authority, outside authorized scope, inaccurately, misleadingly, or in a manner inconsistent with this Bylaw, the Corporation may require correction, withdrawal, restriction, retraction, takedown, access revocation, public-safe clarification, controlled clarification, contract correction, repository correction, metadata correction, search-index correction, public authority clarification, sponsor clarification, provider clarification, funder clarification, or other lawful remedy proportionate to the risk.

Corrective action may be required where misuse creates or may create confusion concerning:

a) legal identity;

b) authority to bind;

c) relationship to GCRI Canada or other GCRI entities;

d) relationship to GRF, GRA, Nexus Standards, Nexus Network, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, National Consortium Companies, Project SPVs, providers, sponsors, hosts, public authorities, universities, laboratories, or enterprise actors;

e) public authority status or public authority approval;

f) finance-readiness, insurance-readiness, investment suitability, rating, bankability, routeability, public finance approval, or capital-readability;

g) certification, accreditation, conformance, compliance approval, procurement status, provider preference, or Nexus-compatible status;

h) research integrity, evidence status, methods status, technical truth, public-safe publication, Docket status, Grid status, Academy credential status, or proof-receipt meaning;

i) sponsor, donor, funder, provider, host, or enterprise influence;

j) data, AI, cyber, privacy, export-control, sanctions, protected knowledge, civil rights, accessibility, community safeguards, or public-safe mapping status; or

k) non-execution, public-benefit, nonprofit, tax, or legal-separateness boundaries.

The Corporation may preserve a record of the misuse, the corrective action taken, the persons notified, the materials corrected or withdrawn, the public or controlled clarification issued, the legal or contractual steps taken, and any recurrence controls adopted. The governing rule of this Section is that the Corporation’s name is a public-good trust surface: it shall identify the Corporation accurately, preserve its legal separateness, prevent authority inflation, protect public-safe meaning, and remain correctionable at all times.

## Section 3. Governing Statute, Legal Form, Registered Office, Principal Office, and United States Seat

3.1 Governing Statute.\
The Corporation shall be organized, governed, maintained, and operated under the nonprofit corporation law of the United States state in which it is incorporated or otherwise lawfully formed, together with the Corporation’s Certificate of Incorporation, Articles of Incorporation, charter, or other constituting instrument, this Bylaw, all validly adopted Board resolutions, all policies and instruments adopted under this Bylaw, and all applicable federal, state, territorial, Tribal-interface, District of Columbia, local, tax, nonprofit, charitable solicitation, corporate, employment, privacy, cybersecurity, AI, research, export-control, sanctions, public authority, grant, lobbying, political activity, procurement-integrity, civil rights, accessibility, and other laws applicable to the Corporation.

The governing statute shall provide the Corporation’s internal corporate-law foundation, including rules concerning corporate existence, Board authority, director duties, officer authority, member rights where applicable, records, meetings, filings, registered office, registered agent, indemnification, amendment, merger, dissolution, and other matters of nonprofit corporate governance.

The governing statute shall not be interpreted to expand the Corporation beyond its public-benefit purpose, nonprofit character, nonstock or non-share character, non-distribution rule, tax-exempt or tax-exempt-compatible posture where applicable, non-execution perimeter, role-separation obligations, public authority boundary, finance boundary, certification boundary, procurement boundary, provider-neutrality rule, sponsor support-without-control rule, validity-by-record doctrine, correctionability doctrine, or the limitations set forth in this Bylaw.

Where the governing statute permits flexibility, discretion, waiver, delegation, electronic action, officer authority, committee authority, member action, indemnification, compensation, asset use, dissolution, or other governance choice, such flexibility shall be exercised only in a manner consistent with the Corporation’s public-benefit mission, United States seat discipline, Nexus role separation, non-execution status, records discipline, and anti-capture obligations.

3.2 State of Incorporation or Organization.\
The Corporation shall be incorporated, organized, or otherwise legally constituted in one United States state selected by the competent incorporator, initial Board, or Board, as applicable, and recorded in the Corporation’s authoritative corporate records.

The state of incorporation or organization shall be the Corporation’s corporate-law home jurisdiction for internal governance purposes unless and until lawfully changed by competent action. Such state shall be identified in the Corporation’s Certificate or Articles, corporate register, bylaw register, Board records, registered agent records, tax records, banking records, insurance records, grant records, and other governance-significant records.

The Corporation may operate, qualify, register, solicit, employ, contract, convene, publish, maintain repositories, operate programs, conduct research, receive support, hold controlled rooms, engage public authorities, collaborate with universities and laboratories, support Nexus interfaces, and conduct lawful public-benefit activities outside its state of incorporation where lawful and where required registrations, qualifications, filings, notices, tax reviews, charitable solicitation reviews, employment reviews, data reviews, public authority reviews, and local-law reviews are completed or appropriately escalated.

No operation outside the state of incorporation shall create a new state of incorporation, legal seat, principal governance seat, foreign branch, state agency, territorial agency, Tribal governmental relationship, local public authority status, public-private partnership, public authority delegation, tax status, charitable status, or separate legal personality unless expressly and lawfully recorded by competent authority.

3.3 United States Nonprofit Corporate Character.\
The Corporation shall be maintained as a United States nonprofit corporation. It shall be organized and operated for lawful public-benefit, scientific, educational, research, evidence, methods, observability, ontology, public-good R\&D, public-good software, open technical baseline, public authority learning, technical literacy, safeguards, and systemic-risk purposes, and not for the private profit of any director, officer, member, founder, sponsor, donor, funder, provider, host, contractor, employee, advisor, contributor, participant, related person, or private person.

The Corporation’s nonprofit corporate character shall apply to all programs, platforms, research activities, repositories, datasets, software, technical baselines, publications, controlled rooms, public authority learning activities, Academy activities, Nexus interface activities, sponsorships, grants, donations, subscriptions, cost-recovery receipts, fee-based programs, in-kind contributions, and public-good support arrangements.

The Corporation may receive revenue, grants, donations, sponsorships, subscriptions, fees, reimbursements, in-kind support, cost-recovery payments, awards, program support, restricted funds, unrestricted funds, and other lawful support where such support is used for lawful corporate purposes and does not create private inurement, impermissible private benefit, sponsor control, donor control, provider preference, public authority access purchase, recognition purchase, finance-readiness purchase, certification purchase, procurement advantage, or prohibited execution activity.

The nonprofit corporate character of the Corporation shall not be weakened by operational sophistication, technical centrality, public authority participation, enterprise collaboration, sponsorship, support from commercial actors, open-source software activity, fee-based learning, cost-recovery arrangements, controlled-room access, public-good infrastructure support, or participation in Nexus-aligned systems.

3.4 Corporation Without Share Capital.\
The Corporation shall have no share capital, no equity owners, no shareholders, no profit participation interests, no dividend rights, no equity appreciation rights, no liquidation preference for private persons, and no ownership interests capable of being held, traded, transferred, pledged, encumbered, inherited, sold, securitized, tokenized, or otherwise treated as private property.

No person shall acquire any ownership interest in the Corporation, its mission, legal identity, name, marks, records, repositories, evidence artifacts, methods, ontologies, taxonomies, controlled vocabularies, public-good software, technical baselines, public-good technical assets, datasets, model cards, system cards, public-safe publications, Academy materials, Nexus interface outputs, public authority learning materials, goodwill, institutional standing, or public-benefit purpose by reason of contribution, authorship, employment, contract, donation, sponsorship, funding, participation, membership, subscription, advisory role, public authority participation, hosting, repository maintenance, technical centrality, program leadership, or Board service.

Assets of the Corporation shall be dedicated to its lawful nonprofit and public-benefit purposes. Upon dissolution or winding up, assets shall be distributed only as permitted by applicable law, the Articles or Certificate, tax-exempt or tax-exempt-compatible requirements where applicable, donor restrictions where lawful, and this Bylaw, and not for the private benefit of directors, officers, members, founders, sponsors, donors, funders, providers, hosts, contractors, employees, advisors, contributors, or private persons.

3.5 Non-Stock Character Where Applicable.\
Where the governing state law uses the term “nonstock corporation,” the Corporation shall be treated as a nonstock nonprofit corporation. Where the governing law uses a different formulation, the equivalent non-share, non-equity, non-distributing nonprofit character shall govern.

No membership category, supporter category, subscription category, donor category, sponsorship tier, advisory role, fellowship, contributor role, public authority participation category, provider participation category, host status, Academy status, controlled-room access class, repository role, technical maintainer status, or Nexus interface role shall be treated as stock, equity, beneficial ownership, voting security, economic ownership, transferable ownership interest, investment contract, security, partnership interest, fund interest, or property interest in the Corporation.

Where statutory members exist, if any, their rights shall be governance rights only to the extent expressly conferred by applicable law, the Articles or Certificate, this Bylaw, or a competent recorded act. Such rights shall not include any ownership of the Corporation or its assets, profits, reserves, public-good assets, records, technical baselines, or institutional outputs.

3.6 Registered Office.\
The Corporation shall maintain a registered office in its state of incorporation or organization as required by applicable law. The registered office shall be recorded in the Corporation’s corporate register, state filings, registered agent records, bylaw register, and other records required by law or approved by the Board.

The registered office may be a physical office, registered agent address, statutory office, or other address permitted by applicable law. It shall not necessarily be the Corporation’s principal office, operational headquarters, governance seat, records repository, public-facing address, controlled-room location, data-processing location, research location, public authority interface location, or Nexus interface location unless the Corporation’s records expressly provide otherwise.

The registered office shall be used for statutory notice, service of process, state filing, registered agent coordination, corporate status maintenance, and other legally required purposes. It shall not by itself confer operational authority, program location, public authority relationship, public-service area, public-private partnership status, tax-exempt status, charitable solicitation status, federal authority, state authority, territorial authority, local authority, Tribal authority, or Nexus role.

3.7 Registered Agent.\
The Corporation shall maintain a registered agent in its state of incorporation or organization as required by applicable law. The registered agent shall be authorized to receive service of process, legal notices, statutory notices, and other communications required or permitted under governing law.

The identity and contact information of the registered agent shall be maintained in the Corporation’s corporate records and updated in accordance with applicable law. Any change of registered agent shall be approved and recorded as required by law, the Articles or Certificate, this Bylaw, Board resolution, or delegated authority.

The registered agent shall not have authority to bind the Corporation, speak for the Corporation, approve filings beyond the scope of engagement, accept restricted funds, approve contracts, make public statements, approve name use, issue evidence artifacts, release public-good software, approve public authority references, approve data access, conduct regulatory engagement, certify records, or exercise any governance, fiduciary, executive, technical, financial, public authority, Nexus, or program authority unless separately and lawfully delegated by competent record.

3.8 Principal Office.\
The Corporation may maintain a principal office at such location within or outside its state of incorporation as the Board may determine, subject to applicable law, corporate records, state registration requirements, tax requirements, employment requirements, charitable solicitation requirements, privacy and cybersecurity obligations, and public authority interface considerations.

The principal office may serve as the Corporation’s primary administrative office, governance office, executive office, program coordination location, records coordination location, or public-facing institutional address, as recorded by the Board or authorized officers. The principal office may be physical, hybrid, distributed, virtual, hosted, shared, or otherwise structured where lawful and operationally appropriate.

The existence of a principal office in any state, territory, District of Columbia, Tribal-interface context, local jurisdiction, host institution, university, laboratory, public authority facility, controlled room, or partner facility shall not by itself create state incorporation, public authority delegation, public-private partnership, branch status, agency, employment relationship, local public authority status, tax registration, charitable solicitation authorization, procurement status, provider preference, or enterprise execution authority.

The Corporation shall maintain accurate principal-office records and shall correct public materials, filings, contracts, repositories, notices, public authority communications, and funding documents where office descriptions create confusion concerning legal seat, operating authority, public authority status, or institutional control.

3.9 Principal United States Governance Seat.\
The Corporation shall maintain a principal United States governance seat for internal corporate governance purposes. The governance seat shall identify the primary jurisdictional and institutional point of reference for Board governance, officer authority, corporate records, bylaw administration, internal authority, fiduciary oversight, and United States legal discipline.

The principal United States governance seat may be the same as, or different from, the registered office or principal office, provided that the distinction is recorded and does not create ambiguity. Where the registered office, principal office, and principal governance seat differ, the Corporation’s records shall identify the function of each location and the applicable custody, notice, filing, tax, employment, and operational implications.

The governance seat shall not be represented as a federal seat, public authority seat, public warning center, emergency command center, procurement authority, finance authority, certification authority, protocol authority, standards monopoly, national company, Project SPV, provider office, or enterprise operating center.

The governance seat shall be interpreted as the Corporation’s internal corporate governance anchor, not as a claim to sovereign power, national mandate, regional supremacy, state authority, territorial authority, Tribal authority, or public authority delegation.

3.10 Board Authority to Change Registered Office, Registered Agent, Principal Office, or Governance Seat Where Lawful.\
The Board may change the registered office, registered agent, principal office, or principal United States governance seat where permitted by applicable law, the Articles or Certificate, this Bylaw, and any required state filing, registration, tax, charitable solicitation, employment, privacy, data, public authority, or contractual condition.

A change of registered office or registered agent shall be made in accordance with the governing state statute and any required filing. A change of principal office or governance seat shall be recorded in the Corporation’s official records and, where material, approved by Board resolution.

Before approving a material change, the Board or authorized officers shall consider, as applicable:

a) corporate filing requirements;

b) registered agent requirements;

c) state qualification implications;

d) charitable solicitation registration implications;

e) tax and franchise tax implications;

f) employment and contractor implications;

g) banking, insurance, grant, and restricted-fund implications;

h) data, privacy, AI, cybersecurity, export-control, sanctions, and controlled-technology implications;

i) public authority interface implications;

j) public records, open meetings, procurement, government ethics, or grant-compliance implications where public authorities are involved;

k) continuity of corporate records and authoritative repositories;

l) accessibility, civil rights, and public participation implications;

m) community, Tribal, Indigenous, territorial, local, and protected knowledge safeguards where relevant;

n) Nexus interface, GCRI Canada interface, GRF interface, GRA interface, and other cross-entity implications; and

o) risk of legal-identity ambiguity, public authority confusion, finance signaling, certification overclaim, procurement implication, provider preference, or sponsor control.

No office or seat change shall be used to weaken the Corporation’s nonprofit character, non-distribution rule, public-benefit purpose, non-execution perimeter, United States legal discipline, records integrity, anti-capture posture, or role separation.

3.11 United States as Record-of-Record Jurisdiction for Internal Corporate Acts.\
For internal corporate governance purposes, the Corporation shall maintain the United States as its record-of-record jurisdiction, and its state of incorporation or organization as the corporate-law anchor jurisdiction, unless lawfully changed.

The Corporation’s internal corporate acts, including Board actions, officer appointments, bylaw amendments, corporate records, delegations, committee charters, member actions where applicable, indemnification decisions, conflict determinations, major policies, adoption records, corporate filings, and dissolution actions, shall be recorded through the Corporation’s United States governance records.

The Corporation may maintain mirrored, interoperable, controlled, or duplicate records in other jurisdictions, repositories, systems, ledgers, controlled rooms, public authority rooms, Nexus interfaces, or partner systems where lawful and approved. Such records shall not displace the Corporation’s United States record-of-record jurisdiction unless expressly and lawfully adopted by competent authority.

No foreign, cross-border, regional, Nexus, repository, ledger, protocol, proof receipt, controlled-room, public authority, sponsor, provider, host, university, laboratory, or partner record shall override the Corporation’s United States internal corporate governance records unless applicable law requires otherwise or the Board lawfully adopts the record into the Corporation’s governance system.

3.12 State Law as Corporate-Law Anchor Subject to Federal Law.\
The law of the Corporation’s state of incorporation or organization shall serve as the corporate-law anchor for internal affairs, subject to applicable federal law and any mandatory law applicable to the Corporation’s activities, tax status, employment, grants, public authority interactions, data, AI, cybersecurity, export controls, sanctions, controlled technology, civil rights, accessibility, lobbying, political activity, charitable solicitation, research, public health, public safety, competition, antitrust, and other regulated matters.

State corporate-law anchoring shall not excuse compliance with federal law, the law of other states or territories where the Corporation operates or solicits support, the District of Columbia law where applicable, Tribal-interface respect where applicable, local law where applicable, contractual obligations, donor restrictions, grant conditions, public authority conditions, or cross-border obligations where lawful and binding.

Where state corporate law and another applicable legal obligation appear to conflict, the matter shall be escalated through the Corporation’s legal, compliance, Board, and records procedures. Pending resolution, the Corporation shall apply the most protective lawful posture and shall avoid any interpretation that creates unauthorized public authority meaning, finance-readiness implication, certification implication, procurement implication, provider preference, sponsor control, data misuse, protected knowledge exposure, or execution authority.

3.13 Federal Law Compliance.\
The Corporation shall comply with all applicable United States federal laws, regulations, rules, guidance where binding or contractually adopted, grant conditions, tax requirements, employment requirements, civil rights requirements, accessibility requirements, privacy requirements, cybersecurity requirements, AI-related requirements, sanctions requirements, export-control requirements, controlled-technology requirements, national security-related requirements, lobbying and political activity restrictions, procurement-integrity requirements, government ethics requirements, research requirements, intellectual property requirements, competition and antitrust laws, consumer protection laws, and other federal legal obligations applicable to its activities.

Federal compliance shall be especially reviewed where the Corporation engages in:

a) tax-exempt or tax-exempt-compatible activities;

b) grants, cooperative agreements, restricted funds, public funding, or federally connected support;

c) public authority learning, public authority participation, regulator-listening, emergency-management learning, or public finance reader activities;

d) data, AI, cybersecurity, privacy, health-sensitive, youth-related, infrastructure-sensitive, cyber-sensitive, public-sector, rights-bearing, or protected knowledge activities;

e) export-controlled, sanctions-sensitive, controlled technology, dual-use, national security-sensitive, compute, AI-RAN, O-RAN, DePIN, DLT, cyber, geospatial, satellite, robotics, sensor, semiconductor, or quantum-adjacent activities;

f) lobbying, political activity, public policy engagement, public communications, or public authority correspondence;

g) research, human-subjects, community-sensitive, Tribal or Indigenous, health-sensitive, biosecurity-relevant, or public-safety-relevant activities;

h) competition-sensitive convenings, benchmarking, clean rooms, industry councils, provider comparisons, market baselines, or standards-support activities; and

i) finance-adjacent, insurance-adjacent, investment-adjacent, lending-adjacent, public finance-adjacent, procurement-adjacent, certification-adjacent, or rating-adjacent outputs.

Federal compliance shall not be treated as certification, public authority approval, regulatory approval, public finance approval, procurement approval, or public endorsement unless the competent federal authority lawfully records such consequence.

3.14 State, Territorial, Tribal, District of Columbia, and Local Law Compliance Where Applicable.\
The Corporation shall comply with applicable state, territorial, District of Columbia, Tribal-interface, and local laws where its activities, presence, solicitation, employment, contracting, data processing, public authority engagement, research, controlled rooms, events, publications, public-safe reporting, public-good software release, technical deployment support, fundraising, fee collection, sponsorship, or other activities create legal obligations.

The Corporation shall review and, where required, complete state or territorial foreign qualification, charitable solicitation registration, tax registration, employment registration, contractor compliance, public authority contracting registration, data privacy compliance, cybersecurity compliance, event permitting, lobbying registration, government ethics compliance, grant compliance, sales or use tax review, and other local requirements before conducting activities that require such steps.

Engagement with Tribal Nations, Indigenous governments, Indigenous communities, Tribal instrumentalities, Indigenous knowledge holders, or Indigenous data contexts shall be conducted with respect for sovereignty, consent, non-consent, protected knowledge, data governance, cultural protocols, local law, federal Indian law where applicable, and community safeguards. No Tribal or Indigenous participation shall be represented as endorsement, delegation, consent, public authority approval, or data permission unless expressly and lawfully recorded.

No state, territorial, District of Columbia, Tribal, local, county, municipal, metropolitan, port, utility, public health, emergency management, public safety, public works, water, energy, food, telecom, cyber, infrastructure, university, laboratory, or public-sector interface shall be treated as public authority delegation, procurement approval, funding approval, public finance approval, emergency authority, public warning authority, regulatory authority, certification authority, or official adoption unless expressly and lawfully recorded by competent authority.

3.15 North America Anchor Function Without Foreign Legal Merger.\
The Corporation may serve as a bounded North America anchor for evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute, verifiable intelligence, research integrity, public authority learning, and safeguarded public-good technical infrastructure where such role is lawful, record-supported, and consistent with this Bylaw.

The North America anchor function shall not create merger, agency, branch status, parent-subsidiary status, alter ego status, common treasury, shared liability, shared tax status, joint employment, common employer status, foreign registration by implication, treaty status, intergovernmental status, regional regulator status, public authority status, sovereign status, procurement authority, public finance authority, emergency command authority, public warning authority, certification authority, finance-readiness authority, recognition authority, protocol authority, or enterprise execution authority.

The Corporation may coordinate with GCRI Canada, Mexico-facing interfaces, Caribbean interfaces, Arctic interfaces, Great Lakes interfaces, Atlantic interfaces, Pacific interfaces, Gulf interfaces, border-region interfaces, Tribal and Indigenous interfaces, universities, laboratories, public authorities, civil society, communities, hosts, sponsors, providers, regional Nexus bodies, national Nexus bodies, and other lawful partners, provided that the exact legal capacity, authority, records, data controls, public authority status, public-safe claims, and correction path are identified where needed.

The Corporation shall preserve the rule: North America coordination may align evidence and methods, but it shall not fuse legal entities, merge treasuries, transfer authority, override domestic law, create public authority status, or convert public-good stewardship into execution.

3.16 Cross-Border Operations Without Foreign Sovereign Authority.\
The Corporation may engage in cross-border activities, collaborations, research, evidence-sharing, methods alignment, observability design, ontology coordination, public-good software development, public-safe publication, Academy activity, public authority learning, controlled-room participation, Nexus interface support, and other lawful public-benefit activities outside the United States where permitted by applicable law and approved under the Corporation’s records and compliance procedures.

Such cross-border operations shall not confer foreign sovereign authority, treaty status, intergovernmental status, diplomatic status, foreign regulator status, public warning authority, emergency command authority, public finance approval authority, public procurement authority, certification authority, finance-readiness authority, recognition authority, protocol authority, or enterprise execution authority.

Cross-border operations shall be subject to legal and safeguards review where they involve:

a) foreign public authorities;

b) Indigenous, Tribal, local, territorial, cultural, environmental, or protected knowledge;

c) personal data, public authority data, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, geospatial data, satellite data, AI data, model outputs, controlled technology, or sensitive compute;

d) export controls, sanctions, national security, controlled technology, dual-use technologies, defense-adjacent systems, AI-RAN, O-RAN, sovereign compute, DLT, DePIN, cyber, robotics, drones, sensing, geospatial systems, semiconductors, quantum-adjacent systems, or other sensitive technologies;

e) grants, donations, sponsorships, in-kind support, foreign funding, public funding, public finance readers, capital readers, investors, insurers, lenders, or development finance actors;

f) public-safe publications, dashboards, maps, reports, datasets, software, technical baselines, proof receipts, or public authority references; or

g) any activity that could create legal-identity ambiguity, public authority confusion, finance signaling, certification overclaim, procurement implication, provider preference, or sponsor control.

3.17 Local Law Respect in Canada, Mexico, Caribbean, Arctic, Indigenous, Cross-Border, and International Interfaces.\
In all Canada, Mexico, Caribbean, Arctic, Indigenous, cross-border, and international interfaces, the Corporation shall respect applicable local law, public authority competence, community protocols, Indigenous governance, data sovereignty, privacy, cybersecurity, export-control, sanctions, research ethics, protected knowledge, public safety, cultural, environmental, and human rights obligations.

The Corporation shall not represent that United States incorporation, United States governance seat, North America anchor status, Nexus alignment, technical authorship, public-good function, donor support, sponsor support, public authority participation, university collaboration, laboratory collaboration, or repository centrality permits it to disregard foreign law, local law, public authority protocols, Indigenous protocols, community safeguards, data localization requirements, consent requirements, public-safe mapping restrictions, protected knowledge restrictions, or cross-border transfer limits.

Where local law or protocol conflicts with proposed activity, the Corporation shall suspend, narrow, compartmentalize, localize, re-scope, route through a lawful local partner, refer to a competent authority, obtain legal review, or terminate the activity as appropriate. No cross-border ambition, Nexus alignment, donor expectation, sponsor expectation, public authority interest, technical urgency, operational convenience, or publication timeline shall override local law respect.

3.18 Records of Seat, Filings, Registered Agent, State Qualifications, Charitable Solicitation Registrations, and Foreign Registrations.\
The Corporation shall maintain complete and current records of its legal seat, state of incorporation or organization, registered office, registered agent, principal office, principal United States governance seat, corporate filings, annual reports, certificates of good standing, tax registrations, state qualifications, foreign qualifications, charitable solicitation registrations, fundraising registrations, employment registrations, lobbying registrations where applicable, public authority registrations where applicable, data protection registrations where applicable, and any foreign registrations or cross-border legal authorizations.

Such records shall include, as applicable:

a) jurisdiction;

b) filing authority;

c) filing date;

d) effective date;

e) renewal date;

f) responsible officer or custodian;

g) registered agent or local representative;

h) legal status;

i) tax status;

j) charitable solicitation status;

k) good-standing status;

l) permitted activities;

m) restricted activities;

n) reporting obligations;

o) renewal obligations;

p) public-facing name approved for use;

q) local-law conditions;

r) public authority conditions;

s) data, AI, cyber, privacy, sanctions, export-control, research, safeguards, or protected knowledge conditions;

t) suspension, lapse, correction, withdrawal, or termination status; and

u) repository location and evidence of filing.

No person shall represent that the Corporation is authorized, registered, qualified, tax-exempt, charitable, licensed, approved, certified, public authority endorsed, procurement-ready, finance-ready, legally operating, or formally present in any jurisdiction unless the relevant record supports that exact claim.

The governing rule of this Section is that the Corporation’s United States legal seat shall provide corporate-law clarity, not authority inflation. GCRI US may operate broadly and coordinate across North America where lawful, but its seat, offices, registered agent, filings, qualifications, and cross-border interfaces shall remain record-based, jurisdictionally bounded, non-executing, public-benefit aligned, and correctionable at all times.

## Section 4. United States All-States-and-Territories Operating Posture

4.1 United States Operating Posture.\
The Corporation shall be capable of operating, coordinating, convening, publishing, researching, stewarding evidence, maintaining repositories, supporting public-good software, conducting public authority learning, engaging universities and laboratories, receiving lawful support, maintaining controlled rooms, supporting Nexus interfaces, and carrying out its nonprofit and public-benefit purposes across the United States, subject at all times to applicable federal law, the governing law of the state of incorporation or organization, the law of any state, territory, District of Columbia, Tribal-interface context, local jurisdiction, or other jurisdiction in which the Corporation operates, this Bylaw, the Certificate or Articles, Board-approved policies, and competent records.

The Corporation’s United States operating posture is national in reach but bounded in legal authority. It permits lawful public-benefit activity across the United States; it does not create federal authority, state authority, territorial authority, Tribal authority, local authority, emergency command authority, public warning authority, procurement authority, public finance authority, certification authority, recognition authority, finance-readiness authority, standards authority, protocol authority, or enterprise execution authority.

The Corporation may organize its United States activities through programs, projects, laboratories, public authority learning rooms, controlled rooms, evidence rooms, data rooms, public-safe publications, public-good software repositories, technical baselines, state or regional interface notes, Nexus Observatory methods, Nexus Universe activities, Academy activities, working groups, advisory bodies, fellowships, partnerships, grant activities, sponsorship-supported activities, and other lawful structures. No such activity shall create a separate legal entity, branch, public authority instrumentality, state office, territorial office, Tribal office, local government office, public-private partnership, procurement vehicle, regulated intermediary, national company, Project SPV, provider, operator, or execution vehicle unless separately and lawfully constituted and recorded.

4.2 All Fifty States.\
The Corporation may conduct lawful activities in or concerning all fifty states of the United States, including activities involving state public authorities, state universities, state laboratories, state agencies, local governments, utilities, ports, public health systems, emergency management bodies, public safety bodies, public works systems, infrastructure operators, communities, civil society, media, sponsors, hosts, providers, donors, funders, and research partners.

Before engaging in activity in any state that may trigger legal obligations, the Corporation shall review and, where required, complete state qualification, charitable solicitation registration, tax registration, employment registration, contractor compliance, grant compliance, public authority contracting review, lobbying registration, government ethics review, public records review, privacy review, cybersecurity review, AI-use review, procurement-integrity review, event permitting, data processing review, or other state-law compliance steps.

No state-facing activity shall imply that the Corporation has been adopted, endorsed, funded, approved, certified, retained, delegated, authorized, or preferred by a state government or state public authority unless the competent state authority has expressly and lawfully recorded the exact status and the Corporation’s records support the claim.

4.3 District of Columbia.\
The Corporation may conduct lawful activities in or concerning the District of Columbia, including federal-interface work, nonprofit engagement, university and research collaboration, public authority learning, policy-adjacent education, civil society engagement, public-safe publication, public-good technology coordination, and Nexus-compatible activities, subject to applicable District of Columbia law and any federal-law overlay.

District of Columbia activity shall not be used to imply federal endorsement, federal delegation, congressional approval, agency approval, public finance approval, grant approval, procurement approval, regulatory approval, lobbying authorization beyond lawful registration where required, or public authority status.

Where District of Columbia activity involves federal agencies, embassies, international organizations, development finance actors, capital readers, public authorities, public policy settings, government ethics-sensitive contexts, grant-funded activities, lobbying-sensitive communications, public procurement-sensitive communications, or public records-sensitive materials, the Corporation shall apply enhanced legal, compliance, public authority boundary, and public-safe claims review.

4.4 Puerto Rico.\
The Corporation may conduct lawful activities in or concerning Puerto Rico, including research, public authority learning, disaster resilience evidence, climate and energy systems evidence, water and food systems evidence, health and public safety learning, communications resilience, AI-RAN and telecommunications evidence, port and supply-chain evidence, community safeguards, and Nexus Observatory methods support, subject to applicable federal and Puerto Rico law.

No Puerto Rico-facing activity shall imply territorial government approval, emergency command authority, public warning authority, public finance approval, procurement approval, public-private partnership status, official adoption, or territorial mandate unless expressly and lawfully recorded.

The Corporation shall apply public-safe publication, language access, accessibility, community safeguards, disaster-sensitivity, infrastructure-sensitivity, data protection, and public authority capacity controls where Puerto Rico-facing activity involves communities, critical infrastructure, public health, energy, water, ports, telecommunications, disaster response, or government participation.

4.5 Guam.\
The Corporation may conduct lawful activities in or concerning Guam, including activities involving climate, disaster, energy, water, food, telecommunications, port, supply-chain, public health, public safety, cyber, infrastructure, geospatial, sensor, and public authority learning contexts, subject to applicable federal and Guam law.

Because Guam may involve strategic, defense-adjacent, Pacific, telecommunications, cyber, infrastructure, disaster, port, or national security-sensitive contexts, the Corporation shall apply enhanced review where activities involve controlled technology, export controls, sanctions, sensitive geospatial information, cyber-sensitive information, public authority data, infrastructure-sensitive data, military-adjacent settings, or public-safe mapping.

No Guam-facing activity shall imply federal authority, territorial authority, military authority, emergency authority, public warning authority, procurement authority, infrastructure operating authority, or public finance authority unless the competent authority has expressly and lawfully recorded that status.

4.6 U.S. Virgin Islands.\
The Corporation may conduct lawful activities in or concerning the U.S. Virgin Islands, including activities involving climate resilience, disaster resilience, energy, water, food, health, ports, tourism-related systems, public infrastructure, telecommunications, public authority learning, observability methods, public-safe publication, and community safeguards, subject to applicable federal and territorial law.

The Corporation shall treat U.S. Virgin Islands-facing activity as jurisdictionally specific and shall review territorial registration, charitable solicitation, tax, public authority, privacy, cybersecurity, grant, contracting, public-safe communication, community safeguards, and disaster-sensitive publication requirements where applicable.

No activity in or concerning the U.S. Virgin Islands shall be represented as territorial endorsement, public authority adoption, emergency readiness, public warning authority, procurement approval, public finance approval, provider preference, certification, or recognition unless supported by competent records.

4.7 American Samoa.\
The Corporation may conduct lawful activities in or concerning American Samoa, including public-benefit research, community safeguards, climate and disaster evidence, telecommunications resilience, energy and water systems evidence, public health learning, geospatial methods, public authority learning, and Nexus-compatible observability methods, subject to applicable federal, territorial, local, cultural, community, and legal requirements.

The Corporation shall apply heightened respect for local governance, cultural context, community protocols, language access, accessibility, public-safe mapping, protected knowledge, data minimization, and public authority capacity classification in American Samoa-facing activities.

No American Samoa-facing activity shall imply territorial authority, local authority, public authority delegation, cultural consent, community consent, emergency command, public warning, procurement authority, public finance approval, or official adoption unless expressly and lawfully recorded.

4.8 Northern Mariana Islands.\
The Corporation may conduct lawful activities in or concerning the Commonwealth of the Northern Mariana Islands, including activities involving climate and disaster systems, energy, water, food, ports, telecommunications, public health, public safety, cyber, infrastructure, geospatial, public authority learning, and community safeguards, subject to applicable federal and Commonwealth law.

The Corporation shall conduct legal, safeguards, public authority, data, cybersecurity, public-safe publication, and local-context review before activities that may affect sensitive infrastructure, public authorities, communities, protected knowledge, public safety, public health, climate resilience, disaster response, or strategic systems.

No Northern Mariana Islands-facing activity shall imply Commonwealth approval, federal approval, emergency command, public warning, public finance approval, procurement approval, provider preference, certification, recognition, or official adoption unless supported by competent records.

4.9 Tribal Nations and Indigenous Governments Where Lawfully and Respectfully Engaged.\
The Corporation may engage with Tribal Nations, Indigenous governments, Indigenous communities, Indigenous organizations, Indigenous knowledge holders, and Tribal or Indigenous public authority interfaces only where lawful, respectful, capacity-classified, safeguard-governed, and record-supported.

Such engagement shall respect sovereignty, self-determination, applicable law, federal Indian law where applicable, Tribal law where applicable, Indigenous data governance, cultural protocols, community protocols, consent and non-consent pathways, protected knowledge, local knowledge, territorial knowledge, culturally sensitive knowledge, environmental knowledge, sacred-site sensitivity, public-safe mapping restrictions, attribution rules, withdrawal pathways, correction pathways, grievance pathways, non-retaliation, and do-no-harm obligations.

No Tribal or Indigenous participation, consultation, contribution, data sharing, site participation, public authority learning participation, public-safe publication review, controlled-room participation, observatory methods activity, Nexus interface activity, or public statement shall be represented as consent, endorsement, delegation, adoption, authority transfer, public authority approval, procurement approval, public finance approval, certification, recognition, finance-readiness, or public-private partnership unless the competent Tribal or Indigenous authority or relevant rights-holder has expressly and lawfully recorded the exact status.

Where there is uncertainty concerning Tribal or Indigenous status, authority, representation, consent, protected knowledge, data rights, publication safety, or public meaning, the Corporation shall apply the most protective lawful posture and shall suspend, narrow, localize, re-scope, or decline the activity pending appropriate review.

4.10 Federal Public Authority Interfaces.\
The Corporation may interface with federal departments, agencies, offices, laboratories, commissions, authorities, instrumentalities, public finance entities, emergency management bodies, public health bodies, public safety bodies, infrastructure bodies, research bodies, procurement-related bodies, regulator-listening participants, and other federal public-sector actors for public-benefit research, evidence literacy, technical literacy, public authority learning, scenario learning, public-safe communication, methods review, observability methods, data governance learning, AI governance learning, cybersecurity learning, and other lawful non-executing purposes.

Federal public authority participation shall be capacity-classified before public meaning is created. The Corporation shall distinguish, as applicable, among official-capacity participation, observer participation, regulator-listening participation, public finance reader participation, emergency-management learning participation, public infrastructure operator participation, technical contributor participation, data contributor participation, reviewer participation, controlled-room participation, and personal-capacity participation.

Federal participation shall not imply federal endorsement, federal adoption, regulatory approval, procurement approval, grant approval, public finance approval, sovereign obligation, statutory certification, emergency command authority, public warning authority, public-private partnership, data permission, official use, or public authority delegation unless expressly and lawfully recorded by competent federal authority.

4.11 State Public Authority Interfaces.\
The Corporation may interface with state public authorities, including governors’ offices, state agencies, state emergency management bodies, state public health bodies, state public safety bodies, state energy, water, food, environment, transportation, telecommunications, cyber, infrastructure, finance, insurance, economic development, research, university, and regulatory bodies, for lawful public-benefit purposes.

State public authority interfaces shall be governed by capacity classification, public authority reference controls, data contribution controls, public-safe publication controls, procurement neutrality, lobbying and government ethics review where applicable, grant compliance review where applicable, and state-law compliance.

No state public authority interface shall create state mandate, state adoption, state procurement approval, state public finance approval, state emergency authority, state public warning authority, state regulatory approval, state certification, state funding commitment, state public-private partnership, state provider preference, or state endorsement unless expressly and lawfully recorded.

4.12 Territorial Public Authority Interfaces.\
The Corporation may interface with territorial public authorities in Puerto Rico, Guam, the U.S. Virgin Islands, American Samoa, the Northern Mariana Islands, and any other United States territorial or insular context where lawful and appropriate.

Territorial public authority interfaces shall be treated as jurisdictionally specific, with attention to local law, federal law, public authority capacity, language access, accessibility, community safeguards, climate and disaster sensitivity, infrastructure sensitivity, public-safe mapping, data governance, cybersecurity, public finance, procurement, and public authority reference controls.

No territorial interface shall create territorial authority, emergency command authority, public warning authority, procurement approval, public finance approval, official adoption, public-private partnership, certification, recognition, provider preference, or legal mandate unless expressly and lawfully recorded.

4.13 Tribal Public Authority Interfaces.\
The Corporation may interface with Tribal public authorities, Indigenous governmental authorities, Tribal agencies, Tribal utilities, Tribal colleges and universities, Tribal emergency management bodies, Tribal health bodies, Tribal public safety bodies, Tribal infrastructure bodies, and other Tribal or Indigenous governance institutions where lawful, invited, appropriate, and safeguard-governed.

Each Tribal public authority interface shall identify the relevant capacity, authority, jurisdiction, consent or non-consent posture, data governance requirements, protected knowledge restrictions, publication rules, public-safe mapping limits, records custodian, and correction pathway.

No Tribal public authority interface shall imply delegation, consent, endorsement, public authority adoption, data permission, protected knowledge permission, public finance approval, procurement approval, certification, recognition, public warning authority, emergency command authority, or public-private partnership unless expressly and lawfully recorded by the competent Tribal or Indigenous authority and accepted by the Corporation within its non-executing role.

4.14 Local, County, Municipal, Metropolitan, Port, Utility, Public Health, Emergency Management, Public Safety, Public Works, Water, Energy, Food, Telecom, Cyber, and Infrastructure Interfaces.\
The Corporation may lawfully engage with local, county, municipal, metropolitan, port, utility, public health, emergency management, public safety, public works, water, energy, food, telecommunications, cyber, infrastructure, transportation, housing, environmental, resilience, and public-service bodies for evidence, methods, observability, technical literacy, public-safe reporting literacy, scenario learning, public-good technology, and systemic-risk learning purposes.

Such interfaces shall be structured to support public authority learning and evidence discipline without public authority substitution. The Corporation may support scenario design, tabletop learning, after-action evidence methods, public-safe technical explanation, observability methods, data governance literacy, AI governance literacy, cyber hygiene learning, public-good technical baselines, and controlled-room evidence review where lawful.

No local or infrastructure-facing activity shall constitute emergency command, incident command, dispatch, evacuation instruction, public warning, utility operating authority, infrastructure operating authority, public health order, public safety command, procurement recommendation, public finance approval, regulatory approval, certification, provider selection, or public authority decision.

Where local or infrastructure-facing activity involves sensitive infrastructure, cyber vulnerabilities, public safety, health data, utility operations, emergency response, community mapping, protected knowledge, or public-safe communication, the Corporation shall apply heightened security, confidentiality, classification, and publication controls.

4.15 Interstate and Interjurisdictional Systems.\
The Corporation may support evidence, methods, observability, ontology, public-good software, technical baselines, and public authority learning concerning interstate and interjurisdictional systems, including watersheds, energy grids, telecommunications networks, ports, supply chains, transportation corridors, cyber systems, public health systems, climate and disaster corridors, wildfire and flood systems, air quality systems, food systems, emergency management mutual aid contexts, cross-state infrastructure, and multi-state public authority learning.

Interstate or interjurisdictional activity shall not create authority over any participating state, territory, Tribal Nation, public authority, utility, operator, sponsor, provider, host, or community. It shall not create interstate compact authority, mutual aid authority, emergency authority, public warning authority, procurement authority, regulatory authority, public finance authority, or standards authority unless separately and lawfully constituted by competent authorities.

Where interstate activity involves multiple public authorities or public-sector actors, the Corporation shall classify the capacity of each participant, identify the relevant legal and data boundaries, maintain public-safe claims discipline, and preserve separate records for roles, authorities, data rights, publication rights, limitations, and correction pathways.

4.16 Cross-Border North America Systems.\
The Corporation may support evidence, methods, observability, ontology, public-good software, technical baselines, and public authority learning concerning cross-border North America systems where lawful, including Canada–United States, United States–Mexico, Arctic, Great Lakes, Pacific, Atlantic, Gulf, Caribbean, border, supply-chain, port, energy, water, food, telecommunications, cyber, climate, disaster, public health, biodiversity, Indigenous, and regional Nexus contexts.

Cross-border North America work shall be conducted in coordination with appropriate legal, institutional, public authority, community, Indigenous, data, AI, cyber, privacy, export-control, sanctions, controlled-technology, public-safe publication, and safeguards review. Coordination with GCRI Canada, Mexico-facing interfaces, Caribbean interfaces, regional Nexus bodies, public authorities, universities, laboratories, communities, hosts, sponsors, providers, or other partners shall not create merger, agency, parent-subsidiary status, alter ego status, shared treasury, shared liability, foreign public authority status, treaty status, intergovernmental status, public finance authority, emergency authority, procurement authority, certification authority, finance-readiness authority, recognition authority, or enterprise execution authority.

Cross-border work shall preserve the rule that GCRI US may support North America evidence and methods alignment, but it shall not speak for foreign authorities, bind foreign partners, override local law, determine public finance, approve projects, issue warnings, certify systems, or execute infrastructure.

4.17 State Qualification, Registration, Charitable Solicitation, Tax, Employment, Privacy, Public Records, Procurement, Lobbying, Grant, and Contracting Review Where Applicable.\
Before operating, soliciting, hiring, contracting, collecting fees, accepting funds, hosting events, conducting public authority learning, maintaining controlled rooms, processing data, issuing public materials, engaging in grant activity, or forming state-, territorial-, Tribal-, local-, or cross-border interfaces, the Corporation shall determine whether legal review, registration, qualification, filing, approval, notice, or compliance controls are required.

The Corporation shall review, as applicable:

a) foreign qualification to do business or conduct nonprofit activity;

b) charitable solicitation registration or exemption;

c) state and local tax registration, sales tax, franchise tax, use tax, employment tax, and unrelated business income considerations;

d) federal and state tax-exempt or tax-exempt-compatible requirements;

e) employment, contractor, volunteer, fellow, workplace, workers’ compensation, unemployment insurance, wage and hour, and workplace safety requirements;

f) public authority contracting, grant, procurement-integrity, government ethics, gifts, lobbying, political activity, and public records obligations;

g) privacy, data protection, cybersecurity, AI governance, health data, youth data, public-sector data, cyber-sensitive data, infrastructure-sensitive data, and controlled-room obligations;

h) export controls, sanctions, controlled technology, national security-sensitive, dual-use, geospatial, satellite, AI-RAN, O-RAN, DePIN, DLT, cyber, robotics, drone, semiconductor, quantum-adjacent, and compute-sensitive requirements;

i) civil rights, accessibility, language access, disability access, nondiscrimination, community safeguards, Indigenous knowledge, Tribal protocol, and protected knowledge requirements;

j) insurance, indemnification, liability, safety, event, facility, host-site, and fieldwork requirements; and

k) contract, grant, sponsorship, donation, in-kind support, data-sharing, IP, public-good software, repository, and publication obligations.

Where review identifies uncertainty, the Corporation shall apply the most protective lawful posture and shall suspend, narrow, re-scope, localize, or delay the activity until the relevant authority, filing, registration, exemption, approval, or risk treatment is recorded.

4.18 No Assumption of Authority in Any State, Territory, Tribal Jurisdiction, or Public Authority Context Without Record.\
The Corporation shall not assume, imply, represent, accept, or exercise authority in any state, territory, District of Columbia, Tribal jurisdiction, local jurisdiction, public authority context, public institution, public infrastructure context, public finance context, public procurement context, emergency management context, public health context, public safety context, utility context, port context, or regulated context unless the authority is expressly lawful, within the Corporation’s non-executing purpose, and recorded by competent authority.

No title, role, public authority relationship, participation, meeting, letter of support, memorandum, data contribution, public statement, shared logo, event, dashboard, controlled room, repository, proof receipt, public-safe publication, whitepaper, benchmark, public authority learning session, Nexus Universe activity, Nexus Observatory output, Nexus Standards input, Docket input, Grid input, or finance-readiness evidence input shall create authority by implication.

Where authority is ambiguous, the narrower and less authority-conferring interpretation shall apply. The Corporation shall not rely on operational convenience, urgency, public authority interest, sponsor pressure, provider request, technical capacity, emergency context, community need, media attention, or Nexus alignment as a substitute for lawful authority and competent records.

4.19 State and Territorial Localization Without Fragmentation.\
The Corporation may adopt state-specific, territorial-specific, District of Columbia-specific, Tribal-interface-specific, local-specific, sector-specific, or public authority-specific procedures, notices, templates, public-safe summaries, interface terms, controlled vocabulary notes, compliance schedules, registration records, data handling schedules, public authority protocols, grant compliance addenda, or operating practices to comply with applicable law and local context.

Localization shall be used to make the Corporation lawful, legible, accessible, and safe in specific jurisdictions. Localization shall not create a separate Corporation, separate mission, separate treasury, separate governance system, undisclosed bylaw, competing authority, state franchise, territorial franchise, public authority office, procurement arm, finance arm, certification arm, recognition arm, public warning arm, emergency command arm, national company, Project SPV, provider, or enterprise execution vehicle.

No localization shall weaken:

a) the Corporation’s official legal identity;

b) United States seat discipline;

c) nonprofit and non-distribution character;

d) public-benefit purpose;

e) public-good stewardship burden;

f) non-execution perimeter;

g) GCRI / GRF / GRA role separation;

h) public-good stack and enterprise stack separation;

i) public authority boundary;

j) finance, securities, insurance, lending, rating, public finance, procurement, and certification boundaries;

k) provider neutrality;

l) sponsor, donor, and funder non-control;

m) data, AI, cyber, privacy, and secure computing controls;

n) community, Tribal, Indigenous, local, territorial, protected knowledge, civil rights, accessibility, and public-safe mapping safeguards;

o) competition, sanctions, export-control, controlled-technology, and professional boundary controls;

p) validity-by-record; or

q) correctionability.

Where localization creates divergence from general Corporation practice, the Corporation shall maintain compatibility notes, divergence logs, supersession records, public-safe explanatory notes where appropriate, and correction paths.

4.20 U.S. Operating Posture Records.\
The Corporation shall maintain records sufficient to evidence its United States all-states-and-territories operating posture, including records of jurisdictions in which it operates, registers, qualifies, solicits, hires, contracts, holds events, processes data, engages public authorities, accepts support, hosts controlled rooms, issues public materials, conducts research, or maintains active program interfaces.

Such records shall include, as applicable:

a) state, District of Columbia, territorial, Tribal-interface, local, and cross-border activity maps;

b) state qualification records;

c) charitable solicitation registrations, exemptions, renewal dates, and filing records;

d) tax registrations and tax-review records;

e) employment and contractor compliance records;

f) public authority capacity records;

g) grant, contract, procurement-integrity, lobbying, political activity, government ethics, and public records review records;

h) privacy, data, AI, cybersecurity, health data, youth data, infrastructure-sensitive data, cyber-sensitive data, and controlled-room records;

i) sanctions, export-control, controlled-technology, national security-sensitive, dual-use, and sensitive technology review records;

j) civil rights, accessibility, language access, community safeguards, Tribal and Indigenous protocol, protected knowledge, and public-safe mapping records;

k) public-safe publication, dashboard, map, report, dataset, software release, repository, and technical baseline jurisdictional review records;

l) sponsor, donor, funder, host, provider, university, laboratory, community, civil society, and media interface records;

m) GCRI Canada, GRF, GRA, Nexus Standards, Nexus Network, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortium, national company, Project SPV, and qualified provider interface records where relevant;

n) localization instruments, compatibility notes, divergence logs, and correction records; and

o) records of suspension, withdrawal, correction, termination, or re-scoping of activities where jurisdictional, legal, public authority, finance, certification, procurement, data, AI, cyber, safeguards, or public-safe risks require action.

The governing rule of this Section is that GCRI US may operate nationally and coordinate across all United States states, territories, Tribal-interface contexts, local systems, and North America-facing systems where lawful, but every such activity shall remain jurisdictionally bounded, non-executing, public-benefit aligned, public-safe where published, provider-neutral, sponsor-independent, validity-by-record based, and correctionable.

## Section 5. North America Anchor Role

5.1 North America Anchor Purpose.\
The Corporation may serve as a bounded North America anchor for the GCRI public-good function, provided that such role is lawful, record-supported, consistent with the Corporation’s United States legal personality, and limited to evidence, methods, observability, ontology, technical truth, public-good R\&D, open technology, public-good software, open technical baselines, verifiable compute, verifiable intelligence, research integrity, public authority learning, safeguards, and Nexus public-good stack alignment.

The North America anchor role is intended to provide continuity, coherence, and public-benefit discipline for cross-border evidence architecture and methods alignment across United States-facing and North America-facing systemic-risk domains. It shall support lawful coordination among United States, Canadian, Mexico-facing, Caribbean, Arctic, Great Lakes, Pacific, Atlantic, Gulf, border, Indigenous, university, laboratory, public authority, civil society, community, and Nexus interfaces where appropriate and record-supported.

The North America anchor role shall be interpreted as a stewardship role, not an ownership role; as an evidence and methods role, not a recognition role; as an observability and technical-baseline role, not a public warning or emergency command role; as a public authority learning role, not a public authority delegation; and as a Nexus public-good compatibility role, not an enterprise execution, finance-readiness, procurement, certification, or regulated-market role.

No statement, document, public communication, grant narrative, sponsorship material, public authority briefing, repository label, technical baseline, dashboard, map, proof receipt, AI output, Nexus reference, or cross-border convening shall describe the Corporation’s North America anchor role in a manner that expands the Corporation beyond its lawful authority, nonprofit character, non-execution perimeter, public authority boundary, finance boundary, certification boundary, procurement neutrality, provider neutrality, sponsor non-control, legal separateness, validity-by-record discipline, or correctionability.

5.2 GCRI US as United States Anchor of the GCRI Evidence, Methods, Observability, Ontology, Technical Truth, Public-Good R\&D, Open Technology, and Public-Good Software Function.\
The Corporation shall serve as the United States anchor of the GCRI evidence, methods, observability, ontology, technical truth, public-good R\&D, open technology, public-good software, open technical baseline, verifiable compute, verifiable intelligence, research-integrity, and public authority learning function.

As United States anchor, the Corporation may develop, maintain, review, publish, correct, and preserve public-good evidence architectures, methods libraries, observability models, ontology and controlled vocabulary systems, technical truth methods, public-good R\&D outputs, public-good software, open technical baselines, technical schemas, reference architectures, test harnesses, data dictionaries, confidence and uncertainty frameworks, public-safe technical summaries, and public authority learning materials, subject to applicable law and this Bylaw.

The United States anchor function may include work concerning artificial intelligence, AI-RAN, O-RAN, private wireless, telecommunications, sovereign compute, high-performance compute, edge compute, confidential computing, cybersecurity, blockchain, distributed ledger technology, Web3, DePIN, proof systems, quantum-relevant systems, robotics, drones, sensing, Earth observation, geospatial systems, digital twins, biosecurity, climate, nature, biodiversity, water, energy, food, health, disaster, ports, supply chains, advanced manufacturing, semiconductors, public infrastructure, critical services, and other exponential, convergent, or mission-critical systems.

The United States anchor function shall not cause the Corporation to become the whole of GCRI, GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, any consortium, any National Consortium Company, any Project SPV, any Qualified Enterprise Provider, any sponsor, any host, any public authority, any university, any laboratory, or any enterprise execution actor.

The Corporation’s anchor function shall remain upstream, non-executing, public-benefit oriented, record-based, and correctionable. It may support downstream recognition, maturity, finance-readiness, public authority learning, standards support, Docket evidence, Grid maturity, and enterprise delivery only through lawful evidence, methods, observability, ontology, technical baseline, and correction inputs, and not through direct exercise of the downstream functions themselves.

5.3 GCRI US as North America Anchor for Cross-Border Evidence Architecture Where Lawful.\
The Corporation may act as a North America anchor for cross-border evidence architecture where such activity is lawful, properly recorded, safeguard-governed, and consistent with the Corporation’s United States legal seat and nonprofit public-benefit purpose.

Cross-border evidence architecture may include shared evidence classifications, source-lineage practices, provenance methods, confidence methods, uncertainty methods, sensor-fusion methods, AI-output review methods, observability schemas, public-safe reporting methods, public authority capacity semantics, data-protection controls, cyber-sensitive handling rules, protected-knowledge safeguards, and correction pathways for North America-relevant systems.

The Corporation may support cross-border evidence architecture concerning hazards, infrastructure, climate, cyber, public health, energy, water, food, biodiversity, telecommunications, AI-RAN, O-RAN, DePIN, ports, supply chains, borders, wildfire, flood, drought, heat, Arctic systems, Great Lakes systems, coastal systems, island systems, remote communities, Indigenous territories, and other systemic-risk contexts.

No cross-border evidence architecture shall be treated as a treaty instrument, intergovernmental instrument, public authority decision, legal standard, public warning, emergency command, certification, recognition, finance-readiness determination, procurement approval, regulatory approval, public finance approval, or investment basis unless a competent authority separately and lawfully records such status outside the Corporation’s non-executing role.

Where cross-border evidence work involves foreign law, public authority data, Indigenous data, protected knowledge, cyber-sensitive information, infrastructure-sensitive information, health-sensitive data, export-controlled technology, sanctions-sensitive contexts, controlled technology, national security-sensitive contexts, public-safe mapping, or community-sensitive publication, the Corporation shall apply heightened legal, data, AI, cyber, safeguards, public-safe, and local-law review.

5.4 Coordination With GCRI Canada.\
The Corporation may coordinate with GCRI Canada as a separate Canadian public-benefit anchor within the GCRI family. Such coordination may include evidence architecture, methods alignment, observability models, ontology, controlled vocabulary, public-good software, open technical baselines, public-good R\&D, verifiable compute, verifiable intelligence, Nexus Truth Engine methods, Nexus Observatory methods, public authority learning, safeguards, public-safe publication, correction pathways, and technical memory.

Coordination with GCRI Canada shall preserve separate legal personality, separate boards, separate fiduciary duties, separate treasuries, separate tax posture, separate records, separate employment and contractor relationships, separate authority to bind, separate public authority interfaces, separate data compliance obligations, separate liability, and separate domestic law obligations.

The governing rule for coordination with GCRI Canada shall be: one mission family, shared doctrine where appropriate, interoperable evidence and methods where lawful, separate legal anchors, separate corporate governance, separate fiduciary obligations, separate compliance, separate records, separate treasuries, separate authority, and no legal fusion.

No shared director, officer, advisor, fellow, contractor, employee, repository, dataset, public-good software asset, technical baseline, event, publication, funder, sponsor, donor, public authority participant, host, university, laboratory, controlled room, working group, Nexus interface, or public statement shall create agency, partnership, joint venture, branch status, parent-subsidiary status, common treasury, alter ego status, joint employer status, single employer status, shared liability, or authority to bind unless expressly and lawfully recorded.

Where GCRI US and GCRI Canada coordinate on North America matters, each institution’s capacity, contribution, authority, records, data rights, publication rights, public authority interface, public-safe limitations, correction path, and legal boundary shall be identified where needed to avoid confusion.

5.5 Coordination With Mexico, Caribbean, Arctic, Great Lakes, Pacific, Atlantic, Gulf, Border, and Regional Nexus Interfaces Where Lawfully Structured.\
The Corporation may coordinate with Mexico-facing, Caribbean-facing, Arctic, Great Lakes, Pacific, Atlantic, Gulf, border-region, Indigenous, regional Nexus, university, laboratory, public authority, civil society, community, host, sponsor, provider, and public-interest interfaces where such coordination is lawful, respectful, record-supported, and consistent with this Bylaw.

Such coordination may support evidence alignment, hazard mapping methods, public-safe observability models, public-good software, technical baselines, cross-border learning, data governance practices, public authority learning, scenario learning, systemic-risk review, research collaboration, safeguards, and correction pathways.

Coordination shall not create foreign legal presence, foreign public authority status, treaty authority, regional regulator status, cross-border procurement authority, public finance authority, public warning authority, emergency command authority, certification authority, recognition authority, finance-readiness authority, protocol authority, enterprise execution authority, or control over any foreign, regional, public authority, Indigenous, community, provider, host, sponsor, university, laboratory, national company, Project SPV, or Nexus entity.

Each coordination interface shall be classified by jurisdiction, role, legal capacity, public authority status where any, data posture, safeguards posture, publication posture, technical scope, permitted uses, restricted uses, correction pathway, and responsible record custodian where material.

Where coordination involves Mexico, the Caribbean, Arctic systems, Indigenous territories, border regions, or other sensitive cross-border settings, the Corporation shall respect local law, public authority competence, Indigenous governance, community protocols, protected knowledge, cultural context, public-safe mapping, privacy, cybersecurity, export-control, sanctions, controlled-technology, and public safety obligations.

5.6 North America Hazard, Infrastructure, Climate, Cyber, Public Health, Energy, Water, Food, Biodiversity, Telecom, Supply Chain, Disaster, Port, Border, and Systemic Risk Evidence Support.\
The Corporation may provide North America evidence support for systemic-risk domains that affect public safety, public welfare, resilience, infrastructure continuity, public trust, public authority learning, community safeguards, and mission-critical systems.

Such evidence support may include evidence frameworks, risk typologies, source-lineage methods, sensor and data interpretation methods, geospatial methods, cyber evidence methods, AI-assisted evidence review rules, observability indicators, resilience indicators, degraded-mode indicators, public-safe reporting methods, dashboard governance, data-card templates, model-card templates, system-card templates, incident-learning methods, and correction processes.

The domains for North America evidence support may include, without limitation:

a) climate hazards, wildfire, flood, drought, heat, storms, coastal risk, Arctic risk, and compound disasters;

b) energy, water, food, health, biodiversity, nature, built environment, public works, utilities, ports, transportation, and supply chains;

c) cyber systems, telecommunications, AI-RAN, O-RAN, private wireless, satellite systems, non-terrestrial networks, public safety communications, edge compute, sovereign compute, and critical digital infrastructure;

d) public health, emergency management, public safety, hospitals, remote communities, Indigenous communities, border systems, and island systems;

e) geospatial, Earth observation, sensing, drones, robotics, digital twins, data platforms, AI systems, DePIN, DLT, blockchain, and proof-receipt systems; and

f) cross-sector, cascading, convergent, and compounding systemic-risk conditions.

The Corporation shall not convert hazard, infrastructure, climate, cyber, public health, energy, water, food, biodiversity, telecom, supply-chain, disaster, port, border, or systemic-risk evidence support into public warning, public health order, emergency command, incident command, public authority decision, procurement recommendation, regulated advice, certification, recognition, finance-readiness, rating, or public finance approval.

5.7 North America Public Authority Learning Support Without Public Authority Delegation.\
The Corporation may provide public authority learning support to federal, state, territorial, District of Columbia, Tribal, Indigenous, local, municipal, county, port, utility, public health, emergency management, public safety, public works, infrastructure, telecom, water, energy, food, cyber, university, laboratory, public finance reader, regulator-listening, and cross-border public-sector participants where lawful and properly classified.

Public authority learning support may include evidence literacy, technical literacy, AI governance literacy, cyber literacy, public-safe reporting literacy, scenario learning, tabletop learning, simulation support, after-action evidence methods, observability method explanation, data governance learning, technical-baseline learning, public-good software demonstration, and controlled-room learning.

Every public authority learning interface shall be capacity-classified before public meaning is created. The Corporation shall distinguish official-capacity participation, observer participation, personal-capacity participation, regulator-listening participation, public finance reader participation, emergency-management participant participation, technical contributor participation, public infrastructure operator participation, simulation participant participation, data contributor participation, and public authority room participation.

Public authority learning support shall not constitute public authority delegation, public warning, emergency command, incident command, dispatch, evacuation instruction, public health order, public safety command, regulatory approval, procurement approval, public finance approval, grant approval, funding commitment, official adoption, sovereign obligation, public-private partnership, certification, recognition, finance-readiness, or legal mandate.

Where any public authority participant, document, meeting, dashboard, public-safe publication, repository, proof receipt, controlled-room record, or Nexus reference could create public authority confusion, the Corporation shall apply clarifying language, capacity records, non-reliance language, public-safe limitations, and correction pathways.

5.8 North America Observatory Methods Support.\
The Corporation may support North America observability methods for Nexus Observatory, Nexus Observatory Nodes, Nexus Hubs, Nexus Clusters, Nexus Hotspots, Regional Clusters, National Dense Nexus Cores, state interfaces, territorial interfaces, Tribal and Indigenous interfaces, metropolitan interfaces, sectoral interfaces, public authority learning environments, host sites, and other lawful observability contexts.

Observatory methods support may include guidance for evidence intake, source lineage, provenance, signal classification, sensor-fusion methods, AI-output review, edge-compute records, AI-RAN and O-RAN signal interpretation, DePIN and DLT record interpretation, digital twin assumptions, geospatial methods, dashboard limitations, degraded-mode awareness, resilience indicators, public-safe mapping, access controls, correction triggers, and observability record retention.

North America Observatory methods shall be designed to improve evidence quality, interpretability, safety, comparability, public authority learning, and correctionability. They shall not transform GCRI US into an operator of public infrastructure, emergency command body, public warning center, regulator, procurement authority, certification authority, finance-readiness authority, public authority, or provider.

No Observatory method, dashboard, sensor signal, AI-RAN signal, DePIN record, blockchain entry, proof receipt, digital twin output, model output, score, map, or alerting artifact shall be treated as final authority, public warning, public authority decision, certification, recognition, finance-readiness, procurement approval, rating, or emergency instruction unless separately and lawfully authorized by competent authority outside the Corporation’s default role.

5.9 North America Data, AI, Cyber, Sovereign Compute, and Cross-Border Safeguards Support.\
The Corporation may support North America data, AI, cyber, sovereign compute, verifiable compute, verifiable intelligence, and cross-border safeguards methods where lawful and consistent with its public-benefit purpose.

Such support may include data classification methods, privacy-preserving data practices, data minimization, de-identification, aggregation, public authority data handling, health-sensitive data handling, cyber-sensitive data handling, infrastructure-sensitive data handling, Indigenous data safeguards, protected knowledge controls, model registers, inference records, compute workload records, secure enclave methods, confidential computing methods, compute-to-data methods, cross-border transfer review, AI-use restrictions, cybersecurity baselines, secure release practices, identity and access controls, logging, monitoring, incident response, and correction pathways.

The Corporation shall apply heightened safeguards where North America-facing activities involve rights-bearing data, youth data, health data, public-sector data, Indigenous data, Tribal data, community-protected data, cyber-sensitive information, infrastructure-sensitive information, geospatial information, satellite information, AI-RAN systems, O-RAN systems, DePIN systems, DLT systems, sovereign compute, controlled technology, export controls, sanctions, national security-sensitive systems, or public-safe mapping.

No data, AI, cyber, compute, model, dashboard, digital twin, proof receipt, or automated output shall become institutional authority by technical operation alone. Material outputs shall require record support, classification, limitation, human review where required, public-safe review where published, and correctionability.

5.10 North America Public-Good Software and Technical Baseline Support.\
The Corporation may develop, maintain, publish, license, restrict, correct, deprecate, retire, or archive public-good software, open technology, schemas, APIs, SDKs, dashboards, reference architectures, data dictionaries, technical profiles, test harnesses, gold vectors, negative tests, benchmark libraries, interoperability profiles, model cards, system cards, dataset cards, and open technical baselines for North America-facing evidence, methods, observability, ontology, technical truth, public authority learning, safeguards, and Nexus compatibility purposes.

Public-good software and technical baseline support shall be governed by secure development, repository discipline, contributor governance, IP chain-of-title review, licensing review, data rights review, AI-use review, cybersecurity review, export-control review, sanctions review, controlled-technology review, public-safe publication review, and anti-enclosure controls where applicable.

The Corporation may support open use, public-interest use, academic use, public authority learning use, community use, and Nexus-compatible use of public-good software and technical baselines, subject to lawful licenses, restrictions, access controls, disclaimers, safeguards, public-safe limitations, and correction requirements.

No public-good software, technical baseline, repository, reference implementation, schema, API, dashboard, benchmark, test harness, proof-receipt logic, role-key logic, ledger logic, smart-license logic, or compatibility profile shall constitute certification, standards approval, legal compliance approval, procurement approval, provider preference, public authority decision, finance-readiness, recognition, public warning, emergency command, or protocol authority by default.

Where the Corporation’s public-good software or technical baseline is used by GRF, GRA, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Rails, Nexus Grid, Nexus Academy, a consortium, a National Consortium Company, a Project SPV, a provider, a sponsor, a host, a university, a laboratory, a public authority, or an enterprise actor, the Corporation’s role shall remain as recorded and shall not be expanded by downstream reliance, technical centrality, market uptake, public authority familiarity, or Nexus alignment.

5.11 North America Nexus Universe, Nexus Observatory, Nexus Standards, Nexus Grid, Nexus Rails, Nexus Academy, and Nexus Competence Cell Alignment Support.\
The Corporation may support alignment among North America-facing Nexus Universe, Nexus Observatory, Nexus Standards, Nexus Grid, Nexus Rails, Nexus Academy, Nexus Competence Cells, Nexus Risk Management, Nexus Network, consortium interfaces, public authority learning environments, host sites, universities, laboratories, communities, and enterprise-facing public-good interfaces.

Such alignment support may include evidence and methods inputs, technical baseline inputs, ontology and controlled vocabulary inputs, observability methods, public authority learning materials, Academy learning content, competence-cell materials, public-safe reporting methods, safeguards guidance, data and AI governance methods, cyber baseline methods, Docket evidence support, Grid maturity evidence support, and correction signals.

The Corporation shall not, through alignment support, become Nexus Standards, protocol authority, certification authority, recognition authority, finance-readiness authority, public authority, public finance authority, procurement authority, emergency command body, public warning authority, Nexus Grid admitting authority, Nexus Docket approving authority, Nexus Rails execution authority, Nexus Universe operator of record, Academy credentialing authority by default, National Consortium Company, Project SPV, Qualified Enterprise Provider, or enterprise execution actor.

Alignment support shall preserve the role-separation rule: GCRI US may produce and steward evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, and open technical baselines; GRF may steward registry, recognition, maturity records, standing, claims discipline, stakeholder formation, public-safe reporting, and public-facing legitimacy; GRA may steward finance-readiness, capital-readability, proof-pack, insurance-readiness, diligence translation, RNFD, NFD, UNFSD, capital-reader rooms, and regulated-perimeter discipline; and enterprise stack actors may execute projects only within their own lawful authority.

5.12 No North America Sovereign Authority.\
The Corporation’s North America anchor role shall not confer sovereign authority, quasi-sovereign authority, treaty authority, intergovernmental authority, diplomatic authority, supranational authority, regional regulator status, federal authority, state authority, territorial authority, Tribal authority, Indigenous governance authority, local authority, public authority status, emergency authority, public warning authority, public finance authority, procurement authority, certification authority, recognition authority, finance-readiness authority, standards authority, protocol authority, or enterprise execution authority.

The Corporation shall not represent itself as speaking for North America, the United States, Canada, Mexico, the Caribbean, the Arctic, any border region, any Indigenous people, any Tribal Nation, any public authority, any regional body, any public finance body, any Nexus body, any consortium, any community, any provider, any host, any sponsor, or any enterprise actor unless a competent written record authorizes the exact statement within lawful scope.

No North America anchor language shall be used to override local law, foreign law, state law, territorial law, Tribal law, Indigenous protocol, public authority competence, data governance obligations, protected knowledge restrictions, public-safe mapping limits, public authority capacity classification, or the Corporation’s non-execution perimeter.

Where North America anchor language creates or may create overclaim, ambiguity, public authority confusion, finance signaling, certification implication, procurement implication, provider preference, sponsor control, or legal-identity confusion, the Corporation shall require correction, withdrawal, rewording, public-safe clarification, controlled clarification, access restriction, or other remedial action.

5.13 No Treaty, Intergovernmental, Regional Regulator, Public Finance, Emergency Command, Procurement, Certification, Recognition, or Finance-Readiness Authority by Anchor Role.\
The North America anchor role shall not authorize the Corporation to create or enter a treaty, bind governments, constitute an intergovernmental organization, act as a regional regulator, approve public finance, allocate public funds, issue grants on behalf of public authorities, approve tax credits, approve procurement, select vendors for public authorities, certify legal compliance, accredit systems, issue recognition, determine standing, confer maturity, approve Docket status, admit assets to Grid status, issue finance-readiness, determine capital-readability, approve insurance-readiness, provide investment advice, underwrite, lend, insure, rate, broker, place capital, command emergencies, issue public warnings, or operate public infrastructure.

The Corporation may participate in discussions, research, learning sessions, scenarios, controlled rooms, public-safe publications, methods alignment, technical-baseline development, and Nexus interface support concerning such matters only as a non-executing public-benefit evidence and methods institution.

No public authority, sponsor, donor, funder, provider, host, investor, insurer, lender, underwriter, bank, National Consortium Company, Project SPV, Qualified Enterprise Provider, university, laboratory, community, or Nexus entity may use the Corporation’s North America anchor role to imply authority, endorsement, approval, reliance, certification, recognition, finance-readiness, procurement advantage, public authority adoption, or execution status beyond the exact competent record.

Where a North America-facing activity approaches a regulated perimeter, public authority perimeter, public finance perimeter, emergency command perimeter, procurement perimeter, certification perimeter, recognition perimeter, finance-readiness perimeter, investment perimeter, insurance perimeter, banking perimeter, lending perimeter, rating perimeter, securities perimeter, or professional advice perimeter, the Corporation shall hold, quarantine, re-scope, externalize, refer, or terminate the activity unless lawful authority, role separation, disclaimers, records, and controls are established.

5.14 North America Anchor Role Records.\
The Corporation shall maintain records sufficient to evidence the scope, authority, limits, interfaces, outputs, safeguards, and correction pathways of its North America anchor role.

Such records shall include, as applicable:

a) North America anchor role register entries;

b) Board resolutions or delegated approvals authorizing North America-facing functions;

c) GCRI Canada coordination records;

d) Mexico-facing, Caribbean-facing, Arctic, Great Lakes, Pacific, Atlantic, Gulf, border, regional Nexus, Indigenous, public authority, university, laboratory, host, sponsor, provider, community, and civil society interface records;

e) cross-border legal review records;

f) public authority capacity records;

g) evidence architecture records;

h) methods records;

i) observability records;

j) ontology and controlled vocabulary records;

k) public-good software and technical baseline records;

l) data, AI, cyber, privacy, sovereign compute, verifiable compute, verifiable intelligence, export-control, sanctions, controlled-technology, and cybersecurity review records;

m) community safeguards, Indigenous knowledge, Tribal protocol, protected knowledge, civil rights, accessibility, public-safe mapping, consent, non-consent, grievance, and correction records;

n) public-safe publication records;

o) Nexus Universe, Nexus Observatory, Nexus Standards, Nexus Grid, Nexus Rails, Nexus Academy, Nexus Competence Cell, Nexus Risk Management, Nexus Network, GRF, and GRA alignment records;

p) finance-boundary, certification-boundary, procurement-boundary, public authority-boundary, public warning-boundary, emergency command-boundary, and regulated-perimeter review records;

q) compatibility notes, divergence logs, localization notes, equivalence notes, limitation notes, and reliance limitations;

r) correction, supersession, withdrawal, retraction, takedown, public-safe clarification, and controlled clarification records; and

s) records of any refused, suspended, narrowed, localized, quarantined, externalized, referred, terminated, or re-scoped North America-facing activity.

The governing rule of this Section is that the Corporation’s North America anchor role exists to preserve lawful evidence coherence, methods integrity, observability discipline, technical truth, public-good software, public authority learning, safeguards, and Nexus public-good compatibility across North America-facing systems. It shall never be used to create sovereignty, public authority, treaty power, regional regulation, emergency command, public warning, public finance, procurement, certification, recognition, finance-readiness, market execution, enterprise delivery, or control over any separate institution.

## Section 6. Federal, State, Territorial, Tribal, Local, and Cross-Border Legal Orientation

6.1 Federal Law Orientation.\
The Corporation shall conduct its affairs with full regard to the Constitution, laws, regulations, orders, binding rules, and legally applicable requirements of the United States, as they may apply to the Corporation’s formation, governance, tax status, activities, records, fundraising, employment, contracting, research, publication, data processing, public authority engagement, technical systems, controlled technology, public-good software, public communications, and cross-border interfaces.

Federal law shall be treated as a mandatory compliance layer for all Corporation activities where applicable. The Corporation shall not rely on its nonprofit character, public-benefit mission, technical purpose, public-good role, Nexus alignment, public authority familiarity, sponsor support, academic collaboration, or public-interest character as a basis to avoid federal legal obligations.

The Corporation shall maintain a federal-law orientation covering, as applicable:

a) federal tax law and tax-exempt or tax-exempt-compatible operation;

b) charitable, educational, scientific, research, public-benefit, and public-support requirements where applicable;

c) lobbying, political activity, campaign intervention, public policy, grant, and government ethics requirements;

d) privacy, data protection, cybersecurity, AI governance, consumer protection, research, health data, youth data, public-sector data, and rights-bearing data obligations;

e) civil rights, accessibility, nondiscrimination, employment, contractor, volunteer, fellow, and workplace obligations;

f) sanctions, export controls, controlled technology, dual-use, defense-adjacent, national security-sensitive, CFIUS-relevant, cyber-sensitive, infrastructure-sensitive, AI-RAN, O-RAN, DePIN, DLT, sovereign compute, HPC, geospatial, satellite, robotics, drone, quantum-relevant, semiconductor, and other sensitive-technology requirements;

g) competition, antitrust, unfair competition, procurement-integrity, anti-corruption, gifts, hospitality, conflicts, and market-conduct requirements;

h) federal public records, Freedom of Information Act, federal advisory, open-government, public procurement, grant, cooperative agreement, public authority, and federally connected confidentiality constraints where applicable; and

i) any other federal law applicable to the Corporation’s actual activities.

The Corporation shall not describe federal interaction, federal participation, federal funding, federal grant interest, federal technical review, federal laboratory collaboration, federal agency attendance, federal public authority learning, or federal regulator-listening participation as federal approval, adoption, endorsement, public finance approval, procurement approval, emergency authority, public warning authority, certification, recognition, finance-readiness, regulatory comfort, safe harbor, or public authority delegation unless a competent federal authority has expressly and lawfully recorded that exact status.

6.2 State Law Orientation.\
The Corporation shall maintain a state-law orientation appropriate to its state of incorporation or organization and to each state in which it operates, solicits support, employs personnel, contracts, holds events, processes data, maintains facilities, collaborates with public authorities, conducts public-benefit activities, publishes state-facing materials, receives restricted funds, or otherwise creates legal obligations.

The law of the Corporation’s state of incorporation or organization shall govern the internal corporate affairs of the Corporation, subject to applicable federal law, the Articles or Certificate, this Bylaw, and mandatory law otherwise applicable to particular activities. State nonprofit corporation law shall be treated as the corporate-law anchor for internal governance, including the Board, officers, members where applicable, records, meetings, notices, amendments, indemnification, merger, dissolution, and other internal affairs.

The Corporation shall also respect the law of each other state where activity creates compliance obligations. Such law may include foreign qualification, charitable solicitation registration, state tax, employment, contractor, privacy, cybersecurity, consumer protection, public authority contracting, procurement-integrity, lobbying, political activity, government ethics, public records, open meetings, grant compliance, civil rights, accessibility, professional boundary, event, facility, and local-law requirements.

No state-facing activity shall be treated as lawful merely because the Corporation is lawfully incorporated in another state. No state-facing activity shall be represented as official state adoption, state funding, state mandate, state public authority approval, state procurement approval, state public finance approval, state certification, state recognition, state public-private partnership, or state endorsement unless the competent state authority has expressly and lawfully recorded that exact status.

6.3 Territorial Law Orientation.\
The Corporation shall maintain a territorial-law orientation for activities in or concerning Puerto Rico, Guam, the U.S. Virgin Islands, American Samoa, the Commonwealth of the Northern Mariana Islands, and any other United States territorial or insular context in which the Corporation operates, convenes, collaborates, publishes, receives support, maintains controlled rooms, processes data, or engages public authorities.

Territorial activity shall be treated as jurisdictionally specific and shall be reviewed for applicable federal, territorial, local, tax, charitable solicitation, employment, contractor, privacy, cybersecurity, data, AI, public authority, procurement, grant, public records, accessibility, civil rights, community-safeguards, disaster-sensitivity, infrastructure-sensitivity, public-safe publication, and local-language or accessibility requirements.

The Corporation shall apply heightened review in territorial contexts where activities involve climate risk, disaster resilience, ports, telecommunications, energy, water, food, public health, public safety, military-adjacent systems, national security-sensitive systems, public authority data, cyber-sensitive information, infrastructure-sensitive information, geospatial mapping, public-safe publication, protected knowledge, or community vulnerability.

No territorial-facing activity shall imply territorial public authority status, emergency command, public warning authority, territorial funding approval, procurement approval, public finance approval, regulatory approval, certification, recognition, finance-readiness, provider preference, or official adoption unless supported by competent territorial and Corporation records.

6.4 District of Columbia Law Orientation.\
The Corporation shall maintain a District of Columbia law orientation where it conducts activities in or concerning the District of Columbia, including federal-interface activities, public authority learning, nonprofit engagement, public policy-adjacent education, public-benefit research, university collaboration, civil society engagement, public communications, grants, meetings, controlled rooms, fundraising, employment, contracting, or events.

District of Columbia activities shall be reviewed for nonprofit registration, charitable solicitation, tax, employment, contractor, lobbying, political activity, public policy, government ethics, gifts, public records, procurement-integrity, event, data, privacy, cybersecurity, accessibility, civil rights, grant, and public authority implications where applicable.

The Corporation shall not use District of Columbia presence, meetings, federal proximity, public policy discussion, public authority attendance, federal agency familiarity, congressional familiarity, embassy proximity, international organization participation, development finance participation, or capital-reader attendance to imply federal endorsement, federal adoption, sovereign status, public finance approval, procurement approval, regulatory approval, public authority delegation, lobbying authority beyond lawful registration, or official public action.

6.5 Tribal Law and Indigenous Governance Respect.\
The Corporation shall respect Tribal sovereignty, Indigenous governance, Indigenous self-determination, Tribal law where applicable, federal Indian law where applicable, Indigenous data governance, community protocols, protected knowledge, cultural protocols, local knowledge, territorial knowledge, sacred-site sensitivity, environmental knowledge, consent and non-consent pathways, withdrawal pathways, correction pathways, attribution rules, grievance pathways, non-retaliation, and do-no-harm obligations.

The Corporation shall not treat Tribal, Indigenous, community, or protected knowledge as ordinary open data merely because it is observed, volunteered, published, sensed, mapped, digitized, discussed in a meeting, included in a dataset, referenced by a public authority, generated through AI, contained in a dashboard, or made available through a partner. The Corporation shall apply protective classification, access control, publication control, and correction pathways where Indigenous, Tribal, local, territorial, cultural, environmental, or protected knowledge may be implicated.

Any engagement with Tribal Nations, Indigenous governments, Indigenous communities, Indigenous organizations, Indigenous knowledge holders, Tribal colleges and universities, Tribal utilities, Tribal emergency management bodies, Tribal health bodies, Tribal public safety bodies, or other Indigenous governance or community interfaces shall identify the relevant capacity, authority, consent posture, data rights, publication rights, public-safe limits, and correction pathway where material.

No Tribal or Indigenous participation, consultation, controlled-room attendance, data contribution, public authority learning participation, technical review, public-safe publication review, site access, observatory activity, Nexus interface activity, or public statement shall be represented as consent, endorsement, delegation, official adoption, public authority approval, procurement approval, public finance approval, certification, recognition, finance-readiness, or public-private partnership unless the competent Tribal or Indigenous authority or rights-holder has expressly and lawfully recorded the exact status.

6.6 Local Law Orientation.\
The Corporation shall maintain a local-law orientation for activities involving counties, municipalities, metropolitan areas, ports, utilities, special districts, public health bodies, emergency management bodies, public safety bodies, public works bodies, water systems, energy systems, food systems, telecommunications systems, cyber systems, infrastructure operators, community organizations, host sites, universities, laboratories, field locations, events, local data, local knowledge, and local public authority interfaces.

Local-law review may include business registration, local tax, event permitting, facility use, employment, contractor, procurement, public records, open meetings, public authority contracting, public health, public safety, environmental, zoning, accessibility, civil rights, data, cybersecurity, privacy, public-safe mapping, community-safeguards, and local public authority constraints where applicable.

The Corporation shall not represent local participation, local hosting, local public authority attendance, utility participation, port participation, public health participation, emergency-management participation, public safety participation, infrastructure-operator participation, community presence, or local data contribution as local government approval, public authority delegation, emergency command, public warning authority, public finance approval, procurement approval, official adoption, certification, recognition, finance-readiness, provider preference, or public-private partnership unless expressly and lawfully recorded.

6.7 Cross-Border Legal Orientation.\
The Corporation shall maintain a cross-border legal orientation for activities involving Canada, Mexico, the Caribbean, the Arctic, Great Lakes, Pacific, Atlantic, Gulf, border regions, Indigenous cross-border contexts, foreign public authorities, foreign universities, foreign laboratories, international organizations, foreign donors, foreign sponsors, foreign providers, foreign hosts, cross-border data, cross-border public-safe publication, cross-border controlled rooms, cross-border observability systems, and North America-facing Nexus interfaces.

Cross-border activity shall be reviewed for applicable United States law, foreign law, local law, public authority competence, data localization, privacy, cybersecurity, AI governance, export controls, sanctions, controlled technology, national security sensitivity, protected knowledge, Indigenous governance, research ethics, public-safe mapping, grant compliance, tax, charitable solicitation, employment, contracting, and publication obligations.

The Corporation shall not treat cross-border coordination as foreign registration, foreign public authority status, treaty authority, diplomatic status, intergovernmental status, regional regulator status, public finance authority, procurement authority, emergency authority, public warning authority, certification authority, recognition authority, finance-readiness authority, protocol authority, or enterprise execution authority.

Where cross-border legal uncertainty exists, the Corporation shall suspend, narrow, compartmentalize, localize, re-scope, route through a lawful local partner, obtain legal review, obtain public authority clarification where appropriate, or terminate the activity. No North America anchor role, Nexus alignment, sponsor expectation, donor expectation, public authority interest, technical urgency, community need, or publication timeline shall override local law respect.

6.8 Corporate Law.\
The Corporation shall comply with the corporate law of its state of incorporation or organization and with any other corporate registration, foreign qualification, annual report, registered agent, registered office, good standing, governance, recordkeeping, amendment, merger, conversion, dissolution, indemnification, or corporate-status requirements applicable to its operations.

Corporate-law compliance shall include maintaining accurate records of the Corporation’s legal name, registered office, registered agent, principal office, principal governance seat, directors, officers, members where applicable, Board resolutions, member resolutions where applicable, committee records, Bylaw versions, corporate filings, annual reports, certificates of good standing, amendments, consents, and other corporate records.

Corporate-law authority shall not be expanded by custom, informal practice, program urgency, sponsor pressure, public authority familiarity, operational convenience, technical centrality, repository control, AI-generated summary, or Nexus reference. Corporate authority shall arise only through applicable law, the Articles or Certificate, this Bylaw, Board or member action where applicable, and competent records.

6.9 Federal Tax Law.\
The Corporation shall comply with applicable federal tax law, including rules governing nonprofit status, tax-exempt or tax-exempt-compatible operation, exemption applications where applicable, annual information returns where applicable, unrelated business income, private inurement, private benefit, excess benefit transactions, compensation reasonableness, lobbying, political activity, donor acknowledgments, charitable receipts where permitted, grants, restricted funds, sponsorships, fee income, cost recovery, employment taxes, contractor payments, and reporting obligations.

The Corporation shall not represent itself as tax-exempt, charitable, eligible to issue charitable tax receipts, publicly supported, private foundation, supporting organization, fiscal sponsor, sponsored project, section 501(c)(3) organization, section 501(c)(4) organization, section 501(c)(6) organization, or any other tax classification unless the status is supported by competent records and lawful authority.

Tax-exempt or tax-exempt-compatible operation shall not permit private inurement, impermissible private benefit, donor control, sponsor control, provider preference, support-for-outcome, support-for-recognition, support-for-finance-readiness, support-for-certification, support-for-procurement advantage, public authority access purchase, or regulated execution.

6.10 State Tax and Franchise Law.\
The Corporation shall comply with applicable state tax, franchise tax, sales and use tax, income tax, employment tax, property tax, exemption, registration, reporting, annual filing, charitable registration, and state-specific nonprofit tax rules in each jurisdiction where such rules apply.

No state tax exemption, franchise tax exemption, charitable registration, sales-tax treatment, foreign qualification, or good-standing status shall be assumed without records. The Corporation shall maintain state-specific tax and registration records sufficient to determine whether it may solicit funds, receive donations, charge fees, conduct programs, employ personnel, contract, hold events, own or lease property, process data, or engage in public authority learning in each relevant jurisdiction.

Where state tax status is unclear, the Corporation shall apply the more protective lawful treatment pending review and shall not issue receipts, exemption claims, donor assurances, fee descriptions, sponsorship classifications, or public-facing tax statements unsupported by records.

6.11 Nonprofit and Tax-Exempt Law.\
The Corporation shall be operated in a manner consistent with its nonprofit character, public-benefit purpose, non-distribution rule, no-private-inurement rule, no-impermissible-private-benefit rule, and tax-exempt or tax-exempt-compatible posture where applicable.

Nonprofit and tax-exempt legal orientation shall apply to all Corporation activities, including research, publications, public-good software, Academy activities, public authority learning, Nexus interfaces, technical baselines, controlled rooms, grants, donations, sponsorships, subscriptions, fee programs, fellowships, awards, scholarships, in-kind contributions, partnerships, and cross-border coordination.

The Corporation shall not structure any activity to convert public-good assets into private capture, sell institutional authority, monetize recognition, sell finance-readiness, sell certification, sell procurement advantage, sell public authority access, sell provider preference, or create improper private benefit.

6.12 Charitable Solicitation Law Where Applicable.\
Where the Corporation solicits donations, grants, charitable contributions, sponsorships treated as charitable support, public support, restricted gifts, in-kind contributions, or other support in any state, territory, District of Columbia, online environment, event setting, or cross-border context, it shall review charitable solicitation registration, exemption, notice, disclosure, renewal, filing, commercial co-venturer, professional fundraiser, donor acknowledgment, and charitable-receipting requirements.

No person shall solicit funds using the Corporation’s name unless authorized and unless required registration, exemption, disclosure, review, and public description controls have been satisfied or appropriately escalated.

Solicitation materials shall not imply charitable tax deductibility, tax-exempt status, public authority endorsement, public finance approval, procurement advantage, certification, recognition, finance-readiness, Docket status, Grid status, provider preference, sponsor control, donor control, or public authority access unless supported by competent records.

6.13 Privacy, Data Protection, Cybersecurity, AI, Consumer Protection, Public Sector Data, Health Data, Research, and Children’s Data Law Where Applicable.\
The Corporation shall maintain a legal orientation for privacy, data protection, cybersecurity, AI governance, consumer protection, public-sector data, health data, research data, youth and children’s data, biometric data, geolocation data, infrastructure-sensitive data, cyber-sensitive data, Indigenous data, community-protected data, and other rights-bearing or sensitive information where applicable.

The Corporation shall classify data and system activities by risk, jurisdiction, source, purpose, rights-bearing status, sensitivity, public authority status, cross-border status, AI-use status, access class, retention class, publication class, correction pathway, and legal basis where applicable.

No personal data, public authority data, health-sensitive data, youth data, cyber-sensitive data, infrastructure-sensitive data, Indigenous data, protected knowledge, or community-protected data shall be used for AI training, model improvement, inference, publication, mapping, benchmarking, controlled-room demonstration, repository release, public-safe report, sponsor deliverable, provider deliverable, or Nexus interface output unless lawful, authorized, classified, recorded, and safeguarded.

The Corporation shall apply human review, limitation notes, access controls, correctionability, public-safe review, cybersecurity controls, and legal review where AI systems, dashboards, digital twins, proof receipts, automated scores, sensor systems, AI-RAN signals, DePIN records, DLT records, or model outputs may affect public meaning, rights, public authority interpretation, finance interpretation, certification interpretation, or public safety.

6.14 Export Controls, Sanctions, National Security, Controlled Technology, CFIUS-Relevant Sensitivity Where Applicable, and Defense / Dual-Use Controls.\
The Corporation shall maintain a legal orientation for export controls, sanctions, restricted-party rules, embargoes, anti-boycott laws where applicable, controlled technology, national security-sensitive systems, defense-adjacent systems, dual-use systems, CFIUS-relevant sensitivity where applicable, foreign person access, deemed exports, technical data, source code, encryption, AI systems, compute systems, cyber tools, geospatial systems, satellite data, robotics, drones, AI-RAN, O-RAN, DePIN, DLT, blockchain, quantum-relevant systems, semiconductors, advanced manufacturing, biosecurity, and other controlled or sensitive technologies.

The Corporation shall screen, classify, restrict, hold, quarantine, re-scope, or decline activities where sanctions, export-control, controlled-technology, national security, foreign person, foreign funding, foreign public authority, foreign provider, sensitive data, sensitive compute, or defense-adjacent risk may arise.

No open technology, public-good software, technical baseline, dataset, benchmark, proof-receipt logic, model, schema, API, SDK, cyber method, observability method, AI-RAN method, DePIN method, DLT method, dashboard, or controlled-room material shall be released, exported, shared, demonstrated, or made accessible where applicable law requires restriction, review, authorization, classification, or denial.

No participation by foreign persons, foreign public authorities, foreign sponsors, foreign providers, foreign hosts, foreign universities, foreign laboratories, or cross-border collaborators shall be accepted into controlled technology or sensitive rooms without appropriate screening and records.

6.15 Competition and Antitrust Law.\
The Corporation shall comply with federal and state competition, antitrust, unfair competition, and market-conduct laws applicable to meetings, councils, committees, working groups, forums, benchmarking, data sharing, standards support, public-good software, technical comparisons, market baseline libraries, public statements, procurement-adjacent contexts, provider participation, sponsor participation, controlled rooms, clean rooms, research consortia, and Nexus interfaces.

The Corporation shall prohibit discussion, exchange, coordination, facilitation, or inference concerning competitively sensitive matters except where lawful, appropriately structured, and controlled. Prohibited matters include pricing, margins, costs, bids, wages, customer allocation, supplier allocation, market allocation, capacity, output, boycott, exclusion, procurement steering, coordinated commercial strategy, competitively sensitive future plans, and any other subject that may create unlawful coordination.

Where benchmarking, technical comparison, evidence aggregation, provider participation, market baseline libraries, clean rooms, or standards-support activities involve competitors or market actors, the Corporation shall use safeguards such as agendas, minutes, counsel review where appropriate, independent administration, aggregation, de-identification, delayed publication, access controls, clean teams, do-not-discuss rules, stop-meeting authority, and incident escalation.

The Corporation’s role in public-good technical coordination shall never be used as a platform for market collusion, provider exclusion, procurement steering, sponsor capture, or anti-competitive conduct.

6.16 Lobbying, Political Activity, Government Ethics, Gifts, Procurement Integrity, and Grant Compliance Where Applicable.\
The Corporation shall maintain a legal orientation for lobbying, political activity, campaign intervention, public policy communications, government ethics, gifts, hospitality, conflicts, procurement integrity, grant compliance, cooperative agreements, public funding, public authority meetings, public authority learning, public finance reader rooms, regulator-listening sessions, and public authority communications where applicable.

The Corporation shall not engage in campaign intervention or political activity inconsistent with its legal status. Lobbying, public policy education, government relations, public authority engagement, grant communications, and public funding communications shall be conducted only within lawful limits, applicable registration rules, tax-status restrictions, grant restrictions, ethics requirements, and public-safe claims discipline.

No gift, hospitality, sponsorship, donation, travel support, public authority access, controlled-room access, Academy seat, data-room access, publication opportunity, advisory role, committee participation, or Nexus interface invitation shall be used to obtain improper influence, public authority action, procurement advantage, regulatory comfort, funding approval, public finance approval, certification, recognition, or finance-readiness.

Procurement-sensitive communications shall be reviewed to avoid vendor selection, bid shaping, procurement steering, conflict of interest, unfair advantage, or improper public authority influence.

6.17 Public Records, FOIA, State Sunshine, Open Meetings, Public Procurement, and Public Authority Constraints Where Applicable.\
Where the Corporation interacts with public authorities, public universities, public laboratories, public agencies, public finance bodies, public infrastructure operators, public-sector participants, or publicly funded programs, it shall maintain awareness of public records, FOIA, state sunshine laws, open meetings, public procurement, public contracting, public grants, public ethics, public confidentiality, data-sharing, and public authority constraints where applicable.

The Corporation shall not assume that materials shared with public authorities will remain confidential unless a lawful confidentiality basis, exemption, agreement, classification, or public authority rule supports such treatment. Public authority-facing materials shall be prepared with public-safe publication risk, public records risk, privilege risk, protected knowledge risk, cyber-sensitive risk, infrastructure-sensitive risk, personal data risk, and public meaning risk in mind.

Where public authority constraints apply, the Corporation shall classify participants and materials; control meeting format; identify whether any body is advisory, learning, controlled, public, private, confidential, privileged, or recordable; and preserve the Corporation’s non-executing status.

No public authority interface shall be allowed to convert the Corporation into a public agency, public advisory committee, public procurement body, public finance body, regulator, public warning authority, emergency command body, public-private partnership, or official decision-making body unless separately and lawfully constituted and recorded.

6.18 Employment, Contractor, Volunteer, Fellow, Advisor, Workplace, Accessibility, and Civil Rights Compliance.\
The Corporation shall comply with applicable employment, contractor, volunteer, fellow, advisor, workplace, wage and hour, tax withholding, benefits, workers’ compensation, unemployment insurance, workplace safety, anti-harassment, anti-retaliation, nondiscrimination, civil rights, accessibility, disability access, language access, accommodation, whistleblower, and workplace recordkeeping requirements.

The Corporation shall classify workers, contractors, fellows, advisors, volunteers, interns, seconded personnel, contributors, and maintainers according to applicable law and written terms. No title, fellowship, advisory role, contractor label, volunteer description, open-source contribution, secondment, stipend, honorarium, reimbursement, Academy participation, or controlled-room role shall be used to avoid applicable labor, tax, benefit, civil rights, accessibility, or safety obligations.

The Corporation shall maintain workplace and participation environments that support dignity, non-discrimination, accessibility, inclusion, protected participation, non-retaliation, and safe reporting. This obligation shall apply to physical, virtual, hybrid, controlled-room, data-room, repository, Academy, public authority learning, fieldwork, event, committee, council, working group, and Nexus interface settings.

6.19 Professional Boundary Compliance.\
The Corporation shall maintain professional boundary compliance in all research, evidence, methods, public-safe publication, public authority learning, technical review, finance-adjacent, insurance-adjacent, procurement-adjacent, legal-adjacent, engineering-adjacent, public health-adjacent, medical-adjacent, cybersecurity-adjacent, emergency-management-adjacent, and regulated-activity-adjacent contexts.

The Corporation’s outputs shall not be represented as legal advice, investment advice, engineering certification, clinical advice, medical advice, public health order, emergency instruction, cybersecurity attestation, insurance underwriting, rating, lending opinion, procurement recommendation, regulatory safe harbor, compliance approval, certification, accreditation, or public authority decision unless separately and lawfully authorized by competent persons and records.

Where professional advice or licensed activity may be required, the Corporation shall refer, externalize, re-scope, or require involvement of appropriately licensed or authorized professionals. Technical literacy, public-good evidence, methods, observability, data analysis, dashboards, model outputs, public-safe reports, educational materials, and Nexus interfaces shall not be used to evade professional licensing boundaries.

6.20 Cross-Border Conflict-of-Law Review.\
Where an activity implicates more than one jurisdiction, the Corporation shall conduct conflict-of-law review proportionate to risk. Such review shall consider the Corporation’s United States legal seat, state of incorporation, federal law, state law, territorial law, Tribal or Indigenous governance where applicable, local law, foreign law, data localization, privacy, cybersecurity, AI governance, export controls, sanctions, controlled technology, tax, charitable solicitation, employment, contracting, public authority constraints, research ethics, protected knowledge, and public-safe publication obligations.

Where legal obligations conflict or appear to conflict, the Corporation shall apply the most protective lawful posture pending resolution. Protective measures may include suspension, hold, quarantine, access restriction, localization, compartmentalization, segregation, redaction, aggregation, de-identification, separate instrument, separate public authority protocol, local counsel review, routing through a compliant local partner, refusal, withdrawal, correction, or termination.

No person shall rely on informal comfort, partner assurance, sponsor assurance, public authority interest, technical feasibility, platform defaults, AI-generated legal summary, repository practice, custom, operational urgency, or Nexus alignment as a substitute for legal review where cross-border conflict risk is material.

6.21 Legal Orientation Records.\
The Corporation shall maintain legal orientation records sufficient to demonstrate that its federal, state, territorial, District of Columbia, Tribal, Indigenous, local, and cross-border legal posture is identified, reviewed, updated, and correctionable.

Legal orientation records may include:

a) federal-law compliance registers;

b) state-law compliance registers;

c) territorial and District of Columbia compliance registers;

d) Tribal and Indigenous governance respect records;

e) local-law review records;

f) cross-border legal review records;

g) corporate-law records;

h) federal tax records;

i) state tax, franchise tax, and exemption records;

j) nonprofit, tax-exempt, public-benefit, and non-distribution records;

k) charitable solicitation registrations, exemptions, renewals, and disclosure records;

l) privacy, data protection, AI, cybersecurity, consumer protection, public-sector data, health data, research data, youth data, and rights-bearing data records;

m) export-control, sanctions, controlled-technology, national security, CFIUS-relevant sensitivity, defense, dual-use, and foreign-person access review records;

n) competition, antitrust, clean-room, benchmarking, and do-not-discuss records;

o) lobbying, political activity, government ethics, gifts, procurement integrity, grant, and public authority communication records;

p) public records, FOIA, sunshine, open-meeting, public procurement, public authority confidentiality, and public-sector constraint records;

q) employment, contractor, volunteer, fellow, advisor, workplace, accessibility, civil rights, protected participation, and non-retaliation records;

r) professional-boundary review records;

s) conflict-of-law records;

t) hold, stop, quarantine, re-scope, externalization, referral, localization, compartmentalization, suspension, termination, correction, and public-safe notice records; and

u) legal orientation updates, responsible owners, review dates, version references, and correction histories.

The governing rule of this Section is that the Corporation’s public-good technical mission shall be executed only through lawful, jurisdictionally aware, record-supported, non-executing, public-benefit, public-safe, role-separated, and correctionable conduct. No federal, state, territorial, Tribal, local, or cross-border legal ambiguity shall be used to expand the Corporation’s authority, avoid compliance, collapse institutional roles, create public authority meaning, imply finance-readiness, imply certification, imply procurement approval, create provider preference, permit sponsor control, or convert evidence stewardship into execution.

## Section 7. Nonprofit, Non-Share, Non-Distributing, Tax-Exempt-Compatible, and Public-Benefit Character

7.1 Nonprofit Character.\
The Corporation shall be maintained as a nonprofit corporation organized and operated for lawful public-benefit purposes and not for the private profit, private ownership, dividend, appreciation, distribution, personal enrichment, or economic benefit of any director, officer, member, founder, sponsor, donor, funder, provider, host, contractor, employee, advisor, fellow, volunteer, contributor, public authority participant, university, laboratory, partner, affiliate, related person, private person, or enterprise actor.

The nonprofit character of the Corporation shall govern all corporate interpretation, Board action, officer action, committee action, program design, revenue activity, fundraising, grant activity, sponsorship, publication, public-good software release, technical-baseline development, evidence activity, observability activity, public authority learning activity, controlled-room activity, Nexus interface activity, cross-border coordination, and use of corporate assets.

The Corporation may receive grants, donations, sponsorships, subscriptions, fees, reimbursements, cost-recovery payments, in-kind support, restricted funds, unrestricted funds, public-good support, awards, and other lawful receipts only where such receipts are applied to lawful corporate purposes and do not create private inurement, impermissible private benefit, donor control, sponsor control, provider preference, support-for-outcome, support-for-recognition, support-for-finance-readiness, support-for-certification, support-for-procurement advantage, public authority access purchase, regulated execution, or institutional capture.

The Corporation’s nonprofit character shall not be diminished by technical sophistication, public-good software activity, public authority participation, academic collaboration, sponsor support, provider participation, fee-based learning, Academy activity, cost recovery, controlled-room access, repository administration, public-good infrastructure support, Nexus alignment, North America anchor activity, or participation in complex public-benefit systems.

7.2 Non-Share or Non-Stock Character.\
The Corporation shall have no share capital, no stock, no equity owners, no shareholders, no units, no profit-participation rights, no dividend rights, no appreciation rights, no liquidation preferences for private persons, and no ownership interests capable of being sold, transferred, pledged, tokenized, securitized, encumbered, inherited, or otherwise treated as private property.

No person shall acquire any ownership interest in the Corporation or in any Corporation asset, name, mark, goodwill, repository, dataset, publication, whitepaper, software, technical baseline, ontology, method, evidence artifact, model card, system card, public-good asset, controlled vocabulary, proof receipt, dashboard, public-safe report, Nexus-compatible reference, institutional record, or public-benefit output by reason of founding activity, authorship, employment, contract, donation, sponsorship, funding, membership, subscription, advisory status, technical contribution, public authority participation, host participation, data contribution, Board service, officer service, or Nexus interface role.

Where the governing law refers to the Corporation as a nonstock corporation, the Corporation shall be treated as nonstock. Where the governing law uses another terminology, the equivalent non-share, non-equity, non-distributing nonprofit character shall govern.

No membership class, supporter category, donor category, sponsorship tier, subscription category, fellow status, advisor role, public authority participant status, provider participant status, host status, controlled-room access category, Academy category, repository role, maintainer status, contributor status, working group role, or Nexus interface role shall be construed as equity, stock, ownership, beneficial ownership, investment contract, transferable economic interest, partnership interest, fund interest, security, or private property interest in the Corporation.

7.3 Non-Distribution Rule.\
The income, assets, reserves, revenues, grants, donations, sponsorships, subscriptions, fees, reimbursements, cost-recovery receipts, in-kind contributions, intellectual property, public-good software, technical baselines, datasets, records, methods, evidence artifacts, repositories, and other property of the Corporation shall be dedicated to the lawful purposes of the Corporation and shall not be distributed to any private person except as reasonable compensation, reimbursement, grant, award, scholarship, fellowship, stipend, contract payment, program support, or other lawful expenditure made in furtherance of the Corporation’s purposes and in accordance with applicable law, this Bylaw, Board-approved policies, and competent records.

No distribution shall be made by way of dividend, bonus, profit share, surplus distribution, return on capital, equity redemption, liquidation preference, ownership payout, token distribution, profit participation, sponsor benefit, donor benefit, provider benefit, host benefit, member benefit, founder benefit, related-party benefit, or other private economic return.

The Corporation may pay reasonable compensation for services actually rendered, reimburse reasonable expenses, acquire goods and services at fair value, make lawful grants, provide scholarships or fellowships, make program-related awards, support public-benefit projects, and engage contractors, employees, advisors, fellows, vendors, and contributors where such payments are authorized, documented, reasonable, purpose-aligned, conflict-reviewed where required, and not used to confer improper private benefit.

Upon dissolution, winding up, liquidation, merger, conversion, transfer of substantially all assets, or termination of corporate existence, the Corporation’s remaining assets shall be distributed only in accordance with applicable law, the Articles or Certificate, tax-exempt or tax-exempt-compatible requirements where applicable, lawful donor restrictions, Board-approved dissolution instruments, and this Bylaw, and shall not be distributed to directors, officers, members, founders, sponsors, donors, funders, providers, hosts, employees, contractors, advisors, contributors, related persons, or private persons except to the extent lawfully owed for bona fide obligations.

7.4 No Dividends.\
The Corporation shall not declare, accrue, authorize, pay, issue, promise, or distribute any dividend, patronage dividend, profit share, surplus distribution, capital return, return on contribution, return on sponsorship, donor return, membership return, provider return, founder return, contributor return, token return, equity-like return, or economic distribution based on ownership, participation, support, status, contribution, sponsorship, funding, access, or influence.

No corporate surplus, reserve, unrestricted fund, restricted fund, program margin, cost-recovery surplus, subscription surplus, sponsorship surplus, grant surplus, software-related receipt, licensing receipt, publication receipt, Academy receipt, controlled-room receipt, public-good infrastructure support, or other receipt shall be treated as distributable profit.

Any excess revenue over expenses shall be retained, reserved, restricted, reinvested, applied, or otherwise used solely for lawful corporate purposes, including research, evidence, methods, observability, ontology, public-good R\&D, public-good software, open technical baselines, education, public authority learning, safeguards, records, compliance, governance, correction, public-safe publication, and other activities consistent with this Bylaw.

7.5 No Private Inurement.\
No part of the net earnings, assets, income, reserves, property, goodwill, public-good assets, technical assets, institutional opportunities, records, evidence artifacts, methods, software, repositories, technical baselines, controlled rooms, public authority access, public-safe publications, Nexus interfaces, or other benefits of the Corporation shall inure to the benefit of any director, officer, member, founder, sponsor, donor, funder, provider, host, employee, contractor, advisor, fellow, volunteer, contributor, related party, private shareholder, private individual, or private person.

The Corporation shall prohibit arrangements that transfer value to insiders or related persons without lawful purpose, reasonable value, independent review where required, conflict management, documentation, and Board or delegated approval. Prohibited inurement may include excessive compensation, disguised distributions, below-market transfers, above-market payments, preferential access, private use of corporate assets, outcome purchase, publication control, recognition purchase, finance-readiness purchase, certification purchase, procurement advantage, public authority access purchase, provider preference, sponsor control, or diversion of public-good assets.

Reasonable compensation, ordinary reimbursement, fair-value contracts, lawful grants, lawful fellowships, lawful scholarships, lawful stipends, lawful awards, and lawful program support shall not constitute private inurement solely because a private person receives payment or benefit, provided that the payment or benefit is reasonable, purpose-aligned, properly authorized, documented, conflict-reviewed where required, and not excessive or improper.

Any suspected private inurement shall be escalated for legal, tax, Board, conflict, records, and corrective review. Corrective action may include repayment, rescission, amendment, recusal, restriction, suspension, termination, disclosure, tax reporting, regulatory reporting, public-safe correction, or other lawful remedy.

7.6 No Impermissible Private Benefit.\
The Corporation shall not confer more than incidental private benefit on any private person, entity, sponsor, donor, funder, provider, host, contractor, vendor, enterprise actor, investor, insurer, lender, underwriter, bank, public finance actor, university, laboratory, public authority participant, member, subscriber, supporter, fellow, advisor, employee, or related person except where such benefit is lawful, incidental to the Corporation’s public-benefit purposes, reasonable in relation to public benefit, and properly recorded.

The Corporation shall not use its evidence, methods, observability, ontology, public-good R\&D, public-good software, technical baselines, publications, controlled rooms, Academy programs, Nexus interfaces, public authority learning, public-safe reporting, or public-good assets to provide private commercial advantage, market preference, procurement advantage, certification advantage, recognition advantage, finance-readiness advantage, fundraising advantage, reputational endorsement, public authority access, regulatory comfort, or product validation to any private actor beyond what is lawful, incidental, purpose-aligned, provider-neutral, sponsor-independent, and record-supported.

Private benefit review shall be required where an activity materially involves:

a) a sponsor, donor, funder, provider, vendor, contractor, host, or enterprise actor;

b) a related party, insider, director, officer, member, founder, or affiliated person;

c) use of public-good assets for commercial products or services;

d) public authority access, public authority references, or public authority learning rooms;

e) datasets, AI systems, dashboards, technical baselines, public-good software, proof receipts, model outputs, observability signals, or Nexus-compatible claims;

f) finance-adjacent, insurance-adjacent, investment-adjacent, lending-adjacent, rating-adjacent, public finance-adjacent, or procurement-adjacent contexts;

g) certification, recognition, maturity, standing, Docket, Grid, Nexus-compatible, verified, validated, public-safe, finance-ready, insurance-ready, bankable, investable, or capital-readable claims; or

h) any arrangement that could appear to sell institutional authority, legitimacy, access, or public-good standing.

Where impermissible private benefit risk cannot be adequately controlled, the Corporation shall refuse, suspend, narrow, quarantine, re-scope, externalize, terminate, correct, or withdraw the activity.

7.7 Tax-Exempt-Compatible Purpose.\
The Corporation shall be organized and operated for tax-exempt-compatible purposes, including public-benefit, scientific, educational, research, evidence, methods, public-good technology, public-good software, open technical baseline, public authority learning, technical literacy, community safeguards, and systemic de-risking purposes, to the extent permitted by applicable law and the Corporation’s federal and state tax status.

The Corporation’s tax-exempt-compatible purposes may include:

a) conducting and supporting public-benefit research concerning systemic risks, resilience systems, exponential technologies, mission-critical infrastructure, public-good technical architecture, and public-safe evidence;

b) developing and stewarding evidence frameworks, methods, observability models, ontology, technical truth methods, data governance methods, AI governance methods, cybersecurity methods, and public-safe publication methods;

c) developing, maintaining, releasing, restricting, correcting, archiving, and supporting public-good software, open technical baselines, schemas, APIs, SDKs, reference architectures, model cards, system cards, dataset cards, benchmark libraries, and test harnesses;

d) supporting education, Academy activities, fellowships, technical literacy, public authority learning, scenario learning, controlled-room learning, and workforce formation;

e) supporting community safeguards, Indigenous knowledge respect, civil rights, accessibility, public-safe mapping, protected participation, and public-good correction pathways; and

f) supporting Nexus public-good stack compatibility through lawful evidence, methods, observability, ontology, technical baseline, and public-good software inputs without performing recognition, finance-readiness, certification, procurement, public authority, or enterprise execution functions.

Tax-exempt-compatible purpose shall not be used to imply that tax exemption has been obtained unless a competent record supports that exact status. It shall not authorize private inurement, impermissible private benefit, political campaign intervention, excessive lobbying where restricted, unrelated commercial conduct inconsistent with the Corporation’s status, or regulated execution.

7.8 Federal Tax Classification to Be Determined or Maintained by Record.\
The Corporation’s federal tax classification shall be determined, sought, maintained, changed, represented, and evidenced only by competent records, including formation records, Board resolutions, IRS applications, IRS determination letters, IRS notices, annual information returns, tax filings, legal memoranda, accountant records, public-support records, exemption records, and other authoritative tax records.

No person shall represent that the Corporation is recognized by the Internal Revenue Service as tax-exempt, charitable, publicly supported, section 501(c)(3), section 501(c)(4), section 501(c)(6), a private foundation, a public charity, a supporting organization, a fiscal sponsor, a sponsored project, or any other federal tax classification unless competent records support the exact statement.

Pending determination or where no tax-exempt recognition has been obtained, the Corporation shall operate in a tax-exempt-compatible and nonprofit-compatible manner to the extent lawful and consistent with Board-approved strategy, while accurately describing its status. Public materials, fundraising materials, grant applications, sponsorship materials, donation acknowledgments, receipts, invoices, websites, proposals, controlled-room materials, and public authority materials shall not overstate tax status.

Any federal tax classification change, application, withdrawal, revocation, denial, conversion, structural shift, fiscal sponsorship arrangement, supporting organization arrangement, affiliated-entity arrangement, or sponsored-project arrangement shall require Board review or other competent approval where required, legal and tax review, public-description controls, and records sufficient to preserve validity-by-record and correctionability.

7.9 Section 501(c)(3) Compatibility Where Applicable.\
Where the Corporation seeks, obtains, maintains, or operates in compatibility with recognition as an organization described in section 501(c)(3) of the Internal Revenue Code, it shall be operated exclusively for purposes compatible with such status, including charitable, educational, scientific, research, and public-benefit purposes where applicable, and shall avoid conduct inconsistent with such status.

Where section 501(c)(3) compatibility applies, the Corporation shall observe restrictions concerning private inurement, impermissible private benefit, lobbying limits, political campaign intervention, excess benefit transactions, unrelated business income, donor acknowledgments, charitable receipts, public-support tests where applicable, grants, restricted funds, compensation reasonableness, and dissolution requirements.

No section 501(c)(3) compatibility shall permit the Corporation to act as a regulator, public authority, public warning authority, emergency command body, procurement authority, certification body, recognition authority, finance-readiness authority, investment adviser, broker, dealer, lender, insurer, underwriter, rating agency, public finance approver, national company, Project SPV, provider, operator, or enterprise execution vehicle.

The Corporation shall maintain public descriptions, fundraising language, program materials, receipts, grant materials, sponsorship acknowledgments, and website language consistent with the actual status and constraints of section 501(c)(3) compatibility or recognition, as applicable.

7.10 Section 501(c)(4), 501(c)(6), Supporting Organization, Fiscal Sponsorship, Sponsored Project, or Other Structure Not Assumed Without Record.\
The Corporation shall not be treated as a section 501(c)(4) organization, section 501(c)(6) organization, supporting organization, fiscal sponsor, sponsored project, donor-advised fund sponsor, trade association, business league, social welfare organization, foundation, public charity, private foundation, disregarded entity, branch, affiliate, auxiliary, chapter, fund, program vehicle, or other tax or nonprofit structure unless such status is expressly authorized, lawful, and supported by competent records.

Any use of a fiscal sponsorship, sponsored project, supporting organization, affiliated-entity, chapter, program fund, public charity, private foundation, section 501(c)(4), section 501(c)(6), or other structural model shall require legal and tax review, Board approval where material, conflict review, records, public-description controls, and boundary controls sufficient to preserve the Corporation’s nonprofit character, non-execution perimeter, public-benefit purpose, role separation, and public authority boundary.

No structural arrangement shall be used to evade tax rules, charitable solicitation law, donor restrictions, private benefit rules, lobbying limits, political activity limits, public authority constraints, finance boundaries, certification boundaries, procurement neutrality, provider neutrality, sponsor non-control, or enterprise execution restrictions.

7.11 Charitable Status Controls if Obtained.\
If the Corporation obtains charitable status, charitable solicitation registration, state charitable recognition, federal charitable recognition, or other charitable status in any jurisdiction, such status shall be maintained, represented, and used only within the limits of applicable law and competent records.

Charitable status controls shall include, as applicable:

a) accurate public description of charitable status and jurisdictional scope;

b) lawful donation acknowledgments and receipts;

c) charitable solicitation registrations, exemptions, renewals, disclosures, and filings;

d) donor restriction compliance;

e) restricted fund accounting;

f) private inurement and private benefit controls;

g) grant and sponsorship classification controls;

h) lobbying and political activity controls;

i) fundraising platform and professional fundraiser controls;

j) commercial co-venturer controls where applicable;

k) public-support, reporting, and audit or review obligations where applicable; and

l) correction of any inaccurate charitable claim.

Charitable status shall not authorize the Corporation to sell tax deductions, sell public authority access, sell recognition, sell finance-readiness, sell certification, sell procurement advantage, sell provider preference, sell public-good legitimacy, or permit donor, sponsor, funder, or provider control.

7.12 Non-Charitable Nonprofit Controls if Charitable Status Is Not Obtained.\
If the Corporation has not obtained charitable status or is not authorized to represent charitable status in a particular jurisdiction, the Corporation shall operate and communicate as a nonprofit public-benefit institution without claiming charitable status, charitable deductibility, charitable receipting authority, public charity status, or charitable registration in that jurisdiction.

Non-charitable nonprofit controls shall include accurate fundraising language, proper invoice and receipt language, tax-status disclaimers, donor and sponsor acknowledgment controls, state solicitation review, grant eligibility review, fee classification review, public authority materials review, and correction of any charitable overclaim.

The absence of charitable status shall not alter the Corporation’s nonprofit character, public-benefit purpose, non-distribution rule, no-private-inurement rule, anti-capture obligations, non-execution perimeter, role separation, public authority boundary, finance boundary, certification boundary, procurement neutrality, provider neutrality, sponsor non-control, validity-by-record, or correctionability.

No person shall use non-charitable nonprofit status as a basis to weaken public-benefit discipline, create private distribution, sell institutional authority, confer private benefit, or collapse the Corporation into an enterprise execution vehicle.

7.13 Public-Benefit Purpose.\
The Corporation exists to advance public-benefit purposes through evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute and verifiable intelligence methods, Nexus Truth Engine methods, Nexus Observatory methods, research integrity, public authority learning, technical literacy, community safeguards, protected knowledge stewardship, and systemic de-risking for public-good outcomes.

The public-benefit purpose shall extend across all exponential technologies and mission-critical systems within the Corporation’s lawful scope, including artificial intelligence, AI-RAN, O-RAN, private wireless, telecommunications, sovereign compute, high-performance compute, edge compute, confidential computing, cybersecurity, blockchain, distributed ledger technology, Web3, DePIN, proof systems, quantum-relevant systems, robotics, drones, sensing, Earth observation, geospatial systems, digital twins, biosecurity, climate, nature, biodiversity, water, energy, food, health, disaster, ports, supply chains, advanced manufacturing, semiconductors, public infrastructure, critical services, and other convergent or systemic-risk systems.

The Corporation’s public-benefit purpose shall be pursued through stewardship, research, learning, methods, publication, public-good technology, correction, and lawful coordination. It shall not be pursued through emergency command, official public warning, regulation, enforcement, procurement, certification, recognition, finance-readiness determination, investment activity, lending, insurance, rating, public finance approval, provider selection, project ownership, infrastructure operation, or enterprise execution.

7.14 Public-Good Stewardship Burden.\
The Corporation shall bear a public-good stewardship burden in all activities. Such burden requires the Corporation to preserve public benefit, evidence integrity, methods integrity, technical truth, transparency where lawful and safe, controlled confidentiality where required, public-safe publication, community safeguards, Indigenous knowledge respect, civil rights, accessibility, data protection, cybersecurity, correctionability, and role separation.

The public-good stewardship burden shall require the Corporation to evaluate whether any action, output, relationship, funding arrangement, technical asset, publication, dashboard, controlled-room activity, public authority interface, sponsor relationship, provider relationship, or Nexus interface could create harm, capture, overclaim, private benefit, public authority confusion, finance-readiness implication, certification implication, procurement implication, provider preference, data misuse, AI misuse, cyber risk, protected knowledge exposure, or reliance beyond lawful scope.

Where public-good stewardship and operational convenience conflict, public-good stewardship shall control. Where public-good stewardship and sponsor, donor, funder, provider, host, public authority, partner, or publication preference conflict, public-good stewardship shall control. Where public-good stewardship and speed, visibility, fundraising, market uptake, or institutional advantage conflict, public-good stewardship shall control.

7.15 Research, Education, Evidence, Methods, Public-Good Technology, Public Authority Learning, Technical Literacy, and Systemic De-Risking Character.\
The Corporation shall be characterized by research, education, evidence stewardship, methods stewardship, public-good technology, public authority learning, technical literacy, and systemic de-risking.

Research character includes lawful public-benefit inquiry, applied research, technical research, interdisciplinary research, public-good R\&D, reproducibility, peer review, research ethics, publication integrity, correction, and responsible translation.

Education character includes Academy activity, public authority learning, technical literacy, evidence literacy, AI governance literacy, cyber literacy, public-safe reporting literacy, community safeguards literacy, fellowships, workshops, trainings, briefings, controlled-room learning, public-safe explainers, and workforce formation.

Evidence and methods character includes source lineage, provenance, validation, confidence, uncertainty, corroboration, sensor-fusion methods, AI-output review, AI-RAN and O-RAN signal interpretation, DePIN and DLT validation methods, digital twin assumption review, geospatial evidence methods, cyber evidence methods, observability indicators, and correction methods.

Public-good technology character includes public-good software, open technical baselines, schemas, APIs, SDKs, dashboards, reference architectures, test harnesses, benchmark libraries, model cards, system cards, dataset cards, secure release practices, and anti-enclosure controls.

Systemic de-risking character includes support for public understanding, institutional learning, safer deployment environments, public-safe reporting, public-good technical memory, safeguards, and correction pathways without assuming public authority, regulated-market, finance, certification, procurement, or enterprise execution functions.

7.16 Non-Market and Non-Executing Character.\
The Corporation shall be a non-market and non-executing public-benefit technical institution. It may develop public-good assets, receive lawful support, charge lawful fees, recover costs, engage contractors, employ staff, license intellectual property, maintain repositories, publish outputs, conduct trainings, and coordinate with public, academic, nonprofit, community, and enterprise actors, but it shall not become a market operator, financial intermediary, regulated execution actor, enterprise delivery company, infrastructure operator, procurement body, certification body, rating agency, broker, dealer, investment adviser, lender, insurer, underwriter, public finance approver, emergency command body, public warning authority, public authority substitute, national company, Project SPV, provider, or asset owner by default.

The Corporation shall not execute projects, own project assets, select vendors for public authorities, direct public infrastructure operations, command emergency responses, issue official warnings, approve public finance, place capital, underwrite insurance, originate credit, rate credit or resilience, certify compliance, confer recognition, determine finance-readiness, admit projects to investment pipelines, or operate enterprise stack activities unless separately and lawfully authorized in a manner consistent with applicable law and this Bylaw; and even then no prohibited function may be exercised by implication.

Technical integration, dashboard operation, controlled-room administration, data-room participation, proof-receipt logic, public-good software release, AI output, digital twin output, DePIN record, blockchain entry, AI-RAN signal, O-RAN signal, sensor signal, public-safe report, technical baseline, or Nexus interface shall not by itself convert the Corporation into an executing actor.

7.17 No Representation as Charity, Public Authority, Regulator, Treaty Organization, Sovereign Standards Body, Financial Intermediary, Market Operator, Broker, Dealer, Investment Adviser, Bank, Lender, Insurer, Rating Agency, Procurement Body, Certification Body, Emergency Command Body, or Enterprise Delivery Company Unless Separately and Lawfully Authorized.\
The Corporation shall not represent itself, and no director, officer, member, employee, contractor, advisor, fellow, volunteer, contributor, sponsor, donor, funder, provider, host, public authority participant, partner, or Nexus interface actor shall represent the Corporation, as any status, role, authority, classification, or legal capacity that is not supported by competent records and lawful authorization.

Without limiting the foregoing, the Corporation shall not be represented as:

a) a charity, public charity, tax-exempt charity, charitable receipt issuer, or section 501(c)(3) organization unless such status is supported by competent records;

b) a public authority, government agency, delegated authority, public-private partnership, public warning authority, emergency command body, incident command body, public health authority, public safety authority, or official decision-maker;

c) a regulator, enforcement body, permitting authority, compliance approver, legal-certification authority, procurement authority, public contract award body, vendor selector, public finance approver, grant approver, tax credit approver, or sovereign finance approver;

d) a treaty organization, intergovernmental organization, diplomatic body, supranational authority, regional regulator, sovereign standards body, or public law-making body;

e) a financial intermediary, market operator, fund, broker, dealer, finder, investment adviser, bank, lender, insurer, reinsurer, underwriter, rating agency, capital-placement actor, insurance-placement actor, credit approver, public finance actor, or capital-reader room execution body;

f) a certification body, accreditation body, recognition body, maturity determiner, standing determiner, Docket approver, Grid approver, Nexus-compatible approver, finance-readiness determiner, insurance-readiness determiner, bankability determiner, investability determiner, or official verifier; or

g) an enterprise delivery company, national company, state operating company, regional operating company, Project SPV, qualified enterprise provider, infrastructure operator, asset owner, systems integrator, deployment company, managed service provider, or commercial delivery vehicle.

Where the Corporation is separately and lawfully authorized for a specific status or function, such authorization shall be narrowly construed, recorded, time-bound or scope-bound where applicable, publicly or internally described with precise limitations, and shall not expand to other statuses, jurisdictions, activities, or actors by implication.

7.18 Status Records, IRS Records, State Records, Solicitation Records, Tax Records, and Public-Representation Controls.\
The Corporation shall maintain complete, current, and correctionable records of its nonprofit, non-share, non-stock, non-distributing, tax-exempt-compatible, tax, charitable, public-benefit, solicitation, registration, and status representations.

Such records shall include, as applicable:

a) Articles or Certificate of Incorporation and amendments;

b) bylaws, Board resolutions, member resolutions where applicable, and adoption records;

c) state nonprofit corporation records;

d) registered office, registered agent, principal office, and good-standing records;

e) federal tax classification records;

f) IRS applications, determination letters, notices, correspondence, returns, and filings;

g) state tax, franchise tax, exemption, sales and use tax, employment tax, and local tax records;

h) charitable solicitation registrations, exemptions, renewals, disclosures, receipts, donor acknowledgment records, and fundraising platform records;

i) public charity, private foundation, supporting organization, fiscal sponsorship, sponsored project, section 501(c)(3), section 501(c)(4), section 501(c)(6), or other tax-structure records where applicable;

j) restricted fund records, donor restriction records, sponsorship classification records, grant records, in-kind contribution records, cost-recovery records, fee records, and unrelated business income review records;

k) compensation, reimbursement, related-party transaction, private benefit, excess benefit, and private inurement review records;

l) public-benefit purpose records;

m) public descriptions, website statements, proposals, pitch materials, grant applications, sponsorship materials, public authority materials, controlled-room notices, publications, repository notices, AI summaries, slide decks, and public-safe summaries containing status claims;

n) correction, withdrawal, takedown, retraction, clarification, supersession, and archive records for inaccurate or outdated status claims; and

o) responsible owner, review date, version, jurisdiction, limitation, and evidence of authority for status claims.

No public representation concerning nonprofit status, tax status, charitable status, deductibility, public-benefit character, public authority role, recognition function, finance-readiness function, certification authority, procurement authority, regulated status, North America anchor status, Nexus-compatible status, or enterprise execution status shall be made unless supported by records. Where a representation becomes inaccurate, incomplete, misleading, outdated, jurisdictionally overbroad, or authority-inflating, the Corporation shall correct, withdraw, limit, clarify, supersede, or archive the representation as appropriate.

The governing rule of this Section is that the Corporation’s nonprofit, non-share, non-distributing, tax-exempt-compatible, and public-benefit character shall be legally real, records-based, operationally enforced, and publicly disciplined. It shall preserve public-good stewardship, prevent private inurement and impermissible private benefit, support lawful tax posture, maintain non-execution, protect public authority and finance boundaries, preserve GCRI / GRF / GRA role separation, prevent sponsor or provider capture, and keep all status claims valid by record and correctionable.

## Section 8. Public-Good Technical Institution Character

8.1 Public-Good Technical Institution.\
The Corporation shall be maintained as a public-good technical institution organized and operated to steward evidence, methods, observability, ontology, technical truth, public-good research and development, public-good software, open technical baselines, verifiable compute methods, verifiable intelligence methods, Nexus Truth Engine methods, Nexus Observatory methods, public authority learning, technical literacy, community safeguards, protected knowledge discipline, and public-safe correction pathways for lawful public-benefit purposes.

The Corporation’s public-good technical institution character shall mean that the Corporation’s technical work is held under a public-benefit burden and shall be designed, governed, documented, reviewed, released, restricted, corrected, superseded, withdrawn, archived, or retired in a manner that preserves public trust, evidence integrity, safety, interoperability, reproducibility where appropriate, public-safe legibility, lawful access, data protection, cybersecurity, civil rights, accessibility, Indigenous and community safeguards, anti-capture, non-execution, and correctionability.

The Corporation may develop, maintain, publish, support, license, restrict, deprecate, correct, or retire public-good technical assets, including schemas, APIs, SDKs, datasets, data dictionaries, taxonomies, ontologies, reference architectures, dashboards, maps, model cards, system cards, dataset cards, benchmark cards, test harnesses, gold vectors, negative tests, public-good software, observability methods, technical baselines, controlled vocabularies, public-safe reports, and related technical materials, provided that such assets remain subject to applicable law, this Bylaw, Board-approved policies, records discipline, and public-safe claims controls.

The Corporation shall not use its public-good technical institution character to imply that it is a regulator, public authority, emergency command body, official public warning authority, procurement authority, certification body, recognition authority, finance-readiness authority, capital-placement actor, investment adviser, broker, dealer, lender, insurer, underwriter, rating agency, bank, public finance approver, standards monopoly, national company, Project SPV, qualified enterprise provider, infrastructure operator, asset owner, or enterprise execution vehicle.

8.2 Evidence Institution.\
The Corporation shall be an evidence institution. Its evidence function shall include the development, stewardship, review, classification, preservation, publication, controlled disclosure, correction, supersession, withdrawal, and archival of evidence artifacts concerning systemic risk, resilience infrastructure, exponential technologies, mission-critical systems, public-good technical baselines, observability environments, public authority learning, and Nexus-compatible public-good interfaces.

Evidence stewarded by the Corporation shall be treated as recorded, contextual, source-linked, permission-aware where applicable, classification-bearing, confidence-bearing, limitation-bearing, challengeable, and correctionable. Evidence shall be distinguished from raw data, opinion, advocacy, marketing, public authority decision, public warning, emergency instruction, recognition, finance-readiness, certification, procurement approval, rating, investment recommendation, insurance approval, and enterprise execution.

The Corporation’s evidence work may include evidence concerning artificial intelligence, agentic AI, AI-RAN, O-RAN, private wireless, telecommunications, sovereign compute, high-performance compute, edge compute, confidential computing, cybersecurity, blockchain, distributed ledger technology, Web3, DePIN, proof systems, quantum-relevant systems, robotics, drones, sensing, Earth observation, geospatial systems, digital twins, biosecurity, climate, nature, biodiversity, water, energy, food, health, disaster, ports, supply chains, advanced manufacturing, semiconductors, public infrastructure, critical services, and other convergent, exponential, or mission-critical systems.

No evidence artifact of the Corporation shall be represented as final authority, official truth, legal compliance approval, public authority decision, public warning, emergency command, certification, recognition, finance-readiness determination, insurance-readiness determination, bankability determination, investability determination, rating, procurement approval, provider preference, public finance approval, or regulated professional opinion unless separately and lawfully authorized by competent authority and recorded within the Corporation’s permitted role.

8.3 Methods Institution.\
The Corporation shall be a methods institution. Its methods function shall include the development, stewardship, review, versioning, publication, controlled disclosure, correction, supersession, withdrawal, retirement, and archival of methods for evidence collection, source lineage, provenance, confidence scoring, uncertainty treatment, validation, corroboration, reproducibility, replication, sensor fusion, AI-output review, model-output review, AI-RAN signal interpretation, O-RAN signal interpretation, DePIN validation, DLT and blockchain record interpretation, cyber evidence review, geospatial analysis, digital twin assumption review, public-safe publication, observability, and correction.

Methods of the Corporation shall be documented with sufficient context to identify, as applicable, purpose, scope, owner, custodian, steward, version, effective date, authority surface, assumptions, limitations, exclusions, dependencies, data requirements, AI-use conditions, public authority boundary, finance boundary, certification boundary, procurement boundary, safeguards requirements, public-safe status, review cycle, and correction pathway.

The Corporation may publish methods openly where lawful and safe, may maintain controlled annexes where required, and may restrict access to methods where publication could create cybersecurity risk, infrastructure risk, protected knowledge exposure, privacy harm, public safety harm, sanctions or export-control risk, public authority confusion, market-sensitive coordination, or other lawful reason for controlled handling.

No method shall constitute certification, accreditation, compliance approval, legal equivalence, procurement mandate, public authority decision, finance-readiness determination, rating, public warning, emergency command, provider preference, or regulated professional advice by reason of authorship, publication, adoption, use, technical quality, public authority familiarity, sponsor support, provider contribution, or Nexus alignment.

8.4 Observability Institution.\
The Corporation shall be an observability institution. Its observability function shall include the design, stewardship, review, and correction of methods, schemas, indicators, evidence flows, public-safe outputs, and technical baselines that support the lawful interpretation of telemetry, sensor systems, AI-RAN systems, O-RAN systems, DePIN systems, cyber logs, geospatial systems, Earth observation systems, digital twins, public infrastructure signals, community inputs, public authority inputs, and mission-critical system states.

The Corporation may support observability methods for Nexus Observatory, Nexus Observatory Nodes, Nexus Hubs, Nexus Clusters, Nexus Hotspots, Regional Clusters, National Dense Nexus Cores, state interfaces, territorial interfaces, Tribal and Indigenous interfaces, metropolitan interfaces, sectoral interfaces, public authority learning environments, host sites, universities, laboratories, communities, and other lawful observability contexts.

Observability shall be treated as evidence infrastructure and systems-intelligence support, not as command authority. Observability outputs shall require classification, context, confidence, limitation, public-safe review where published, access control where needed, and correction pathways.

No observability dashboard, map, score, signal, telemetry stream, digital twin output, model output, AI-RAN signal, O-RAN signal, DePIN record, sensor reading, proof receipt, blockchain entry, ledger entry, public-safe report, or observability artifact shall be represented as emergency command, official public warning, public authority decision, certification, recognition, finance-readiness, insurance-readiness, procurement approval, rating, legal compliance approval, or operational instruction unless separately and lawfully authorized by competent authority outside the Corporation’s default non-executing role.

8.5 Ontology Institution.\
The Corporation shall be an ontology institution. Its ontology function shall include the development, stewardship, review, versioning, localization, publication, controlled disclosure, correction, supersession, withdrawal, and archival of controlled vocabularies, taxonomies, schemas, data dictionaries, semantic models, risk categories, evidence classifications, maturity concepts, technology families, public authority capacity terms, finance-boundary terms, certification-boundary terms, procurement-boundary terms, Nexus-compatible claim terms, AI-readable knowledge structures, and machine-readable metadata.

Ontology shall serve as semantic infrastructure for evidence integrity, public-safe claims discipline, interoperability, public authority learning, technical literacy, Nexus public-good stack compatibility, and correctionability. The Corporation shall maintain ontology in a manner that reduces ambiguity, prevents silent meaning shifts, distinguishes evidence from recognition, distinguishes technical inputs from finance-readiness determinations, distinguishes public authority participation from public authority action, distinguishes technical baselines from certification, and distinguishes public-good stewardship from execution.

The Corporation may align ontology with GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, national companies, Project SPVs, qualified enterprise providers, public authorities, universities, laboratories, communities, and other actors where lawful and record-supported.

Shared terms shall not create shared authority. Semantic interoperability shall not create merger, agency, public authority delegation, recognition authority, finance-readiness authority, certification authority, procurement authority, protocol authority, shared liability, shared treasury, provider preference, sponsor control, or enterprise execution.

8.6 Technical Truth Institution.\
The Corporation shall be a technical truth institution in the bounded sense of stewarding disciplined, evidence-supported, method-governed, source-linked, confidence-bearing, limitation-bearing, reviewable, public-safe, and correctionable technical truth artifacts.

Technical truth shall mean an institutional output that is supported by recorded evidence, methods, source lineage, classification, confidence reasoning, limitations, and correction pathways. It shall not mean absolute truth, oracle truth, legal truth, public authority truth, regulatory truth, certified truth, financial truth, investment truth, insurance truth, procurement truth, emergency truth, or final operational truth.

The Corporation shall design technical truth processes to prioritize evidence sufficiency before narrative convenience, provenance before rhetorical force, correctionability before prestige, public-safe limitation before overclaim, challengeability before opacity, and role clarity before institutional expansion.

No technical truth output shall be represented as public authority decision, public warning, emergency command, recognition, standing, maturity determination, finance-readiness determination, insurance-readiness determination, bankability determination, investability determination, certification, accreditation, legal compliance approval, procurement approval, provider preference, sponsor benefit, rating, public finance approval, or regulated professional opinion unless separately and lawfully authorized and recorded.

8.7 Public-Good R\&D Institution.\
The Corporation shall be a public-good research and development institution. Its public-good R\&D function shall include lawful public-benefit research, applied research, technical prototyping, public-good software development, open technical baseline development, reference architecture development, interoperability profile development, evidence system design, data governance method development, AI governance method development, cybersecurity method development, observability method development, public authority learning tool development, public-safe publication design, safeguards design, and correction system development.

Public-good R\&D shall be conducted for public-benefit purposes and shall be structured to avoid private inurement, impermissible private benefit, sponsor control, provider control, donor control, funder control, host control, publication veto, outcome purchase, recognition purchase, finance-readiness purchase, certification purchase, procurement advantage, public authority access purchase, and technical enclosure.

The Corporation may collaborate with universities, laboratories, public authorities, civil society, communities, Indigenous and Tribal interfaces, sponsors, donors, funders, providers, hosts, open-source contributors, research networks, Nexus entities, and enterprise actors in public-good R\&D, provided that the terms of collaboration preserve research integrity, data rights, IP chain of title, publication independence subject to lawful controls, conflict disclosure, public-safe review, safeguards, non-execution, and role separation.

Public-good R\&D outputs shall be corrected, superseded, withdrawn, deprecated, retired, archived, or restricted where evidence, methods, data, cybersecurity, AI, IP, legal, public authority, finance-boundary, certification-boundary, procurement-boundary, safeguards, protected knowledge, public-safe, or public-benefit review requires such action.

8.8 Open Technology Institution.\
The Corporation shall be an open technology institution to the extent lawful, safe, and consistent with public-good stewardship. It may develop, publish, support, license, maintain, restrict, correct, and retire open technology assets intended to improve interoperability, evidence quality, technical literacy, public authority learning, reproducibility, observability, public-good software reuse, and Nexus public-good stack compatibility.

Open technology may include open schemas, APIs, SDKs, reference architectures, data dictionaries, technical profiles, test harnesses, benchmark libraries, model cards, system cards, dataset cards, public-good software, public-safe dashboards, controlled vocabulary assets, documentation, playbooks, and open technical baselines.

Open technology shall not mean uncontrolled release. The Corporation may restrict, delay, redact, license, access-control, or decline release of technology where necessary to protect privacy, cybersecurity, infrastructure security, public safety, export-control compliance, sanctions compliance, controlled technology, protected knowledge, community safeguards, Indigenous knowledge, public authority confidentiality, competition law, IP rights, research integrity, or public-good purpose.

No open technology asset shall be represented as certification, accreditation, procurement approval, public authority adoption, provider preference, finance-readiness, recognition, legal compliance approval, official standard, protocol entitlement, emergency instruction, public warning, or operational mandate unless separately and lawfully authorized by competent authority and recorded.

8.9 Public-Good Software Institution.\
The Corporation shall be a public-good software institution. Its public-good software function may include the development, maintenance, release, governance, licensing, security review, dependency review, documentation, contribution management, vulnerability response, versioning, correction, deprecation, retirement, and archival of software that supports evidence, methods, observability, ontology, public-good R\&D, public authority learning, technical literacy, public-safe reporting, controlled-room operations, data governance, AI governance, cybersecurity, verifiable compute, verifiable intelligence, and Nexus-compatible public-good interoperability.

Public-good software shall be governed by secure development lifecycle practices, contributor governance, IP chain-of-title review, licensing review, data-rights review, AI-use review, cybersecurity review, sanctions and export-control review where applicable, controlled-technology review where applicable, repository discipline, SBOM or equivalent dependency discipline where appropriate, vulnerability management, artifact signing or provenance where appropriate, rollback capability where appropriate, and correction pathways.

The Corporation may accept software contributions from employees, contractors, fellows, advisors, volunteers, universities, laboratories, open-source contributors, providers, sponsors, hosts, public authorities, communities, and other participants only under terms that preserve public-good purpose, IP clarity, licensing integrity, security, data protection, conflict disclosure, anti-capture, and public-safe claims discipline.

Public-good software shall not constitute certification, legal compliance approval, public authority decision, procurement mandate, provider selection, finance-readiness determination, recognition, rating, emergency command, official public warning, operational instruction, or performance guarantee by default.

8.10 Open Technical Baseline Institution.\
The Corporation shall be an open technical baseline institution. Its open technical baseline function may include the development, stewardship, publication, restriction, correction, versioning, supersession, withdrawal, and archival of baseline reference architectures, interoperability profiles, technical minimums, evidence requirements, observability profiles, data schemas, AI governance profiles, cybersecurity baselines, secure release profiles, public-safe reporting baselines, and Nexus-compatible technical inputs.

Open technical baselines shall be designed to support public-good comparability, technical legibility, evidence quality, public authority learning, interoperability, responsible adoption, and correctionability. They shall not be designed or represented as legal compliance instruments, procurement mandates, certification schemes, provider-selection instruments, market-entry barriers, public authority decisions, finance-readiness determinations, or enterprise execution requirements.

The Corporation may support Nexus Standards, protocol authority functions where separately constituted, GRF maturity and recognition functions, GRA finance-readiness functions, Nexus Observatory functions, Nexus Grid functions, Nexus Docket functions, and enterprise stack actors through technical baseline inputs, provided that the Corporation does not itself exercise recognition, finance-readiness, certification, procurement, protocol-authority, or execution functions unless separately and lawfully authorized within a recorded and bounded scope.

Any public or controlled use of a Corporation technical baseline shall include appropriate limitation language, version reference, status classification, scope statement, public-safe classification, correction path, and non-certification statement where required.

8.11 Verifiable Compute and Verifiable Intelligence Methods Institution.\
The Corporation shall be a verifiable compute and verifiable intelligence methods institution. Its function may include methods for model registers, dataset cards, model cards, system cards, benchmark cards, inference records, compute workload records, compute-to-data methods, secure enclave methods, confidential computing methods, sovereign compute methods, proof receipts, compute receipts, evaluation harnesses, AI-output review, agentic AI control methods, human review rules, public-safe intelligence outputs, and correctionable compute outputs.

Verifiable compute and verifiable intelligence methods shall be used to improve recordability, auditability, provenance, reproducibility where appropriate, security, rights protection, confidence, limitation discipline, and correctionability of AI-assisted, compute-assisted, model-assisted, and data-intensive outputs.

No compute record, inference record, model output, proof receipt, compute receipt, verifiable intelligence artifact, benchmark result, evaluation score, AI-generated statement, agentic AI action, digital twin output, dashboard output, DePIN record, ledger entry, blockchain entry, AI-RAN signal, O-RAN signal, or sensor signal shall become institutional authority by technical operation alone.

Material outputs shall require lawful authority, classification, context, human review where required, record support, limitation language, public-safe review where published, safeguards review where implicated, and correction pathways. The Corporation shall not represent verifiable compute or verifiable intelligence outputs as recognition, finance-readiness, certification, procurement approval, rating, public authority decision, emergency command, public warning, legal compliance approval, or professional advice by default.

8.12 Nexus Truth Engine Methods Institution.\
The Corporation shall be a Nexus Truth Engine methods institution. Its role may include stewarding methods, schemas, evidence classes, confidence rules, source comparison logic, corroboration logic, contradiction handling, disputed evidence handling, failed signal handling, spoof indicator handling, stale data handling, missing data handling, correction trigger methods, public-safe output methods, auditability methods, and interoperability methods for Nexus Truth Engine-compatible environments.

The Nexus Truth Engine shall be treated, for Corporation purposes, as method-supported confidence, corroboration, comparison, and correction infrastructure, not as an oracle, regulator, public authority, recognition body, finance-readiness authority, certification body, procurement body, emergency command system, public warning system, rating agency, or enterprise execution system.

The Corporation may support Truth Engine interfaces with GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Observatory, Nexus Standards, Nexus Grid, Nexus Docket, Nexus Rails, Nexus Network, public authority learning environments, universities, laboratories, and other lawful participants, provided that role separation, records, data controls, public-safe limits, and correction pathways are preserved.

No Truth Engine method, output, confidence score, corroboration result, contradiction flag, proof receipt, dashboard, map, report, AI output, or automated indicator shall be represented as absolute truth, final authority, public authority decision, public warning, emergency command, recognition, maturity, standing, finance-readiness, insurance-readiness, certification, procurement approval, rating, legal compliance approval, public finance approval, provider preference, or investment basis by default.

8.13 Nexus Observatory Methods Institution.\
The Corporation shall be a Nexus Observatory methods institution. Its role may include the stewardship of methods for observability environments, Observatory Nodes, Nexus Hubs, Nexus Clusters, Nexus Hotspots, Regional Clusters, National Dense Nexus Cores, sensors, AI-RAN, O-RAN, DePIN, digital twins, cyber telemetry, geospatial systems, Earth observation systems, dashboards, degraded-mode awareness, resilience indicators, public-safe evidence outputs, and correction pathways.

Nexus Observatory methods shall be designed to support public-good evidence, technical literacy, public authority learning, systemic-risk interpretation, resilience awareness, interoperability, correctionability, and public-safe publication. They shall not be designed or represented as command systems, official warning systems, regulatory systems, procurement systems, finance-readiness systems, certification systems, recognition systems, provider-selection systems, or enterprise execution systems.

The Corporation may support Observatory-to-Docket evidence inputs, Observatory-to-Grid evidence inputs, Observatory-to-GRF public-safe reporting inputs, Observatory-to-GRA finance-readiness evidence inputs, and Observatory-to-Nexus Standards technical inputs, provided that such support remains evidence, methods, observability, ontology, technical baseline, and correction support only.

No Observatory output, node status, hub status, cluster status, hotspot status, dense-core status, sensor signal, AI-RAN signal, O-RAN signal, DePIN record, digital twin output, dashboard, map, proof receipt, degraded-mode indicator, resilience indicator, or public-safe report shall be treated as emergency command, official public warning, public authority decision, recognition, finance-readiness, certification, procurement approval, rating, guarantee, or operational instruction by default.

8.14 Public Authority Learning Institution.\
The Corporation shall be a public authority learning institution. It may support federal, state, territorial, District of Columbia, Tribal, Indigenous, local, county, municipal, metropolitan, port, utility, public health, emergency management, public safety, public works, water, energy, food, telecommunications, cyber, infrastructure, university, laboratory, regulator-listening, public finance reader, and cross-border public-sector participants through lawful evidence literacy, technical literacy, AI governance literacy, cyber literacy, public-safe reporting literacy, scenario learning, tabletop learning, simulation learning, after-action evidence methods, observability methods, controlled-room learning, and public-good technical education.

Public authority learning shall be capacity-classified. The Corporation shall distinguish official-capacity participation, observer participation, personal-capacity participation, regulator-listening participation, public finance reader participation, emergency-management participant participation, public infrastructure operator participation, technical contributor participation, data contributor participation, controlled-room participation, and public authority room participation.

Public authority learning shall not constitute public authority delegation, official adoption, funding approval, grant approval, regulatory approval, procurement approval, public finance approval, sovereign obligation, public-private partnership, public warning, emergency command, incident command, public health order, public safety command, certification, recognition, finance-readiness, provider preference, or legal mandate.

Where public authority learning materials, meetings, dashboards, controlled-room records, publications, public-safe summaries, or public authority references could create confusion, the Corporation shall apply capacity records, limitation language, non-reliance language, public-safe review, public authority reference controls, and correction pathways.

8.15 Community Safeguards and Protected Knowledge Stewardship Institution.\
The Corporation shall be a community safeguards and protected knowledge stewardship institution. Its technical, research, evidence, data, AI, cyber, observability, publication, mapping, public authority learning, and Nexus interface activities shall be conducted with attention to civil rights, accessibility, non-discrimination, community safeguards, Indigenous knowledge respect, Tribal sovereignty, Indigenous data governance, local knowledge protection, territorial knowledge protection, cultural knowledge protection, environmental knowledge protection, sacred-site sensitivity, vulnerable community safeguards, remote community safeguards, public-safe mapping, grievance pathways, protected participation, non-retaliation, and do-no-harm review.

The Corporation shall not treat community, Indigenous, Tribal, local, territorial, cultural, environmental, or protected knowledge as ordinary open data merely because it is observed, digitized, sensed, mapped, submitted, volunteered, published elsewhere, referenced by a public authority, used in research, included in a dataset, generated through AI, discussed in a meeting, or contained in a dashboard.

Where protected knowledge may be implicated, the Corporation shall apply classification, access controls, consent or non-consent pathways where applicable, attribution rules, withdrawal or restriction pathways where applicable, public-safe mapping limits, controlled-room restrictions, publication review, correction pathways, and legal or safeguards review.

No sponsor, donor, funder, provider, host, public authority, university, laboratory, Nexus entity, enterprise actor, or internal program need shall justify extraction, exposure, commercialization, over-publication, unsafe mapping, or misuse of protected knowledge.

8.16 All-Exponential-Technology and Mission-Critical Systems Institution.\
The Corporation shall operate across all exponential technologies and mission-critical systems within its lawful public-benefit scope. Its institutional remit may include artificial intelligence, agentic AI, AI-RAN, O-RAN, private wireless, telecommunications, non-terrestrial networks, sovereign compute, high-performance compute, edge compute, cloud compute, confidential computing, cybersecurity, cyber-physical systems, blockchain, distributed ledger technology, Web3, DePIN, proof systems, quantum-relevant systems, post-quantum-relevant systems, robotics, drones, autonomous systems, sensing, Earth observation, satellite systems, geospatial systems, remote sensing, digital twins, simulation systems, scenario engines, biosecurity-relevant systems, public-health-relevant systems, climate, nature, biodiversity, water, energy, food, health, disaster, ports, supply chains, public infrastructure, critical services, advanced manufacturing, semiconductors, industrial systems, and other emerging, convergent, systemic-risk, resilience, or public-good-relevant systems designated by competent record.

The Corporation’s all-exponential-technology scope shall be interpreted as a public-good evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open baseline, safeguards, and learning scope. It shall not be interpreted as operational authority, market authority, public authority, technology approval authority, product certification authority, procurement authority, finance-readiness authority, emergency authority, or enterprise execution authority.

The Corporation shall apply heightened review where exponential or mission-critical systems involve controlled technology, export controls, sanctions, national security sensitivity, defense adjacency, cyber-sensitive information, infrastructure-sensitive information, geospatial sensitivity, public safety, public health, rights-bearing data, Indigenous data, protected knowledge, public authority data, AI training, agentic systems, compute concentration, dual-use capability, or cross-border transfer.

8.17 Stewardship Rather Than Execution.\
The Corporation’s public-good technical institution character shall be one of stewardship rather than execution. Stewardship includes evidence development, methods development, observability design, ontology stewardship, research, public-good software, open technical baselines, public authority learning, technical literacy, public-safe publication, safeguards, records, correction, and lawful coordination. Execution includes project development, project ownership, capital formation, regulated intermediation, infrastructure operation, vendor selection, procurement, certification, recognition, finance-readiness determination, emergency command, public warning, regulated professional approval, and enterprise delivery.

The Corporation shall not become an execution actor by reason of technical authorship, public-good software release, reference architecture design, technical centrality, dashboard administration, controlled-room administration, repository maintenance, public authority participation, sponsor support, provider contribution, downstream reliance, Nexus interface, public visibility, or operational urgency.

The Corporation may support execution actors only through lawful evidence, methods, observability, ontology, technical baselines, public-good software, learning, safeguards, and correction inputs. National Consortium Companies, Project SPVs, qualified enterprise providers, public authorities, infrastructure operators, funds, insurers, lenders, underwriters, procurement bodies, certification bodies, and other execution or regulated actors shall remain separately responsible for their own lawful decisions, authorizations, liabilities, duties, and records.

Where an activity risks converting stewardship into execution, the Corporation shall apply hold, quarantine, re-scoping, externalization, referral, role clarification, legal review, public-safe limitation, or termination as appropriate.

8.18 Public-Good Technical Institution Records.\
The Corporation shall maintain records sufficient to evidence its public-good technical institution character, including records concerning evidence, methods, observability, ontology, technical truth, public-good R\&D, open technology, public-good software, open technical baselines, verifiable compute, verifiable intelligence, Nexus Truth Engine methods, Nexus Observatory methods, public authority learning, community safeguards, protected knowledge, exponential technology scope, non-execution, and correctionability.

Such records shall include, as applicable:

a) evidence registers, source-lineage records, provenance records, confidence records, uncertainty records, evidence challenge records, and correction records;

b) method registers, version records, method notes, limitation records, review records, supersession records, withdrawal records, and retirement records;

c) observability method records, node, hub, cluster, hotspot, dense-core, sensor, AI-RAN, O-RAN, DePIN, cyber telemetry, geospatial, digital twin, dashboard, degraded-mode, and public-safe observability records;

d) ontology registers, controlled vocabulary records, taxonomy records, schema records, data dictionary records, semantic versioning records, semantic drift records, divergence logs, compatibility notes, and correction records;

e) technical truth records, limitation statements, public-safe classifications, challenge records, and correction pathways;

f) public-good R\&D records, research agendas, research integrity records, ethics records, peer review records, reproducibility records, publication records, sponsor-disclosure records, and correction records;

g) public-good software records, repository records, contributor records, IP chain-of-title records, license records, dependency records, SBOM or equivalent records where used, vulnerability records, secure release records, provenance records, rollback records, deprecation records, and archive records;

h) open technical baseline records, reference architecture records, interoperability profile records, test harness records, benchmark records, model card records, system card records, dataset card records, and conformance-supporting tool records;

i) verifiable compute and verifiable intelligence records, model registers, inference records, compute workload records, proof receipt records, compute receipt records, secure enclave records, confidential computing records, AI-use records, human review records, and AI incident records;

j) Nexus Truth Engine method records and Nexus Observatory method records;

k) public authority learning records, capacity classification records, public authority reference records, public authority data contribution records, controlled-room records, and non-endorsement records;

l) community safeguards, Indigenous knowledge, Tribal protocol, local knowledge, territorial knowledge, cultural knowledge, protected knowledge, public-safe mapping, grievance, remedy, protected participation, and non-retaliation records;

m) sanctions, export-control, controlled-technology, national security sensitivity, data, AI, cyber, privacy, civil rights, accessibility, public safety, and legal review records;

n) role-separation records with GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, National Consortium Companies, Project SPVs, qualified enterprise providers, sponsors, hosts, public authorities, universities, laboratories, and enterprise actors; and

o) hold, quarantine, restriction, public-safe release, correction, supersession, withdrawal, retraction, takedown, retirement, archival, and closeout records.

The governing rule of this Section is that the Corporation’s public-good technical character shall be operationally real, technically rigorous, legally bounded, non-executing, public-benefit aligned, evidence-centered, methods-governed, safeguard-protected, role-separated, validity-by-record based, and correctionable. GCRI US may steward public-good technical infrastructure for all exponential technologies and mission-critical systems, but it shall not convert technical stewardship into public authority, market authority, finance-readiness, certification, procurement, recognition, emergency command, public warning, or enterprise execution.

## Section 9. Adopting Authority, Adoption Resolution, Adoption Record, and Entry Into Force

9.1 Competent Adopting Authority.\
This Bylaw shall be adopted only by the competent adopting authority of the Corporation. The competent adopting authority shall be the Board of Directors, except to the extent that applicable law, the Certificate or Articles of Incorporation, the governing statute, a member structure lawfully adopted by the Corporation, or another superior governing instrument requires approval by incorporator, member, court, regulator, public authority, or other competent person.

The authority to adopt this Bylaw is a constitutional governance authority of the Corporation. It shall not be inferred from operational leadership, technical authorship, institutional founding activity, public authority participation, sponsor support, provider contribution, donor interest, Nexus alignment, public-facing endorsement, repository access, document circulation, fundraising need, program urgency, or continued practice.

The adoption of this Bylaw shall be treated as a formal act of corporate governance. It shall establish binding internal governance rules for the Corporation only when adopted through a valid recorded act of the competent adopting authority and entered into the authoritative Bylaw records of the Corporation.

No person shall represent this Bylaw as adopted, in force, operative, Board-approved, legally effective, final, controlling, current, or binding unless the adoption record supports that representation.

9.2 Board Adoption.\
Subject to applicable law, the Certificate or Articles of Incorporation, and any member approval required by law or governing instrument, the Board of Directors shall have authority to adopt this Bylaw by resolution duly approved at a meeting of the Board or by written consent where permitted by applicable law and the Corporation’s governing instruments.

Board adoption shall require that the directors receive, or have access to, the text proposed for adoption; that the matter be placed before the Board through a lawful agenda, consent process, or emergency governance process where permitted; that quorum and voting requirements be satisfied; and that the final action be recorded in the minutes, written consent, resolution register, Bylaw register, or other official corporate record.

The Board shall adopt this Bylaw in its fiduciary capacity as the governing body responsible for preserving the Corporation’s nonprofit character, public-benefit purpose, United States legal seat, all-states-and-territories operating posture, North America anchor role, non-execution perimeter, public authority boundary, finance boundary, provider neutrality, sponsor non-control, GCRI / GRF / GRA role separation, validity-by-record, correctionability, and Nexus public-good stack alignment.

A Board resolution adopting this Bylaw may approve the Bylaw in full, approve specified articles or sections for phased commencement, approve transitional provisions, designate responsible officers or custodians, direct repository deposit, authorize public-safe notice, and require preparation of implementation schedules, policies, registers, or certification records.

9.3 Member Approval Where Required by Law, Articles, Certificate of Incorporation, or Governing Documents.\
Where applicable law, the Certificate or Articles of Incorporation, a member structure, or another governing instrument requires approval of members for adoption, amendment, repeal, restatement, or replacement of this Bylaw or any part of it, such approval shall be obtained before the relevant action becomes effective, unless applicable law permits Board action subject to later member approval or ratification.

Member approval, where required, shall be obtained only through lawful notice, meeting, written consent, electronic consent, vote, quorum, class approval, special approval, or other process required by applicable law and governing instruments. The Corporation shall maintain records sufficient to show the exact text submitted for member approval, the approval threshold, the votes or consents received, any abstentions or objections where recorded, the effective date, and any conditions to effectiveness.

No member approval shall authorize the Corporation to act outside applicable law, exceed the Certificate or Articles of Incorporation, abandon nonprofit or non-distribution character, permit private inurement, weaken tax-exempt or tax-exempt-compatible restrictions, create public authority status, create finance-readiness authority, create certification authority, create procurement authority, collapse GCRI / GRF / GRA role separation, or convert the Corporation into an enterprise execution actor.

If member approval is not required, no person shall imply that members, supporters, subscribers, participants, donors, sponsors, providers, public authorities, council members, working groups, or external stakeholders possess approval rights merely by participation, support, contribution, attendance, payment, title, or influence.

9.4 Incorporator Approval Where Applicable During Formation.\
During the formation period, and only to the extent permitted by applicable law and governing instruments, the incorporator or incorporators may adopt the initial Bylaw, appoint initial directors, approve initial organizational resolutions, or take other formation acts necessary to establish the Corporation’s governance continuity.

Any incorporator action shall be recorded with the same seriousness as Board action. Such records shall identify the incorporator or incorporators, the legal authority relied upon, the text adopted, the effective date, the formation-stage status of the Corporation, the directors or officers appointed where applicable, and the transition path from incorporator governance to Board governance.

Incorporator approval shall not create continuing incorporator authority after the Board has been constituted except where expressly preserved by law or governing instrument. No founder, incorporator, sponsor, donor, provider, host, public authority participant, technical author, advisor, or early supporter shall retain governance authority by implication after lawful transition to Board governance.

Any formation-stage adoption shall be subject to later review, ratification, amendment, restatement, or supersession by the Board where lawful and appropriate.

9.5 No Adoption by Committee, Officer, Advisor, Sponsor, Donor, Provider, Public Authority Participant, Partner, Working Group, Council, Funder, Host, Nexus Entity, or Informal Leadership Group.\
This Bylaw shall not be adopted, amended, repealed, restated, replaced, suspended, waived, interpreted with constitutional effect, or brought into force by any committee, officer, advisor, sponsor, donor, provider, public authority participant, partner, working group, council, funder, host, university, laboratory, community participant, contributor, fellow, contractor, employee, volunteer, Nexus entity, national company, Project SPV, qualified enterprise provider, informal leadership group, or operational team unless such person or body has been expressly granted lawful authority by applicable law and competent corporate record.

No committee recommendation, officer approval, counsel draft, staff circulation, sponsor approval, donor approval, provider contribution, public authority attendance, public authority comment, public authority letter, working group consensus, council endorsement, Nexus interface note, GitBook page, website publication, repository commit, AI-generated summary, slide deck, fundraising deck, grant narrative, public statement, email chain, meeting note, or recurring practice shall constitute adoption of this Bylaw.

A lower-order body may prepare, review, recommend, compare, redline, annotate, operationalize, or implement this Bylaw only within its recorded authority. Such activity shall remain non-adopting unless and until the competent adopting authority approves the final operative text by valid corporate act.

Any purported adoption by an unauthorized person or body shall be treated as ineffective, subject to correction, withdrawal, public-safe clarification where needed, and record remediation.

9.6 Adoption Resolution Requirements.\
The resolution adopting this Bylaw shall identify, at minimum, the official legal name of the Corporation, the title of the instrument, the version identifier, the status classification, the date of approval, the approving authority, the text approved, the effective date, any deferred commencement provisions, any transitional provisions, the repository custodian, the record custodian, and any required notices or filings.

The adoption resolution shall state that the Bylaw is adopted as the controlling internal governance instrument of the Corporation subject to applicable law, the Certificate or Articles of Incorporation, any required member approval, and any mandatory superior legal requirement.

Where applicable, the adoption resolution shall also record that the Bylaw is intended to preserve:

a) the Corporation’s United States legal personality and governance seat;

b) the Corporation’s nonprofit, non-share or non-stock, non-distributing, tax-exempt-compatible, and public-benefit character;

c) the Corporation’s public-good technical institution character;

d) the Corporation’s all-states-and-territories operating posture, subject to applicable registration, qualification, solicitation, tax, employment, data, public authority, and local-law requirements;

e) the Corporation’s bounded North America anchor role;

f) the Corporation’s non-execution perimeter;

g) the separation of GCRI, The Global Risks Forum (GRF), and The Global Risks Alliance (GRA) functions;

h) the separation of the Nexus public-good stack from the enterprise stack;

i) public authority boundary discipline;

j) finance, securities, insurance, lending, rating, public finance, procurement, certification, recognition, and provider-neutrality boundaries;

k) sponsor, donor, funder, provider, and host non-control;

l) data, AI, cyber, privacy, civil rights, accessibility, community, Tribal, Indigenous, local, territorial, and protected knowledge safeguards;

m) validity-by-record; and

n) correctionability.

The adoption resolution may authorize officers to make non-substantive formatting, numbering, cross-reference, repository, metadata, and publication changes only if such changes do not alter meaning, authority, rights, obligations, limitations, or interpretive consequence.

9.7 Text Considered and Approved.\
The Corporation shall preserve the exact text considered and approved by the adopting authority. The adopted text shall be identifiable by version, date, status, file name or repository identifier, hash or integrity reference where used, page or section count where appropriate, and any exhibits, schedules, annexes, or incorporated instruments approved with the Bylaw.

No text shall be treated as adopted unless it is the text actually approved by the competent adopting authority or is an authorized certification, conforming copy, or repository copy of that text. Drafts, redlines, summaries, comments, working copies, translations, excerpts, public explainers, slide materials, AI summaries, emails, uploaded files, internal memos, and derivative communications shall not substitute for the adopted text.

Where the text approved differs from a circulated draft, the adopted text shall control. Where there is uncertainty concerning the text approved, the Secretary or other records custodian shall escalate the matter for Board clarification, ratification, correction, or restatement, and the more restrictive lawful interpretation shall apply pending resolution.

The Corporation shall maintain supersession discipline so that the current in-force version can be distinguished from drafts, prior versions, archived versions, withdrawn versions, restated versions, and unofficial copies.

9.8 Quorum and Voting Record.\
The adoption record shall state whether quorum was present, how quorum was determined, the directors or members present or consenting where applicable, the voting threshold required, the votes cast, the written consents received, any abstentions, any recusals, any dissent or minority statement where permitted and recorded, and the final result.

Where adoption occurs by written consent, the record shall satisfy applicable law and governing instruments concerning consent form, signature, electronic signature, delivery, timing, unanimous consent where required, and effective date. Where adoption occurs at a meeting, the minutes shall record notice, waiver of notice where applicable, quorum, motion, resolution, vote, and outcome.

Any conflict of interest, related-party concern, sponsor influence concern, provider influence concern, public authority boundary concern, finance-boundary concern, certification-boundary concern, procurement-boundary concern, or role-separation concern related to adoption shall be disclosed and recorded. Any required recusal shall be recorded.

A defective quorum, defective vote, missing consent, unresolved recusal, or unclear approval record shall not be cured by operational reliance, public circulation, website publication, sponsor reliance, public authority familiarity, funding agreement, program implementation, or passage of time, except to the extent a lawful ratification process is completed and recorded.

9.9 Effective Date and Deferred Commencement.\
This Bylaw shall take effect on the effective date stated in the adoption resolution, unless applicable law, the Certificate or Articles of Incorporation, member approval requirements, filing requirements, transition conditions, or the adoption resolution provide a different date or phased commencement.

The effective date shall be recorded distinctly from the issue date, approval date, publication date, repository deposit date, notice date, and implementation date. A Bylaw may be approved on one date, issued on another date, deposited in the repository on another date, noticed on another date, and become effective on another date, provided that the records identify each date and the legal consequence of each.

The adoption resolution may provide for deferred commencement of specific provisions, phased implementation of registers or policies, continuation of prior procedures during transition, temporary delegations, or grace periods for training, records, repository migration, public description correction, or participation acknowledgments.

No deferred commencement provision shall authorize conduct that violates applicable law, the Certificate or Articles of Incorporation, nonprofit or tax-exempt-compatible obligations, non-distribution requirements, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, data / AI / cyber controls, civil rights, accessibility, community safeguards, protected knowledge controls, or non-execution obligations.

9.10 Transitional Provisions.\
The adoption resolution or an accompanying transitional schedule may establish transitional provisions necessary to move from formation governance, draft governance, prior bylaws, interim rules, founder-led coordination, program-led practice, fiscal sponsorship arrangements, informal processes, or predecessor operating practices to the governance system established by this Bylaw.

Transitional provisions may address initial directors, initial officers, temporary delegations, committee formation, record migration, repository setup, register creation, policy adoption, conflict disclosures, participant acknowledgments, contract review, public description review, state qualification review, charitable solicitation review, data / AI / cyber review, public authority capacity review, sponsorship review, and Nexus interface review.

Transitional provisions shall not be used to preserve informal authority, sponsor control, provider control, donor control, founder override, public authority confusion, finance-readiness implication, certification implication, procurement implication, recognition implication, or execution activity inconsistent with this Bylaw.

During transition, the Corporation shall apply the most protective lawful interpretation where records are incomplete, authority is uncertain, roles are unclear, public claims are potentially overbroad, data handling is uncertain, or external reliance may be created. Transitional ambiguity shall be resolved by Board action, legal review where required, corrected records, and public-safe clarification where appropriate.

9.11 Savings Provisions.\
Adoption of this Bylaw shall not invalidate lawful prior acts of the Corporation that were validly authorized under the governing instruments and applicable law in effect at the time of the act, unless this Bylaw, the adoption resolution, applicable law, or a competent corporate action expressly provides otherwise.

Prior acts, policies, contracts, appointments, delegations, records, publications, repositories, committees, working groups, councils, programs, public authority interfaces, sponsorships, grants, memberships, subscriptions, technical assets, datasets, software releases, and Nexus interfaces may continue only to the extent they are consistent with applicable law, the Certificate or Articles of Incorporation, this Bylaw, Board-approved transition rules, and required records.

Any prior act that conflicts with this Bylaw shall be reviewed for correction, ratification, amendment, supersession, withdrawal, termination, re-scoping, public-safe clarification, access restriction, or archival. No savings provision shall preserve an act that is unlawful, ultra vires, defective beyond lawful cure, privately inuring, impermissibly private-benefiting, public-authority-confusing, finance-overclaiming, certification-overclaiming, procurement-overclaiming, sponsor-controlled, provider-captured, data-unsafe, cyber-unsafe, or contrary to non-execution.

A savings provision shall preserve legal continuity without preserving governance drift.

9.12 Entry-Into-Force Conditions.\
The adoption resolution may establish conditions to entry into force, including receipt of required member approval, filing of formation documents, confirmation of registered agent and registered office, seating of initial directors, completion of organizational resolutions, adoption of initial officer appointments, establishment of the Bylaw register, creation of the official repository, completion of Secretary certification, public-safe notice, or completion of any required legal or tax step.

Where entry into force is conditioned, the Bylaw shall not be represented as fully in force until the condition has been satisfied or waived by competent authority where lawful. Partial entry into force may be recorded only if the adoption resolution clearly identifies the provisions in force, the provisions deferred, the conditions outstanding, and the effect of the deferral.

Conditions shall be tracked in a transition register or equivalent record. Each condition shall have an owner, status, evidence of satisfaction, date satisfied, and record location.

If an entry-into-force condition cannot be satisfied, the Board shall determine whether to amend, restate, defer, withdraw, re-adopt, or otherwise correct the adoption record.

9.13 Signed Certification.\
Following adoption, the Bylaw shall be certified by the Secretary or other authorized officer, unless applicable law or the adoption resolution requires certification by another person. The certification shall state that the attached or identified text is a true, correct, and complete copy of the Bylaw adopted by the competent adopting authority, identify the date of adoption, identify the effective date, identify the version, and identify any deferred provisions or conditions.

Certification may be physical, electronic, or repository-based, provided that the method used is lawful, reliable, authenticated, and recorded. Where electronic signature, hash reference, repository signature, seal, timestamp, or tamper-evident reference is used, the Corporation shall maintain the verification record.

Certification shall not cure a defective adoption unless a lawful ratification or cure process is separately completed. Certification is evidence of adoption; it is not a substitute for adoption.

No uncertified copy shall be treated as the authoritative adopted Bylaw unless the Board, Secretary, or applicable law identifies it as the controlling record.

9.14 Repository Deposit.\
Upon adoption and certification, the Bylaw shall be deposited in the official repository of the Corporation. The repository record shall identify the title, version, adoption date, effective date, status, custodian, access class, publication class, supersession relationship, hash or integrity reference where used, and any related adoption resolution, certification, notice, or transitional schedule.

Repository deposit shall be required for institutional traceability, access control, public-safe publication, version discipline, and correctionability. The repository copy shall be maintained so that the Corporation can distinguish between current in-force text, superseded text, withdrawn text, archived text, restated text, redlines, drafts, translations, summaries, and unofficial copies.

Where the official repository is unavailable, compromised, migrated, or replaced, the Secretary or designated repository custodian shall maintain continuity records, backup records, migration records, and public-safe notice where necessary.

A repository posting without adoption record shall not create adoption. A repository posting inconsistent with the adoption record shall be corrected.

9.15 Gazette or Authoritative Notice Entry.\
The Corporation may maintain a Gazette, governance notice stream, authoritative notice page, internal notice register, controlled notice system, or equivalent notice mechanism for adoption, amendment, repeal, restatement, correction, supersession, withdrawal, and other governance-significant acts.

Following adoption, a Gazette or authoritative notice entry may be issued stating that this Bylaw has been adopted, identifying the official title, version, status, adoption date, effective date, repository location, access class, public-safe availability, and any material transitional information suitable for publication or controlled notice.

Notice may be public, controlled, internal, state-specific, territorial, Tribal-interface-specific, public authority-specific, donor-specific, sponsor-specific, provider-specific, participant-specific, or cross-border, depending on the sensitivity and relevance of the matter. No notice shall disclose confidential, privileged, personal, cyber-sensitive, infrastructure-sensitive, public authority-sensitive, finance-sensitive, community-protected, Indigenous, Tribal, local, territorial, cultural, environmental, or protected knowledge information in a manner inconsistent with law or safeguards.

A Gazette or notice entry shall evidence publication or notice. It shall not substitute for adoption, certification, repository deposit, or legal effectiveness unless applicable law or competent corporate action so provides.

9.16 Secretary Certification.\
The Secretary shall be responsible for maintaining the adoption record, certification record, Bylaw register entry, repository deposit record, and any Gazette or authoritative notice record, unless the Board designates another officer or records custodian.

The Secretary’s certification shall confirm, to the extent supported by records, that:

a) the adopting authority was competent;

b) notice, quorum, voting, consent, and approval requirements were satisfied;

c) the text certified is the text approved;

d) the effective date is correctly recorded;

e) any member, incorporator, filing, or condition requirement has been satisfied or is accurately identified as pending;

f) the Bylaw has been entered into the Bylaw register;

g) the official repository copy has been deposited;

h) the supersession relationship to any prior bylaws or interim governance instruments has been recorded; and

i) the Bylaw is subject to correction, supersession, withdrawal, restatement, or amendment only through the procedures required by law and this Bylaw.

Secretary certification shall be maintained as an authoritative governance record. If the Secretary identifies an error, gap, ambiguity, or inconsistency in the adoption record, the Secretary shall escalate the matter for correction, clarification, ratification, or Board action.

9.17 No Tacit Amendment, Implied Adoption, Operational Drift, State-by-State Drift, Program Drift, Funding-Agreement Drift, or Custom-Based Variance.\
This Bylaw shall not be adopted, amended, repealed, restated, waived, suspended, overridden, narrowed, expanded, localized, or varied by implication. No tacit amendment, implied adoption, operational drift, state-by-state drift, territorial drift, Tribal-interface drift, North America interface drift, program drift, funding-agreement drift, sponsor drift, provider drift, donor drift, public authority drift, repository drift, policy drift, committee practice, officer practice, staff practice, or custom-based variance shall alter this Bylaw.

No repeated practice, tolerated non-compliance, informal understanding, side letter, program manual, grant condition, sponsorship agreement, provider agreement, public authority meeting, field practice, website language, GitBook page, public statement, AI summary, dashboard design, repository permission, controlled-room usage, technical integration, Nexus interface, or historical custom shall modify this Bylaw unless the competent adopting or amending authority takes a lawful recorded action.

State-specific, territorial-specific, Tribal-interface-specific, local, sectoral, public authority-specific, or North America-facing localization may implement this Bylaw but shall not override it. Any localization that appears to conflict with this Bylaw shall be escalated, held, corrected, narrowed, or treated as subordinate pending Board review.

Where there is ambiguity between the Bylaw and practice, the Bylaw shall control. Where there is ambiguity between the Bylaw and a lower-order instrument, the Bylaw shall control subject to applicable law and the Certificate or Articles of Incorporation. Where there is ambiguity concerning authority, the narrower and more protective lawful interpretation shall apply pending correction.

9.18 Adoption and Entry-Into-Force Records.\
The Corporation shall maintain adoption and entry-into-force records sufficient to prove the validity, text, authority, effective date, repository status, notice status, and supersession status of this Bylaw.

Such records shall include, as applicable:

a) the final adopted Bylaw text;

b) Board resolution or written consent approving adoption;

c) incorporator approval where applicable during formation;

d) member approval records where required;

e) notice, waiver, quorum, voting, consent, abstention, recusal, and approval records;

f) the text considered and approved;

g) adoption date, issue date, effective date, deferred commencement date, and transition metadata;

h) signed Secretary certification or other authorized certification;

i) repository deposit record;

j) Bylaw register entry;

k) Gazette or authoritative notice entry;

l) supersession record for prior bylaws, interim rules, drafts, formation instruments, or operating practices;

m) entry-into-force condition register;

n) transition schedule and implementation records;

o) legal, tax, corporate, state, territorial, Tribal-interface, charitable solicitation, public authority, data / AI / cyber, and cross-border review records where material to adoption;

p) public-safe notice, controlled notice, internal notice, and external communication records;

q) correction, clarification, ratification, restatement, amendment, withdrawal, or supersession records; and

r) custodian, owner, access, retention, archive, and integrity metadata.

The governing rule of this Section is that the Bylaw enters legal and institutional force only through competent adoption, recorded approval, identifiable text, certified records, repository discipline, and effective-date control. No informal practice, circulation, approval by influence, technical authorship, sponsor support, public authority participation, Nexus reference, operational necessity, or public statement shall create adoption, amendment, waiver, or authority. The Corporation shall be governed by records, not memory; by competent authority, not influence; by lawful adoption, not implication; and by correctionable institutional truth, not operational drift.

## Section 10. Versioning, Change Classification, Supersession, Withdrawal, Restatement, and Archival

10.1 Version-Control System.\
The Corporation shall maintain a formal version-control system for this Bylaw and for each amendment, restatement, supersession, withdrawal, archival copy, public-safe copy, controlled copy, redline, explanatory note, translation, localization schedule, annex, implementation schedule, and related governance instrument.

The version-control system shall be designed to preserve institutional continuity, legal certainty, auditability, historical traceability, public-safe legibility, internal reliability, correctionability, and validity-by-record. It shall enable the Corporation to identify, at all times, the current in-force version of this Bylaw; the authority by which such version was adopted; the date of adoption; the effective date; the status classification; the superseded text; the scope of change; the repository location; the certification record; and any public, controlled, internal, state-specific, territorial, Tribal-interface, North America, or cross-border notice associated with the version.

Version control shall apply to the Bylaw as a constitutional governance instrument and not merely as a document-management convenience. No person shall rely on file names, informal labels, circulating drafts, working copies, redlines, public summaries, website postings, AI-generated summaries, GitBook pages, slide decks, memoranda, emails, repository commits, or operational references as substitutes for the official version-control record.

The version-control system shall preserve the Corporation’s United States legal seat, nonprofit character, public-benefit purpose, non-execution perimeter, public authority boundary, finance boundary, procurement neutrality, certification boundary, provider neutrality, sponsor non-control, GCRI / GRF / GRA role separation, Nexus public-good stack alignment, data / AI / cyber controls, community safeguards, protected knowledge discipline, and correctionability.

10.2 Unique Version Identifier.\
Each version of this Bylaw shall bear a unique version identifier. The version identifier shall distinguish draft versions, adopted versions, in-force versions, superseded versions, withdrawn versions, restated versions, archived versions, public-safe versions, controlled versions, state-localized schedules, territorial-localized schedules, Tribal-interface schedules, North America interface schedules, and translated or summarized materials.

A unique version identifier may include, as appropriate, a version number, adoption date, effective date, status classification, repository identifier, document-control code, amendment sequence number, restatement sequence number, localization code, hash or integrity reference where used, and custodian designation.

No two operative versions shall share the same version identifier. No draft, redline, summary, translation, public explainer, AI summary, website page, slide deck, grant narrative, program note, or repository copy shall use a version identifier in a manner that creates confusion with the current in-force Bylaw.

Where a version identifier is incorrect, duplicated, incomplete, misleading, or inconsistent with the adoption record, the Secretary or designated records custodian shall correct the metadata, preserve the correction record, and escalate any substantive ambiguity to the Board or other competent authority.

10.3 Editorial or Clerical Change.\
An editorial or clerical change is a change that corrects spelling, punctuation, formatting, cross-references, numbering, table of contents entries, typography, citation style, repository metadata, page layout, non-substantive headings, defined-term capitalization, or other non-substantive matters without changing legal meaning, governance authority, rights, obligations, duties, limitations, public meaning, institutional role, public authority boundary, finance boundary, certification boundary, procurement boundary, data / AI / cyber requirement, safeguards requirement, or interpretive consequence.

Editorial or clerical changes may be made by the Secretary or another officer or custodian authorized by Board resolution, policy, delegation matrix, or adoption resolution, provided that the change is recorded and does not alter substance. Where doubt exists whether a change is editorial or substantive, the change shall be treated as at least a material change pending review.

No editorial or clerical change shall be used to introduce a new power, narrow a restriction, expand authority, soften a prohibition, change an effective date, alter a record requirement, modify a defined term, change a role boundary, create public authority meaning, create finance-readiness meaning, create certification or procurement meaning, change the relationship to GCRI Canada, GRF, GRA, Nexus entities, public authorities, sponsors, providers, national companies, Project SPVs, or enterprise actors, or weaken validity-by-record or correctionability.

The record of an editorial or clerical change shall identify the text changed, the prior text, the corrected text, the basis for the correction, the person authorizing the correction, the date of correction, the repository entry, and whether notice was required.

10.4 Material Change.\
A material change is any change that affects the meaning, operation, governance effect, authority, duty, limitation, process, status, interpretation, institutional relationship, record requirement, public description, participant right, Board or officer authority, committee authority, adoption process, amendment process, repository discipline, legal compliance posture, public authority boundary, finance boundary, certification boundary, procurement boundary, provider-neutrality rule, sponsor non-control rule, data / AI / cyber control, safeguards obligation, non-execution perimeter, or Nexus role-separation rule of this Bylaw.

A material change shall require adoption by the competent authority under applicable law, the Certificate or Articles of Incorporation, this Bylaw, and any member approval requirement. A material change shall be supported by a change memorandum or equivalent record identifying the reason for the change, affected provisions, legal or operational implications, transition requirements, notice requirements, and any affected lower-order instruments.

Material changes shall not be implemented through operational practice, officer direction, committee interpretation, sponsor agreement, donor condition, public authority preference, provider requirement, funding agreement, program manual, repository edit, AI-generated rewrite, website revision, public summary, or custom.

Where a material change affects reliance, public meaning, public authority interfaces, finance-adjacent materials, certification-adjacent materials, procurement-adjacent materials, public-safe publications, participant rights, controlled-room rules, data rights, AI usage, cybersecurity posture, Indigenous or protected knowledge, or cross-border activity, the Corporation shall assess whether controlled notice, public-safe notice, correction, supersession, withdrawal, or transition language is required.

10.5 Constitutional Change.\
A constitutional change is any change that affects the Corporation’s legal identity, United States legal seat, corporate form, nonprofit character, non-share or non-stock character, non-distribution rule, public-benefit purpose, tax-exempt or tax-exempt-compatible posture, North America anchor role, all-states-and-territories operating posture, mission lock, non-execution perimeter, public authority boundary, finance boundary, certification boundary, procurement neutrality, role separation among GCRI, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), and Nexus entities, public-good stack / enterprise stack separation, Board reserved matters, member rights where applicable, amendment authority, dissolution provisions, or other structural governance feature.

A constitutional change shall require the highest approval threshold required by applicable law, the Certificate or Articles of Incorporation, this Bylaw, member approval rules where applicable, Board reserved-matter rules, tax-exempt or charitable status restrictions where applicable, and any other superior governing instrument.

No constitutional change shall be made by emergency process, officer action, committee action, policy change, implementation schedule, localization schedule, technical protocol, annex, controlled vocabulary change, repository update, public statement, sponsor agreement, provider agreement, public authority letter, Nexus interface, or operating practice unless such method is expressly lawful and satisfies the required adopting authority and record requirements.

A constitutional change shall be accompanied by legal review, tax review where applicable, public-benefit review, non-execution review, role-separation review, public authority boundary review, finance-boundary review, certification and procurement boundary review, data / AI / cyber review where applicable, safeguards review where applicable, and a Board determination that the change does not improperly convert the Corporation into a regulator, public authority, public warning body, finance-readiness authority, certification body, procurement body, provider, national company, Project SPV, or enterprise execution vehicle.

10.6 Emergency Change.\
An emergency change is a time-sensitive change required to address an immediate or material risk to legality, public safety, cybersecurity, data protection, AI safety, public authority boundary discipline, finance-boundary discipline, certification or procurement boundary discipline, public-safe publication, protected knowledge, civil rights, accessibility, sanctions compliance, export-control compliance, controlled technology, repository integrity, Bylaw authenticity, institutional continuity, or serious governance harm.

An emergency change may be proposed where delay would materially increase legal, operational, public-safety, cyber, data, safeguards, public authority, finance, certification, procurement, reputational, or institutional risk. Emergency change authority shall not be used to bypass ordinary governance merely for convenience, speed, fundraising, sponsor preference, public authority preference, provider preference, market pressure, publication timeline, program urgency, or visibility.

Emergency changes shall remain subject to applicable law, the Certificate or Articles of Incorporation, Board reserved powers, member approval where required, and non-execution limits. Emergency change authority shall not authorize prohibited functions, public authority delegation, public warning, emergency command, finance execution, certification, procurement approval, recognition, provider selection, or enterprise execution.

Each emergency change shall be time-boxed where appropriate, recorded, justified, reviewed by the Board or competent authority as soon as practicable, ratified or revised where required, and sunset, confirmed, superseded, or withdrawn by formal action. The record shall state the emergency trigger, authority used, text changed, duration, risk addressed, reviewers involved, notices issued, and post-emergency review outcome.

10.7 State or Territorial Localization Change.\
A state or territorial localization change is a change, schedule, supplement, implementation note, compliance annex, notice, public description, participation term, public authority interface term, data term, solicitation term, tax term, employment term, contracting term, or procedural adaptation made to reflect the law, practice, public authority context, or operating conditions of a particular state, the District of Columbia, Puerto Rico, Guam, the U.S. Virgin Islands, American Samoa, the Northern Mariana Islands, or other United States territorial or insular context.

State or territorial localization may implement this Bylaw but shall not fragment the Corporation’s constitutional governance, weaken mission lock, alter legal identity, impair nonprofit character, soften non-execution, create public authority status, create finance-readiness authority, create certification authority, create procurement authority, prefer a provider, permit sponsor control, weaken data / AI / cyber controls, weaken safeguards, or displace the United States corporate-law anchor for internal corporate acts.

A state or territorial localization change shall identify the jurisdiction, the legal basis or operating reason, the affected provisions, the local implementation rule, any divergence from default procedure, any equivalence note, any required registration or qualification, any public authority capacity classification, and any notice or repository requirement.

Where a localization change appears to conflict with the core Bylaw, the core Bylaw shall control subject to mandatory applicable law and the Certificate or Articles of Incorporation. The matter shall be escalated for conflict-of-law review, legal review, Board clarification, amendment, re-scoping, or withdrawal.

10.8 Tribal, Indigenous, or Community Protocol Localization Change.\
A Tribal, Indigenous, or community protocol localization change is a change, schedule, protocol, access rule, data rule, publication rule, mapping rule, attribution rule, consent or non-consent pathway, withdrawal pathway, protected knowledge rule, community safeguards rule, language-access rule, grievance pathway, or participation term adopted to respect Tribal sovereignty, Indigenous governance, Indigenous data governance, community protocols, protected knowledge, local knowledge, territorial knowledge, cultural knowledge, environmental knowledge, sacred-site sensitivity, public-safe mapping, civil rights, accessibility, or do-no-harm obligations.

Such localization shall be designed to strengthen safeguards and respect, not to extract knowledge, weaken protections, create public authority confusion, create consent by implication, create endorsement by participation, create finance-readiness meaning, create certification meaning, or convert community engagement into institutional control.

No Tribal, Indigenous, or community protocol localization shall be treated as consent, approval, endorsement, public authority action, waiver, data license, publication license, procurement support, recognition, finance-readiness, certification, or official adoption unless the competent rights-holder or authority has expressly and lawfully recorded that exact status.

The Corporation shall maintain records identifying the protocol source, capacity of participants, consent posture, non-consent posture, knowledge classification, access restrictions, publication restrictions, mapping limits, grievance pathway, correction pathway, and any divergence from default Bylaw procedures. Where uncertainty exists, the more protective lawful and safeguards-respecting interpretation shall apply.

10.9 North America Interface Change.\
A North America interface change is a change, schedule, protocol, compatibility note, localization note, cross-border interface rule, public authority learning term, data rule, publication rule, technical baseline note, observability method note, GCRI Canada coordination note, Mexico-facing note, Caribbean-facing note, Arctic note, Great Lakes note, Pacific note, Atlantic note, Gulf note, border-region note, or regional Nexus note affecting the Corporation’s North America-facing anchor function.

A North America interface change may support lawful cross-border evidence architecture, methods continuity, observability alignment, ontology alignment, public-good software compatibility, technical baseline compatibility, public authority learning, public-safe publication, correction pathways, safeguards, and Nexus public-good stack interoperability.

No North America interface change shall create foreign legal merger, treaty authority, intergovernmental authority, regional regulator status, public authority delegation, public finance authority, procurement authority, certification authority, recognition authority, finance-readiness authority, protocol authority, emergency command, public warning authority, shared treasury, shared liability, branch status, parent-subsidiary status, alter ego status, single employer status, joint employer status, provider preference, sponsor control, or enterprise execution authority.

Each North America interface change shall identify jurisdictional scope, affected actors, legal basis, data posture, public authority capacity posture, publication posture, safeguards posture, compatibility note, divergence note, record custodian, and correction pathway.

10.10 Technical-Conformance Change.\
A technical-conformance change is a change made to align this Bylaw or related governance instruments with technical metadata, repository structures, controlled vocabulary, schema identifiers, version identifiers, API documentation, public-good software references, open technical baseline references, model-card or system-card references, dataset-card references, proof-receipt references, Nexus Observatory references, Nexus Standards references, Nexus Truth Engine method references, or other technical conformance requirements.

Technical-conformance changes may be made only to improve coherence, interoperability, traceability, public-safe clarity, machine readability, repository discipline, or technical record integrity. They shall not change legal meaning, institutional authority, Board authority, member rights, officer duties, public authority boundaries, finance boundaries, certification boundaries, procurement boundaries, non-execution obligations, role separation, data rights, AI obligations, cybersecurity requirements, safeguards, or public-benefit purpose.

No technical-conformance change shall create authority by code, ledger entry, repository commit, proof receipt, role key, smart license, standards profile, dashboard configuration, metadata field, API response, AI output, digital twin, DePIN signal, AI-RAN signal, O-RAN signal, sensor signal, or automated workflow.

Where technical conformance and legal meaning diverge, legal meaning as recorded in the Bylaw and competent governance records shall control. The technical artifact shall be corrected, versioned, superseded, restricted, or withdrawn as needed.

10.11 Policy-Integration Change.\
A policy-integration change is a change made to align this Bylaw with Board-approved policies, schedules, annexes, protocols, registers, matrices, operating procedures, public-safe notice libraries, controlled vocabulary instruments, risk frameworks, data / AI / cyber policies, safeguards policies, publication policies, sponsorship policies, competition policies, sanctions policies, export-control policies, research integrity policies, public authority protocols, or other lower-order instruments.

Policy integration shall be hierarchical. No policy, protocol, schedule, annex, register, matrix, template, form, guidance, playbook, technical note, operating procedure, public summary, public-safe explainer, AI-generated summary, or training material shall override this Bylaw, the Certificate or Articles of Incorporation, or mandatory applicable law.

Where a policy-integration change requires modification to this Bylaw, the change shall be classified as editorial, material, constitutional, emergency, localization, technical-conformance, or another appropriate category and adopted through the required procedure. No policy adoption alone shall amend this Bylaw.

Where an existing policy is inconsistent with this Bylaw, the policy shall be corrected, superseded, restricted, withdrawn, archived, or interpreted in the more restrictive lawful manner pending formal correction.

10.12 Restatement.\
A restatement is a complete or partial reissuance of this Bylaw that consolidates amendments, corrections, supersessions, reorganizations, renumbering, clarifications, schedules, or other approved changes into a coherent operative text.

A restatement may be adopted to improve readability, reduce fragmentation, consolidate amendment history, align numbering, update cross-references, incorporate approved changes, remove superseded text, clarify status, or prepare the Bylaw for public-safe publication or internal governance use.

A restatement shall not be presumed to make substantive changes unless the adopting resolution or restatement record expressly states that substantive changes are being made. Conversely, substantive changes embedded in a restatement shall not be treated as editorial merely because they appear in a restated text.

Each restatement shall identify whether it is a non-substantive restatement, a substantive restatement, a constitutional restatement, or a mixed restatement. It shall preserve amendment history, supersession history, prior version identifiers, effective dates, transitional provisions, and any provisions that remain relevant for historical interpretation or prior acts.

10.13 More Restrictive Classification Where Doubt Exists.\
Where doubt exists as to whether a proposed change is editorial, material, constitutional, emergency, state or territorial localization, Tribal / Indigenous / community protocol localization, North America interface, technical-conformance, policy-integration, or restatement, the Corporation shall apply the more restrictive classification pending review.

A more restrictive classification shall be required where the change may affect legal meaning, public authority meaning, finance-readiness meaning, certification or procurement meaning, tax-exempt or nonprofit meaning, public-benefit purpose, Board authority, member rights, officer authority, committee authority, participant rights, data rights, AI controls, cybersecurity controls, public-safe publication, protected knowledge, safeguards, role separation, non-execution, or public-facing reliance.

No person shall downgrade a change classification for convenience, speed, fundraising, public relations, sponsor preference, provider preference, public authority preference, repository convenience, document aesthetics, translation convenience, AI-generated drafting convenience, or operational urgency.

The Secretary, Chief Legal, Compliance, and Risk Officer where appointed, Board Chair, Governance Committee, or Board may require escalation of any proposed change to a higher classification. Counsel review shall be obtained where regulated-perimeter, public authority, tax, nonprofit, cross-border, data / AI / cyber, safeguards, or constitutional risk is material.

10.14 Amendment History.\
The Corporation shall maintain an amendment history for this Bylaw. The amendment history shall identify each amendment, the provisions affected, the prior text, the amended text, the adopting authority, the adoption date, the effective date, the change classification, the reason for amendment, any legal or tax review, any member approval where required, any notice issued, and any supersession or transition effect.

The amendment history shall be sufficient to determine how the Bylaw evolved and which text governed a particular act, decision, publication, contract, public authority interface, support arrangement, repository action, data action, AI action, technical release, or Nexus interface at a particular time.

The amendment history shall distinguish between amendments that are prospective, retroactive where lawful, corrective, clarifying, transitional, emergency, temporary, permanent, localized, or restating.

No amendment shall be hidden, undocumented, backdated, silently inserted, or described in a manner that obscures its legal effect. Backdating of legal effect shall not occur except where lawful, expressly approved, accurately described, and supported by competent records.

10.15 Supersession Chain.\
The Corporation shall maintain a supersession chain showing the relationship between each version of this Bylaw and each prior version, amended version, restated version, withdrawn version, archived version, localization schedule, public-safe copy, controlled copy, and related governance instrument.

The supersession chain shall identify whether a version supersedes the prior version in full, supersedes only specified provisions, coexists with prior provisions for transition purposes, remains subject to deferred commencement, or applies only to specified jurisdictions, programs, records, participants, or interfaces.

No supersession shall be effective by implication. A supersession record shall identify the authority for supersession, the affected text, the effective date, the status of the superseded text, and whether the superseded text remains relevant for prior acts, transitional arrangements, historical interpretation, litigation, audit, public authority inquiry, tax record, grant record, restricted fund record, or repository traceability.

Where a supersession chain is unclear, the Secretary shall escalate the matter for Board clarification, correction, or restatement. The more protective lawful interpretation shall apply pending resolution.

10.16 Withdrawal Record.\
Where a draft, version, amendment, schedule, annex, public-safe copy, controlled copy, translation, summary, technical-conformance note, localization note, or related governance instrument is withdrawn, the Corporation shall create a withdrawal record.

The withdrawal record shall identify the withdrawn instrument, version identifier, withdrawal authority, withdrawal date, reason for withdrawal, effective scope of withdrawal, whether the instrument was ever adopted or in force, whether public or controlled notice is required, whether reliance may have occurred, whether correction or clarification is required, and where the withdrawn copy will be archived or sealed.

Withdrawal may be required where a document is inaccurate, unauthorized, superseded, misleading, legally defective, public-authority-confusing, finance-overclaiming, certification-overclaiming, procurement-overclaiming, sponsor-controlled, provider-captured, data-unsafe, cyber-unsafe, safeguards-defective, inconsistent with protected knowledge restrictions, or inconsistent with the Bylaw.

Withdrawal shall not destroy the institutional record unless lawful retention rules permit destruction. Withdrawn instruments shall be marked clearly to prevent reliance and preserved where needed for historical traceability, audit, legal defense, correction, or institutional learning.

10.17 Archive Record.\
The Corporation shall maintain archive records for superseded, withdrawn, restated, expired, temporary, emergency, draft, controlled, public-safe, translated, localized, and historical versions of this Bylaw and related governance instruments.

Archive records shall preserve historical traceability while preventing reliance on non-current text. Archived materials shall be marked with status, version, effective period, supersession relationship, withdrawal status where applicable, access class, retention class, confidentiality class, and any limitation on use.

The archive shall distinguish between public archives, controlled archives, internal archives, privileged archives, sealed archives, protected knowledge archives, cyber-sensitive archives, public authority-sensitive archives, and legally held records.

No archived version shall be used as current authority unless the Board or competent authority lawfully re-adopts, reinstates, or restates it. No person shall cite an archived version in a manner that creates current legal, public authority, finance, certification, procurement, or institutional meaning unless the citation clearly states its historical status.

10.18 Historical Traceability.\
The Corporation shall preserve historical traceability sufficient to reconstruct the governance record for any relevant period. Historical traceability shall include the ability to identify which version of the Bylaw was in force, which amendments had been adopted, which provisions were deferred, which transition rules applied, which localization schedules applied, which public-safe notices were issued, which records were certified, and which repository entries were authoritative.

Historical traceability shall support corporate governance, nonprofit compliance, tax compliance, public-benefit accountability, grant and restricted fund accountability, public authority interface review, data / AI / cyber review, research integrity, public-safe publication, safeguards review, dispute resolution, audit, investigation, correction, and institutional learning.

The Corporation shall not erase, overwrite, obscure, or collapse historical records in a manner that prevents reconstruction of authority, status, text, effective dates, or supersession. Repository migration, platform change, document cleanup, public website redesign, AI summarization, GitBook publication, or archive consolidation shall not compromise historical traceability.

Where historical records contain confidential, privileged, sensitive, personal, cyber-sensitive, infrastructure-sensitive, public authority-sensitive, community-protected, Indigenous, Tribal, local, territorial, cultural, environmental, or protected knowledge information, access shall be controlled without destroying traceability.

10.19 No Silent Replacement.\
No version of this Bylaw shall be replaced silently. Any replacement of an operative version shall require a recorded supersession, amendment, restatement, withdrawal, or correction act by competent authority and, where appropriate, repository update, Bylaw register entry, certification, notice, and transition record.

Silent replacement includes uploading a new file over an old file without status metadata, changing repository content without amendment record, editing a public webpage without version notice, altering a GitBook page without supersession record, replacing a PDF without repository history, issuing a new AI-generated summary as if authoritative, circulating a clean copy without adoption record, or allowing a program team to use a modified copy without formal classification.

No silent replacement shall be justified by formatting, document cleanup, public relations, fundraising, grant submission, sponsor request, provider request, public authority presentation, deadline pressure, or software repository convenience.

Where a silent replacement occurs or is suspected, the Corporation shall quarantine the affected text, identify the last authoritative version, reconstruct the change history, issue correction or notice where needed, and obtain Board or competent authority ratification, withdrawal, restatement, or correction.

10.20 No Orphaned Guidance.\
No guidance, policy, protocol, schedule, annex, playbook, form, checklist, matrix, controlled vocabulary, public-safe notice, data rule, AI rule, cybersecurity rule, safeguards rule, public authority protocol, sponsor rule, provider rule, repository rule, or technical-conformance note shall remain orphaned from the Bylaw version to which it relates.

Each lower-order instrument shall identify its authority source, Bylaw relationship, version relationship, effective date, custodian, status, supersession relationship, and whether it implements, explains, operationalizes, localizes, or supplements the Bylaw.

Where a Bylaw amendment or restatement affects lower-order guidance, the Corporation shall review related instruments for consistency, update or supersede them where necessary, and preserve compatibility notes or divergence logs where immediate update is not practicable.

Orphaned guidance shall not override the Bylaw. If guidance lacks clear authority, is inconsistent with the Bylaw, or is outdated, the Corporation shall restrict, correct, supersede, withdraw, archive, or mark it as non-operative pending review.

10.21 No Parallel Undisclosed Governance Text.\
The Corporation shall not maintain, use, or rely upon any parallel undisclosed governance text that purports to modify, override, reinterpret, narrow, expand, suspend, or replace this Bylaw outside the official version-control, adoption, repository, and notice system.

Parallel undisclosed governance text includes side bylaws, private operating constitutions, undisclosed sponsor terms, private provider rules, informal founder rules, unofficial council rules, hidden repository instructions, unapproved AI-generated governance summaries, confidential role charts used as authority, undocumented public authority understandings, private finance-readiness understandings, certification-adjacent side letters, procurement-adjacent side letters, and any other text that has governance effect without lawful adoption and record.

Confidentiality may be used to protect sensitive records, privileged materials, protected knowledge, cybersecurity information, public authority confidentiality, personal information, or lawful controlled-room materials. Confidentiality shall not be used to create undisclosed constitutional governance, hidden authority, sponsor control, provider preference, public authority delegation, finance-readiness authority, certification authority, procurement authority, or enterprise execution authority.

Any discovered parallel undisclosed governance text shall be escalated, reviewed, classified, and either lawfully adopted, corrected, subordinated, withdrawn, superseded, archived, disclosed in controlled form where appropriate, or rejected as non-authoritative.

10.22 Versioning, Supersession, Withdrawal, Restatement, and Archive Records.\
The Corporation shall maintain records sufficient to prove the version status, change classification, amendment history, supersession chain, withdrawal status, restatement status, archive status, repository location, effective date, and authority of every version of this Bylaw and every related governance instrument.

Such records shall include, as applicable:

a) version identifiers;

b) draft, adopted, in-force, superseded, withdrawn, restated, archived, public-safe, controlled, translated, and localized status records;

c) change classification records;

d) editorial and clerical correction records;

e) material change records;

f) constitutional change records;

g) emergency change records;

h) state and territorial localization records;

i) Tribal, Indigenous, and community protocol localization records;

j) North America interface change records;

k) technical-conformance change records;

l) policy-integration change records;

m) restatement records;

n) amendment histories;

o) supersession chains;

p) withdrawal records;

q) archive records;

r) historical traceability records;

s) repository records, hash or integrity records where used, certification records, and Gazette or authoritative notice records;

t) lower-order instrument mapping records and orphaned-guidance review records;

u) parallel-text review and rejection records;

v) public-safe correction, controlled correction, clarification, takedown, and notice records; and

w) responsible owner, custodian, access class, retention class, review date, and secure disposal metadata.

The governing rule of this Section is that no governance meaning shall move silently. The Corporation’s Bylaw shall change only through classified, competent, recorded, traceable, and correctionable acts. Version control shall protect legal identity, nonprofit character, public-benefit purpose, United States seat discipline, North America anchor boundaries, non-execution, GCRI / GRF / GRA role separation, Nexus public-good stack compatibility, public authority boundaries, finance boundaries, certification and procurement boundaries, data / AI / cyber controls, community safeguards, protected knowledge, validity-by-record, and correctionability.

## Section 11. Authoritative Text, Repository Discipline, Gazette, and Notice Stream

11.1 Authoritative Publication Location.\
The Corporation shall maintain an authoritative publication location for this Bylaw and for each adopted amendment, restatement, supersession, withdrawal, archival designation, public-safe copy, controlled copy, state localization schedule, territorial localization schedule, Tribal-interface schedule, North America interface schedule, notice, certification, and other governance-significant instrument.

The authoritative publication location shall be designated by the Board, the Secretary, or another competent authority acting under this Bylaw, the Certificate or Articles of Incorporation, applicable law, and any Board-approved repository policy. The authoritative publication location may be a secure corporate repository, official governance portal, controlled document-management system, signed corporate record system, GitBook or equivalent public-facing publication layer, secure archive, or any combination of public and controlled locations, provided that the authoritative source is identifiable, versioned, access-controlled where required, and supported by records.

The authoritative publication location shall identify, or permit identification of, the current operative version of the Bylaw, the adoption record, effective date, version identifier, status classification, repository custodian, supersession relationship, publication status, access status, and any applicable limitation, deferred commencement, localization, translation, or controlled-access condition.

No public website, slide deck, public explainer, fundraising deck, grant application, proposal, AI-generated summary, repository mirror, email attachment, printed copy, exported PDF, public-facing knowledge page, internal memo, public statement, or third-party copy shall be treated as the authoritative publication location unless expressly designated by competent record.

11.2 Official Repository.\
The Corporation shall maintain an official repository for the Bylaw and related governance instruments. The official repository shall serve as the authoritative record environment for storing, retrieving, authenticating, versioning, superseding, withdrawing, archiving, and preserving the governance records of the Corporation.

The official repository shall include, as applicable, the Bylaw register, adoption records, amendment records, restatement records, Board resolutions, member approvals where required, incorporator approvals where applicable, Secretary certifications, version-control records, supersession chains, withdrawal records, archive records, Gazette or notice-stream entries, localization schedules, controlled vocabulary records, governance policies, committee charters, delegation records, authority matrices, and other instruments that have legal, governance, public-facing, technical, public authority, finance-boundary, certification-boundary, procurement-boundary, data / AI / cyber, safeguards, or Nexus-interface consequence.

The official repository may contain public, controlled, internal, confidential, privileged, protected knowledge, cyber-sensitive, infrastructure-sensitive, public authority-sensitive, finance-sensitive, personal-information, or sealed record classes. Repository design shall preserve transparency where lawful and safe, confidentiality where required, and record integrity in all cases.

The repository shall not be used merely as document storage. It shall be used as a governance-control system that preserves validity-by-record, correctionability, legal identity, United States seat discipline, nonprofit character, public-benefit purpose, non-execution, public authority boundaries, finance boundaries, certification and procurement boundaries, GCRI / GRF / GRA role separation, Nexus public-good stack compatibility, data / AI / cyber controls, community safeguards, protected knowledge, and anti-capture discipline.

11.3 Repository Custodian.\
The Secretary shall serve as the default repository custodian unless the Board designates another officer, records custodian, governance function, legal function, compliance function, repository administrator, or institutional records office.

The repository custodian shall be responsible for maintaining repository integrity, metadata completeness, version discipline, access classification, certification linkage, supersession status, withdrawal marking, archival continuity, authenticity controls, notice linkage, retention status, secure disposal status, and escalation of any inconsistency, ambiguity, unauthorized modification, access breach, silent replacement, orphaned guidance, or parallel undisclosed governance text.

The repository custodian may administer technical repository functions directly or through delegated staff, contractors, secure service providers, or technical administrators, provided that such delegation does not transfer legal custody, governance authority, certification authority, public authority, finance authority, certification authority, procurement authority, or substantive interpretive authority beyond the delegated record-management function.

The repository custodian shall maintain sufficient records to show who deposited a record, who approved it, who modified it, who certified it, who accessed it where access logging is required, when it became effective, when it was superseded, when it was withdrawn, when it was archived, and what authority supports its status.

11.4 Repository Metadata.\
Each repository record shall include metadata sufficient to identify its title, document type, version identifier, status classification, adoption authority, adoption date, effective date, issue date where different, repository date, custodian, owner, responsible officer, access class, publication class, confidentiality class, retention class, review cycle, supersession relationship, withdrawal status, archive status, public-safe status, localization scope, translation status, hash or integrity reference where used, certification linkage, Gazette or notice linkage, and any limitation on reliance.

Repository metadata shall be treated as governance-significant. Metadata shall not be altered in a manner that changes legal meaning, operative status, access rights, public meaning, effective date, version identity, supersession status, withdrawal status, archive status, or reliance status without proper authority and record.

Where metadata conflicts with the adopted text, adoption record, certification record, Board resolution, member approval where required, or applicable law, the superior record shall control, and the metadata shall be corrected. Where uncertainty remains, the matter shall be escalated for Secretary review, legal review where required, and Board clarification where material.

Metadata shall distinguish between current in-force text, superseded text, withdrawn text, archived text, draft text, redline text, translated text, summarized text, public-safe text, controlled text, local implementation text, and non-operative explanatory materials.

11.5 Operative Version.\
The operative version of this Bylaw shall be the version that has been duly adopted by the competent authority, certified or otherwise recorded as adopted, entered into the Bylaw register or equivalent official repository, assigned an effective date, and not superseded, withdrawn, expired, suspended, or replaced by a later duly adopted version.

The operative version shall control over drafts, redlines, summaries, translations, public explainers, slide decks, AI-generated summaries, public-facing website text, internal memoranda, emails, repository mirrors, unofficial copies, outdated exported copies, and derivative communications.

Where different copies appear to be operative, the Corporation shall determine the operative version by reference to the adoption record, effective-date record, certification record, Bylaw register, repository metadata, supersession chain, and applicable law. Where uncertainty cannot be resolved immediately, the most restrictive lawful interpretation shall apply pending Board or competent authority clarification.

No person shall represent a draft, proposed amendment, working copy, transition version, localization schedule, public-safe copy, controlled copy, or explanatory summary as the operative version unless the record expressly supports that status.

11.6 Adoption Record.\
The official repository shall preserve the adoption record for this Bylaw and for each amendment, restatement, repeal, replacement, or constitutional change. The adoption record shall identify the adopting authority, approval method, date of adoption, effective date, text approved, quorum and voting record where applicable, member approval where required, incorporator approval where applicable, certification record, repository entry, and any conditions to entry into force.

The adoption record shall be sufficient to prove that the relevant text became legally and institutionally operative through competent action, not through circulation, publication, informal approval, sponsor support, provider contribution, public authority participation, technical authorship, operational use, repository upload, website posting, or Nexus reference.

An adoption record may include Board minutes, written consents, resolutions, member approvals, incorporator actions, Secretary certifications, legal opinions, tax memoranda, repository records, signed copies, version-control records, and Gazette or notice-stream entries.

Where an adoption record is incomplete, ambiguous, internally inconsistent, or materially inconsistent with the text circulated or published, the matter shall be escalated for correction, ratification, restatement, withdrawal, or clarification by competent authority.

11.7 Amendment Record.\
The Corporation shall maintain an amendment record for each amendment to this Bylaw or related governance instrument. The amendment record shall identify the prior text, amended text, affected sections, change classification, adopting authority, approval date, effective date, reason for amendment, required approvals, legal or tax review where applicable, public authority review where applicable, data / AI / cyber review where applicable, safeguards review where applicable, notice issued, transition rule, and supersession effect.

No amendment shall become effective merely because it has been drafted, proposed, circulated, negotiated, uploaded, redlined, approved by counsel as to form, discussed by a committee, requested by a sponsor, requested by a provider, requested by a public authority participant, incorporated into a presentation, posted on a website, or reflected in an AI-generated summary.

Amendment records shall preserve the Corporation’s ability to determine which version governed at any point in time. They shall also preserve accountability for changes affecting legal identity, nonprofit status, public-benefit purpose, non-execution, role separation, public authority boundaries, finance boundaries, certification and procurement boundaries, controlled vocabulary, data / AI / cyber controls, safeguards, public-safe claims, and Nexus public-good stack compatibility.

Amendment records shall be entered into the official repository and linked to the Bylaw register, supersession chain, certification record, and Gazette or notice-stream entry where applicable.

11.8 Supersession Record.\
The Corporation shall maintain a supersession record for each version of this Bylaw and each related governance instrument that is superseded in whole or in part. The supersession record shall identify the superseded instrument, superseding instrument, authority for supersession, effective date, scope of supersession, continuing effect if any, transition rule, archival status, public-safe status, and notice requirements.

A supersession record shall distinguish between full replacement, partial replacement, temporary replacement, emergency replacement, localization-specific replacement, controlled-access replacement, public-safe replacement, and restatement-based replacement.

No supersession shall occur silently. A later file, revised webpage, repository commit, new PDF, GitBook update, AI-generated rewrite, slide deck, internal memo, operating practice, program note, funding agreement, sponsor agreement, provider agreement, or public authority communication shall not supersede the Bylaw unless the supersession is authorized and recorded by competent authority.

Where superseded text remains relevant for prior acts, contracts, public authority interfaces, grant obligations, tax records, restricted funds, data rights, AI records, software releases, public-safe publications, protected knowledge restrictions, or dispute resolution, the supersession record shall preserve that continuing historical relevance.

11.9 State and Territorial Localization Record.\
The official repository shall maintain records of each state, District of Columbia, territorial, insular, or local localization schedule, annex, note, protocol, public authority interface term, registration record, qualification record, solicitation record, tax record, employment record, data rule, public records rule, procurement integrity rule, lobbying rule, government ethics rule, or public-safe notice issued for a particular United States jurisdiction.

Each state and territorial localization record shall identify the jurisdiction, legal basis, operating context, responsible custodian, affected Bylaw provisions, implementation rule, divergence note, equivalence note, approval authority, effective date, review cycle, public or controlled notice status, and any limitation on use.

Localization records shall preserve unified governance while permitting lawful local implementation. No state or territorial localization record shall be used to fragment legal identity, create separate governance authority, weaken mission lock, override non-execution, create public authority status, create finance-readiness authority, create certification authority, create procurement authority, prefer providers, permit sponsor control, weaken data / AI / cyber controls, weaken safeguards, or displace the Corporation’s United States corporate-law anchor for internal corporate acts.

Where a state or territorial localization record appears inconsistent with the Bylaw, applicable law, the Certificate or Articles of Incorporation, tax-exempt or nonprofit obligations, or Nexus role-separation discipline, the record shall be escalated, restricted, corrected, superseded, or withdrawn.

11.10 North America Interface Record.\
The official repository shall maintain North America interface records for cross-border evidence, methods, observability, ontology, technical baseline, public-good software, public authority learning, safeguards, correction, publication, and Nexus public-good stack compatibility activities involving GCRI Canada, Mexico-facing interfaces, Caribbean interfaces, Arctic interfaces, Great Lakes interfaces, Pacific interfaces, Atlantic interfaces, Gulf interfaces, border-region interfaces, Indigenous cross-border interfaces, regional Nexus interfaces, or other North America-facing structures.

Each North America interface record shall identify the actors involved, jurisdictional scope, legal basis, public authority capacity status, data transfer posture, AI-use posture, cyber posture, publication posture, safeguards posture, protected knowledge status, role-separation status, compatibility note, divergence log, responsible custodian, effective date, review cycle, and correction pathway.

A North America interface record shall not create foreign legal merger, branch status, parent-subsidiary status, alter ego status, agency, partnership, joint venture, single employer status, joint employer status, shared treasury, shared liability, treaty authority, intergovernmental authority, regional regulator authority, public warning authority, emergency command authority, public finance authority, procurement authority, certification authority, recognition authority, finance-readiness authority, protocol authority, provider preference, sponsor control, or enterprise execution authority.

Where North America coordination requires a separate legal instrument, such instrument shall be recorded, reviewed, classified, and implemented subject to this Bylaw and applicable law.

11.11 Access and Publication Status.\
Each repository record shall be assigned an access and publication status. Access and publication status may include public, public-safe, controlled public, internal, Board-only, officer-only, committee-only, participant-restricted, data-room, clean-room, controlled-room, no-download room, public authority-restricted, privileged, confidential, cyber-sensitive, infrastructure-sensitive, finance-sensitive, commercially sensitive, personal-information-restricted, research-restricted, protected-knowledge-restricted, Tribal or Indigenous protocol-restricted, sealed, archived, withdrawn, or legally held.

Publication status shall be determined by legal requirements, governance needs, public-benefit purpose, public-safe publication rules, confidentiality obligations, privilege, privacy, data protection, cybersecurity, infrastructure protection, public authority confidentiality, competition law, research integrity, sponsor and provider confidentiality, community safeguards, Indigenous knowledge respect, protected knowledge obligations, sanctions, export-control, controlled technology, and public safety.

Public access shall not be used where publication would create harm, confusion, protected knowledge exposure, cybersecurity risk, infrastructure risk, privacy harm, public authority confusion, finance-overclaim, certification-overclaim, procurement-overclaim, sponsor benefit, provider preference, or unlawful disclosure.

Controlled or restricted access shall not be used to hide constitutional governance, sponsor control, provider influence, public authority delegation, finance-readiness authority, certification authority, procurement authority, recognition authority, enterprise execution, or other governance meaning that must be recorded and visible to competent oversight.

11.12 Gazette or Gazette-Equivalent Notice Stream.\
The Corporation may maintain a Gazette, governance notice stream, authoritative notice page, internal notice register, controlled notice system, repository notice channel, public-safe governance feed, or equivalent mechanism for publishing or recording notices of governance-significant acts.

The Gazette or Gazette-equivalent notice stream shall serve as a notice layer, not as a substitute for lawful adoption, amendment, certification, repository deposit, or Board approval. A Gazette entry may evidence that notice has been issued, but it shall not create legal authority unless supported by the underlying competent record.

The Gazette or notice stream may include notices of adoption, amendment, repeal, restatement, correction, supersession, withdrawal, appointment, resignation, removal, delegation, revocation, suspension, reinstatement, dissolution, repository migration, public-safe publication, controlled publication, public authority interface update, localization schedule, North America interface update, or other governance-significant act.

Gazette entries shall be versioned, dated, status-marked, access-classified, linked to repository records, and preserved with sufficient metadata to support validity-by-record and correctionability.

11.13 Notices of Adoption, Amendment, Repeal, Restatement, Correction, Supersession, Withdrawal, Appointment, Delegation, Suspension, Revocation, Dissolution, and Other Governance-Significant Acts.\
The Corporation shall issue notices of governance-significant acts where required by applicable law, the Certificate or Articles of Incorporation, this Bylaw, Board resolution, member approval where applicable, contract, grant, donor restriction, public authority protocol, repository policy, data / AI / cyber policy, safeguards policy, or public-safe publication policy.

Governance-significant acts may include adoption of the Bylaw; amendment, repeal, restatement, supersession, withdrawal, correction, or archival of the Bylaw; appointment, resignation, removal, or suspension of directors or officers; creation, amendment, suspension, or dissolution of committees or councils; delegation or revocation of authority; entry into or withdrawal from a material Nexus interface; adoption of a major policy; change of official repository; change of legal name; change of registered office, registered agent, or governance seat; dissolution; merger; conversion; sale or transfer of substantial assets; or other structural action.

Each notice shall state, with appropriate public-safe limitation, the act taken, authority relied upon, effective date, repository location or reference, status of prior text or authority, responsible custodian, and any transition, limitation, or correction pathway.

No notice shall overstate authority, imply public authority approval, imply finance-readiness, imply certification, imply procurement approval, imply recognition, imply provider preference, imply sponsor control, or disclose information that must remain confidential, privileged, protected, cyber-sensitive, infrastructure-sensitive, personal, public authority-sensitive, or safeguards-restricted.

11.14 Public Notice, Controlled Notice, Internal Notice, State-Specific Notice, Territorial Notice, Tribal-Interface Notice, and Cross-Border Notice.\
The Corporation may issue different classes of notice depending on the nature of the act, legal requirement, audience, sensitivity, public-benefit value, reliance risk, public authority context, jurisdictional relevance, safeguards implications, and public-safe publication classification.

Public notice may be used for governance acts suitable for broad publication. Controlled notice may be used where notice is required or appropriate but must be limited to directors, officers, members, participants, public authority participants, sponsors, donors, funders, providers, hosts, contractors, counsel, auditors, regulators, affected communities, Tribal or Indigenous interfaces, or other defined recipients. Internal notice may be used for internal governance and operational actions.

State-specific, territorial, Tribal-interface, local, or cross-border notices shall be used where the governance act affects a particular jurisdiction, public authority interface, community protocol, protected knowledge condition, cross-border arrangement, or North America interface.

Notice shall be proportionate, accurate, non-misleading, public-safe, and record-supported. Where an incorrect or misleading notice is issued, the Corporation shall correct, clarify, supersede, withdraw, or supplement the notice and preserve the correction record.

11.15 Authenticity Controls.\
The Corporation shall maintain authenticity controls sufficient to identify authoritative records, prevent unauthorized alteration, detect tampering, preserve chain of custody, distinguish official records from unofficial copies, and support reliance on the official repository.

Authenticity controls may include Secretary certification, authorized signatures, electronic signatures, repository permissions, access logs, version locks, audit trails, hash or integrity references, tamper-evident storage, document-control numbers, repository metadata, secure backups, retention controls, and verification procedures.

No record shall be treated as authentic solely because it appears on a familiar platform, bears a familiar file name, includes a logo, appears in a repository, is attached to an email, is generated by an AI system, is printed on letterhead, is referenced in a slide deck, or is circulated by a person with institutional status.

Where authenticity is disputed, the Corporation shall rely on the adoption record, certification record, repository audit trail, signature record, hash or integrity reference where used, custodian certification, and Board or Secretary clarification. The disputed record shall be restricted, quarantined, corrected, or withdrawn pending resolution where necessary.

11.16 Signature Controls.\
The Corporation shall maintain signature controls for governance records requiring signature, certification, consent, approval, acknowledgment, delegation, authority, contract execution, or notice.

Signature controls shall identify who may sign, what authority supports the signature, whether the signature is physical or electronic, whether counter-signature is required, whether Board or member approval is required, whether Secretary certification is required, whether legal or tax review is required, and whether the signed instrument must be entered into the official repository.

No person shall sign, certify, approve, acknowledge, issue, or publish a record on behalf of the Corporation unless authorized by applicable law, the Certificate or Articles of Incorporation, this Bylaw, Board resolution, delegation matrix, authority matrix, officer appointment, policy, or written authorization.

A signature shall not expand the signer’s authority beyond the recorded authority. An unauthorized signature shall be subject to review, correction, withdrawal, ratification where lawful, disciplinary action, access restriction, contract remedy, public-safe clarification, or legal response.

11.17 Hash, Integrity, or Tamper-Evident Reference Where Used.\
The Corporation may use hash references, integrity references, timestamps, digital certificates, repository signatures, artifact signatures, tamper-evident logs, ledger references, notarization, secure audit trails, or equivalent integrity mechanisms to support verification of Bylaw versions, governance records, public-good software releases, technical baselines, datasets, public-safe reports, proof receipts, and other record-sensitive materials.

Integrity mechanisms shall support authenticity, traceability, and non-repudiation. They shall not create legal adoption, public authority approval, finance-readiness, certification, recognition, procurement approval, provider preference, sponsor control, or governance authority unless the underlying competent governance record supports that exact status.

A hash, ledger entry, proof receipt, role key, smart license, repository commit, API response, signature artifact, or tamper-evident reference shall not substitute for Board approval, member approval where required, Secretary certification, adoption record, legal authority, or effective-date control.

Where an integrity reference conflicts with the official repository record, adoption record, or certification record, the matter shall be escalated, investigated, and corrected. The affected record may be restricted, quarantined, withdrawn, reissued, or superseded pending resolution.

11.18 Repository Failure, Recovery, Continuity, and Migration.\
The Corporation shall maintain procedures for repository failure, loss, compromise, access outage, cyber incident, data corruption, unauthorized alteration, accidental deletion, platform termination, vendor failure, credential loss, repository migration, archival migration, or other event affecting repository continuity.

Repository continuity procedures shall include secure backups, access continuity, emergency custodianship, recovery priorities, integrity checks, incident logs, role-based access restoration, legal hold preservation, privileged record protection, protected knowledge protection, public authority-sensitive record protection, cyber-sensitive record protection, and post-incident correction.

Repository migration shall be recorded. Migration records shall identify the source repository, destination repository, migration authority, records migrated, records excluded, integrity verification, access classification, metadata preservation, supersession continuity, archive continuity, public notice or controlled notice where needed, and responsible custodian.

No repository failure, migration, platform change, public website redesign, GitBook restructuring, AI-assisted document conversion, or archive consolidation shall alter legal effect, operative text, adoption status, effective date, supersession chain, access restriction, confidentiality status, protected knowledge restriction, or public-safe limitation.

11.19 No Authority From Unofficial Copies, Summaries, Slides, Translations, Redlines, Extracts, Public Explainers, AI Summaries, or Derivative Communications.\
No unofficial copy, summary, slide, translation, redline, extract, public explainer, AI summary, chatbot output, meeting note, email, social media post, website snippet, grant narrative, proposal, fundraising deck, public statement, training material, public-safe summary, technical note, repository mirror, exported PDF, or derivative communication shall have authority to adopt, amend, repeal, supersede, withdraw, restate, interpret, narrow, expand, suspend, or override this Bylaw.

Such materials may assist with education, public legibility, internal implementation, translation, accessibility, drafting, review, consultation, or publication only if they are clearly subordinate to the authoritative text and do not create reliance inconsistent with the operative Bylaw.

No derivative communication shall soften non-execution, imply public authority status, imply public warning authority, imply emergency command authority, imply finance-readiness, imply certification, imply procurement approval, imply recognition, imply provider preference, imply sponsor control, imply tax status not supported by records, or obscure GCRI / GRF / GRA role separation.

Where any unofficial or derivative material conflicts with the operative Bylaw, the operative Bylaw shall control. The Corporation shall correct, withdraw, supersede, relabel, restrict, archive, or publicly clarify the derivative material where needed.

11.20 Repository, Gazette, and Notice Records.\
The Corporation shall maintain records sufficient to prove the authoritative text, repository status, Gazette or notice-stream status, publication status, access status, authenticity, signature authority, integrity reference, repository continuity, notice issuance, correction history, and non-authoritative status of derivative materials.

Such records shall include, as applicable:

a) authoritative publication location records;

b) official repository designation records;

c) repository custodian appointment and delegation records;

d) repository metadata records;

e) operative-version records;

f) adoption records;

g) amendment records;

h) supersession records;

i) state, District of Columbia, territorial, insular, local, and jurisdictional localization records;

j) Tribal, Indigenous, community, protected knowledge, and safeguards interface records;

k) North America interface records;

l) access and publication status records;

m) Gazette or Gazette-equivalent notice-stream records;

n) notices of adoption, amendment, repeal, restatement, correction, supersession, withdrawal, appointment, delegation, suspension, revocation, dissolution, and other governance-significant acts;

o) public, controlled, internal, state-specific, territorial, Tribal-interface, and cross-border notice records;

p) authenticity-control records;

q) signature-control records;

r) hash, integrity, timestamp, tamper-evident, repository-signature, artifact-signature, or verification records where used;

s) repository failure, incident, recovery, continuity, backup, and migration records;

t) unauthorized-copy, unofficial-copy, derivative-communication, AI-summary, translation, redline, extract, public-explainer, and public-safe-summary control records;

u) correction, clarification, takedown, withdrawal, supersession, archival, and public-safe notice records;

v) access logs, audit trails, legal holds, privilege logs, confidentiality controls, protected knowledge restrictions, and secure disposal records where applicable; and

w) responsible owner, custodian, review date, retention class, access class, publication class, and archive metadata.

The governing rule of this Section is that the Corporation shall speak through authoritative records, not through uncontrolled copies; through repository discipline, not document drift; through competent notice, not informal circulation; through verified authenticity, not assumption; and through public-safe correction, not silent revision. The official repository, Gazette or notice stream, metadata system, signature controls, authenticity controls, and access classifications shall preserve the Corporation’s legal identity, United States seat, nonprofit character, public-benefit purpose, North America anchor boundaries, non-execution perimeter, GCRI / GRF / GRA role separation, public-good stack compatibility, public authority boundaries, finance boundaries, certification and procurement boundaries, data / AI / cyber controls, community safeguards, protected knowledge discipline, validity-by-record, and correctionability.

## Section 12. Scope of Application

12.1 Application to the Corporation.\
This Bylaw shall apply to The Global Centre for Risk and Innovation - United States in its full legal, governance, operational, programmatic, technical, public-benefit, repository, publication, participation, public authority interface, United States all-states-and-territories, North America anchor, and Nexus public-good stack capacities.

The Corporation shall not divide, compartmentalize, externalize, delegate, label, localize, brand, platform, program, convene, fund, host, publish, digitize, automate, or technically integrate any activity in a manner that avoids, narrows, suspends, weakens, or bypasses this Bylaw. The Bylaw shall apply whether the Corporation acts through its Board, officers, committees, councils, staff, contractors, fellows, advisors, volunteers, contributors, repositories, digital systems, public materials, controlled rooms, public authority learning environments, state interfaces, territorial interfaces, Tribal interfaces, local interfaces, North America interfaces, or Nexus-compatible interfaces.

This Bylaw shall govern the Corporation’s internal corporate affairs and institutional conduct subject to applicable law, the Certificate or Articles of Incorporation, and any mandatory superior legal requirement. No program title, public-facing label, project name, repository name, grant name, sponsor label, public authority room, controlled room, Nexus reference, state localization, territorial localization, Tribal-interface protocol, or North America coordination instrument shall create an exemption from this Bylaw unless a competent legal record expressly provides otherwise and such exemption is lawful.

The Corporation’s public-benefit character, nonprofit character, non-distribution rule, tax-exempt-compatible posture, public-good technical institution character, non-execution perimeter, public authority boundary, finance boundary, certification boundary, procurement neutrality, provider neutrality, sponsor non-control, GCRI / GRF / GRA role separation, validity-by-record, correctionability, and public-safe claims discipline shall apply across the Corporation in all contexts.

12.2 Application to the Board.\
This Bylaw shall apply to the Board of Directors collectively and to all Board acts, deliberations, meetings, written consents, resolutions, reserved matters, committee delegations, officer appointments, governance instruments, budgets, strategies, policies, risk oversight, public authority interface approvals, support acceptance decisions, Nexus interface decisions, and corporate-status determinations.

The Board shall exercise its authority only within applicable law, the Certificate or Articles of Incorporation, this Bylaw, adopted policies, valid resolutions, and competent records. The Board shall not create, tolerate, ratify, or preserve any governance practice inconsistent with this Bylaw, except through lawful amendment, correction, supersession, withdrawal, or recorded transition where permitted.

The Board shall ensure that all Board decisions affecting legal identity, public-benefit purpose, nonprofit status, tax status, all-states-and-territories posture, North America anchor role, public-good technical assets, data / AI / cyber controls, public authority interfaces, finance-boundary materials, certification-boundary materials, procurement-boundary matters, public-safe publications, community safeguards, protected knowledge, sponsor relationships, provider relationships, or Nexus role separation are supported by decision-grade records.

No Board practice, custom, repeated tolerance, informal consensus, chair direction, founder preference, officer recommendation, sponsor expectation, provider request, public authority familiarity, funding pressure, technical urgency, or Nexus coordination need shall displace the text of this Bylaw.

12.3 Application to Directors.\
This Bylaw shall apply to every director of the Corporation, whether elected, appointed, initial, transitional, renewed, holdover, independent, affiliated, dual-role, committee-serving, officer-serving, public authority-experienced, academic, technical, community-facing, sponsor-connected, provider-connected, or otherwise.

Each director shall comply with this Bylaw when acting as a director, participating in Board or committee deliberations, reviewing confidential or controlled materials, approving strategy, approving budgets, approving policies, approving public materials, approving support arrangements, approving public authority interfaces, approving Nexus interface arrangements, overseeing officers, participating in public events, or making any statement that may reasonably be attributed to Board authority.

A director shall not use title, seniority, authorship, technical centrality, public authority contacts, sponsor relationships, provider relationships, public visibility, Nexus familiarity, committee membership, repository access, controlled-room access, or personal reputation to create apparent authority beyond the director’s lawful Board role.

Directors with dual roles in GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus entities, public authorities, universities, laboratories, sponsors, providers, hosts, funders, national companies, Project SPVs, or enterprise actors shall observe role clarity, conflict disclosure, recusal, confidentiality, public description, and separateness requirements.

12.4 Application to Officers.\
This Bylaw shall apply to all officers of the Corporation, including statutory officers, principal officers, executive officers, appointed functional officers, acting officers, interim officers, delegated officers, and any other person holding recorded officer authority.

Officers shall act only within their lawful appointment, written role description, Board-approved authority, delegation matrix, signature authority, spending authority, contracting authority, publication authority, data access authority, AI-use authority, controlled-room authority, and applicable policy authority. No officer shall treat operational responsibility as constitutional authority or management convenience as permission to override the Bylaw.

Officer authority shall be bounded by public-benefit purpose, nonprofit character, tax-exempt-compatible posture, non-execution, GCRI / GRF / GRA role separation, public-good stack and enterprise stack separation, public authority boundaries, finance boundaries, certification and procurement boundaries, provider neutrality, sponsor non-control, data / AI / cyber controls, research integrity, public-safe publication rules, community safeguards, protected knowledge duties, validity-by-record, and correctionability.

No officer shall bind the Corporation, approve a public representation, authorize a public authority reference, accept support, admit a participant, release a technical asset, approve a publication, grant repository access, approve AI use, open a controlled room, sign a contract, or create a Nexus interface unless the officer has recorded authority and the act satisfies applicable review requirements.

12.5 Application to Committees.\
This Bylaw shall apply to every committee of the Corporation, including standing committees, special committees, executive committees where created, governance committees, finance committees, audit committees, risk committees, evidence committees, methods committees, observability committees, ontology committees, research integrity committees, data / AI / cyber committees, safeguards committees, public authority learning committees, publication committees, technical asset committees, and any committee formed by Board resolution or lawful delegation.

Committees shall act only within their adopted charters, delegated authority, reporting lines, quorum rules, voting rules, confidentiality classifications, conflict controls, public authority boundary classifications, finance-boundary classifications, certification-boundary classifications, procurement-boundary classifications, data / AI / cyber classifications, safeguards classifications, and records requirements.

No committee shall amend this Bylaw, override Board reserved matters, alter mission lock, weaken non-execution, create public authority status, create finance-readiness authority, create certification authority, create procurement authority, confer recognition, select providers for public authorities, approve public finance, issue official warnings, exercise emergency command, or convert advisory or technical review into legal authority unless separately and lawfully authorized by competent record and within the Corporation’s permitted role.

Committee recommendations shall remain recommendations unless adopted by competent authority. Committee records shall identify whether an output is advisory, recommended, delegated, adopted, rejected, superseded, withdrawn, corrected, or archived.

12.6 Application to Leadership Council, Helix Councils, Advisory Councils, Scientific Panels, Public Authority Forums, Working Groups, Expert Panels, Fellows, Advisors, Competence Cells, and Program Bodies.\
This Bylaw shall apply to every Leadership Council, Helix Council, advisory council, scientific council, technical advisory body, public authority forum, safeguards forum, community forum, Tribal or Indigenous interface forum, working group, drafting group, expert panel, peer-review panel, model-review panel, red-team panel, fellow cohort, advisor network, Nexus Competence Cell, program steering group, lab group, challenge group, Academy group, and other non-Board body formed, hosted, recognized, convened, supported, or relied upon by the Corporation.

Such bodies shall be non-statutory, advisory, technical, learning, participation, review, drafting, or capability-formation bodies unless expressly constituted otherwise by competent legal record. Participation in such bodies shall not create director status, officer status, employee status, fiduciary duty, public authority status, membership rights, voting rights, governance control, authority to bind the Corporation, or authority to bind any other Nexus entity.

No such body shall confer recognition, maturity, standing, Docket approval, Grid status, Nexus-compatible status, finance-readiness, insurance-readiness, bankability, investability, certification, accreditation, procurement approval, provider preference, public authority approval, public warning, emergency command, public finance approval, legal compliance approval, or regulated professional opinion by participation, recommendation, vote, consensus, report, dashboard, proof receipt, technical finding, or public statement.

All such bodies shall follow applicable chartering, participant screening, confidentiality, conflict, data / AI / cyber, competition, public authority, finance-boundary, certification-boundary, procurement-boundary, public-safe publication, safeguards, protected knowledge, records, correction, supersession, withdrawal, and closeout requirements.

12.7 Application to Members, Non-Voting Members, Supporters, Subscribers, Participants, Delegates, Observers, Contributors, Contractors, Employees, Volunteers, Seconded Personnel, and Maintainers.\
This Bylaw shall apply to all statutory members where any are created, voting members where any are created, non-voting members, supporters, subscribers, institutional participants, individual participants, public authority participants, delegates, observers, fellows, advisors, contributors, technical contributors, developers, maintainers, open-source participants, contractors, consultants, employees, volunteers, seconded personnel, visiting researchers, students, trainers, speakers, authors, reviewers, and other persons admitted to, engaged by, contributing to, or participating in the Corporation.

Such persons shall comply with applicable law, this Bylaw, participation terms, engagement agreements, confidentiality obligations, IP terms, data terms, AI-use terms, cybersecurity rules, repository rules, controlled-room rules, public authority protocols, public-safe claims rules, competition rules, conflict disclosure rules, community safeguards, protected knowledge restrictions, and correction duties.

No person shall acquire governance authority, fiduciary authority, voting rights, membership rights, public representation authority, public authority status, finance-readiness authority, recognition authority, certification authority, procurement authority, provider preference, access rights, data rights, IP rights, publication rights, or authority to bind the Corporation merely by donation, sponsorship, subscription, attendance, authorship, contribution, employment, contract, fellowship, advisory title, repository access, controlled-room access, technical centrality, public authority status, or Nexus participation.

Each person subject to this Bylaw shall use the Corporation’s name, marks, reports, datasets, software, technical baselines, dashboards, public-good assets, proof receipts, publications, controlled vocabulary, and Nexus-compatible references only as authorized and recorded.

12.8 Application to Programs, Platforms, Evidence Systems, Observability Environments, Technical Repositories, Software Assets, Data Rooms, Controlled Rooms, Clean Rooms, Dashboards, Maps, Publications, Public Materials, and Digital Surfaces.\
This Bylaw shall apply to every program, platform, evidence system, observability environment, repository, software asset, dataset, model register, inference record, compute workload record, method library, ontology library, schema, API, SDK, dashboard, map, report, whitepaper, publication, technical baseline, reference architecture, test harness, benchmark library, model card, system card, dataset card, proof receipt, public-good software release, website, GitBook page, knowledge base, public-facing page, social channel, media material, grant material, sponsorship material, proposal, data room, clean room, controlled room, evidence room, public authority room, capital-reader-adjacent room, no-download room, and other digital or physical surface maintained, used, published, or controlled by the Corporation.

No technical system, repository permission, dashboard configuration, AI workflow, digital twin, DePIN record, blockchain or ledger entry, AI-RAN signal, O-RAN signal, sensor signal, model output, proof receipt, smart license, role key, API response, database entry, public-safe report, or automated indicator shall create governance authority, public authority status, official warning status, finance-readiness, certification, procurement approval, recognition, provider preference, public finance approval, or enterprise execution authority without competent legal and governance record.

Programs and platforms shall be operated under recorded scope, responsible owner, authority surface, access class, publication class, data classification, AI-use classification, cyber classification, public authority boundary classification, finance-boundary classification, certification-boundary classification, procurement-boundary classification, safeguards classification, public-safe status, review cycle, and correction pathway.

Public and digital surfaces shall not overstate the Corporation’s status, tax classification, authority, public authority relationship, North America anchor role, Nexus role, public-good function, recognition role, finance-readiness role, certification role, procurement role, provider status, sponsor relationship, technical findings, or public-safe conclusions.

12.9 Application to Federal, State, Territorial, Tribal, Local, Regional, North America, and Cross-Border Public Authority Interfaces.\
This Bylaw shall apply to every interface between the Corporation and any public authority, including federal, state, District of Columbia, territorial, insular, Tribal, Indigenous government, local, county, municipal, metropolitan, port, utility, public health, emergency management, public safety, public works, water, energy, food, telecommunications, cyber, infrastructure, regulator-listening, public finance reader, public university, public laboratory, cross-border, regional, North America, and international public-sector interface.

Public authority participation shall be capacity-classified and record-supported. The Corporation shall distinguish official-capacity participation, observer participation, regulator-listening participation, public finance reader participation, emergency-management participant participation, public infrastructure operator participation, data contributor participation, controlled-room participation, simulation participation, tabletop participation, after-action learning participation, and personal-capacity participation.

No public authority interface shall create public authority delegation, official adoption, government endorsement, sovereign obligation, public-private partnership, procurement approval, funding approval, grant approval, public finance approval, tax credit approval, regulatory approval, public warning, emergency command, incident command, compliance approval, certification, recognition, provider preference, or legal mandate unless a competent public authority and the Corporation separately and lawfully record that exact status within applicable law and within the Corporation’s permitted role.

All public authority references, names, seals, logos, titles, quotes, photographs, attendance descriptions, agency descriptions, meeting summaries, room materials, data contributions, and publication references shall be controlled, approved, and correctionable.

12.10 Application to Sponsors, Donors, Funders, Providers, Vendors, Hosts, Universities, Laboratories, Communities, Indigenous Knowledge Holders, Civil Society, Media, Public-Interest Groups, Enterprise Actors, and Partners.\
This Bylaw shall apply to every relationship, interface, contribution, support arrangement, participation arrangement, contract, MoU, data-sharing arrangement, research arrangement, technical contribution, public authority room, controlled room, public material, or Nexus-compatible activity involving sponsors, donors, funders, grantors, providers, vendors, contractors, hosts, universities, laboratories, communities, Tribal or Indigenous governments, Indigenous knowledge holders, local knowledge holders, territorial knowledge holders, civil society organizations, media participants, public-interest groups, enterprise actors, investors, insurers, lenders, underwriters, banks, public finance actors, capital readers, operators, integrators, national companies, Project SPVs, qualified enterprise providers, and partners.

Such relationships shall be structured to preserve nonprofit character, public-benefit purpose, anti-capture, sponsor non-control, donor non-control, funder non-control, provider neutrality, host non-control, academic independence, research integrity, public authority boundaries, finance boundaries, certification and procurement boundaries, data / AI / cyber controls, community safeguards, protected knowledge discipline, competition compliance, sanctions and export-control compliance, and correctionability.

No sponsor, donor, funder, provider, vendor, host, university, laboratory, public authority, community participant, media participant, investor, insurer, lender, national company, Project SPV, or enterprise actor shall obtain governance control, research outcome control, publication veto, evidence conclusion control, methods control, standards outcome control, recognition outcome, finance-readiness outcome, certification outcome, procurement advantage, public authority access, provider preference, confidential advantage, or public-good asset control by support, participation, contribution, funding, hosting, data contribution, software contribution, infrastructure contribution, or public visibility.

Where a relationship creates or may create conflict, private benefit, capture risk, public authority confusion, finance-overclaim, certification-overclaim, procurement-overclaim, data risk, AI risk, cyber risk, protected knowledge risk, competition risk, sanctions risk, export-control risk, or public-safe publication risk, the Corporation shall apply review, restriction, hold, quarantine, re-scoping, refusal, termination, correction, or disclosure as appropriate.

12.11 Application to All States and Territories Where GCRI US Operates or Represents Itself.\
This Bylaw shall apply in every state, the District of Columbia, Puerto Rico, Guam, the U.S. Virgin Islands, American Samoa, the Northern Mariana Islands, and any other United States territorial, insular, or jurisdictional context in which the Corporation operates, registers, qualifies, solicits, contracts, employs, convenes, publishes, accepts support, hosts programs, conducts research, maintains participants, interfaces with public authorities, releases public materials, maintains data, deploys software, supports observability methods, or represents itself.

State-specific, territorial-specific, District of Columbia-specific, Tribal-interface-specific, local, sectoral, or public authority-specific implementation may supplement this Bylaw where lawful and approved, but shall not fragment the Corporation’s legal identity, alter its internal corporate governance, weaken mission lock, soften non-execution, create public authority status, create finance-readiness authority, create certification authority, create procurement authority, prefer providers, permit sponsor control, weaken data / AI / cyber controls, weaken safeguards, or displace the United States legal seat discipline for internal corporate acts.

Where state or territorial law requires registration, qualification, charitable solicitation registration, tax filing, employment registration, professional review, public authority review, lobbying review, procurement integrity review, privacy review, data handling review, AI review, cybersecurity review, consumer protection review, or contract localization, the Corporation shall comply through recorded state or territorial localization without altering the Bylaw except through lawful amendment.

Where conflict exists between local implementation and this Bylaw, mandatory applicable law shall control, and the matter shall be escalated for legal review, Board clarification where material, correction, re-scoping, suspension, or withdrawal.

12.12 Application to Cross-Border Participation and North America Coordination.\
This Bylaw shall apply to the Corporation’s cross-border participation and North America coordination, including interfaces with GCRI Canada, Mexico-facing interfaces, Caribbean interfaces, Arctic interfaces, Great Lakes interfaces, Pacific interfaces, Atlantic interfaces, Gulf interfaces, border-region interfaces, Indigenous cross-border interfaces, regional Nexus interfaces, international research partners, foreign universities, foreign laboratories, foreign public authorities, foreign sponsors, foreign providers, and other cross-border participants.

Cross-border participation shall not create foreign legal merger, branch status, parent-subsidiary status, alter ego status, agency, partnership, joint venture, single employer status, joint employer status, shared treasury, shared liability, treaty authority, intergovernmental authority, regional regulator authority, public authority delegation, public finance authority, procurement authority, certification authority, recognition authority, finance-readiness authority, protocol authority, provider preference, sponsor control, or enterprise execution authority.

North America coordination shall be interpreted as public-good evidence, methods, observability, ontology, technical baseline, public-good software, public authority learning, safeguards, correction, interoperability, and public-safe publication coordination within the Corporation’s lawful bounded role.

Cross-border participation shall be subject to legal review, data protection review, AI-use review, cybersecurity review, sanctions review, export-control review, controlled-technology review, public authority review, tax review, charitable solicitation review, research ethics review, community safeguards review, Indigenous knowledge review, protected knowledge review, conflict-of-law review, and public-safe publication review where applicable.

12.13 No Exemption for Experimental, Advisory, Technical, Temporary, Cross-Border, State-Specific, Territorial, Tribal-Interface, Programmatic, Research, Controlled-Room, or Externally Facing Structures.\
No activity, body, relationship, output, record, surface, system, room, interface, or structure shall be exempt from this Bylaw merely because it is described as experimental, pilot, beta, advisory, technical, informal, temporary, transitional, emergency, cross-border, state-specific, territorial, local, Tribal-interface, community-facing, university-hosted, sponsor-supported, provider-supported, public authority-facing, programmatic, research-only, non-public, controlled-room, clean-room, data-room, evidence-room, public authority room, no-download room, internal, external, open-source, software-only, AI-assisted, dashboard-only, observability-only, DePIN-based, ledger-based, proof-receipt-based, Nexus-compatible, or public-good.

Experimental or pilot status shall increase, not reduce, the need for classification, scope control, limitation language, public-safe review, data / AI / cyber review, safeguards review, authority mapping, records, and correction pathways. Technical or advisory status shall not authorize legal or governance shortcuts. Temporary status shall not permit record gaps. Controlled access shall not permit hidden authority. Cross-border or local status shall not permit legal identity confusion.

No unofficial structure shall exercise corporate authority, public authority, finance-readiness authority, certification authority, procurement authority, recognition authority, emergency command, public warning, protocol authority, provider selection, sponsor control, or enterprise execution by implication, practice, urgency, technology, meeting design, participant expectation, or public narrative.

Any structure that cannot comply with this Bylaw shall be refused, held, quarantined, re-scoped, externalized, suspended, terminated, corrected, or referred to an appropriate lawful actor.

12.14 Scope Records.\
The Corporation shall maintain records sufficient to determine the application of this Bylaw to each material person, body, activity, program, platform, record, public material, technical asset, repository, room, public authority interface, state interface, territorial interface, Tribal interface, local interface, North America interface, sponsor relationship, provider relationship, host relationship, public-good support arrangement, Nexus interface, and cross-border arrangement.

Such records shall include, as applicable:

a) corporate scope records;

b) Board and director scope records;

c) officer appointment, authority, and delegation records;

d) committee, council, advisory body, working group, expert panel, fellow, advisor, competence cell, and program body charters;

e) membership, non-voting membership, supporter, subscriber, participant, delegate, observer, contributor, contractor, employee, volunteer, seconded personnel, developer, and maintainer records;

f) program, platform, evidence system, observability environment, repository, software asset, data room, controlled room, clean room, dashboard, map, publication, public material, website, GitBook, and digital-surface records;

g) public authority capacity records, public authority reference records, data contribution records, controlled-room records, and non-endorsement records;

h) sponsor, donor, funder, provider, vendor, host, university, laboratory, community, Indigenous knowledge, civil society, media, public-interest, enterprise actor, investor, insurer, lender, national company, Project SPV, and partner interface records;

i) all-states-and-territories localization records;

j) state, District of Columbia, territorial, insular, local, public authority-specific, and Tribal-interface records;

k) North America and cross-border interface records;

l) role-separation records with GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, National Consortium Companies, Project SPVs, qualified enterprise providers, sponsors, hosts, public authorities, universities, laboratories, and enterprise actors;

m) authority-surface records, access-class records, publication-class records, data / AI / cyber classification records, safeguards records, protected knowledge records, public-safe review records, competition records, sanctions records, export-control records, and regulated-perimeter review records;

n) non-execution, public authority boundary, finance boundary, certification boundary, procurement boundary, provider-neutrality, sponsor non-control, anti-capture, validity-by-record, and correctionability records; and

o) correction, clarification, restriction, hold, quarantine, re-scoping, refusal, suspension, termination, supersession, withdrawal, archival, and closeout records.

The governing rule of this Section is that the Bylaw follows the Corporation wherever the Corporation acts, speaks, records, convenes, publishes, receives support, builds technical assets, maintains data, permits access, interfaces with public authorities, coordinates across North America, or participates in the Nexus public-good stack. No actor, body, system, room, program, repository, jurisdictional interface, technical artifact, public material, funding arrangement, or Nexus reference shall sit outside the Corporation’s lawful governance perimeter. Scope shall be determined by record, controlled by authority, bounded by public benefit, protected by non-execution, and corrected where drift, overclaim, ambiguity, or misuse appears.

## Section 13. Precedence Hierarchy Among Governing Instruments

13.1 Mandatory Applicable Law.\
Mandatory applicable law shall have the highest precedence in the governance of the Corporation. This Bylaw, the Certificate or Articles of Incorporation, Board resolutions, member resolutions where applicable, committee charters, council mandates, policies, protocols, schedules, annexes, registers, matrices, controlled vocabularies, standards profiles, operating procedures, public summaries, technical notes, contracts, participation terms, repository records, public materials, and all other instruments of the Corporation shall be interpreted, applied, corrected, suspended, narrowed, superseded, withdrawn, or amended as necessary to comply with mandatory applicable law.

For purposes of this Bylaw, mandatory applicable law includes, as applicable, governing state nonprofit corporation law, United States federal law, federal tax law, state tax and franchise law, charitable solicitation law, state qualification and registration law, District of Columbia law, territorial law, Tribal law and Indigenous governance protocols where lawfully and respectfully engaged, local law, privacy law, data protection law, cybersecurity law, artificial-intelligence-related law, consumer protection law, health data law, children’s data law, research law, human-subjects law, civil rights law, accessibility law, employment law, contractor and volunteer law, sanctions law, export-control law, controlled-technology law, national-security-sensitive requirements, competition and antitrust law, lobbying law, political-activity law, government ethics law, gifts law, grant compliance law, procurement integrity law, public records law, open meetings or sunshine law where applicable to public authority interfaces, and any other binding law applicable to the Corporation or to a specific activity, jurisdiction, record, person, asset, publication, room, interface, or transaction.

Mandatory applicable law shall not be displaced by mission language, public-good purpose, Nexus alignment, public authority participation, sponsor support, donor expectation, provider contribution, technical necessity, software design, repository configuration, ledger entry, proof receipt, controlled vocabulary, standards profile, public statement, Board custom, officer practice, committee recommendation, council consensus, or historical usage.

Where mandatory applicable law requires a different result than this Bylaw, the Corporation shall comply with such law while preserving, to the fullest lawful extent, the Corporation’s nonprofit character, public-benefit purpose, non-distribution rule, public-good technical institution character, United States legal seat discipline, all-states-and-territories posture, North America anchor role within bounded authority, GCRI / GRF / GRA role separation, public-good stack and enterprise stack separation, non-execution perimeter, public authority boundary, finance boundary, certification boundary, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber controls, community safeguards, protected knowledge discipline, validity-by-record, and correctionability.

13.2 Certificate of Incorporation, Articles of Incorporation, Charter, or Constituting Instrument.\
Subject to mandatory applicable law, the Certificate of Incorporation, Articles of Incorporation, Charter, or other constituting instrument of the Corporation shall have precedence over this Bylaw and over all lower-order instruments of the Corporation with respect to matters of legal existence, legal name, corporate form, nonprofit or non-stock character, purposes, powers, limitations, registered office or registered agent where stated, member structure where stated, director requirements where stated, dissolution restrictions, asset dedication, and any other matter required or permitted by governing law to be placed in the constituting instrument.

This Bylaw shall be read as implementing, operationalizing, protecting, and giving governance effect to the constituting instrument, not as contradicting or enlarging it. No provision of this Bylaw shall be interpreted to authorize the Corporation to act outside its constituting instrument, to enlarge its purposes beyond lawful record, to weaken its nonprofit or non-distribution character, to permit private inurement, to confer public authority status, to create finance-readiness authority, to create certification authority, to create procurement authority, to convert the Corporation into an enterprise execution actor, or to collapse its separateness from GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus entities, consortiums, national companies, Project SPVs, qualified enterprise providers, sponsors, hosts, funders, public authorities, universities, laboratories, or enterprise actors.

Where this Bylaw is more protective, more specific, or more restrictive than the constituting instrument and is not inconsistent with mandatory applicable law or the constituting instrument, this Bylaw shall control as an internal governance rule. Where the constituting instrument is more restrictive, the constituting instrument shall control.

If any inconsistency arises between this Bylaw and the constituting instrument, the matter shall be escalated for legal review and Board action. Pending correction, the Corporation shall apply the narrower, more lawful, more protective interpretation that preserves the Corporation’s public-benefit mission, nonprofit character, non-execution perimeter, and legal separateness.

13.3 This Bylaw.\
Subject to mandatory applicable law and the constituting instrument, this Bylaw shall be the controlling internal governance instrument of the Corporation. It shall govern the Corporation’s legal-control layer, identity, United States seat discipline, all-states-and-territories operating posture, North America anchor role, public-benefit character, nonprofit and non-distribution restrictions, tax-exempt-compatible posture, public-good technical institution character, purposes, powers, prohibited functions, Board authority, officer authority, delegation system, committees, councils, membership or participation architecture, records discipline, controlled vocabulary, non-execution, public authority boundaries, finance boundaries, certification and procurement boundaries, data / AI / cyber controls, community safeguards, protected knowledge discipline, public-safe publication, validity-by-record, correctionability, and Nexus role separation.

This Bylaw shall have precedence over Board resolutions, member resolutions where applicable, committee charters, council charters, advisory mandates, policies, protocols, schedules, annexes, registers, matrices, standards profiles, controlled vocabularies, operating procedures, manuals, templates, forms, guidance, playbooks, training materials, public summaries, technical notes, public materials, repository pages, GitBook pages, website text, AI summaries, slide decks, fundraising decks, sponsorship decks, grant narratives, proposals, controlled-room instructions, data-room instructions, and any other lower-order instrument, except to the extent a superior legal instrument lawfully requires otherwise.

This Bylaw shall not be amended, waived, suspended, narrowed, expanded, superseded, localized, or reinterpreted by implication. No repeated practice, informal approval, officer action, committee action, council action, public authority participation, sponsor expectation, provider contribution, donor condition, funding agreement, contract term, software implementation, protocol design, repository configuration, proof receipt, ledger entry, public statement, or public-facing description shall override this Bylaw unless the competent authority lawfully adopts an amendment, restatement, correction, or supersession and records it.

Where an activity is permitted by a lower-order instrument but restricted or prohibited by this Bylaw, this Bylaw shall control. Where an activity is permitted by this Bylaw but restricted by mandatory applicable law or the constituting instrument, the superior restriction shall control.

13.4 Board Resolutions of Constitutional or Structural Effect.\
Board resolutions of constitutional or structural effect shall have precedence over lower-order instruments, provided that they are adopted by the Board within its lawful authority, consistent with mandatory applicable law, consistent with the constituting instrument, and consistent with this Bylaw.

A Board resolution of constitutional or structural effect may include resolutions concerning adoption, amendment, restatement, or repeal of this Bylaw; approval of major policies; reserved matters; officer appointments; delegations; committee creation; approval of major Nexus interface instruments; approval of major support arrangements; approval of public authority protocols; approval of data / AI / cyber policies; approval of safeguards policies; repository designation; Gazette or notice-stream designation; state or territorial localization; North America interface arrangements; dissolution or wind-up matters; or any other matter designated as structurally material by this Bylaw or by Board action.

A Board resolution shall not override this Bylaw unless it is itself an authorized bylaw amendment, restatement, correction, or supersession adopted in accordance with applicable law and this Bylaw. A Board resolution that appears inconsistent with this Bylaw shall be interpreted, where possible, as subordinate, implementing, temporary, transitional, or corrective rather than as overriding the Bylaw.

Where a Board resolution of constitutional or structural effect conflicts with a lower-order instrument, the Board resolution shall control. Where a Board resolution conflicts with this Bylaw, the constituting instrument, or mandatory applicable law, the superior instrument shall control and the conflict shall be escalated for correction.

13.5 Member Resolutions Where Applicable.\
Where the Corporation has members with statutory or governance rights, and where applicable law, the constituting instrument, or this Bylaw requires member approval for a matter, a duly adopted member resolution within the lawful scope of member authority shall have the precedence assigned to it by law, the constituting instrument, and this Bylaw.

Member resolutions may control matters reserved to members by law or governing instrument, including matters such as election or removal of directors, amendment of constituting instruments, approval of fundamental changes, approval of certain bylaw amendments, dissolution, merger, sale of substantially all assets, or other matters where member approval is required. Member authority shall not be implied from participation, donation, sponsorship, subscription, attendance, public authority status, technical contribution, advisory role, or supporter status.

No member resolution shall authorize private inurement, impermissible private benefit, unlawful distribution, public authority status, regulated financial activity, certification authority, procurement authority, emergency command, public warning authority, provider preference, sponsor control, donor control, funder control, public authority confusion, collapse of GCRI / GRF / GRA role separation, or enterprise execution outside the Corporation’s lawful purposes and restrictions.

Where a member resolution conflicts with mandatory applicable law or the constituting instrument, the superior law or instrument shall control. Where a member resolution conflicts with this Bylaw on a matter not lawfully reserved to members or not lawfully approved through the required process, this Bylaw shall control pending correction, clarification, ratification, or amendment.

13.6 Committee Charters and Terms of Reference.\
Committee charters and terms of reference shall be subordinate to mandatory applicable law, the constituting instrument, this Bylaw, Board resolutions of constitutional or structural effect, and member resolutions where applicable and superior. A committee charter may define the purpose, authority, membership, quorum, voting rules, reporting obligations, records duties, confidentiality requirements, conflict controls, data / AI / cyber requirements, public authority boundary controls, finance-boundary controls, certification-boundary controls, procurement-boundary controls, safeguards duties, review cycle, and sunset date of a committee, but it shall not create authority beyond the Board’s lawful delegation.

No committee charter or term of reference shall permit a committee to amend this Bylaw, alter mission lock, weaken public-benefit purpose, weaken nonprofit or non-distribution character, soften non-execution, create public authority status, confer recognition, determine finance-readiness, certify, accredit, approve procurement, select vendors for public authorities, issue official public warnings, exercise emergency command, approve public finance, provide regulated professional advice, or convert the Corporation into a national company, Project SPV, provider, operator, fund, lender, insurer, broker, dealer, investment adviser, rating agency, or enterprise execution vehicle.

Where a committee charter conflicts with this Bylaw or a Board resolution of superior effect, the superior instrument shall control. The committee charter shall be corrected, narrowed, superseded, suspended, or withdrawn as appropriate.

Committee outputs shall be treated as advisory, recommendatory, delegated, or decision-making only to the extent the committee charter and Board record expressly provide. Ambiguity shall be resolved against implied authority and in favor of Board oversight, non-execution, and record-based validity.

13.7 Council Charters and Advisory Mandates.\
Council charters and advisory mandates shall be subordinate to mandatory applicable law, the constituting instrument, this Bylaw, Board resolutions, member resolutions where applicable, and committee charters where the council or advisory body is created under a committee structure. Council charters and advisory mandates may define advisory purpose, participation categories, composition, meeting discipline, output classes, confidentiality obligations, conflict controls, competition controls, public authority capacity rules, sponsor and provider non-control rules, safeguards obligations, public-safe publication rules, and records duties.

Leadership Councils, Helix Councils, public authority forums, scientific and technical advisory bodies, community and safeguards forums, working groups, expert panels, peer review panels, model review panels, Nexus Competence Cells, and other advisory or participation surfaces shall not acquire corporate authority by charter, practice, title, consensus, expertise, public prominence, technical centrality, public authority attendance, sponsor participation, provider participation, or Nexus alignment.

No council charter or advisory mandate shall create authority to bind the Corporation, amend this Bylaw, direct the Board, control officers, create member rights, confer recognition, determine maturity or standing, determine finance-readiness, certify, accredit, approve procurement, select providers, issue public warnings, exercise emergency command, make public authority decisions, approve public finance, or execute enterprise functions.

Where a council charter or advisory mandate conflicts with this Bylaw or a superior instrument, the superior instrument shall control and the council charter or advisory mandate shall be corrected, narrowed, suspended, superseded, withdrawn, or restated. Council outputs shall be non-binding unless adopted by competent authority through a valid record.

13.8 Policies, Protocols, Schedules, Annexes, Registers, Matrices, Standards Profiles, and Controlled Vocabularies.\
Policies, protocols, schedules, annexes, registers, matrices, standards profiles, controlled vocabularies, implementation schedules, authority matrices, delegation matrices, signature matrices, spending matrices, public-safe notice libraries, data classification schedules, AI-use schedules, cybersecurity schedules, safeguards schedules, public authority protocols, sponsorship policies, conflict policies, publication policies, controlled-room rules, repository policies, and similar instruments shall be subordinate to mandatory applicable law, the constituting instrument, this Bylaw, Board resolutions of superior effect, member resolutions where applicable, committee charters where applicable, and council charters where applicable.

Such instruments may implement, operationalize, classify, standardize, document, route, record, localize, or make usable the rules contained in this Bylaw. They shall not independently create constitutional authority, corporate powers, public authority status, finance-readiness authority, certification authority, procurement authority, recognition authority, emergency authority, public warning authority, protocol authority, provider preference, sponsor control, donor control, funder control, enterprise execution authority, or legal identity changes.

A controlled vocabulary may define terms for semantic precision, but it shall not silently change legal meaning. A standards profile may describe technical conformance, but it shall not create certification or legal compliance approval by default. A register may record status, but it shall not create authority beyond the underlying approving record. A protocol may govern workflow, but it shall not override the Bylaw. A schedule or annex may implement a rule, but it shall not become an independent constitution.

Where any such instrument conflicts with this Bylaw, the Bylaw shall control and the lower-order instrument shall be corrected, superseded, withdrawn, restricted, or marked as non-operative pending correction.

13.9 Operating Procedures, Manuals, Templates, Forms, Guidance, Playbooks, Training Materials, Public Summaries, and Technical Notes.\
Operating procedures, manuals, templates, forms, checklists, guidance, playbooks, training materials, onboarding materials, public summaries, public explainers, technical notes, public-safe summaries, GitBook pages, website pages, slide decks, public statements, AI-generated summaries, internal memos, meeting scripts, repository instructions, software documentation, dashboard notes, and similar materials shall be subordinate to all higher-order instruments.

Such materials may aid implementation, education, access, training, public legibility, translation, accessibility, technical operation, evidence collection, public-safe communication, and internal consistency. They shall not create, amend, waive, suspend, narrow, expand, override, or reinterpret this Bylaw or any superior instrument.

No operating procedure, manual, template, form, guidance, playbook, training material, public summary, or technical note shall be used to soften non-execution, imply public authority approval, imply public warning authority, imply emergency command authority, imply finance-readiness, imply insurance-readiness, imply certification, imply procurement approval, imply recognition, imply Nexus-compatible status without record, imply provider preference, imply sponsor control, imply tax status not supported by record, imply public authority endorsement, or obscure the separateness of GCRI US from GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus entities, consortiums, national companies, Project SPVs, qualified providers, sponsors, hosts, funders, public authorities, universities, laboratories, or enterprise actors.

Where such materials conflict with a higher-order instrument, the higher-order instrument shall control. The Corporation shall correct, withdraw, supersede, restrict, replace, or archive the lower-order material and issue public or controlled clarification where reliance risk exists.

13.10 No Lower-Order Instrument May Override Higher-Order Instrument.\
No lower-order instrument shall override a higher-order instrument. The hierarchy established in this Section shall apply regardless of authorship, publication channel, file format, repository location, public visibility, frequency of use, operational convenience, technical integration, sponsor reliance, provider reliance, public authority familiarity, funding condition, contractual reference, AI summarization, or historical practice.

No policy shall override this Bylaw. No protocol shall override a policy adopted under this Bylaw unless the policy expressly authorizes the protocol to control within a defined implementation scope. No schedule shall override the instrument it schedules. No annex shall override the body of the instrument to which it is attached unless the superior instrument expressly states that the annex controls within a specified scope. No register entry shall override the approving record. No controlled vocabulary shall override legal text. No standard profile shall override corporate governance. No operating manual shall override a Board resolution. No public summary shall override operative text.

Any lower-order instrument that purports to override a higher-order instrument shall be read down to the maximum lawful extent. If it cannot be read consistently, it shall be held, quarantined, corrected, superseded, withdrawn, or denied authoritative status.

The Corporation shall not permit hierarchy inversion through complexity, technical design, distributed records, cross-entity interoperability, public-facing publication, controlled-room practice, or third-party reliance.

13.11 No State, Territorial, Program, Funding, Sponsor, Provider, or Host Instrument May Override Core Governance Without Lawful Adoption.\
No state-specific instrument, territorial instrument, District of Columbia instrument, Tribal-interface instrument, local instrument, North America interface instrument, cross-border instrument, program charter, project plan, funding agreement, grant agreement, sponsorship agreement, donation agreement, restricted fund agreement, host agreement, provider agreement, vendor agreement, contractor agreement, university agreement, laboratory agreement, public authority protocol, data-sharing agreement, controlled-room agreement, clean-room agreement, public authority room agreement, technical contribution agreement, repository agreement, or Nexus interface agreement shall override this Bylaw or alter the Corporation’s core governance unless the competent authority lawfully adopts the change in accordance with mandatory applicable law, the constituting instrument, and this Bylaw.

A lower-order or external instrument may impose stricter controls, additional legal compliance obligations, additional confidentiality requirements, additional data / AI / cyber requirements, additional safeguards, additional public-safe publication controls, additional conflict controls, additional competition controls, or additional jurisdictional restrictions, provided that such requirements do not conflict with mandatory applicable law, the constituting instrument, or this Bylaw and do not alter the Corporation’s legal identity or prohibited-function boundaries.

No funder, sponsor, donor, provider, vendor, host, public authority, university, laboratory, investor, insurer, lender, national company, Project SPV, consortium, Nexus entity, or partner shall obtain governance control, research conclusion control, evidence outcome control, methods control, publication veto, public authority access right, finance-readiness outcome, recognition outcome, certification outcome, procurement advantage, provider preference, or enterprise execution authority through any instrument subordinate to this Bylaw.

Where an external instrument contains terms inconsistent with this Bylaw, the Corporation shall refuse, revise, narrow, segregate, suspend, terminate, or escalate the instrument, or seek lawful Board-approved amendment where appropriate and lawful.

13.12 Conflict Identification.\
A conflict exists where two or more instruments, records, outputs, statements, systems, or practices produce inconsistent requirements, inconsistent authority claims, inconsistent status claims, inconsistent public meaning, inconsistent version status, inconsistent effective dates, inconsistent publication status, inconsistent access rights, inconsistent controlled vocabulary, inconsistent role descriptions, inconsistent data handling rules, inconsistent public authority descriptions, inconsistent finance-boundary language, inconsistent certification or procurement implications, inconsistent sponsor or provider rights, or inconsistent Nexus role-separation consequences.

Conflicts may arise between law and governance documents; between the constituting instrument and the Bylaw; between the Bylaw and Board resolutions; between Board resolutions and policies; between policies and operating procedures; between controlled vocabularies and public summaries; between repository records and adopted text; between public materials and controlled records; between state localization and core governance; between funding agreements and public-benefit restrictions; between sponsor materials and sponsor non-control; between provider materials and provider neutrality; between public authority references and capacity records; between finance-adjacent materials and non-execution; between technical systems and legal authority; or between Nexus instruments and GCRI US governance.

Any director, officer, committee member, council participant, staff member, contractor, fellow, advisor, volunteer, contributor, participant, sponsor, provider, public authority participant, or affected stakeholder who identifies a material conflict shall report it through the applicable intake, escalation, compliance, records, or correction process.

The Corporation shall treat conflict identification as a governance safeguard and not as a defect to be concealed. Conflicts shall be recorded, classified, reviewed, and resolved through lawful hierarchy, correction, clarification, amendment, supersession, withdrawal, or restatement.

13.13 Conflict Escalation.\
A conflict involving mandatory applicable law, the constituting instrument, this Bylaw, Board authority, member rights, legal identity, tax status, nonprofit or non-distribution status, public-benefit purpose, mission lock, United States seat discipline, all-states-and-territories posture, North America anchor role, public authority boundary, finance boundary, certification boundary, procurement boundary, provider neutrality, sponsor non-control, data / AI / cyber controls, community safeguards, protected knowledge, controlled technology, sanctions, export controls, competition law, public-safe publication, or Nexus role separation shall be escalated promptly.

Escalation shall be made to the Secretary, the Chair, the relevant officer, the legal or compliance function where appointed, the responsible committee, or the Board, depending on the severity and subject matter of the conflict. Where the conflict involves potential legal non-compliance, regulated activity, public authority confusion, finance overclaim, certification overclaim, procurement implication, public warning implication, emergency command implication, data breach, AI incident, cyber incident, protected knowledge exposure, civil rights concern, sanctions issue, export-control issue, or competition issue, counsel or compliance review shall be obtained where appropriate.

Pending resolution, the Corporation may apply a hold, quarantine, access restriction, publication freeze, implementation freeze, technical isolation, controlled-room lockdown, public-safe correction, internal clarification, or external notice where necessary to prevent reliance, harm, role confusion, legal breach, public authority confusion, finance overclaim, certification overclaim, procurement overclaim, protected knowledge exposure, or unsafe public meaning.

No person shall resolve a material conflict informally where the conflict affects authority, legality, public meaning, public safety, public authority participation, finance-readiness, certification, procurement, data / AI / cyber controls, safeguards, or Nexus role separation.

13.14 Interim Control Rule.\
Pending final resolution of a conflict, the higher-order instrument shall control to the fullest extent identifiable. Where the higher-order instrument is uncertain, the Corporation shall apply the more restrictive, more protective, more legally conservative, more public-safe, more non-executing, more role-separated, more data-protective, more cyber-secure, more safeguards-protective, more competition-compliant, and more anti-capture interpretation.

Where a conflict may expose the Corporation to unlawful action, regulated-activity risk, public authority confusion, finance-boundary breach, certification-boundary breach, procurement-boundary breach, public warning confusion, emergency command implication, sponsor control, provider preference, private inurement, impermissible private benefit, data misuse, AI misuse, cyber risk, protected knowledge exposure, civil rights harm, sanctions risk, export-control risk, or competition risk, the Corporation shall suspend or narrow the affected activity until competent review is completed.

No interim control shall be used to expand authority, accelerate execution, issue public claims, confer status, certify, recognize, determine finance-readiness, approve procurement, imply public authority endorsement, release sensitive data, publish unsafe materials, or proceed with enterprise execution.

Interim control measures shall be recorded, time-bounded where appropriate, assigned to a responsible owner, reviewed promptly, and closed only after correction, clarification, amendment, supersession, withdrawal, restatement, or other lawful resolution.

13.15 More Protective Interpretation Pending Resolution.\
Where ambiguity exists among governing instruments, the Corporation shall apply the interpretation that best preserves public benefit, nonprofit character, non-distribution, tax-exempt-compatible purpose, legal separateness, United States seat discipline, all-states-and-territories compliance, North America anchor boundaries, GCRI / GRF / GRA role separation, public-good stack and enterprise stack separation, non-execution, public authority boundary discipline, finance-boundary discipline, certification-boundary discipline, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber integrity, research integrity, evidence integrity, community safeguards, protected knowledge discipline, public-safe publication, validity-by-record, and correctionability.

A more permissive interpretation may be adopted only by the Board or other competent authority, only where lawful, only where supported by appropriate legal, compliance, technical, safeguards, and records review, and only where the record shows that the interpretation does not create prohibited functions, private inurement, impermissible private benefit, public authority confusion, finance overclaim, certification overclaim, procurement overclaim, provider preference, sponsor control, or unsafe reliance.

The burden shall be on the proponent of a less restrictive interpretation to establish lawful authority, consistency with higher-order instruments, public-benefit alignment, non-execution, role separation, and sufficient records.

Silence shall not be interpreted as permission where the matter affects legal authority, public authority meaning, finance-readiness, certification, procurement, data rights, AI use, cybersecurity, protected knowledge, public-safe publication, sponsor benefit, provider status, or Nexus role separation.

13.16 Correction, Clarification, Amendment, Supersession, Withdrawal, or Restatement Path.\
Where a conflict, ambiguity, inconsistency, overclaim, outdated provision, defective reference, erroneous cross-reference, unauthorized instrument, inconsistent metadata, misleading public summary, unsafe public material, uncontrolled translation, inconsistent controlled vocabulary, state-localization issue, North America interface issue, or Nexus interface mismatch is identified, the Corporation shall resolve the matter through an appropriate recorded path.

The available paths may include correction, clarification, errata, legal interpretation, Board clarification, member approval where required, amendment, restatement, supersession, withdrawal, restriction, quarantine, public-safe notice, controlled notice, archival, reclassification, access restriction, termination of a conflicting agreement, renegotiation of an external instrument, revision of public materials, update of repository metadata, or issuance of a compatibility note or divergence log.

The chosen path shall correspond to the seriousness of the conflict. Editorial conflicts may be corrected through authorized clerical correction. Material conflicts shall require competent approval. Constitutional conflicts shall require the highest required approval under law and governing instruments. Public-facing overclaims shall require public-safe or controlled clarification where reliance risk exists. Data / AI / cyber, safeguards, public authority, finance, certification, procurement, competition, sanctions, export-control, or protected knowledge conflicts shall require specialized review where appropriate.

Resolution shall preserve historical traceability. The Corporation shall not conceal, erase, silently overwrite, backdate, or obscure conflicts where such concealment would impair auditability, legal compliance, public trust, reliance protection, correctionability, or institutional memory.

13.17 Precedence Records.\
The Corporation shall maintain records sufficient to demonstrate the applicable hierarchy, conflict analysis, interim control, interpretation, correction, amendment, supersession, withdrawal, restatement, or resolution of each material precedence issue.

Such records shall include, as applicable:

a) the governing law or legal requirement identified;

b) the constituting instrument provision implicated;

c) the Bylaw provision implicated;

d) Board resolutions of constitutional or structural effect;

e) member resolutions where applicable;

f) committee charters and terms of reference;

g) council charters and advisory mandates;

h) policies, protocols, schedules, annexes, registers, matrices, standards profiles, controlled vocabularies, and implementation instruments;

i) operating procedures, manuals, templates, forms, guidance, playbooks, training materials, public summaries, technical notes, public materials, repository pages, GitBook pages, website text, AI summaries, slide decks, proposals, and derivative communications implicated;

j) state, District of Columbia, territorial, Tribal-interface, local, public authority-specific, North America, or cross-border localization records;

k) funding, sponsorship, grant, donation, host, provider, vendor, university, laboratory, public authority, data-sharing, controlled-room, technical contribution, or Nexus interface instruments implicated;

l) conflict identification records;

m) escalation records;

n) legal, compliance, tax, public authority, finance-boundary, certification-boundary, procurement-boundary, data / AI / cyber, safeguards, competition, sanctions, export-control, controlled-technology, and protected knowledge review records where applicable;

o) interim hold, quarantine, access restriction, publication freeze, implementation freeze, technical isolation, controlled-room lockdown, or other interim control records;

p) correction, clarification, amendment, supersession, withdrawal, restatement, public-safe notice, controlled notice, archive, compatibility note, and divergence log records; and

q) responsible owner, custodian, authority, effective date, review date, closure date, retention class, access class, and repository metadata.

The governing rule of this Section is that the Corporation shall be governed by hierarchy, not convenience; by lawful authority, not implication; by adopted text, not summaries; by records, not memory; and by correctionable precedence discipline, not operational drift. Mandatory applicable law shall control first; the constituting instrument shall control next; this Bylaw shall control the Corporation’s internal governance thereafter; and every lower-order instrument shall remain subordinate, implementing, reviewable, and correctable. No state localization, territorial practice, Tribal-interface protocol, North America interface, sponsor agreement, provider agreement, public authority protocol, funding condition, technical system, proof receipt, ledger entry, controlled vocabulary, public summary, or Nexus reference shall override the Corporation’s core governance except through lawful adoption and competent record.

## Section 14. Relationship to Charter, Nexus Instruments, Policies, Annexes, and Schedules

14.1 Relationship to GCRI Charter.\
The GCRI Charter, where adopted by competent authority, shall serve as a mission, institutional identity, public-good architecture, role-definition, interoperability, and constitutional-reference instrument for The Global Centre for Risk and Innovation function and for the Corporation’s participation in that function. The Charter may articulate the shared evidence, methods, observability, ontology, technical truth, public-good research and development, public-good software, open technical baseline, verifiable compute, public authority learning, community safeguards, and Nexus alignment purposes of the GCRI institutional family.

For the Corporation, the GCRI Charter shall be read as a mission-alignment and interpretive instrument only to the extent it is consistent with mandatory applicable law, the Certificate or Articles of Incorporation, this Bylaw, United States nonprofit law, federal tax law where applicable, state corporate-law requirements, state and territorial compliance obligations, and the Corporation’s adopted governance records.

The GCRI Charter shall not override the Corporation’s internal corporate governance unless adopted into the Corporation’s governing instruments through lawful action. No provision of the GCRI Charter shall be interpreted to create agency, partnership, merger, branch status, parent-subsidiary status, alter ego status, single employer status, joint employer status, shared treasury, shared liability, mutual authority, public authority status, finance-readiness authority, recognition authority, certification authority, procurement authority, emergency command authority, or enterprise execution authority for the Corporation.

Where the GCRI Charter supports this Bylaw, the Charter may be used to clarify purpose, mission, interoperability, and public-good orientation. Where the GCRI Charter conflicts with this Bylaw or with mandatory applicable law, this Bylaw and the superior law shall control for the Corporation.

14.2 Relationship to Nexus Constitutional Framework.\
The Nexus Constitutional Framework may be recognized by the Corporation as a public-good constitutional architecture describing the higher-order principles of Nexus Network, Nexus Universe, Nexus Observatory, Nexus Standards, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, global-to-local governance, public-good stack discipline, role separation, non-execution, validity-by-record, correctionability, public-safe publication, and separation between public-good stewardship and enterprise execution.

For the Corporation, the Nexus Constitutional Framework shall operate as an alignment, interoperability, and interpretive reference only where consistent with United States law, the Corporation’s legal seat, the Certificate or Articles of Incorporation, this Bylaw, Board-approved Nexus interface records, and any required legal, tax, public authority, data / AI / cyber, safeguards, or regulated-perimeter review.

The Nexus Constitutional Framework shall not, by reference, make the Corporation the owner, controller, regulator, operator, financier, certification body, procurement body, recognition body, emergency authority, public warning body, protocol monopoly, or enterprise execution vehicle for the entire Nexus system. The Corporation’s role shall remain bounded to evidence, methods, observability, ontology, technical truth, public-good research and development, public-good software, open technical baselines, verifiable compute methods, public authority learning, public-safe publication support, and safeguards-compatible technical stewardship.

No Nexus Constitutional Framework provision shall displace the Corporation’s United States corporate-law requirements, Board authority, member approval requirements where applicable, tax-exempt-compatible limitations, non-execution boundary, public authority boundary, finance boundary, certification boundary, procurement neutrality, provider neutrality, sponsor non-control, or legal separateness from GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus entities, consortiums, national companies, Project SPVs, qualified providers, sponsors, hosts, public authorities, universities, laboratories, or enterprise actors.

14.3 Relationship to Public-Good Stack Framework Charter.\
The Public-Good Stack Framework Charter may be used by the Corporation as a reference for distinguishing public-good stewardship functions from enterprise delivery, finance execution, procurement execution, commercial deployment, provider operations, asset ownership, Project SPV activity, national company activity, and regulated execution.

The Public-Good Stack Framework Charter shall support the Corporation’s role as a non-executing public-good technical institution. It may inform the Corporation’s treatment of evidence systems, methods, observability environments, technical baselines, public-good software, controlled vocabularies, public-safe claims, Nexus-compatible references, public authority learning, standards support, Docket and Grid inputs, and correction pathways.

The Public-Good Stack Framework Charter shall not authorize the Corporation to cross into the enterprise stack. The Corporation shall not become a provider, operator, integrator, asset owner, national company, Project SPV, fund, broker, dealer, investment adviser, lender, insurer, rating agency, underwriter, public finance approver, procurement approver, certification body, accreditation body, emergency command body, or public authority by relying on public-good stack alignment.

Where public-good stack language could be misread to imply control, execution, recognition, finance-readiness, certification, procurement approval, public authority adoption, or provider preference, the Corporation shall apply the narrower and more protective interpretation and shall correct the relevant instrument, public statement, metadata, dashboard, controlled-room material, or publication.

14.4 Relationship to Non-Execution Doctrine.\
The Non-Execution Doctrine shall be treated as a foundational doctrine for interpreting the Corporation’s mission, powers, programs, public materials, technical assets, public authority interfaces, controlled rooms, public-good software, technical baselines, evidence products, methods outputs, observability outputs, Truth Engine methods, verifiable compute outputs, and Nexus-compatible activity.

The Corporation shall apply the Non-Execution Doctrine to ensure that research, evidence, methods, observability, ontology, technical truth, technical baselines, public-good software, public authority learning, standards support, Docket inputs, Grid inputs, proof receipts, dashboards, data rooms, controlled rooms, maps, simulations, table-top exercises, public-safe reports, and technical outputs do not become execution instructions, public authority decisions, public warnings, emergency commands, procurement recommendations, certification decisions, recognition decisions, finance-readiness determinations, ratings, investment advice, lending decisions, insurance decisions, public finance approvals, or enterprise delivery decisions.

The Non-Execution Doctrine shall reinforce, and not reduce, the prohibitions contained in this Bylaw. No officer, committee, council, working group, sponsor, donor, provider, public authority participant, technical maintainer, fellow, advisor, or Nexus interface actor shall interpret the Doctrine as permitting informal execution, backdoor control, implied authority, regulated intermediation, public authority substitution, or operational command.

Where any Corporation activity approaches the execution perimeter, the matter shall be stopped, held, quarantined, re-scoped, externalized, referred to a properly authorized actor, reviewed by counsel or compliance where appropriate, and recorded.

14.5 Relationship to Validity-by-Record Doctrine.\
The Validity-by-Record Doctrine shall be treated as a foundational doctrine for the Corporation’s governance, evidence architecture, technical outputs, repository discipline, public-safe publication, public authority interfaces, Nexus interfaces, and public-good stack participation.

The Corporation shall apply the Validity-by-Record Doctrine so that no governance act, evidence claim, technical finding, public-safe statement, authority claim, status claim, capacity classification, public authority participation record, finance-boundary statement, certification-boundary statement, procurement-boundary statement, Nexus-compatible reference, proof receipt, controlled vocabulary entry, repository entry, dashboard output, AI output, ledger reference, or public communication is treated as valid unless supported by an identifiable competent record.

Validity shall arise from lawful authority, adopted text, approved records, version discipline, repository integrity, certification where required, effective-date control, access classification, public-safe limitation, and correction pathway. Validity shall not arise from memory, reputation, seniority, technical centrality, public visibility, sponsor support, provider contribution, public authority attendance, funding need, repeated practice, AI generation, GitBook publication, website posting, slide materials, or uncontrolled copies.

The Doctrine shall not replace statutory requirements, Board approvals, member approvals where required, officer authority, legal filings, tax records, public authority records, contract execution requirements, data protection requirements, or any other mandatory record required by law or this Bylaw. It shall strengthen those requirements by ensuring that the Corporation is governed by records, not assumptions.

14.6 Relationship to Correctionability Doctrine.\
The Correctionability Doctrine shall be treated as a foundational doctrine for the Corporation’s governance, technical systems, public-safe reporting, evidence products, methods, observability outputs, public-good software, datasets, dashboards, maps, public authority learning materials, controlled rooms, Nexus interfaces, and public communications.

The Corporation shall maintain correction pathways for error, ambiguity, overclaim, outdated information, unsupported claim, public authority confusion, finance-overclaim, certification-overclaim, procurement-overclaim, recognition-overclaim, provider-preference implication, sponsor-control implication, data error, AI error, cyber incident, protected knowledge exposure, safeguards concern, research integrity concern, conflict concern, competition concern, or version-control defect.

Correction may include clarification, errata, amendment, restatement, supersession, withdrawal, takedown, public-safe notice, controlled notice, repository correction, metadata correction, access restriction, archive marking, reclassification, retraction, public statement correction, participant notice, public authority notice, or Board action.

Correctionability shall not be treated as permission to publish carelessly, act without authority, rely on unsupported outputs, or cure prohibited functions after the fact. The Corporation shall design systems, records, publications, dashboards, controlled rooms, and technical artifacts so that correction can occur quickly, visibly where appropriate, lawfully, safely, and without destroying historical traceability.

14.7 Relationship to One Rail / Two Stacks Doctrine.\
The One Rail / Two Stacks Doctrine shall be used by the Corporation to preserve the common Nexus rail while maintaining strict separation between the public-good stack and the enterprise stack. The Corporation may participate in the common rail through evidence, methods, observability, ontology, public-good software, technical baselines, public authority learning, controlled vocabulary, technical memory, and correction signals.

The Corporation shall remain within the public-good stack. It may support enterprise-stack readability, interoperability, evidence sufficiency, public-safe technical baselines, and non-executing technical inputs, but it shall not itself become an enterprise-stack actor by owning projects, operating infrastructure, selecting vendors for public authorities, forming Project SPVs as execution vehicles, acting as a national company, providing regulated finance, controlling deployment, selling certification, granting procurement approval, or determining finance-readiness.

The common rail shall not collapse role separation. GCRI US, GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards, Nexus Network, consortiums, national companies, Project SPVs, qualified providers, public authorities, sponsors, hosts, universities, laboratories, and enterprise actors shall retain their respective functions, boundaries, records, and liabilities.

Where one-rail interoperability creates confusion about which actor has authority, the Corporation shall apply controlled vocabulary, capacity classification, compatibility notes, divergence logs, public-safe disclaimers, and record-based routing to preserve separateness and prevent implied authority.

14.8 Relationship to Verifiable Compute and Verifiable Intelligence Doctrine.\
The Verifiable Compute and Verifiable Intelligence Doctrine shall guide the Corporation’s treatment of model registers, inference records, compute workload records, secure enclaves, confidential computing, sovereign compute, AI evaluation, proof receipts, dataset cards, model cards, system cards, benchmark records, evaluation harnesses, and human review for material outputs.

The Corporation may develop, steward, test, publish, or support methods for verifiable compute and verifiable intelligence where consistent with law, public-benefit purpose, privacy, data protection, cybersecurity, AI governance, research integrity, public authority boundaries, export controls, sanctions, controlled technology restrictions, protected knowledge safeguards, and non-execution.

No compute record, AI output, model output, agentic workflow, proof receipt, inference log, dashboard, digital twin, AI-RAN signal, DePIN record, blockchain entry, ledger reference, sensor signal, benchmark result, evaluation score, or verifiable intelligence artifact shall constitute final authority, public warning, public authority decision, recognition, finance-readiness determination, certification, procurement approval, rating, investment advice, insurance decision, lending decision, public finance approval, or legal compliance determination unless a separately competent authority lawfully records that exact status outside the Corporation’s prohibited functions.

Material outputs shall be subject to human review, classification, limitation language, repository discipline, public-safe review, correction pathways, and escalation where legal, public authority, finance, certification, procurement, safeguards, or data / AI / cyber risk exists.

14.9 Relationship to Nexus Observatory Protocol.\
The Nexus Observatory Protocol may be used by the Corporation as a technical, methodological, observability, evidence-routing, node, hub, cluster, hotspot, signal, telemetry, degraded-mode, resilience-indicator, public-safe publication, and correction framework for Nexus-compatible observability environments.

The Corporation may support the Nexus Observatory Protocol through evidence methods, observability methods, ontology, schema design, data-quality rules, source-lineage methods, sensor-fusion methods, AI-RAN and O-RAN signal interpretation methods, DePIN and DLT validation methods, digital twin assumption review, geospatial evidence methods, cyber evidence methods, public-safe reporting methods, and technical baseline support.

The Nexus Observatory Protocol shall not create public warning authority, emergency command authority, operational control, public authority delegation, regulatory authority, procurement authority, certification authority, recognition authority, finance-readiness authority, provider selection authority, or enterprise execution authority for the Corporation. Observatory outputs shall remain evidence, methods, learning, technical, public-safe, or research artifacts unless and until a competent external authority acts within its own lawful authority.

Where Nexus Observatory materials, dashboards, maps, alerts, indicators, proof receipts, signal feeds, or public-safe reports may be misread as official warnings or public authority instructions, the Corporation shall apply limitation language, access controls, capacity classification, publication review, correction pathways, and escalation.

14.10 Relationship to Nexus Standards, Nexus Risk Management, Nexus Rails, Nexus Universe, Nexus Grid, Nexus Academy, Nexus Competence Cells, and Consortium Instruments.\
The Corporation may interface with Nexus Standards, Nexus Risk Management, Nexus Rails, Nexus Universe, Nexus Grid, Nexus Academy, Nexus Competence Cells, Global Nexus Consortium, Regional Nexus Consortiums, National Nexus Consortiums, National Working Groups, National Consortium Companies, Project SPVs, and other Nexus instruments only within the Corporation’s lawful public-good technical role.

The Corporation may provide evidence inputs, methods support, ontology support, public-good software support, open technical baseline support, observability methods, public authority learning content, technical literacy, academy content, competence-cell materials, public-safe publication methods, and correction signals to such instruments and entities. Such support shall not transfer corporate authority, create agency, merge legal identity, create shared treasury, create shared liability, confer recognition, determine finance-readiness, certify conformance, approve procurement, select providers, control enterprise delivery, or create public authority status.

Nexus Standards may define technical requirements, conformance profiles, interoperability profiles, or protocol-facing expectations where separately and lawfully authorized, but GCRI US shall not be deemed a standards authority or certification body merely because it contributes technical evidence, methods, schemas, public-good software, or reference implementations.

Nexus Universe, Nexus Grid, Nexus Academy, Nexus Competence Cells, and consortium instruments may incorporate GCRI US materials only subject to attribution, limitation language, role separation, public-safe claims discipline, controlled vocabulary, data / AI / cyber controls, safeguards, correctionability, and repository versioning.

14.11 Bylaw Primacy for GCRI US Internal Corporate Governance.\
This Bylaw shall have primacy for the internal corporate governance of the Corporation, subject only to mandatory applicable law and the Certificate or Articles of Incorporation. No GCRI Charter, Nexus Constitutional Framework, Public-Good Stack Framework Charter, doctrine, protocol, standard, registry, proof receipt, ledger entry, role key, smart license, standards profile, consortium charter, national company charter, Project SPV instrument, academy instrument, observatory instrument, risk management instrument, rails instrument, grid instrument, or external policy shall override the Corporation’s internal governance unless lawfully adopted into the Corporation’s governing instruments by competent authority.

Bylaw primacy includes authority over directors, officers, committees, councils, members where applicable, participants, supporters, sponsors, donors, funders, providers, hosts, contractors, employees, volunteers, fellows, advisors, contributors, technical maintainers, repositories, public materials, controlled rooms, public authority interfaces, state and territorial localizations, North America interfaces, and Nexus participation conducted by or through the Corporation.

Any external instrument that conflicts with this Bylaw shall be read as subordinate, non-operative to the extent of conflict, or inapplicable to the Corporation unless and until the Board or other competent authority lawfully adopts a conforming change. Where required, the Corporation shall issue compatibility notes, divergence logs, controlled notices, public-safe clarifications, or withdrawal records.

The Corporation shall not permit internal governance to be displaced by system architecture, public narrative, technical dependence, sponsor expectation, provider integration, public authority familiarity, or cross-entity practice.

14.12 Nexus Instruments as Mission-Alignment and Interoperability Instruments Where Consistent With Law.\
Nexus instruments may be used by the Corporation as mission-alignment, interoperability, evidence-routing, method-alignment, ontology-alignment, public-good software, technical baseline, public-safe publication, learning, compatibility, and correction instruments where they are consistent with mandatory applicable law, the Certificate or Articles of Incorporation, this Bylaw, Board-approved policy, public authority boundary rules, finance-boundary rules, certification-boundary rules, procurement neutrality, data / AI / cyber controls, safeguards, and public-benefit purpose.

Such instruments may help ensure that the Corporation’s work is readable across Nexus Network, Nexus Observatory, Nexus Standards, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, GCRI Canada, GRF, GRA, consortiums, national companies, Project SPVs, qualified providers, public authorities, universities, laboratories, sponsors, hosts, and enterprise actors. Readability shall not mean authority. Interoperability shall not mean control. Compatibility shall not mean certification. Evidence support shall not mean recognition. Technical baseline support shall not mean procurement approval. Public authority learning shall not mean public authority action. Finance-adjacent input shall not mean finance-readiness determination.

Where Nexus instruments contain more protective requirements than this Bylaw and do not conflict with law or the Bylaw, the Corporation may adopt or apply those requirements through recorded policy, protocol, schedule, annex, or Board action. Where Nexus instruments are less protective, ambiguous, or inconsistent, this Bylaw shall control.

14.13 No External Nexus Instrument May Override United States Corporate Governance Except Through Lawful Adoption.\
No external Nexus instrument shall override United States corporate governance for the Corporation except through lawful adoption by the competent authority of the Corporation and only to the extent permitted by mandatory applicable law, the Certificate or Articles of Incorporation, and this Bylaw.

External Nexus instruments include charters, doctrines, standards, protocols, playbooks, technical profiles, proof-receipt rules, role-key rules, smart-license rules, registry rules, grid rules, docket rules, consortium instruments, national company instruments, Project SPV instruments, provider terms, sponsor terms, public authority interface materials, data-room rules, controlled-room rules, academy materials, observatory materials, risk management materials, rails materials, universe materials, and any other instrument not adopted as a governing instrument of the Corporation.

No external Nexus instrument shall appoint directors, remove directors, appoint officers, create officer authority, bind the Board, bind members where applicable, amend this Bylaw, change legal name, alter tax status, alter registered office, alter legal seat, create liabilities, transfer assets, create agency, create shared treasury, create shared liability, alter dissolution rules, create public authority status, create finance-readiness authority, create certification authority, create procurement authority, create recognition authority, or authorize enterprise execution.

Any attempted override shall be ineffective for the Corporation unless supported by lawful adoption and competent record. The Corporation shall correct public descriptions, repository references, and interface materials that imply otherwise.

14.14 Annexes and Schedules as Implementing Instruments Only.\
Annexes and schedules to this Bylaw, policies, protocols, charters, committee instruments, council instruments, participation terms, localization instruments, controlled vocabulary instruments, public-safe notice libraries, data classification instruments, AI-use instruments, cybersecurity instruments, safeguards instruments, public authority protocols, technical profiles, and Nexus interface instruments shall be implementing instruments only unless the superior instrument expressly and lawfully provides otherwise.

An annex or schedule may clarify procedures, list definitions, set forms, establish registers, specify classifications, identify review cycles, describe state or territorial localization, define controlled vocabulary, describe access controls, list public-safe notices, document compatibility, record divergence, or provide technical implementation details. It shall not independently create constitutional authority, corporate powers, Board authority, member rights, officer authority, public authority status, finance-readiness authority, certification authority, procurement authority, recognition authority, provider preference, sponsor control, or enterprise execution authority.

Where an annex or schedule appears to conflict with the body of this Bylaw, the body of this Bylaw shall control unless the Bylaw expressly states that a particular annex or schedule controls for a specific matter and such allocation is lawful. Ambiguity shall be resolved against independent authority.

Annexes and schedules shall be versioned, repository-controlled, classified, reviewed, superseded, withdrawn, archived, and corrected under the same validity-by-record and correctionability discipline that applies to other governance instruments.

14.15 No Independent Constitutional Authority by Annex.\
No annex, schedule, exhibit, appendix, table, matrix, register, checklist, form, protocol note, technical note, public-safe explainer, controlled vocabulary entry, standards profile, implementation profile, localization profile, dashboard legend, data-room instruction, controlled-room instruction, proof-receipt template, role-key template, smart-license template, software documentation, GitBook page, website page, or AI-generated summary shall have independent constitutional authority.

Constitutional authority for the Corporation shall arise only from mandatory applicable law, the Certificate or Articles of Incorporation, this Bylaw, and competent resolutions or approvals adopted under the hierarchy established by this Bylaw. Lower-order instruments may implement constitutional authority; they shall not generate it.

No annex shall be used to accomplish indirectly what requires amendment of the Bylaw, amendment of the constituting instrument, Board approval, member approval where required, legal filing, tax filing, public authority action, or separate contractual authorization.

Any annex or schedule that purports to change legal identity, corporate form, mission lock, nonprofit status, tax status, non-distribution, Board authority, member rights, officer authority, non-execution, role separation, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber controls, safeguards, dissolution, or asset dedication shall be treated as ineffective unless adopted through the required higher-order process.

14.16 No External Protocol, Ledger, Proof Receipt, Role Key, Smart License, Standards Profile, or Registry Entry May Override the Bylaw.\
No external protocol, ledger, proof receipt, role key, smart license, standards profile, registry entry, technical conformance record, blockchain entry, DLT entry, DePIN signal, AI-RAN signal, O-RAN signal, sensor signal, digital twin output, dashboard status, automated score, API response, model output, inference record, compute workload record, badge, credential, public-good software release, repository permission, or metadata field shall override this Bylaw.

Such artifacts may support technical verification, traceability, routing, interoperability, evidence lineage, public-safe publication, access control, technical conformance, or correction. They shall not constitute Board approval, member approval, officer delegation, corporate authority, legal adoption, public authority approval, public warning, emergency command, recognition, maturity determination, standing, finance-readiness determination, insurance-readiness determination, bankability determination, certification, accreditation, procurement approval, public finance approval, provider preference, sponsor control, or enterprise execution.

Where an external artifact conflicts with the Bylaw, the Bylaw shall control. The artifact shall be corrected, superseded, restricted, withdrawn, relabeled, archived, or accompanied by a limitation or divergence note as needed.

The Corporation shall design technical systems so that legal authority remains record-based and human-governed where required. Code shall not become constitutional authority. Ledger state shall not become corporate law. Proof receipts shall not become governance approval. Standards profiles shall not become certification by default. Registry entries shall not become recognition by GCRI US unless separately and lawfully authorized, and even then only within the Corporation’s lawful role.

14.17 Nexus Relationship Records.\
The Corporation shall maintain records sufficient to demonstrate the relationship between this Bylaw, the GCRI Charter, Nexus Constitutional Framework, Public-Good Stack Framework Charter, Non-Execution Doctrine, Validity-by-Record Doctrine, Correctionability Doctrine, One Rail / Two Stacks Doctrine, Verifiable Compute and Verifiable Intelligence Doctrine, Nexus Observatory Protocol, Nexus Standards, Nexus Risk Management, Nexus Rails, Nexus Universe, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortium instruments, national company instruments, Project SPV instruments, policies, annexes, schedules, protocols, registers, matrices, standards profiles, controlled vocabularies, technical artifacts, public-safe materials, and interface agreements.

Such records shall include, as applicable:

a) adoption records identifying which instruments have been adopted by the Corporation and for what purpose;

b) non-adoption records identifying external instruments used only for alignment, interoperability, reference, learning, or compatibility;

c) Board resolutions approving Nexus interface arrangements;

d) legal, tax, nonprofit, state, territorial, Tribal-interface, public authority, cross-border, data / AI / cyber, safeguards, sanctions, export-control, competition, finance-boundary, certification-boundary, procurement-boundary, and regulated-perimeter review records;

e) compatibility notes;

f) divergence logs;

g) role-separation records among GCRI US, GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards, Nexus Network, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, national companies, Project SPVs, qualified providers, sponsors, hosts, public authorities, universities, laboratories, and enterprise actors;

h) public-good stack and enterprise stack separation records;

i) public authority capacity classification records;

j) finance-boundary, certification-boundary, procurement-boundary, recognition-boundary, and provider-neutrality records;

k) public-safe claims, controlled vocabulary, and publication review records;

l) repository records, version records, supersession records, withdrawal records, archive records, and correction records;

m) external protocol, ledger, proof receipt, role key, smart license, standards profile, registry entry, dashboard, API, model output, compute record, and technical artifact limitation records;

n) records of any attempted override, overclaim, conflict, ambiguity, mismatch, reliance risk, or role confusion;

o) correction, clarification, takedown, public-safe notice, controlled notice, amendment, restatement, supersession, withdrawal, or reclassification records; and

p) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

The governing rule of this Section is that Nexus alignment shall strengthen the Corporation’s mission without displacing its law. The Corporation may interoperate with the GCRI Charter, Nexus Constitutional Framework, public-good stack instruments, doctrines, protocols, standards, observability systems, competence systems, consortium instruments, and technical artifacts only through lawful, recorded, role-separated, non-executing, correctionable, public-safe, and United States-governed participation. This Bylaw remains the controlling internal governance instrument of the Corporation, and no external Nexus instrument, annex, schedule, protocol, proof receipt, ledger entry, role key, smart license, standards profile, registry entry, technical artifact, public summary, or interoperability practice shall override it except through lawful adoption and competent record.

## Section 15. Definitions Schedule, Controlled Vocabulary, Semantic Governance, and No-Silent-Meaning-Shift Rule

15.1 Definitions Schedule.\
The Corporation shall maintain a Definitions Schedule for this Bylaw and for each policy, protocol, schedule, annex, register, matrix, public-safe notice, technical profile, public authority interface instrument, participation instrument, controlled-room instrument, repository instrument, public-good software instrument, technical baseline, publication, and Nexus interface instrument where defined terms are necessary for legal, governance, evidentiary, technical, public-facing, tax, public authority, finance-boundary, procurement-boundary, certification-boundary, safeguards, data / AI / cyber, or Nexus-interoperability purposes.

The Definitions Schedule shall function as an implementing semantic-control instrument subordinate to mandatory applicable law, the Certificate or Articles of Incorporation, and this Bylaw. It may clarify, operationalize, standardize, localize, or cross-reference terms used by the Corporation, but it shall not independently amend this Bylaw, create new corporate powers, alter Board authority, alter member rights where applicable, expand officer authority, create public authority status, create finance-readiness authority, create recognition authority, create certification authority, create procurement authority, confer provider preference, permit sponsor control, or authorize enterprise execution.

The Definitions Schedule may include general definitions, Article-specific definitions, program-specific definitions, technical definitions, public-safe definitions, controlled-room definitions, public authority capacity definitions, finance-boundary definitions, certification-boundary definitions, procurement-boundary definitions, data / AI / cyber definitions, safeguards definitions, state and territorial localization definitions, Tribal and Indigenous interface definitions, North America interface definitions, and Nexus interoperability definitions.

Where a defined term appears in both this Bylaw and the Definitions Schedule, this Bylaw shall control unless this Bylaw expressly incorporates the Definitions Schedule for that term and such incorporation is lawful. Where a definition in a lower-order instrument conflicts with this Bylaw, the lower-order definition shall be read down, corrected, restricted, superseded, withdrawn, or denied authoritative status.

15.2 Controlled Vocabulary.\
The Corporation shall maintain a controlled vocabulary for terms that carry institutional, public-facing, technical, evidentiary, public authority, finance-boundary, certification-boundary, procurement-boundary, recognition-boundary, tax, safeguards, data / AI / cyber, or Nexus consequence.

The controlled vocabulary shall preserve semantic discipline across minutes, resolutions, contracts, registers, notices, public materials, reports, whitepapers, dashboards, metadata, repositories, datasets, model cards, system cards, dataset cards, proof receipts, public-good software releases, technical baselines, public authority materials, sponsor materials, provider materials, grant materials, academy materials, controlled-room materials, and Nexus interface materials.

The controlled vocabulary shall distinguish terms that are descriptive from terms that are operative; terms that are public-safe from terms that are controlled; terms that are evidentiary from terms that are determinative; terms that indicate contribution from terms that imply approval; terms that indicate technical support from terms that imply certification; terms that indicate readiness inputs from terms that imply finance-readiness determinations; terms that indicate public authority learning from terms that imply public authority action; and terms that indicate Nexus compatibility from terms that imply recognition, procurement approval, or mandatory adoption.

No person shall use uncontrolled terminology to create authority, status, recognition, maturity, standing, certification, conformance, procurement approval, finance-readiness, insurance-readiness, bankability, public finance approval, public authority approval, public warning, emergency command, provider preference, sponsor control, or enterprise execution meaning that is not supported by an authorized record.

15.3 Semantic Governance Authority.\
Semantic governance authority shall be exercised by the Board, the Secretary, the officer or committee responsible for governance records, the evidence and methods function, the data / AI / cyber function, the public authority learning function, the safeguards function, the legal / compliance / risk function where appointed, or another responsible body or officer designated by Board resolution, policy, delegation matrix, or repository rule.

Semantic governance authority includes authority to propose, review, approve, classify, version, publish, restrict, correct, supersede, withdraw, archive, or localize controlled terms, definitions, status words, public-safe phrases, limitation language, disclaimers, metadata labels, public authority capacity labels, evidence labels, confidence labels, readiness-input labels, certification-boundary labels, procurement-boundary labels, safeguards labels, technical conformance labels, and Nexus interoperability labels.

Semantic governance authority shall not include authority to change legal meaning where amendment of this Bylaw, amendment of the constituting instrument, Board approval, member approval where required, legal filing, tax filing, public authority action, or separate contractual authority is required.

Any semantic governance act that materially affects legal identity, public-benefit purpose, nonprofit character, tax status, mission lock, non-execution, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber controls, safeguards, role separation, or Nexus interface meaning shall be escalated for legal, Board, or competent review.

15.4 Terms With Legal, Governance, Evidentiary, Technical, Public-Facing, Tax, Public Authority, Finance, Procurement, Certification, or Nexus Consequence.\
Terms with consequence shall be subject to heightened control. Such terms include any term that could reasonably affect legal status, corporate authority, Board authority, member authority, officer authority, participant rights, public authority meaning, public reliance, tax status, nonprofit status, evidence status, technical status, public-good status, public-safe status, finance-boundary meaning, procurement-boundary meaning, certification-boundary meaning, recognition meaning, maturity meaning, Docket meaning, Grid meaning, Nexus-compatible meaning, data rights, AI-use rights, cybersecurity status, safeguards status, protected knowledge status, or cross-border meaning.

Heightened-control terms shall include, without limitation, “official,” “approved,” “adopted,” “authorized,” “verified,” “validated,” “certified,” “recognized,” “accredited,” “conformant,” “Nexus-compatible,” “finance-ready,” “insurance-ready,” “bankable,” “investable,” “capital-readable,” “maturity,” “standing,” “Docket,” “Grid,” “proof receipt,” “public authority,” “public warning,” “emergency,” “standard,” “protocol,” “baseline,” “public-good,” “open,” “trusted,” “safe,” “sovereign,” “national,” “North America anchor,” “state interface,” “territorial interface,” “Tribal interface,” “official capacity,” “observer,” “regulator-listening,” “public finance reader,” and “public-safe.”

A term with consequence shall not be introduced, modified, localized, translated, summarized, automated, placed in metadata, embedded in a dashboard, used in a public claim, used in a funding document, used in a public authority setting, used in a sponsor or provider context, or mapped into a Nexus instrument without proper semantic review where material.

The Corporation shall treat semantic precision as a governance safeguard. A wrongly used word may create reliance, authority confusion, regulatory risk, public authority confusion, finance overclaim, certification overclaim, procurement implication, provider preference, sponsor benefit, protected knowledge exposure, or public trust harm. Accordingly, controlled terms shall be governed as institutional controls, not merely as style preferences.

15.5 Mandatory Use in Minutes, Resolutions, Registers, Notices, Publications, Evidence Artifacts, Governance Products, Dashboards, Metadata, Program Materials, Technical Systems, Public Materials, Funding Materials, and Public Authority Materials.\
Controlled vocabulary shall be used in Board minutes, committee minutes, council records, written consents, resolutions, delegation records, authority matrices, Board papers, officer reports, registers, notices, Gazette entries, adoption records, amendment records, supersession records, withdrawal records, archival records, localization records, public authority capacity records, conflict records, correction records, and other governance products.

Controlled vocabulary shall also be used in evidence artifacts, evidence packs, methods records, observability outputs, technical truth records, datasets, dashboards, maps, indexes, signal feeds, model cards, system cards, dataset cards, inference records, compute workload records, proof receipts, public-good software releases, technical baselines, APIs, schemas, data dictionaries, test harnesses, benchmark records, repository metadata, release notes, public-safe reports, whitepapers, academy materials, training materials, program materials, sponsorship materials, grant materials, public authority materials, and Nexus interface materials.

Where mandatory controlled vocabulary is unavailable, ambiguous, outdated, or incomplete, the responsible owner shall escalate for semantic review before issuing a material record or public-facing output. Pending review, the Corporation shall use narrower, descriptive, non-operative, non-authority-conferring language.

No uncontrolled synonym, marketing phrase, public relations phrase, funder phrase, provider phrase, sponsor phrase, technical shorthand, AI-generated wording, translation, localization term, dashboard label, or public authority phrase shall be used where it changes or may reasonably be perceived to change the controlled meaning.

15.6 Controlled Terms for Evidence, Verified, Validated, Public-Safe, Recognized, Nexus-Compatible, Finance-Ready, Insurance-Ready, Docket, Grid, Proof Receipt, Public Authority, Certification, Conformance, Maturity, Routeability, Readiness, Observatory, North America Anchor, State Interface, Territorial Interface, Tribal Interface, and Public-Good Stack.\
The Corporation shall apply controlled meanings to terms that sit at the boundary between evidence, authority, public reliance, finance, certification, procurement, recognition, and Nexus interoperability.

“Evidence” shall mean record-supported information, data, observation, method output, source material, analysis, measurement, testimony, model output, sensor output, telemetry, document, dataset, or other material used to support learning, research, methods, public-safe reporting, or technical understanding. Evidence shall not mean approval, recognition, finance-readiness, certification, procurement approval, public authority decision, rating, guarantee, public warning, or emergency command.

“Verified” and “validated” shall be used only in accordance with approved methods and records. They shall describe the scope, method, confidence, limitation, and record basis of a review. They shall not imply final truth, official authority, legal compliance, public authority approval, certification, procurement approval, finance-readiness, recognition, rating, or guarantee unless a competent authority separately and lawfully records that exact status.

“Public-safe” shall mean reviewed and limited for publication or sharing in a manner designed to reduce foreseeable harm, confusion, protected knowledge exposure, cybersecurity risk, infrastructure risk, privacy harm, public authority confusion, finance overclaim, certification overclaim, procurement implication, provider preference, sponsor control, or unsafe reliance. Public-safe shall not mean complete, risk-free, legally approved, government-approved, investor-ready, certified, or endorsed.

“Recognized,” “maturity,” “standing,” “Docket,” and “Grid” shall be used only in accordance with the applicable GRF, Nexus, or competent governance records. GCRI US may provide evidence and methods inputs to such processes, but shall not itself confer recognition, standing, maturity, Docket approval, Grid guarantee, or public-facing legitimacy status unless separately and lawfully authorized within its permitted role.

“Finance-ready,” “insurance-ready,” “bankable,” “investable,” “capital-readable,” “proof pack,” and similar terms shall be used only with finance-boundary controls and, where applicable, GRA role separation. GCRI US may provide technical evidence inputs, methods inputs, observability inputs, and public-good technical baselines, but shall not determine finance-readiness, insurance-readiness, bankability, investability, underwriting suitability, credit quality, investment grade, public finance approval, or capital allocation.

“Certification,” “certified,” “accreditation,” “conformance,” and “Nexus-compatible” shall be used only where a competent standards, certification, registry, or governance process expressly supports the term. A reference implementation, technical baseline, method, software tool, schema, dashboard, proof receipt, or standards profile shall not itself create certification, accreditation, procurement approval, or mandatory conformance.

“Public authority” shall be used with capacity classification. The Corporation shall distinguish official-capacity participation, observer participation, regulator-listening participation, public finance reader participation, emergency-management participant participation, public infrastructure operator participation, personal-capacity participation, and other lawful categories. Public authority participation shall not imply endorsement, adoption, funding, procurement approval, regulatory approval, sovereign obligation, public warning, emergency command, or public authority delegation.

“Proof receipt” shall mean a record artifact evidencing that a specified item, process, computation, submission, check, review, or technical event occurred within a defined system and scope. A proof receipt shall not mean recognition, certification, finance-readiness, procurement approval, public authority approval, legal compliance, or final truth unless separately supported by competent authority.

“Observatory,” “North America anchor,” “state interface,” “territorial interface,” “Tribal interface,” “routeability,” “readiness,” and “public-good stack” shall be used in a manner that preserves non-execution, role separation, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, safeguards, and legal separateness.

15.7 No Unilateral Redefinition by Program Team, Publication Lead, Technology Vendor, Sponsor, Provider, Donor, Funder, Public Authority Participant, State Interface, Regional Team, or Informal Working Group.\
No program team, publication lead, technology vendor, sponsor, provider, donor, funder, host, public authority participant, state interface, territorial interface, Tribal-interface participant, regional team, local team, technical maintainer, repository administrator, AI system, external consultant, communications lead, grant writer, fundraising team, working group, advisory council, Helix council, informal leadership group, or Nexus participant may unilaterally redefine controlled terms.

No uncontrolled redefinition shall be valid merely because it appears in a public statement, website page, GitBook page, dashboard, technical documentation, slide deck, grant application, sponsor material, provider material, public authority material, memorandum, AI-generated summary, repository commit, metadata field, proof receipt, registry entry, ledger entry, role key, smart license, standards profile, or public-facing report.

A person or body that identifies the need for a new term, revised term, localized term, translated term, or clarified term shall submit the matter through the semantic governance process. Until approved, the proposed term shall be marked draft, non-operative, or explanatory and shall not be used to create reliance.

Any unilateral redefinition that affects authority, public meaning, finance-boundary meaning, certification-boundary meaning, procurement-boundary meaning, public authority meaning, evidence status, recognition status, safeguards, data / AI / cyber controls, or Nexus compatibility shall be subject to correction, withdrawal, access restriction, takedown, public-safe clarification, controlled notice, or disciplinary response where appropriate.

15.8 Semantic Drift Review.\
The Corporation shall conduct semantic drift review where terms, labels, public statements, technical artifacts, dashboards, public authority materials, sponsor materials, provider materials, grant materials, publications, Nexus interface materials, or automated outputs appear to be changing meaning through repeated use, public expectation, operational practice, translation, localization, AI summarization, technical shorthand, marketing, fundraising, public authority familiarity, sponsor preference, provider preference, or ecosystem adoption.

Semantic drift review shall assess whether the term or usage has begun to imply authority, approval, recognition, finance-readiness, certification, procurement approval, public warning, emergency command, public authority adoption, provider preference, sponsor control, regulated advice, legal compliance, or enterprise execution beyond its approved meaning.

Semantic drift review shall be triggered by complaints, internal concerns, legal review, public authority concern, sponsor or provider usage, media usage, public claim misuse, participant misuse, dashboard interpretation, AI-generated outputs, translation divergence, localization divergence, repository inconsistencies, proof-receipt misuse, registry misuse, or Nexus interface mismatch.

Where semantic drift is identified, the Corporation shall correct the term, revise limitation language, update controlled vocabulary, issue clarifications, withdraw materials, restrict access, update metadata, revise training, update public-safe notices, require participant correction, or escalate to the Board or legal / compliance function where material.

15.9 Non-Conforming Output Rule.\
A non-conforming output is any minute, resolution, notice, register entry, public statement, report, whitepaper, dashboard, map, dataset, software release, technical baseline, model card, system card, dataset card, proof receipt, public authority material, sponsor material, provider material, grant material, controlled-room material, publication, translation, summary, AI output, repository entry, metadata field, standards profile, or Nexus interface artifact that uses terms contrary to this Bylaw, the Definitions Schedule, controlled vocabulary, public-safe notice library, authority matrix, or applicable limitation language.

A non-conforming output shall not be treated as authoritative to the extent of its non-conformity. Where the non-conformity is immaterial, clerical, or editorial, it may be corrected through the authorized correction process. Where the non-conformity affects authority, legal meaning, public meaning, public authority meaning, finance-readiness, certification, procurement, recognition, data rights, AI use, cybersecurity, safeguards, protected knowledge, or Nexus role separation, it shall be held, quarantined, restricted, corrected, superseded, withdrawn, or escalated.

No person shall rely on non-conforming language to claim governance authority, public authority approval, public warning status, emergency command status, finance-readiness, insurance-readiness, certification, recognition, procurement advantage, provider preference, sponsor control, Nexus-compatible status, legal compliance, or regulated advice.

The Corporation shall preserve the record of the non-conforming output and the correction path to maintain historical traceability, auditability, institutional learning, and correctionability.

15.10 Nullity, Voidability, Restriction, Correction, Withdrawal, or Denial of Authoritative Status for Material Misuse.\
Material misuse of a controlled term may render the affected output null, voidable, restricted, corrected, withdrawn, superseded, denied authoritative status, or treated as non-operative to the extent of the misuse.

Material misuse includes use of a term in a manner that creates or implies unauthorized legal authority, Board approval, member approval, officer delegation, public authority approval, government endorsement, sovereign obligation, public warning, emergency command, finance-readiness, insurance-readiness, bankability, investment suitability, certification, accreditation, procurement approval, recognition, standing, maturity, Docket approval, Grid guarantee, Nexus-compatible status, provider preference, sponsor control, tax status, legal compliance, or enterprise execution.

Where material misuse occurs in public-facing materials, the Corporation shall determine whether public-safe clarification, public correction, takedown, withdrawal, replacement, or controlled notice is required. Where misuse occurs in controlled materials, the Corporation shall determine whether access restriction, participant notice, corrected-room notice, public authority notice, repository correction, or legal review is required.

Material misuse shall not be cured merely by intent, internal understanding, technical explanation, or later oral clarification. Cure requires a competent record and, where necessary, correction, supersession, withdrawal, public-safe notice, controlled notice, or Board action.

15.11 Terminology Change Record.\
Each material terminology change shall be recorded. The terminology change record shall identify the term, prior definition, revised definition, reason for change, change classification, affected instruments, affected public materials, affected technical systems, affected metadata, affected translations, affected localization schedules, affected public authority materials, affected finance-boundary materials, affected certification-boundary materials, affected procurement-boundary materials, affected Nexus interface materials, approving authority, effective date, repository entry, public-safe status, access class, transition rule, supersession effect, and correction requirements.

Terminology change records shall distinguish editorial terminology changes from material semantic changes and constitutional semantic changes. A terminology change that affects legal identity, public-benefit purpose, mission lock, nonprofit character, tax status, non-execution, role separation, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber controls, safeguards, or Nexus role separation shall be treated as material or constitutional as appropriate.

Terminology change records shall preserve historical traceability so that the Corporation can determine which meaning governed at a particular time, which public materials used the prior meaning, which records require correction, and whether reliance occurred.

No terminology change shall be implemented silently in public materials, metadata, dashboards, repository labels, proof receipts, registries, controlled-room materials, or Nexus instruments where the change may affect reliance or authority.

15.12 No Silent Meaning Shift.\
No term used by the Corporation shall shift meaning silently. Meaning shall change only through a competent, classified, recorded, versioned, and correctionable act.

Silent meaning shift includes changing a definition without record; changing a public-facing term without updating the controlled vocabulary; using a marketing synonym to imply a new status; allowing a dashboard label to become an authority signal; allowing a proof receipt to become recognition; allowing “validated” to become certification; allowing “ready” to become finance-readiness; allowing “public authority participant” to become public authority approval; allowing “Nexus-compatible” to become procurement eligibility; allowing “public-safe” to become risk-free; allowing “technical baseline” to become mandatory standard; or allowing “observatory output” to become public warning.

The Corporation shall prevent silent meaning shift through controlled vocabulary, defined-term registers, public-safe limitation language, repository metadata, semantic drift review, training, publication review, AI-output review, translation review, localization review, public authority capacity classification, finance-boundary review, certification-boundary review, procurement-boundary review, and correctionability.

Where a silent meaning shift is suspected, the Corporation shall hold or restrict the affected term or output, identify the authoritative meaning, review reliance risk, correct affected records, update public-safe materials, issue controlled or public notices where needed, and preserve the correction record.

15.13 Controlled Vocabulary Records.\
The Corporation shall maintain records sufficient to prove the meaning, authority, version, effective date, publication status, access status, and correction history of controlled terms and definitions.

Such records shall include, as applicable:

a) the Definitions Schedule;

b) controlled vocabulary registers;

c) legal-term registers;

d) evidence-term registers;

e) technical-term registers;

f) public-safe terminology libraries;

g) public authority capacity terminology records;

h) finance-boundary terminology records;

i) certification-boundary and procurement-boundary terminology records;

j) recognition, maturity, standing, Docket, Grid, and Nexus-compatible terminology records;

k) data / AI / cyber terminology records;

l) safeguards, community, Tribal, Indigenous, local, territorial, cultural, environmental, and protected knowledge terminology records;

m) state, District of Columbia, territorial, local, Tribal-interface, and North America localization terminology records;

n) translation terminology records;

o) terminology change records;

p) semantic drift review records;

q) non-conforming output records;

r) nullity, voidability, restriction, correction, withdrawal, denial-of-authoritative-status, supersession, archive, public-safe notice, and controlled notice records;

s) affected public materials, technical systems, metadata, dashboards, proof receipts, registry entries, standards profiles, repository records, AI outputs, and Nexus interface records;

t) review records by legal, compliance, tax, public authority, finance-boundary, certification-boundary, procurement-boundary, data / AI / cyber, safeguards, competition, sanctions, export-control, controlled-technology, and protected knowledge functions where applicable; and

u) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

The governing rule of this Section is that institutional meaning shall be governed, not improvised. The Corporation shall use controlled vocabulary to preserve legal identity, public-benefit purpose, nonprofit character, United States seat discipline, all-states-and-territories posture, North America anchor boundaries, non-execution, GCRI / GRF / GRA role separation, public-good stack and enterprise stack separation, public authority boundaries, finance boundaries, certification and procurement boundaries, data / AI / cyber controls, community safeguards, protected knowledge discipline, validity-by-record, correctionability, and public trust. No word shall be allowed to become authority by drift, repetition, platform design, public narrative, funder pressure, sponsor preference, provider usage, public authority familiarity, AI output, dashboard label, proof receipt, registry entry, or Nexus interoperability practice.

## Section 16. Interpretation Rules, Normative Language, Headings, Severability, Time Computation, and Continuity of Effect

16.1 Singular and Plural.\
Unless the context requires otherwise, words importing the singular include the plural, and words importing the plural include the singular. A reference to a person includes an individual, corporation, nonprofit corporation, association, partnership, limited liability company, trust, foundation, institute, university, laboratory, public authority, Tribal or Indigenous government, governmental instrumentality, international organization, unincorporated body, consortium, project vehicle, technical community, or other legal or institutional actor, as applicable.

A reference to a record includes a paper record, electronic record, repository record, register entry, metadata entry, signed instrument, electronic signature record, version-control record, notice-stream entry, public-safe publication record, controlled-room record, proof receipt, audit trail, integrity reference, hash reference, ledger reference where used, or other recorded artifact capable of evidencing authority, status, action, review, limitation, correction, or reliance boundary.

A reference to an act includes an omission where the context, law, fiduciary duty, public-benefit duty, compliance requirement, records obligation, non-execution boundary, data / AI / cyber control, safeguards obligation, public authority boundary, finance boundary, certification boundary, procurement boundary, or correction duty makes an omission governance-significant.

16.2 Gender-Neutral Interpretation.\
This Bylaw shall be interpreted in a gender-neutral and inclusive manner. Pronouns, titles, offices, roles, and references to persons shall not be read to limit eligibility, participation, authority, responsibility, or protection by gender, gender identity, sex, expression, marital status, family status, or any other protected or irrelevant personal characteristic.

Gender-neutral interpretation shall also apply to public-facing materials, participation instruments, academy materials, controlled-room materials, public authority materials, repository records, employment or contractor materials, fellowship materials, volunteer materials, community interface materials, Tribal and Indigenous interface materials, accessibility materials, and public-safe summaries.

Nothing in this Section shall limit the Corporation’s obligation to comply with applicable civil rights, accessibility, employment, public accommodation, education, privacy, data protection, public authority, research, community safeguards, or protected participation requirements.

16.3 “Including” Means Including Without Limitation.\
The words “including,” “includes,” “include,” “such as,” “including but not limited to,” and similar phrases shall be illustrative and not limiting. A list following such words shall not be read to exclude comparable persons, bodies, records, systems, instruments, acts, risks, technologies, jurisdictions, controls, safeguards, or obligations that fall within the purpose, structure, or protective function of the provision.

A list of technologies shall not limit the Corporation’s scope to the technologies named. References to AI, AI-RAN, O-RAN, DePIN, DLT, blockchain, Web3, quantum-relevant systems, sovereign compute, HPC, cyber, robotics, drones, sensors, geospatial systems, Earth observation, digital twins, biosecurity, climate, nature, energy, water, food, health, disaster, telecommunications, supply chain, advanced manufacturing, semiconductors, or other exponential technologies shall be read to include successor, adjacent, convergent, hybrid, mission-critical, infrastructure-relevant, public-safety-relevant, and public-good-relevant technologies where consistent with this Bylaw.

A list of actors shall not imply equal authority among listed actors. The Corporation shall continue to distinguish GCRI US, GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, national companies, Project SPVs, qualified enterprise providers, sponsors, hosts, public authorities, universities, laboratories, communities, and enterprise actors according to their respective lawful roles.

16.4 References to Laws.\
A reference to any law, statute, regulation, rule, order, guidance, filing requirement, tax requirement, public authority requirement, professional boundary requirement, privacy requirement, AI governance requirement, cybersecurity requirement, export-control requirement, sanctions requirement, competition requirement, public records requirement, procurement integrity requirement, lobbying requirement, political-activity requirement, charitable solicitation requirement, or other legal requirement includes such law or requirement as amended, replaced, reenacted, superseded, interpreted, supplemented, localized, or made applicable from time to time.

A reference to law shall include federal, state, District of Columbia, territorial, Tribal, Indigenous governance interface, local, foreign, cross-border, public authority, tax, nonprofit, data protection, AI, cybersecurity, research, civil rights, accessibility, employment, contractor, volunteer, sanctions, export-control, controlled-technology, competition, public finance, procurement integrity, lobbying, government ethics, gifts, grant, public records, open meetings, and professional boundary requirements where applicable.

Where the Corporation is uncertain whether a legal requirement applies, the matter shall be escalated for legal, compliance, tax, public authority, data / AI / cyber, safeguards, or regulated-perimeter review as appropriate. Pending resolution, the Corporation shall apply the more restrictive lawful interpretation that preserves public benefit, non-execution, role separation, public authority boundary discipline, finance-boundary discipline, certification-boundary discipline, procurement neutrality, safeguards, and correctionability.

No reference to a law shall be read as legal advice, regulatory approval, compliance certification, public authority determination, or professional opinion by the Corporation unless separately and lawfully authorized by competent authority and recorded within the Corporation’s permitted role.

16.5 References to Federal, State, Territorial, Tribal, Local, Foreign, and Cross-Border Bodies.\
A reference to a federal, state, District of Columbia, territorial, Tribal, Indigenous, local, county, municipal, metropolitan, port, utility, public health, emergency management, public safety, public works, water, energy, food, telecommunications, cyber, infrastructure, foreign, cross-border, regional, North America, international, public university, public laboratory, public finance, regulator-listening, or other public-sector body shall include its lawful successors, assigns, renamed bodies, reorganized bodies, merged bodies, split bodies, delegated bodies, and successor offices, but only to the extent recognized by applicable law and competent record.

A reference to a public authority shall not imply endorsement, adoption, funding approval, grant approval, procurement approval, public finance approval, regulatory approval, sovereign obligation, public-private partnership, public warning, emergency command, official decision, or public authority delegation. Public authority meaning shall be determined by capacity classification, written instrument, public authority record, Corporation record, public-safe language, and applicable law.

A reference to Tribal or Indigenous bodies shall be interpreted with respect for Tribal sovereignty, Indigenous governance, Indigenous knowledge protocols, Indigenous data safeguards, community consent pathways, protected knowledge, and local context. Such reference shall not imply that the Corporation has authority to speak for, bind, extract from, represent, certify, recognize, or override any Tribal or Indigenous government, community, knowledge holder, or protocol.

Cross-border references shall be interpreted as coordination, learning, evidence, methods, observability, public-good software, technical baseline, safeguards, and interoperability references only, unless a separate lawful record provides otherwise. They shall not create treaty authority, intergovernmental authority, foreign branch status, agency, partnership, joint venture, public authority status, shared treasury, shared liability, or enterprise execution authority.

16.6 References to Offices, Bodies, and Successors.\
A reference to an officer, office, committee, council, advisory body, public authority forum, working group, expert panel, repository custodian, Secretariat, Central Bureau, program body, Nexus interface body, or other internal or interface body shall include any lawful successor, renamed office, restructured office, delegated officer, acting officer, interim officer, successor committee, successor council, successor custodian, or equivalent body designated by competent authority.

A successor office or body shall inherit only the authority lawfully assigned to it by mandatory applicable law, the Certificate or Articles of Incorporation, this Bylaw, Board resolution, member approval where required, committee charter, council mandate, policy, delegation matrix, authority matrix, written appointment, or other competent record. No successor office or body shall inherit authority by title similarity, operational continuity, repository access, historical practice, technical centrality, public visibility, sponsor reliance, provider reliance, public authority familiarity, or Nexus usage.

Where an office or body is abolished, merged, divided, renamed, suspended, or replaced, the Corporation shall preserve continuity of lawful responsibilities through recorded transition, delegation, custody transfer, authority mapping, records transfer, access review, public-safe notice where needed, and correction of affected instruments.

No office succession shall be used to avoid Board reserved matters, weaken non-execution, alter public authority boundaries, alter finance boundaries, create certification or procurement authority, create recognition authority, permit sponsor control, prefer providers, weaken data / AI / cyber controls, weaken safeguards, or obscure GCRI / GRF / GRA role separation.

16.7 Time Computation.\
Unless otherwise stated, a period of days under this Bylaw shall be computed by excluding the day of the event that begins the period and including the last day of the period. Where the last day falls on a Saturday, Sunday, federal holiday, applicable state holiday, applicable territorial holiday, or other day on which the Corporation’s principal administrative office is closed, the deadline shall extend to the next business day, unless mandatory applicable law, a filing deadline, a court order, a public authority deadline, a grant deadline, a tax deadline, or a Board resolution requires otherwise.

“Business day” means a day on which the Corporation’s principal administrative office is open for ordinary governance business, excluding weekends, federal holidays, and other days designated by the Board or Secretary. For state, territorial, Tribal-interface, local, foreign, or public authority matters, the applicable jurisdictional calendar may also be considered where lawful and relevant.

Time references shall be interpreted by reference to the time zone designated by the Corporation’s official repository policy, notice, Board resolution, or relevant instrument. If no time zone is designated, the time zone of the Corporation’s principal United States governance seat shall apply.

A late notice, filing, disclosure, correction, publication, record deposit, or approval shall not be treated as timely merely because of operational convenience, technical delay, repository delay, email delay, AI workflow delay, platform outage, public authority scheduling difficulty, sponsor expectation, provider expectation, or cross-border coordination need. Where delay affects rights, authority, reliance, public-safe publication, public authority meaning, finance boundary, certification boundary, procurement boundary, data / AI / cyber control, safeguards, or legal compliance, the delay shall be recorded, reviewed, and corrected where necessary.

16.8 “Shall.”\
“Shall” denotes a mandatory duty. A provision using “shall” must be complied with unless compliance is excused, modified, suspended, superseded, or made impossible by mandatory applicable law, the Certificate or Articles of Incorporation, this Bylaw, a lawful amendment, a lawful emergency measure, or another competent record within the applicable hierarchy.

A mandatory duty may require action, abstention, escalation, review, record creation, notice, correction, restriction, withdrawal, refusal, re-scoping, or other governance response. The specific form of compliance shall be determined by the text, purpose, applicable law, risk classification, authority matrix, relevant policy, and protective function of the provision.

Failure to comply with a “shall” duty shall not be cured by informal approval, officer convenience, committee consensus, sponsor preference, provider preference, public authority familiarity, technical feasibility, AI-generated workaround, repository practice, public narrative, or repeated non-compliance. Correction shall require competent review and record.

16.9 “May.”\
“May” denotes permission or discretionary authority, not a mandatory duty. Discretion under “may” shall be exercised only within applicable law, the Certificate or Articles of Incorporation, this Bylaw, fiduciary duty, public-benefit purpose, nonprofit character, tax-exempt or tax-exempt-compatible limits, Board-approved strategy, authority matrix, delegation matrix, budget, policies, records requirements, and relevant safeguards.

“May” shall not be interpreted as permission to act without authority, skip required review, create public authority status, create finance-readiness authority, certify, recognize, approve procurement, provide regulated advice, create provider preference, permit sponsor control, disclose protected information, weaken data / AI / cyber controls, ignore conflicts, bypass competition controls, or enter enterprise execution.

Where discretionary action may affect legal status, public authority meaning, finance boundaries, certification boundaries, procurement boundaries, data rights, AI use, cybersecurity, protected knowledge, civil rights, accessibility, community safeguards, tax status, public-facing reliance, or Nexus role separation, discretion shall be exercised under the more protective and record-supported path.

The fact that the Corporation may act shall not mean that it must act or that any participant, sponsor, donor, funder, provider, public authority, host, university, laboratory, community, investor, insurer, lender, national company, Project SPV, or other actor has a right to compel such action.

16.10 “Must.”\
“Must” denotes a mandatory requirement equivalent to “shall,” and shall be interpreted as creating a compulsory obligation. “Must” may be used where the requirement concerns safety, legality, validity, authority, records, public-safe publication, data / AI / cyber controls, public authority boundaries, finance boundaries, certification boundaries, procurement boundaries, safeguards, or correction.

Where “must” appears in a policy, protocol, schedule, annex, register, matrix, standard profile, controlled vocabulary, form, public-safe notice, controlled-room rule, technical profile, or operating procedure adopted under this Bylaw, it shall be mandatory within the lawful scope of that instrument, provided that it does not override mandatory applicable law, the Certificate or Articles of Incorporation, this Bylaw, or a superior instrument.

A “must” requirement shall not be waived informally. Any waiver, deviation, exception, emergency override, or temporary suspension must be lawful, recorded, classified, time-bounded where appropriate, approved by competent authority, and corrected or ratified where required.

16.11 “Shall Not.”\
“Shall not” denotes a mandatory prohibition. A person, body, system, program, committee, officer, director, participant, sponsor, provider, public authority interface, repository, AI workflow, dashboard, proof receipt, technical artifact, public material, controlled room, or Nexus interface subject to this Bylaw shall not engage in the prohibited act, create the prohibited implication, permit the prohibited status, or rely on the prohibited interpretation.

A “shall not” prohibition includes direct acts, indirect acts, acts by proxy, acts through affiliates, acts through controlled-room design, acts through technical architecture, acts through metadata, acts through AI-generated text, acts through public statements, acts through funding instruments, acts through sponsor or provider materials, acts through public authority familiarity, acts through proof receipts, acts through registry entries, and acts through Nexus interoperability practice.

A prohibited act shall not become permitted because it is described as research, learning, pilot, beta, advisory, public-good, non-binding, technical, preliminary, controlled, internal, public-safe, sponsor-supported, provider-supported, public authority-facing, state-specific, territorial, Tribal-interface, cross-border, or Nexus-compatible.

Where a “shall not” prohibition is breached or may be breached, the Corporation shall stop, hold, quarantine, restrict, re-scope, correct, withdraw, supersede, refer, terminate, or escalate as appropriate.

16.12 Discretion Bounded by Law, Fiduciary Duty, Public-Benefit Purpose, Nonprofit Duty, Tax-Exempt Compatibility, and This Bylaw.\
All discretion under this Bylaw is bounded. No director, officer, committee, council, working group, advisory body, employee, contractor, volunteer, fellow, advisor, contributor, sponsor, donor, funder, provider, host, public authority participant, university participant, laboratory participant, community participant, or Nexus interface actor may exercise discretion in a manner inconsistent with mandatory applicable law, the Certificate or Articles of Incorporation, this Bylaw, fiduciary duty, public-benefit purpose, nonprofit character, non-distribution, tax-exempt or tax-exempt-compatible restrictions, mission lock, non-execution, role separation, public authority boundary discipline, finance-boundary discipline, certification-boundary discipline, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber controls, community safeguards, protected knowledge discipline, competition law, sanctions, export controls, civil rights, accessibility, research integrity, public-safe publication, validity-by-record, or correctionability.

Discretion shall be exercised for the Corporation’s lawful public-benefit purposes and not for private advantage, sponsor advantage, provider advantage, donor preference, funder preference, public authority convenience, founder preference, officer preference, committee preference, capital-reader preference, national company preference, Project SPV preference, or ecosystem pressure.

Where discretion may produce material legal, public authority, finance, certification, procurement, data / AI / cyber, safeguards, tax, nonprofit, public-facing, or Nexus consequence, the decision shall be supported by an adequate record, including authority, rationale, review, limitations, conflicts, recusals, public-safe language, and correction pathway.

Discretionary authority shall be interpreted narrowly where it would otherwise risk role confusion, public authority confusion, finance overclaim, certification overclaim, procurement implication, provider preference, sponsor control, data misuse, AI misuse, cyber risk, protected knowledge exposure, competition concern, private benefit, or unsafe reliance.

16.13 Headings and Numbering.\
Headings, Article titles, Section titles, subsection titles, numbering, labels, captions, table-of-contents entries, index entries, running headers, footers, repository titles, metadata titles, and public-facing labels are included for organization, navigation, readability, repository control, citation, public legibility, and semantic discipline. They shall be used as interpretive aids where consistent with the operative text, but they shall not override the operative text.

Where a heading appears broader or narrower than the operative provision, the operative provision shall control. Where a heading assists in resolving ambiguity, the heading may be considered together with the Article purpose, Section structure, controlled vocabulary, related provisions, and public-good constitutional reading rule.

A numbering error, cross-reference error, formatting error, indentation error, table-of-contents mismatch, heading mismatch, typographical error, repository display issue, or export formatting defect shall not invalidate a provision where the operative meaning can reasonably be determined. Such defect shall be corrected through the applicable versioning, correction, or clerical process.

No person shall rely on a heading, table-of-contents entry, metadata label, dashboard label, public summary, or repository title to create authority, status, public authority meaning, finance-readiness, certification, procurement approval, recognition, provider preference, sponsor control, or enterprise execution where the operative text does not support that meaning.

16.14 Structural Order as Interpretive Aid.\
The structure of this Bylaw is intentional and may be used as an interpretive aid. Earlier legal-control, identity, scope, precedence, document-control, controlled-vocabulary, interpretation, non-execution, public authority boundary, finance-boundary, certification-boundary, and public-good constitutional provisions inform the reading of later operational, programmatic, technical, participation, committee, officer, records, finance, data / AI / cyber, safeguards, publication, and Nexus-interface provisions.

The placement of a provision in a particular Article or Section shall not limit its application where the text, purpose, or protective function indicates broader application. A governance-control provision may apply to programs; a records provision may apply to technical artifacts; a non-execution provision may apply to controlled rooms; a public authority boundary provision may apply to dashboards; a finance-boundary provision may apply to evidence products; and a safeguards provision may apply to publication, software, datasets, observability, and Nexus interfaces.

Where two provisions appear to overlap, they shall be read harmoniously where possible. A specific provision shall generally control over a general provision for the specific matter addressed, except where the general provision is more protective and expressly intended as a constitutional, public-good, non-execution, public authority boundary, finance-boundary, data / AI / cyber, safeguards, or anti-capture rule.

Structural order shall not be used to create implied authority or to treat silence in a later Article as waiver of an earlier restriction.

16.15 Severability.\
If any provision of this Bylaw, or any application of a provision to any person, body, record, program, jurisdiction, public authority interface, state interface, territorial interface, Tribal interface, North America interface, technical artifact, controlled room, dataset, software release, publication, support arrangement, or Nexus interface, is held invalid, unlawful, unenforceable, inapplicable, or ineffective by competent authority, the remaining provisions shall continue in full force and effect to the fullest lawful extent.

The invalid, unlawful, unenforceable, inapplicable, or ineffective provision shall be severed, read down, narrowed, corrected, superseded, withdrawn, restated, or amended to the minimum extent necessary to preserve legality, public benefit, nonprofit character, non-execution, role separation, public authority boundary discipline, finance-boundary discipline, certification-boundary discipline, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber controls, safeguards, validity-by-record, correctionability, and the Corporation’s lawful purposes.

Severability shall not be used to preserve an arrangement that would, without the severed provision, create private inurement, impermissible private benefit, public authority confusion, finance overclaim, certification overclaim, procurement implication, sponsor control, provider preference, enterprise execution, data misuse, AI misuse, cyber risk, protected knowledge exposure, competition violation, sanctions violation, export-control violation, or unlawful purpose.

Where severability is invoked or may be invoked, the Corporation shall record the issue, obtain legal or competent review where material, apply interim controls where needed, and update affected records, public materials, schedules, annexes, policies, controlled vocabulary, metadata, and Nexus interface materials.

16.16 Continuity of Effect.\
This Bylaw shall continue in effect until lawfully amended, restated, superseded, repealed, withdrawn, or replaced by competent authority in accordance with mandatory applicable law, the Certificate or Articles of Incorporation, and this Bylaw.

Continuity of effect shall apply notwithstanding changes in directors, officers, members where applicable, staff, contractors, advisors, fellows, volunteers, sponsors, donors, funders, providers, hosts, public authority participants, repositories, platforms, websites, public-facing materials, technical systems, public-good software, dashboards, controlled rooms, state interfaces, territorial interfaces, Tribal interfaces, North America interfaces, or Nexus interface arrangements.

No pause in operations, repository outage, website redesign, GitBook migration, data-room migration, software repository migration, public authority coordination change, funding change, sponsor change, provider change, Board vacancy, officer vacancy, committee sunset, program closure, cross-border transition, emergency mode, or public narrative shift shall suspend this Bylaw unless a competent legal record expressly and lawfully provides otherwise.

Continuity of effect shall also preserve obligations that by their nature survive termination, withdrawal, supersession, resignation, removal, offboarding, closeout, archive, or dissolution, including confidentiality, records, legal hold, privilege, data protection, AI-use restrictions, cybersecurity, protected knowledge, public-safe claims, correction, non-reliance, no-authority, non-execution, conflict, competition, sanctions, export-control, IP, attribution, and public-benefit asset obligations.

16.17 Mission-Preserving Interpretation.\
This Bylaw shall be interpreted to preserve the Corporation’s mission as a United States and North America public-benefit technical institution for evidence, methods, observability, ontology, technical truth, public-good research and development, public-good software, open technical baselines, verifiable compute methods, public authority learning, community safeguards, public-safe publication, and Nexus public-good stack compatibility.

Where a provision is susceptible to more than one reasonable interpretation, the interpretation that best preserves public benefit, nonprofit character, non-distribution, tax-exempt or tax-exempt-compatible posture, United States seat discipline, all-states-and-territories compliance, North America anchor boundaries, non-execution, GCRI / GRF / GRA role separation, public-good stack and enterprise stack separation, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber integrity, research integrity, evidence integrity, community safeguards, protected knowledge, validity-by-record, correctionability, and public trust shall control.

No interpretation shall convert stewardship into control; evidence into recognition; methods into certification; technical baselines into procurement approval; public authority learning into public authority delegation; readiness inputs into finance-readiness determinations; public-safe publication into public warning; proof receipts into legal authority; dashboards into emergency command; or Nexus interoperability into whole-system governance by GCRI US.

Mission-preserving interpretation shall not authorize the Corporation to ignore law, expand its powers beyond its constituting instrument, conduct prohibited functions, or assume roles reserved to GRF, GRA, Nexus Standards, public authorities, national companies, Project SPVs, qualified providers, regulated actors, or other lawful entities.

16.18 Narrower Implied Authority Rule.\
Authority shall not be implied broadly. Where the existence, scope, holder, duration, conditions, or limits of authority are uncertain, the narrower interpretation shall apply until competent authority clarifies the matter by record.

No authority shall be implied from title, seniority, authorship, expertise, technical centrality, public visibility, founder status, sponsor relationship, provider relationship, donor relationship, funder relationship, public authority contact, repository access, dashboard access, controlled-room access, AI-system access, software maintainer status, committee participation, council participation, working group leadership, Helix participation, Nexus participation, state-interface role, territorial-interface role, Tribal-interface role, North America-interface role, or operational convenience.

The narrower implied authority rule applies especially to authority to bind the Corporation; issue public statements; approve public authority references; approve publications; admit participants; accept support; approve funding materials; release datasets; release software; approve AI use; approve controlled-room access; classify public authority capacity; issue proof receipts; refer to Nexus compatibility; determine recognition; determine maturity; determine finance-readiness; certify; approve procurement; provide professional advice; or act in any regulated perimeter.

Where immediate action is necessary to prevent harm, protect records, protect data, protect cybersecurity, protect public-safe meaning, prevent public authority confusion, prevent finance overclaim, prevent certification overclaim, prevent procurement overclaim, prevent protected knowledge exposure, or preserve legal compliance, only the narrowest emergency or break-glass authority necessary may be used, and such action shall be recorded, time-limited, escalated, and ratified or corrected as required.

16.19 United States State-by-State Localization Rule.\
This Bylaw shall be interpreted as a United States governing instrument intended to operate across all states, the District of Columbia, territories, Tribal-interface contexts, local jurisdictions, public authority interfaces, and North America coordination contexts, subject to applicable law and recorded localization.

State-by-state localization may supplement implementation through state qualification, charitable solicitation registration, tax compliance, employment compliance, privacy compliance, data handling rules, AI governance rules, cybersecurity requirements, public authority protocols, lobbying or government ethics controls, public records considerations, procurement integrity controls, contract localization, grant compliance, civil rights requirements, accessibility requirements, or other lawful state-specific requirements.

Localization shall not fragment the Corporation’s legal identity, alter internal corporate governance, weaken public-benefit purpose, weaken nonprofit character, soften non-execution, create public authority status, create finance-readiness authority, create certification authority, create procurement authority, create recognition authority, create provider preference, permit sponsor control, weaken data / AI / cyber controls, weaken safeguards, weaken validity-by-record, weaken correctionability, or displace the Corporation’s United States seat discipline.

Where a state, territorial, Tribal-interface, or local requirement conflicts with this Bylaw, mandatory applicable law shall control within its lawful scope, and the Corporation shall apply correction, narrowing, suspension, separate instrument, jurisdictional restriction, compliance routing, public-safe notice, or Board action as appropriate.

16.20 North America Interface Interpretation Rule.\
References to the Corporation’s North America anchor role shall be interpreted as references to a bounded public-good role in evidence architecture, methods continuity, observability methods, ontology alignment, public-good software, technical baselines, verifiable compute methods, public authority learning support, community safeguards, cross-border learning, and Nexus public-good stack interoperability.

The North America anchor role shall not be interpreted as creating sovereign authority, treaty authority, intergovernmental authority, regional regulator status, public authority delegation, public warning authority, emergency command authority, public finance authority, procurement authority, certification authority, recognition authority, finance-readiness authority, protocol monopoly, enterprise execution authority, foreign branch status, merger, partnership, joint venture, agency, shared treasury, shared liability, single employer status, joint employer status, or authority to bind GCRI Canada, GRF, GRA, Nexus entities, public authorities, national companies, Project SPVs, providers, sponsors, hosts, universities, laboratories, communities, or enterprise actors.

North America interface language shall be supported by compatibility notes, divergence logs, role-separation records, cross-border legal review, data / AI / cyber review, safeguards review, public authority capacity records, public-safe language, and repository records where material.

Where North America coordination creates uncertainty, the Corporation shall use the narrower, more lawful, more public-safe, more non-executing, more role-separated, and more record-supported interpretation pending review.

16.21 Interpretation Records.\
The Corporation shall maintain records sufficient to support the interpretation, application, correction, and continuity of this Bylaw and related instruments.

Such records shall include, as applicable:

a) interpretation memoranda;

b) legal review records;

c) tax and nonprofit review records;

d) Board clarification records;

e) Secretary certifications;

f) hierarchy and precedence records;

g) controlled vocabulary and Definitions Schedule records;

h) semantic drift records;

i) time-computation records where deadlines are material;

j) notice and waiver records;

k) severability records;

l) continuity records;

m) mission-preserving interpretation records;

n) narrower implied authority records;

o) state, District of Columbia, territorial, Tribal-interface, local, and public authority localization records;

p) North America interface interpretation records;

q) public authority capacity records;

r) finance-boundary, certification-boundary, procurement-boundary, recognition-boundary, provider-neutrality, and sponsor non-control interpretation records;

s) data / AI / cyber, privacy, safeguards, civil rights, accessibility, protected knowledge, sanctions, export-control, controlled-technology, competition, and research integrity interpretation records;

t) public-safe publication and non-reliance interpretation records;

u) stop, hold, quarantine, restriction, correction, withdrawal, supersession, public notice, controlled notice, and archive records; and

v) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

The governing rule of this Section is that this Bylaw shall be interpreted as a living but controlled legal instrument: flexible enough to remain applicable across jurisdictions, technologies, public authority contexts, public-good systems, and Nexus interfaces, but never so flexible that words become uncontrolled authority. Interpretation shall preserve law, mission, public benefit, nonprofit character, United States seat discipline, all-states-and-territories compliance, North America anchor boundaries, non-execution, role separation, public authority boundaries, finance boundaries, certification and procurement boundaries, data / AI / cyber controls, safeguards, protected knowledge, validity-by-record, correctionability, and public trust.

## Section 17. Language, Translation, Accessibility, Plain-Language Summaries, and Multijurisdictional Public Legibility

17.1 English Authoritative Text.\
The authoritative language of this Bylaw shall be English. The English text adopted by the competent authority of The Global Centre for Risk and Innovation - United States shall constitute the controlling text for purposes of corporate governance, interpretation, authority, amendment, version control, repository custody, notice, legal review, Board action, officer action, committee action, member action where applicable, public authority interface review, public-safe publication, state and territorial localization, North America coordination, and Nexus interface discipline.

The authoritative English text shall be the version identified in the official repository, Bylaw register, adoption record, version-control record, and Gazette or Gazette-equivalent notice stream. No oral explanation, translation, public summary, slide deck, website excerpt, GitBook excerpt, AI-generated summary, training material, public-facing explainer, public authority briefing, sponsor material, provider material, funding proposal, committee note, council note, or cross-border summary shall displace the adopted English text.

Where the Corporation publishes excerpts, summaries, translations, accessibility versions, public-legibility aids, or localized notes, such materials shall be clearly identified as derivative, explanatory, accessibility-supporting, localization-supporting, or non-operative unless the Board or other competent authority has expressly adopted the material as operative in accordance with mandatory applicable law, the Certificate or Articles of Incorporation, and this Bylaw.

The English authoritative text shall be maintained with version discipline, metadata discipline, effective-date discipline, supersession discipline, archival discipline, correctionability, and repository integrity sufficient to establish which English text controlled at any relevant time.

17.2 Controlling Language.\
In the event of any inconsistency, ambiguity, conflict, omission, mistranslation, overstatement, understatement, localization divergence, formatting divergence, accessibility-format divergence, plain-language divergence, AI-summary divergence, public authority explanation divergence, or cross-border explanation divergence between the authoritative English text and any other version, the authoritative English text shall control.

The controlling-language rule shall apply to all translations, summaries, public materials, accessibility materials, public authority notes, state-specific notes, territorial notes, Tribal-interface notes, local notes, North America interface summaries, sponsor-facing materials, provider-facing materials, participant materials, academy materials, controlled-room materials, repository pages, website pages, GitBook pages, slide decks, videos, infographics, charts, dashboards, transcripts, and machine-readable or AI-generated descriptions.

No person shall rely on a non-English translation, plain-language summary, accessibility aid, public-legibility note, public authority explainer, state-specific note, territorial note, Tribal-interface note, North America interface note, or AI-generated summary to claim authority, rights, status, recognition, maturity, finance-readiness, certification, procurement approval, public authority approval, public warning, emergency command, provider preference, sponsor control, legal compliance, tax status, or Nexus-compatible status inconsistent with the authoritative English text.

Where a divergence creates or may create reliance risk, public authority confusion, finance overclaim, certification overclaim, procurement implication, data / AI / cyber risk, safeguards risk, protected knowledge exposure, civil rights concern, accessibility concern, cross-border misunderstanding, or Nexus role confusion, the Corporation shall correct, withdraw, replace, annotate, restrict, supersede, or issue a public-safe or controlled clarification as appropriate.

17.3 Translation Protocol.\
The Corporation may authorize translations of this Bylaw or related governance instruments where translation advances public legibility, accessibility, public authority learning, participant understanding, community engagement, Indigenous or local-interface respect, territorial inclusion, cross-border coordination, North America interoperability, or Nexus public-good stack readability.

Each authorized translation shall be subject to a translation protocol approved by competent authority or by an officer, committee, or custodian acting under recorded delegation. The translation protocol shall identify the source text, version identifier, effective date, translation language, translator or translation system, reviewer, legal reviewer where required, subject-matter reviewer where required, community or cultural reviewer where appropriate, accessibility reviewer where appropriate, repository location, publication class, limitation language, correction pathway, and divergence-handling process.

Machine translation, AI-assisted translation, volunteer translation, partner translation, public authority translation, sponsor translation, provider translation, community translation, or informal translation shall not be treated as authoritative unless reviewed, approved, classified, versioned, and recorded under the translation protocol.

Every translation shall include clear language stating that it is provided for convenience, accessibility, learning, participation, or public legibility only, and that the authoritative English text controls unless the Corporation has expressly adopted a different controlling-language rule by competent legal record.

17.4 Spanish, French, Indigenous-Language, Territorial, Local, or Accessibility Translations Where Approved.\
The Corporation may approve Spanish, French, Indigenous-language, territorial, local, plain-language, accessible-language, or other translations where appropriate to the Corporation’s United States all-states-and-territories posture, North America anchor role, public authority learning function, Tribal and Indigenous interface respect, community safeguards, public-safe communication, accessibility obligations, and public-good purpose.

Spanish translations may be used for United States, territorial, community, cross-border, Latin America-facing, or public authority learning contexts where appropriate. French translations may be used for North America coordination, Canada-facing interfaces, public authority learning, and cross-border public-good coordination where appropriate. Indigenous-language translations may be considered only with respect, care, community involvement where appropriate, and safeguards against extraction, misuse, misattribution, or cultural overclaim. Territorial and local translations may be used where jurisdictional, community, public authority, or accessibility needs justify them.

Accessibility translations may include plain-language versions, screen-reader-compatible versions, large-print versions, structured HTML, tagged PDF, audio formats, captioned video formats, alternate text, simplified summaries, visual explainers, glossary-supported versions, or other accessible formats. Such formats shall preserve legal meaning, limitation language, controlled vocabulary, and non-operative status unless expressly adopted as operative.

No translated version shall be used to alter legal identity, corporate authority, public authority meaning, finance-boundary meaning, certification-boundary meaning, procurement-boundary meaning, recognition meaning, data rights, AI-use rules, safeguards, protected knowledge treatment, or Nexus role separation.

17.5 No Unverified Authoritative Translation.\
No translation shall be authoritative unless the Board or other competent authority expressly adopts it as authoritative by recorded act and such adoption is lawful under mandatory applicable law, the Certificate or Articles of Incorporation, and this Bylaw.

No person shall describe a translation as official, controlling, legally binding, certified, adopted, approved, public authority-approved, government-approved, court-ready, investor-ready, finance-ready, procurement-ready, or Nexus-authoritative unless the exact status is supported by competent record and controlled vocabulary.

A translation prepared by a director, officer, employee, contractor, volunteer, fellow, advisor, public authority participant, sponsor, donor, funder, provider, host, university, laboratory, community partner, Nexus actor, AI system, or third-party platform shall not be authoritative by reason of authorship, expertise, access, public posting, circulation, funding, public authority use, cross-border use, repository placement, or operational convenience.

Where an unverified translation is discovered in public or controlled circulation, the Corporation shall classify it as unofficial, restrict it where necessary, correct it, replace it, withdraw it, or issue a clarification. Where reliance may have occurred, the Corporation shall consider public-safe notice, controlled notice, participant notice, public authority notice, repository correction, or legal review.

17.6 Reconciliation of Divergence.\
Where a translation, accessibility version, plain-language summary, public authority note, state-specific note, territorial note, Tribal-interface note, local note, North America interface summary, GitBook page, public explainer, training material, AI-generated summary, dashboard legend, or other derivative communication diverges from the authoritative English text, the divergence shall be reconciled through a recorded process.

The reconciliation process shall identify the source of divergence; the affected text; the affected language, format, jurisdiction, community, public authority interface, controlled room, repository, public material, or Nexus interface; the risk classification; the authoritative English provision; the proposed correction; the responsible reviewer; and the correction pathway.

Divergence shall be classified as editorial, semantic, legal, public authority, finance-boundary, certification-boundary, procurement-boundary, recognition-boundary, data / AI / cyber, safeguards, protected knowledge, accessibility, civil rights, cultural, cross-border, or Nexus-interface divergence as appropriate.

Material divergence shall be corrected before continued public use unless competent authority determines that continued limited use is necessary, lawful, safe, clearly marked, and supported by limitation language. Divergence that may create authority confusion, public authority confusion, finance-readiness overclaim, certification overclaim, procurement implication, provider preference, sponsor benefit, protected knowledge exposure, or unsafe reliance shall be held, quarantined, restricted, corrected, withdrawn, or replaced.

17.7 Accessibility of Governance Instruments.\
The Corporation shall seek to make its governance instruments reasonably accessible to directors, officers, members where applicable, participants, employees, contractors, volunteers, fellows, advisors, contributors, public authority participants, community participants, Tribal and Indigenous interface participants, university and laboratory participants, sponsors, donors, funders, providers, hosts, and other relevant stakeholders, subject to confidentiality, privilege, privacy, cybersecurity, public authority, protected knowledge, legal, and publication-class restrictions.

Accessibility may include readable formatting, clear headings, stable citations, searchable text, structured files, tagged documents where feasible, screen-reader compatibility, mobile-readable versions, large-print versions where needed, plain-language navigational aids, defined-term glossaries, public-safe summaries, and reasonable accommodation pathways.

Accessibility shall not mean uncontrolled disclosure. The Corporation may restrict, redact, classify, or withhold governance instruments or portions of instruments where required or appropriate for legal privilege, confidentiality, personal information protection, data protection, cybersecurity, infrastructure sensitivity, public authority confidentiality, community safeguards, Indigenous knowledge protection, protected knowledge, controlled technology, sanctions or export-control compliance, investigation integrity, employment confidentiality, or other lawful grounds.

Accessible formats shall preserve the operative meaning, version identifier, effective date, status classification, limitation language, non-reliance language where applicable, and controlling-language statement.

17.8 Accessibility of Notices and Participation Materials.\
Notices, participation materials, meeting materials, controlled-room instructions, public authority room materials, academy materials, training materials, public-safe reports, public summaries, consent materials, grievance materials, correction materials, public claim permission materials, and other participation-facing materials shall be prepared with reasonable attention to accessibility, comprehension, role clarity, and public-safe meaning.

Where materials affect rights, obligations, access, confidentiality, data handling, AI use, cyber controls, public authority capacity, finance boundaries, certification boundaries, procurement boundaries, safeguards, protected knowledge, conflicts, recusal, suspension, termination, appeal, correction, or public statements, the Corporation shall use controlled vocabulary and clear limitation language.

Participation materials shall not obscure legal obligations through inaccessible formatting, technical jargon, uncontrolled acronyms, misleading simplification, visual-only communication, untranslated critical terms where translation has been approved, or AI-generated summaries lacking review.

Accessibility measures shall be proportionate to the audience, context, risk, legal requirement, publication class, and public-benefit purpose. Where accessibility limitations may materially impair understanding of duties or rights, the responsible owner shall escalate for correction, accommodation, alternate format, plain-language aid, or controlled explanation.

17.9 Plain-Language Summaries.\
The Corporation may prepare plain-language summaries of this Bylaw, policies, participation terms, public authority protocols, data / AI / cyber rules, safeguards rules, controlled-room rules, public-safe publication rules, sponsor rules, provider rules, support rules, and Nexus interface materials to improve understanding, onboarding, public legibility, accessibility, training, public authority learning, and community participation.

Plain-language summaries shall be accurate, balanced, controlled, and non-operative unless expressly adopted as operative by competent authority. They shall identify the source instrument, version, date, purpose, non-operative status, controlling-language rule, and repository location of the operative text.

A plain-language summary may simplify structure, define technical words, explain examples, identify practical steps, and describe public-safe boundaries, but it shall not omit material limitations where omission would create reliance, authority confusion, public authority confusion, finance overclaim, certification overclaim, procurement implication, provider preference, sponsor control, data risk, AI risk, cyber risk, safeguards risk, protected knowledge exposure, or Nexus role confusion.

Where a plain-language summary is used for onboarding, public authority learning, community engagement, or controlled-room access, participants may be required to acknowledge both the summary and the operative text or a statement that the operative text controls.

17.10 Public Legibility Aids.\
The Corporation may use public legibility aids, including glossaries, diagrams, charts, process maps, role maps, tables, dashboards, FAQs, comparison matrices, public-safe notices, example scenarios, onboarding guides, decision trees, checklists, translations, accessibility formats, training modules, and GitBook pages to make its governance, mission, boundaries, and Nexus role understandable.

Public legibility aids shall be governed by controlled vocabulary, versioning, limitation language, publication review, public-safe claims discipline, and correctionability. They shall not create authority, rights, status, recognition, finance-readiness, certification, procurement approval, public authority approval, public warning, emergency command, provider preference, sponsor control, or enterprise execution meaning.

Role maps and diagrams shall preserve GCRI / GRF / GRA role separation; public-good stack and enterprise stack separation; separation from GCRI Canada; separation from Nexus Standards, Nexus Network, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, national companies, Project SPVs, providers, sponsors, hosts, funders, public authorities, universities, laboratories, communities, and enterprise actors.

Where a public legibility aid materially simplifies a legal or technical boundary, it shall include a limitation statement and direct the reader to the operative instrument.

17.11 State-Specific or Public Authority-Specific Explanatory Notes.\
The Corporation may prepare state-specific, District of Columbia-specific, territorial, Tribal-interface, local, sectoral, public authority-specific, public university-specific, public laboratory-specific, emergency-management-specific, public health-specific, infrastructure-specific, utility-specific, port-specific, water-specific, energy-specific, food-specific, telecom-specific, cyber-specific, or other explanatory notes where needed for lawful localization and public legibility.

Such notes may explain how the Corporation’s United States seat discipline, all-states-and-territories posture, public authority learning role, registration obligations, charitable solicitation obligations, tax obligations, privacy obligations, AI governance obligations, cybersecurity obligations, public records considerations, open meetings considerations, procurement integrity boundaries, lobbying boundaries, government ethics boundaries, grant boundaries, and contract localization requirements may apply in a particular context.

No state-specific or public authority-specific note shall create authority, registration, qualification, approval, endorsement, public authority adoption, public warning authority, emergency command authority, procurement approval, funding approval, public finance approval, certification, recognition, finance-readiness, legal compliance approval, or public-private partnership unless a competent legal record expressly supports that status.

Where a public authority requests or relies on explanatory notes, the Corporation shall classify the public authority capacity, identify whether the note is public, controlled, internal, draft, final, non-operative, or legally reviewed, and maintain a record of the version shared.

17.12 North America Interface Summaries.\
The Corporation may prepare North America interface summaries to explain its bounded public-good role in cross-border evidence architecture, methods continuity, observability methods, ontology alignment, public-good software, technical baselines, verifiable compute methods, public authority learning support, community safeguards, GCRI Canada coordination, Mexico-facing interfaces, Caribbean interfaces, Arctic interfaces, Great Lakes interfaces, Pacific interfaces, Atlantic interfaces, Gulf interfaces, border-region interfaces, Indigenous cross-border interfaces, and Nexus public-good stack interoperability.

North America interface summaries shall preserve legal separateness, local-law respect, data / AI / cyber safeguards, sanctions and export-control review, protected knowledge safeguards, public authority capacity classification, public-safe publication discipline, and GCRI / GRF / GRA role separation.

No North America interface summary shall imply that the Corporation has treaty authority, intergovernmental authority, regional regulatory authority, sovereign authority, foreign legal branch status, public finance authority, procurement authority, emergency command authority, public warning authority, certification authority, recognition authority, finance-readiness authority, protocol monopoly, enterprise execution authority, authority to bind GCRI Canada, or authority to bind any public authority, Nexus entity, consortium, national company, Project SPV, provider, sponsor, host, university, laboratory, community, or enterprise actor.

Where North America interface summaries are translated, localized, or used in cross-border rooms, they shall include controlling-language, non-reliance, role-separation, non-execution, and correctionability language.

17.13 Summaries as Non-Operative.\
All summaries, public explainers, plain-language versions, accessibility aids, translations, diagrams, slide decks, training materials, FAQs, videos, transcripts, role maps, public authority notes, state-specific notes, territorial notes, Tribal-interface notes, local notes, North America interface summaries, GitBook pages, website pages, dashboard legends, AI-generated summaries, and derivative communications shall be non-operative unless expressly adopted as operative by competent authority in accordance with mandatory applicable law, the Certificate or Articles of Incorporation, and this Bylaw.

Non-operative materials may support understanding but shall not amend, waive, suspend, narrow, expand, override, or reinterpret the operative text. They shall not establish rights, duties, corporate authority, public authority status, finance-readiness, certification, procurement approval, recognition, maturity, standing, Docket status, Grid status, Nexus-compatible status, provider preference, sponsor control, public warning, emergency command, or enterprise execution authority.

Where a non-operative summary conflicts with the operative text, the operative text shall control. The summary shall be corrected, superseded, withdrawn, restricted, archived, or accompanied by clarification where needed.

No person shall use a summary as a substitute for the operative Bylaw where the matter involves legal authority, Board authority, member rights, officer authority, delegation, conflicts, data rights, AI use, cybersecurity, public authority capacity, finance boundaries, certification boundaries, procurement boundaries, safeguards, protected knowledge, public-safe publication, or Nexus role separation.

17.14 No Summary May Overstate Powers, Soften Boundaries, Create Reliance, Create Certification, Create Public Authority Meaning, or Create Finance-Readiness Meaning.\
No summary or derivative communication shall overstate the Corporation’s powers, soften the Corporation’s boundaries, simplify away material limitations, imply authority not granted by record, imply public authority status, imply public authority endorsement, imply public authority adoption, imply public warning authority, imply emergency command authority, imply finance-readiness, imply insurance-readiness, imply bankability, imply investment suitability, imply capital-readability determination, imply certification, imply accreditation, imply procurement approval, imply recognition, imply maturity, imply standing, imply Docket approval, imply Grid guarantee, imply Nexus-compatible status, imply provider preference, imply sponsor control, or imply enterprise execution.

A summary shall not describe the Corporation as a regulator, public authority, treaty body, emergency command body, public warning authority, procurement authority, certification body, accreditation body, recognition body, finance-readiness authority, fund, broker, dealer, investment adviser, lender, insurer, rating agency, public finance approver, national company, Project SPV, provider, operator, asset owner, standards monopoly, protocol authority, or enterprise execution vehicle unless the exact status is separately and lawfully authorized and recorded, and even then only within the lawful scope of that status.

Where a summary discusses evidence, verification, validation, public-safe publication, technical truth, open technical baselines, public-good software, observability, verifiable compute, proof receipts, dashboards, digital twins, AI-RAN signals, DePIN records, blockchain or ledger entries, Docket inputs, Grid inputs, GRF inputs, or GRA inputs, it shall make clear that such outputs do not themselves constitute final authority, recognition, finance-readiness, certification, procurement approval, public authority action, public warning, emergency command, rating, investment advice, insurance approval, lending decision, public finance approval, or legal compliance approval.

Any summary that creates or may create prohibited reliance shall be corrected, withdrawn, restricted, superseded, replaced, or clarified through a public-safe or controlled notice.

17.15 Translation, Accessibility, and Summary Records.\
The Corporation shall maintain records sufficient to demonstrate the authority, status, version, source, review, publication class, access class, limitation language, correction history, and reliance handling for translations, accessibility versions, plain-language summaries, public legibility aids, state-specific notes, territorial notes, Tribal-interface notes, local notes, public authority notes, North America interface summaries, GitBook pages, website pages, training materials, diagrams, dashboards, role maps, and derivative communications.

Such records shall include, as applicable:

a) the authoritative English source text;

b) the source version identifier, effective date, adoption record, and repository location;

c) the translation, accessibility version, summary, note, or public legibility aid produced;

d) the language, format, jurisdiction, community, audience, publication class, and access class;

e) the translator, author, reviewer, legal reviewer, accessibility reviewer, subject-matter reviewer, cultural or community reviewer where appropriate, and approving authority;

f) machine translation, AI-assistance, or third-party tooling disclosure where applicable;

g) controlling-language statements;

h) non-operative status statements;

i) non-reliance language;

j) public authority capacity limitation language;

k) finance-boundary, certification-boundary, procurement-boundary, recognition-boundary, provider-neutrality, sponsor non-control, and non-execution limitation language;

l) data / AI / cyber, privacy, safeguards, civil rights, accessibility, protected knowledge, sanctions, export-control, competition, and public-safe publication review records where applicable;

m) divergence logs;

n) reconciliation records;

o) correction, withdrawal, supersession, replacement, public-safe notice, controlled notice, archive, and takedown records;

p) reliance-risk assessments where needed;

q) public authority, state, territorial, Tribal-interface, local, North America, or cross-border sharing records;

r) participant acknowledgment records where applicable;

s) repository metadata, retention class, review date, custodian, and responsible owner; and

t) records of any misuse, overclaim, unauthorized translation, unauthorized summary, accessibility failure, public-legibility defect, or public-facing correction.

The governing rule of this Section is that the Corporation shall be understandable without becoming legally unstable. Translation, accessibility, plain-language explanation, public authority legibility, state localization, North America interface explanation, and public-facing education shall support the Corporation’s public-good mission, but shall not change its law, powers, boundaries, role separation, non-execution posture, public authority limits, finance limits, certification and procurement limits, data / AI / cyber controls, safeguards, protected knowledge obligations, validity-by-record, or correctionability. The authoritative English text controls; every other version exists to help people understand the lawfully adopted instrument, not to replace it.

## Section 18. Public-Good Constitutional Reading Rule

18.1 Primacy of Public-Benefit Interpretation.\
This Bylaw shall be interpreted, applied, implemented, localized, summarized, translated, published, corrected, and enforced in a manner that gives primary effect to the public-benefit purposes of The Global Centre for Risk and Innovation - United States. The Corporation shall be read as a United States public-benefit, nonprofit, non-distributing, non-executing, public-good technical institution whose mission is to steward evidence, methods, observability, ontology, technical truth, public-good research and development, public-good software, open technical baselines, verifiable compute methods, public authority learning, community safeguards, protected knowledge discipline, public-safe publication, and Nexus public-good stack compatibility.

Where a provision of this Bylaw is susceptible to more than one reasonable meaning, the meaning that best preserves public benefit, nonprofit character, non-distribution, tax-exempt or tax-exempt-compatible discipline, United States legal separateness, all-states-and-territories compliance, North America anchor boundedness, GCRI / GRF / GRA role separation, public-good stack and enterprise stack separation, non-execution, public authority boundary discipline, finance-boundary discipline, certification-boundary discipline, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber integrity, civil rights, accessibility, community safeguards, Indigenous knowledge respect, protected knowledge, validity-by-record, correctionability, and public trust shall control.

No interpretation shall be adopted merely because it is commercially convenient, operationally faster, funder-preferred, sponsor-preferred, provider-preferred, public authority-preferred, technically elegant, financially attractive, politically advantageous, or easier to explain. The governing interpretive question shall be whether the reading preserves the Corporation’s lawful public-benefit mission and its institutional boundaries.

18.2 Public-Good Stewardship Burden.\
The Corporation bears an affirmative public-good stewardship burden. That burden requires the Corporation to structure its governance, records, programs, public materials, technical systems, public authority interfaces, controlled rooms, evidence outputs, software releases, observability methods, public-safe reports, public-good assets, and Nexus interfaces so that public benefit is protected from capture, overclaim, unsafe reliance, improper private benefit, uncontrolled execution, role confusion, and semantic drift.

The public-good stewardship burden includes a duty to preserve the public nature of evidence methods, technical baselines, public-good software, public-safe publication disciplines, safeguards pathways, and correction systems where lawfully within the Corporation’s role. It also includes a duty to avoid converting the Corporation’s public-good position into private leverage, sponsor advantage, provider advantage, procurement advantage, recognition advantage, finance-readiness advantage, certification advantage, public authority access advantage, or enterprise execution advantage.

The burden shall be applied to every institutional surface of the Corporation, including Board decisions, officer decisions, committee recommendations, council activities, public authority learning sessions, controlled-room operations, repository governance, dataset publication, dashboard design, model and inference records, proof receipts, public-good software releases, public statements, funding materials, sponsor acknowledgments, provider interactions, community interfaces, and Nexus interoperability materials.

A person or body proposing a less protective interpretation bears the burden of showing lawful authority, public-benefit alignment, absence of prohibited function, absence of private inurement, absence of impermissible private benefit, absence of public authority confusion, absence of finance or certification overclaim, absence of procurement implication, and sufficient record support.

18.3 United States Public-Benefit Anchor Function.\
The Corporation shall be interpreted as the United States public-benefit anchor for the GCRI evidence, methods, observability, ontology, technical truth, public-good research and development, public-good software, open technical baseline, verifiable compute, public authority learning, and safeguards function, subject to the Corporation’s legal seat, governing state nonprofit law, United States federal law, the Certificate or Articles of Incorporation, this Bylaw, Board-approved records, and applicable state, territorial, Tribal-interface, local, public authority, and cross-border compliance requirements.

This United States public-benefit anchor function authorizes the Corporation to support lawful research, education, evidence stewardship, methods stewardship, technical baseline development, public-good software, public authority learning, observability methods, public-safe publication, community safeguards, and Nexus-compatible public-good stack readability. It does not authorize the Corporation to act as a regulator, public authority, emergency command body, public warning authority, procurement body, certification body, accreditation body, recognition body, finance-readiness authority, fund, broker, dealer, investment adviser, lender, insurer, rating agency, public finance approver, national company, Project SPV, provider, operator, asset owner, standards monopoly, or enterprise execution vehicle.

The United States public-benefit anchor function shall be read as a responsibility to localize public-good technical stewardship across the United States, including all states, the District of Columbia, territories, Tribal-interface contexts, local public authority contexts, public infrastructure systems, universities, laboratories, communities, and sectoral environments, without fragmenting legal identity or implying governmental delegation.

Where the United States public-benefit anchor function intersects with public authorities, public finance readers, regulators listening for learning purposes, emergency management participants, infrastructure operators, sponsors, providers, capital readers, communities, universities, laboratories, or Nexus entities, the Corporation shall use capacity classification, limitation language, controlled vocabulary, public-safe publication, records discipline, and correction pathways.

18.4 North America Anchor Function Within Bounded Role.\
The Corporation’s North America anchor function shall be interpreted as a bounded public-good role in cross-border evidence architecture, methods continuity, observability methods, ontology alignment, public-good software, technical baselines, verifiable compute methods, public authority learning support, safeguards, and Nexus public-good stack interoperability. It shall not be interpreted as sovereign authority, treaty authority, intergovernmental authority, regional regulator status, public authority delegation, public finance authority, procurement authority, certification authority, recognition authority, finance-readiness authority, emergency command authority, public warning authority, protocol monopoly, or enterprise execution authority.

The North America anchor function may include lawful coordination with GCRI Canada; Mexico-facing, Caribbean, Arctic, Great Lakes, Pacific, Atlantic, Gulf, border, Indigenous, regional, and cross-border interfaces; public authority learning contexts; universities and laboratories; communities; public infrastructure operators; and Nexus public-good stack actors. Such coordination shall occur only through lawful, recorded, role-separated, non-executing, public-safe, data-protective, cyber-secure, safeguards-compatible, and correctionable mechanisms.

North America anchor language shall not create merger, parent-subsidiary status, branch status, alter ego status, agency, partnership, joint venture, single employer status, joint employer status, shared treasury, shared liability, mutual authority, shared public authority status, or automatic authority to bind GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus entities, consortiums, national companies, Project SPVs, providers, sponsors, hosts, public authorities, universities, laboratories, communities, or enterprise actors.

Where cross-border coordination creates uncertainty, the Corporation shall apply the interpretation that is more lawful, more public-safe, more privacy-preserving, more cyber-secure, more protective of community and Indigenous knowledge, more respectful of local law, more non-executing, more role-separated, and more record-supported.

18.5 Institutional Boundedness.\
The Corporation shall be interpreted as institutionally bounded. Its public-good mission shall not be used to enlarge its powers beyond mandatory applicable law, the Certificate or Articles of Incorporation, this Bylaw, Board-approved delegations, adopted policies, and competent records.

Institutional boundedness requires that every role of the Corporation be read within its lawful perimeter. Evidence support shall remain evidence support. Methods support shall remain methods support. Observability support shall remain observability support. Public-good software shall remain public-good software. Technical baselines shall remain technical baselines. Public authority learning shall remain learning. Nexus compatibility shall remain compatibility. Finance-adjacent evidence support shall remain non-executing input. Public-safe publication shall remain public-safe communication. None of these shall become authority, approval, certification, recognition, finance-readiness, procurement decision, public warning, emergency command, or enterprise execution by implication.

Institutional boundedness shall apply to all institutional titles, public descriptions, repository names, GitBook pages, dashboards, public materials, controlled-room documents, sponsor acknowledgments, provider references, public authority notes, state and territorial interface materials, North America summaries, proof receipts, role keys, smart licenses, standards profiles, registry entries, AI outputs, and technical artifacts.

No ambiguity shall be interpreted in favor of institutional expansion where expansion would create role confusion, legal uncertainty, public authority confusion, finance overclaim, certification overclaim, procurement implication, provider preference, sponsor control, unsafe reliance, protected knowledge exposure, data risk, AI risk, cyber risk, competition risk, private benefit, or public trust harm.

18.6 Trust-Preserving Role.\
The Corporation shall be interpreted as a trust-preserving institution. Its work shall be organized to increase public confidence in evidence, methods, technical truth, public-safe publication, public-good software, open technical baselines, observability, verifiable compute, and public authority learning without claiming powers or outcomes that it does not lawfully possess.

The trust-preserving role requires accuracy in institutional description, discipline in public claims, transparency about limitations, respect for uncertainty, visible correction pathways, controlled vocabulary, careful treatment of public authority participation, sponsor non-control, provider neutrality, safeguards review, and protection against overstatement.

The Corporation shall not preserve trust by suppressing uncertainty, hiding conflicts, overstating technical confidence, presenting draft outputs as final, allowing public authority attendance to imply official adoption, allowing sponsor support to imply control, allowing provider contribution to imply preference, allowing finance-adjacent evidence to imply finance-readiness, or allowing technical baselines to imply certification or procurement approval.

Public trust shall be preserved by records, not reputation; by correctionability, not perfection claims; by public-good boundaries, not institutional inflation; by evidence discipline, not narrative dominance; and by lawful role separation, not ecosystem confusion.

18.7 Integrity, Safety, Legitimacy, Civil Rights, Human Rights, Research Integrity, Public Safety, Community Safeguards, Indigenous Knowledge Respect, and Public-Good Override.\
Where interpretation affects integrity, safety, legitimacy, civil rights, human rights, research integrity, public safety, community safeguards, Tribal sovereignty, Indigenous knowledge, local and territorial knowledge, protected knowledge, privacy, data protection, AI governance, cybersecurity, accessibility, environmental sensitivity, public authority meaning, public-safe publication, or vulnerable communities, the Corporation shall adopt the interpretation that best protects the affected public-good interest, subject to mandatory applicable law and competent records.

This public-good override shall apply where a proposed interpretation would expose people, communities, infrastructure, public authorities, public institutions, datasets, technical systems, protected knowledge, research participants, whistleblowers, vulnerable populations, or public trust to avoidable harm. It shall also apply where a proposed interpretation would create a materially misleading public statement, unsafe map, unsafe dashboard, unsafe signal interpretation, unsafe AI output, unsafe digital twin output, unsafe public authority implication, unsafe finance implication, unsafe certification implication, or unsafe procurement implication.

The public-good override may require stop, hold, quarantine, access restriction, publication freeze, implementation freeze, technical isolation, controlled-room lockdown, re-scoping, redaction, delay, legal review, safeguards review, community review, Tribal or Indigenous protocol review, data / AI / cyber review, public authority capacity review, public-safe notice, controlled notice, withdrawal, correction, supersession, or Board escalation.

The public-good override shall not authorize the Corporation to exceed law, act as a public authority, issue public warnings, exercise emergency command, regulate, certify, approve procurement, determine finance-readiness, provide regulated advice, or execute enterprise functions. It is a protective interpretive rule, not an expansion of powers.

18.8 Rejection of Execution-Facing, Private-Capture, Authority-Inflating, Role-Collapsing, Finance-Overclaiming, Certification-Overclaiming, Procurement-Overclaiming, or Public Authority-Confusing Interpretations.\
The Corporation shall reject any interpretation of this Bylaw, policy, protocol, schedule, annex, register, matrix, controlled vocabulary, public material, technical artifact, public authority note, sponsor material, provider material, funding material, repository record, dashboard, AI output, proof receipt, ledger entry, role key, smart license, standards profile, registry entry, or Nexus interface instrument that would make the Corporation execution-facing, privately captured, authority-inflating, role-collapsing, finance-overclaiming, certification-overclaiming, procurement-overclaiming, or public authority-confusing.

An execution-facing interpretation includes any reading that would convert research, evidence, methods, observability, public-good software, technical baselines, dashboards, maps, simulations, controlled rooms, public authority learning, or public-safe reports into operational control, emergency command, public warning, public authority decision, vendor selection, project ownership, infrastructure operation, asset ownership, deployment control, or enterprise delivery.

A private-capture interpretation includes any reading that would allow a sponsor, donor, funder, provider, host, investor, insurer, lender, underwriter, bank, capital reader, national company, Project SPV, contractor, university, laboratory, public authority, or other actor to control governance, methods, evidence outcomes, research conclusions, publications, technical baselines, public authority access, recognition inputs, finance-readiness inputs, certification implications, procurement implications, or public-facing meaning.

An authority-inflating or role-collapsing interpretation includes any reading that would collapse the distinct functions of GCRI US, GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards, Nexus Network, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, national companies, Project SPVs, qualified providers, public authorities, sponsors, hosts, universities, laboratories, communities, or enterprise actors.

Any such interpretation shall be denied effect and corrected through the applicable record, publication, repository, controlled-room, public-safe, legal, compliance, or Board process.

18.9 No Reading That Converts Stewardship Into Control.\
No provision of this Bylaw shall be read to convert stewardship into control. The Corporation’s stewardship of evidence, methods, observability, ontology, technical truth, public-good research and development, public-good software, open technical baselines, verifiable compute methods, public authority learning, safeguards, and public-safe publication shall not be interpreted as control over public authorities, communities, sponsors, providers, infrastructure operators, national companies, Project SPVs, consortiums, Nexus entities, public finance actors, capital readers, universities, laboratories, or enterprise actors.

Stewardship may include developing methods, maintaining records, publishing public-safe materials, convening learning environments, supporting technical baselines, maintaining repositories, releasing public-good software, reviewing evidence, supporting correction, and contributing non-executing inputs to Nexus-compatible processes. Stewardship shall not include binding external actors, directing public authority decisions, commanding operations, controlling deployments, approving procurement, controlling finance, certifying compliance, conferring recognition, determining maturity, issuing public warnings, exercising emergency command, or requiring adoption.

No title, committee role, council role, technical custodian role, repository maintainer role, author role, founder role, sponsor relationship, provider relationship, public authority contact, state interface role, North America role, or Nexus role shall be read as institutional control unless an express competent record lawfully grants the specific authority.

Where stewardship language creates possible control confusion, the Corporation shall use limitation language, controlled vocabulary, public-safe notices, role maps, capacity classification, correction notes, compatibility notes, divergence logs, and records to clarify the boundary.

18.10 No Reading That Converts Evidence Into Recognition.\
No provision of this Bylaw shall be read to convert evidence into recognition. The Corporation may produce, curate, analyze, review, preserve, or publish evidence within its lawful role, but evidence produced or supported by the Corporation shall not itself constitute recognition, standing, maturity status, public-facing legitimacy, Docket approval, Grid status, Nexus-compatible status, public authority adoption, certification, procurement eligibility, finance-readiness, insurance-readiness, bankability, rating, or endorsement.

Evidence may support a process conducted by a separately competent body, including The Global Risks Forum (GRF) where applicable for registry, recognition, maturity-records, standing, claims-discipline, stakeholder-formation, public-safe reporting, and public-facing legitimacy functions; The Global Risks Alliance (GRA) where applicable for finance-readiness, capital-readability, proof-pack, insurance-readiness, diligence-translation, RNFD, NFD, UNFSD, and regulated-perimeter discipline functions; and Nexus Standards or other competent protocol or standards bodies where separately constituted. Such support shall not transfer the final function to GCRI US.

Evidence shall be labeled with source, method, confidence, uncertainty, limitation, version, public-safe status, access class, and correction pathway where material. Evidence shall not be described as “recognized,” “approved,” “certified,” “finance-ready,” “bankable,” “insurance-ready,” “procurement-ready,” “official,” or “adopted” unless the exact status is supported by a competent record outside the evidence artifact.

Where evidence has been misused as recognition, the Corporation shall correct the record, restrict reliance, notify affected persons where appropriate, and update public-facing or controlled materials.

18.11 No Reading That Converts Readiness Inputs Into Finance-Readiness Determinations.\
No provision of this Bylaw shall be read to convert readiness inputs into finance-readiness determinations. The Corporation may provide technical evidence, methods, observability, public-good software, technical baseline, verifiable compute, public authority learning, and safeguards inputs that improve capital readability or diligence readability, but it shall not determine finance-readiness, insurance-readiness, bankability, investability, credit quality, underwriting suitability, public finance eligibility, public guarantee eligibility, tax credit eligibility, or capital allocation suitability.

Finance-readiness functions, capital-readability translation, proof-pack stewardship, insurance-readiness support, diligence-translation support, RNFD, NFD, UNFSD, capital-reader room discipline, and regulated-perimeter discipline shall remain within the role of The Global Risks Alliance (GRA) or other separately competent, lawful, and recorded actors, and only within their own applicable legal limits. GCRI US shall not become a fund, broker, dealer, finder, investment adviser, lender, insurer, underwriter, bank, rating agency, public finance approver, guarantor, or capital placement actor by contributing evidence or methods.

Any Corporation output that may be used in finance-adjacent contexts shall include limitation language sufficient to prevent reliance as investment advice, securities solicitation, lending decision, insurance decision, rating, underwriting opinion, public finance approval, guarantee, or capital recommendation. Technical evidence may support learning and due diligence, but it shall not instruct capital action.

Where a readiness input is being used or marketed as a finance-readiness determination, the Corporation shall hold, quarantine, correct, withdraw, clarify, re-label, or escalate the matter and shall consider legal, compliance, public-safe, and GRA-interface review.

18.12 No Reading That Converts Technical Baselines Into Protocol Authority.\
No provision of this Bylaw shall be read to convert technical baselines into protocol authority. The Corporation may develop, maintain, publish, test, improve, or support open technical baselines, public-good software, schemas, APIs, SDKs, reference architectures, test harnesses, gold vectors, negative tests, evaluation sets, benchmark libraries, dashboards, evidence systems, data dictionaries, observability methods, and verifiable compute methods. Such technical assets shall not by themselves constitute binding standards, certification requirements, compliance approvals, procurement requirements, public authority mandates, Nexus protocol authority, or exclusive interoperability gates.

Technical baselines may inform Nexus Standards, Nexus Observatory Protocol, Nexus Network interoperability, public-good software ecosystems, public authority learning, GRF records, GRA evidence inputs, and other public-good processes, but they shall not become authoritative standards unless adopted by a competent standards or protocol body through a lawful and recorded process. Reference implementation shall not mean certification. Conformance profile shall not mean legal compliance. Open technical baseline shall not mean procurement mandate. Repository release shall not mean public authority adoption.

Where the Corporation contributes to standards support, protocol logic, proof receipts, role keys, smart licenses, ledger references, registry entries, or standards profiles, it shall preserve the distinction between technical contribution and authority. Code shall not become constitutional law. Repository permissions shall not become governance approval. Ledger state shall not become legal validity. Proof receipts shall not become standards certification.

If technical baseline language creates protocol-authority confusion, the Corporation shall issue compatibility notes, limitation language, divergence logs, public-safe clarifications, repository notices, or controlled notices as needed.

18.13 No Reading That Converts State, Territorial, Tribal, Federal, or Local Public Authority Participation Into Public Authority Action.\
No provision of this Bylaw shall be read to convert participation by a federal, state, District of Columbia, territorial, Tribal, Indigenous, local, county, municipal, metropolitan, port, utility, public health, emergency management, public safety, public works, water, energy, food, telecommunications, cyber, infrastructure, public university, public laboratory, regulator-listening, public finance reader, or other public-sector actor into public authority action.

Public authority participation may support learning, evidence literacy, technical literacy, public-safe reporting literacy, scenario review, simulation review, tabletop review, after-action learning, observability understanding, safeguards dialogue, public-good software understanding, or Nexus-compatible public-good coordination. Such participation shall not imply endorsement, adoption, funding approval, grant approval, procurement approval, public finance approval, regulatory approval, compliance approval, sovereign obligation, public-private partnership, official warning, emergency command, delegation, permit, public health order, evacuation instruction, public records status, open meeting status, or governmental decision unless a separate competent public authority record expressly provides that result.

The Corporation shall classify public authority participation capacity. It shall distinguish official-capacity participation, observer participation, regulator-listening participation, public finance reader participation, emergency-management participant participation, public infrastructure operator participation, personal-capacity participation, simulation participation, and other categories where appropriate.

Where public authority participation creates possible confusion, the Corporation shall use written capacity records, limitation language, public-safe summaries, non-reliance language, meeting minutes, controlled-room rules, public authority reference review, and correction pathways.

18.14 No Reading That Converts AI, Dashboards, Proof Receipts, Digital Twins, DePIN Signals, AI-RAN Signals, Sensor Signals, Model Outputs, or Ledger Entries Into Final Authority.\
No provision of this Bylaw shall be read to convert AI, dashboards, proof receipts, digital twins, DePIN signals, AI-RAN signals, O-RAN signals, sensor signals, cyber telemetry, geospatial outputs, Earth observation outputs, model outputs, agentic workflows, automated scores, API outputs, compute workload records, inference records, blockchain entries, DLT entries, ledger entries, role keys, smart licenses, standards profiles, registry entries, or other technical artifacts into final authority.

Such artifacts may support evidence lineage, observability, verification, reproducibility, routing, public-good software operation, public-safe reporting, technical analysis, anomaly detection, model evaluation, compute traceability, data provenance, interoperability, or correction. They shall not constitute public warning, emergency command, public authority decision, legal compliance approval, recognition, maturity status, standing, Docket approval, Grid guarantee, finance-readiness determination, insurance-readiness determination, bankability rating, investment advice, procurement approval, certification, accreditation, public finance approval, provider preference, sponsor control, or final truth.

Material AI outputs, dashboards, proof receipts, digital twins, signal feeds, ledgers, and automated scores shall be subject to human review, authority classification, confidence and uncertainty labeling, source-lineage review, limitation language, public-safe review, data / AI / cyber controls, safeguards review where applicable, and correction pathways.

Where a technical artifact has been interpreted as final authority, the Corporation shall hold, quarantine, re-label, correct, withdraw, supersede, restrict access, issue clarification, or escalate for Board, legal, compliance, public authority, data / AI / cyber, safeguards, GRF, GRA, Nexus Standards, or other competent review as appropriate.

18.15 Public-Good Reading Records.\
The Corporation shall maintain records sufficient to demonstrate that this Bylaw and related instruments have been interpreted consistently with the public-good constitutional reading rule.

Such records shall include, as applicable:

a) interpretation memoranda applying public-benefit purpose;

b) Board resolutions or Secretary certifications clarifying public-good readings;

c) public-good stewardship burden assessments;

d) United States public-benefit anchor records;

e) North America anchor role records;

f) institutional boundedness assessments;

g) trust-preserving role assessments;

h) integrity, safety, legitimacy, civil rights, human rights, research integrity, public safety, community safeguards, Indigenous knowledge respect, protected knowledge, and public-good override records;

i) rejection records for execution-facing, private-capture, authority-inflating, role-collapsing, finance-overclaiming, certification-overclaiming, procurement-overclaiming, or public authority-confusing interpretations;

j) stewardship-versus-control clarification records;

k) evidence-versus-recognition clarification records;

l) readiness-input-versus-finance-readiness clarification records;

m) technical-baseline-versus-protocol-authority clarification records;

n) public-authority-participation capacity records;

o) AI, dashboard, proof receipt, digital twin, DePIN, AI-RAN, sensor, model-output, compute, ledger, registry, standards-profile, and technical artifact limitation records;

p) public-safe publication records;

q) controlled vocabulary records;

r) compatibility notes;

s) divergence logs;

t) correction, clarification, withdrawal, supersession, retraction, access restriction, public-safe notice, controlled notice, archive, and takedown records;

u) legal, compliance, tax, public authority, finance-boundary, certification-boundary, procurement-boundary, data / AI / cyber, safeguards, competition, sanctions, export-control, controlled-technology, protected knowledge, and research integrity review records where applicable; and

v) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

The governing rule of this Section is that this Bylaw shall be read as a public-good constitutional instrument for a bounded United States institution. It shall strengthen the Corporation’s public-benefit mission without inflating its powers; enable technical stewardship without execution; support evidence without recognition; support readiness inputs without finance-readiness determination; support technical baselines without protocol monopoly; support public authority learning without public authority action; and support AI, dashboards, proof receipts, digital twins, DePIN, AI-RAN, sensors, model outputs, and ledger entries without converting technical artifacts into final authority.

## Section 19. Most-Restrictive Rule Where Risk, Harm, Role Confusion, Regulatory Ambiguity, or Legal Ambiguity Exists

19.1 Risk-Aware Interpretation.\
This Bylaw shall be interpreted and applied through a risk-aware rule whenever a proposed interpretation, act, omission, publication, technical release, public authority interface, controlled-room activity, data use, AI use, dashboard output, proof receipt, ledger reference, sponsor arrangement, provider arrangement, finance-adjacent output, standards-support activity, public-safe report, or Nexus interface may create legal, institutional, operational, public-facing, public authority, financial, certification, procurement, data, AI, cyber, privacy, safeguards, civil rights, accessibility, Indigenous knowledge, protected knowledge, research integrity, competition, sanctions, export-control, or public trust risk.

Risk-aware interpretation requires the Corporation to assess not only the formal words of a provision, but also the reasonably foreseeable consequences of how the provision may be understood, relied upon, repeated, summarized, translated, embedded in systems, used in public materials, referenced by third parties, or incorporated into Nexus-compatible processes.

Where a broader reading would increase risk without a clear and lawful public-benefit necessity, and a narrower reading would preserve the Corporation’s mission, legality, non-execution posture, role separation, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, data / AI / cyber controls, community safeguards, validity-by-record, and correctionability, the narrower reading shall control.

Risk-aware interpretation shall be applied before launch, publication, release, admission, delegation, contract execution, public authority engagement, sponsor acknowledgment, provider participation, controlled-room activation, dataset release, model release, software release, dashboard publication, proof-receipt issuance, public-safe report issuance, or Nexus interface adoption where material risk is present.

19.2 Harm-Avoidance Interpretation.\
Where a provision of this Bylaw or any subordinate instrument may be read in a manner that could create harm, the Corporation shall adopt the interpretation that most effectively avoids foreseeable harm while remaining faithful to law, the Certificate or Articles of Incorporation, this Bylaw, public-benefit purpose, and competent records.

Harm includes institutional harm, public trust harm, public authority confusion, unsafe reliance, misstatement, misinformation, overclaim, private capture, improper private benefit, public-safe publication failure, evidence misuse, research misconduct, data misuse, AI misuse, cyber compromise, privacy harm, infrastructure exposure, protected knowledge exposure, community harm, civil rights harm, accessibility harm, Indigenous knowledge extraction, procurement distortion, finance overclaim, certification overclaim, market distortion, competition-law harm, sanctions or export-control exposure, and harm arising from ambiguity in authority.

The Corporation shall not accept an interpretation that merely reduces institutional inconvenience while leaving foreseeable public harm unaddressed. Where harm cannot be sufficiently avoided by interpretation alone, the Corporation shall apply stop, hold, quarantine, access restriction, publication freeze, re-scoping, correction, withdrawal, legal review, safeguards review, data / AI / cyber review, public authority capacity review, or Board escalation as appropriate.

Harm-avoidance interpretation shall be preventive, not merely corrective. It shall be used to design clear language, controlled vocabulary, review gates, access controls, limitation statements, public-safe notices, and correction pathways before harm occurs.

19.3 Role-Confusion Avoidance.\
Where ambiguity exists regarding the role of the Corporation or any person, body, program, committee, council, participant, sponsor, provider, public authority participant, university, laboratory, community, Nexus interface actor, technical maintainer, or external partner, the Corporation shall adopt the interpretation that avoids role confusion.

Role-confusion avoidance requires that GCRI US be distinguished from GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, national companies, Project SPVs, qualified providers, sponsors, hosts, public authorities, universities, laboratories, communities, capital readers, and enterprise actors.

No ambiguity shall be interpreted to collapse evidence stewardship into recognition; methods stewardship into certification; public-good software into procurement approval; public authority learning into public authority delegation; technical baselines into protocol authority; readiness inputs into finance-readiness determinations; observability into public warning; dashboards into emergency command; proof receipts into legal authority; or Nexus interoperability into whole-system control by GCRI US.

Where role confusion is possible, the Corporation shall use role maps, capacity records, limitation language, controlled vocabulary, public-safe notices, compatibility notes, divergence logs, public authority capacity classifications, finance-boundary labels, certification-boundary labels, procurement-boundary labels, and correction records.

19.4 Regulatory-Perimeter Avoidance.\
Where a proposed interpretation may place the Corporation near or within a regulated perimeter, the Corporation shall adopt the interpretation that avoids regulated activity unless a competent legal record expressly confirms that the activity is lawful, authorized, properly structured, within the Corporation’s purposes, within the Corporation’s tax-exempt or tax-exempt-compatible posture, and approved through the required governance process.

Regulatory-perimeter ambiguity includes possible securities offering, securities solicitation, broker-dealer activity, finder activity, investment adviser activity, capital placement, underwriting, banking, deposit-taking, payments, custody, lending, credit approval, insurance placement, underwriting, claims handling, rating, credit opinion, public finance approval, procurement approval, certification, accreditation, emergency command, public warning, regulatory approval, legal compliance approval, medical or clinical advice, engineering certification, professional advice, public authority action, or other regulated activity.

The Corporation shall not rely on informal operational comfort, ecosystem practice, sponsor preference, provider preference, public authority familiarity, technical design, dashboard labeling, AI-generated language, proof receipts, data-room participation, controlled-room participation, public-safe language, or non-binding disclaimers as substitutes for legal review where a regulated perimeter is implicated.

Where regulatory-perimeter risk is material, the Corporation shall stop, hold, quarantine, restrict, re-scope, externalize, refer to a properly authorized actor, terminate, or escalate the matter before proceeding.

19.5 Public Authority Confusion Avoidance.\
Where ambiguity exists as to whether the Corporation, its materials, its programs, its outputs, or any participant’s involvement may be understood as public authority action, the Corporation shall adopt the interpretation that avoids public authority confusion.

The Corporation shall not be read as a federal, state, District of Columbia, territorial, Tribal, Indigenous, local, municipal, county, metropolitan, utility, port, public health, emergency management, public safety, public works, water, energy, food, telecommunications, cyber, infrastructure, regulator, public finance, public university, public laboratory, or public-sector authority unless a separate competent legal record expressly establishes a lawful public authority status, and only within the precise scope of that status.

Public authority participation in Corporation activities shall not be interpreted as endorsement, adoption, funding approval, procurement approval, public finance approval, regulatory approval, compliance approval, sovereign obligation, public-private partnership, public warning, emergency command, delegation, public health order, permit, official decision, or governmental act.

Where the public authority meaning of an activity is uncertain, the Corporation shall classify capacity, record the public authority role, apply limitation language, review public references, control publication, and correct or withdraw any statement that implies official authority without record.

19.6 Finance-Readiness Overclaim Avoidance.\
Where ambiguity exists regarding finance-readiness, insurance-readiness, bankability, investability, capital-readability, proof-pack readiness, underwriting suitability, credit quality, public finance eligibility, grant eligibility, guarantee eligibility, tax credit eligibility, or capital allocation meaning, the Corporation shall adopt the interpretation that avoids finance-readiness overclaim.

GCRI US may provide evidence, methods, observability, technical baselines, public-good software, verifiable compute methods, public authority learning, safeguards inputs, and public-safe technical materials that may assist lawful diligence or capital readability by other actors. It shall not determine finance-readiness, insurance-readiness, bankability, investability, underwriting suitability, credit quality, capital allocation suitability, public finance approval, or investment suitability.

Any output that may be used in a finance-adjacent setting shall be labeled as technical, evidence, methods, learning, public-good, public-safe, or readiness-input material only, as applicable, and shall not be described as investment advice, capital recommendation, securities solicitation, credit opinion, rating, underwriting decision, insurance approval, lending decision, public finance approval, guarantee, or finance-readiness determination.

Where the boundary between technical readiness input and finance-readiness determination is uncertain, the Corporation shall apply the more restrictive interpretation and refer or route the matter to The Global Risks Alliance (GRA) or another separately competent lawful actor where appropriate.

19.7 Securities, Investment Adviser, Broker-Dealer, Insurance, Banking, Lending, Rating, Public Finance, and Procurement Perimeter Avoidance.\
The Corporation shall avoid any interpretation that would cause it to act, or appear to act, as a securities issuer, securities distributor, broker, dealer, finder, placement agent, underwriter, investment adviser, portfolio adviser, asset manager, bank, deposit-taker, payment intermediary, lender, credit broker, guarantor, insurer, reinsurer, insurance broker, insurance underwriter, claims handler, rating agency, credit opinion provider, public finance approver, procurement authority, public contract award body, or vendor-selection body.

The Corporation’s activities in evidence, methods, observability, technical baselines, public-good software, controlled rooms, public authority learning, public-safe reporting, public-good support, grant development, sponsor engagement, capital-reader literacy, GRA-interface support, Nexus Docket support, Nexus Grid support, or proof-pack technical inputs shall be interpreted as non-executing and non-regulated to the maximum lawful extent.

No data room, controlled room, capital-reader room, public authority room, public-safe report, technical evidence pack, proof receipt, dashboard, model output, digital twin, DePIN record, AI-RAN signal, standards profile, registry entry, or Nexus-compatible label shall be interpreted as a securities offering document, investment recommendation, underwriting basis, lending approval, insurance placement, rating, public finance approval, procurement recommendation, or vendor-selection instruction.

Where a proposed activity cannot be safely distinguished from regulated finance, insurance, banking, rating, public finance, procurement, or capital execution, the Corporation shall stop, hold, quarantine, re-scope, externalize, refer, or terminate the activity.

19.8 Certification Overclaim Avoidance.\
Where ambiguity exists regarding certification, accreditation, conformance, verification, validation, standard-setting, protocol authority, compliance approval, procurement eligibility, or Nexus-compatible status, the Corporation shall adopt the interpretation that avoids certification overclaim.

The Corporation may contribute evidence, methods, schemas, public-good software, open technical baselines, test harnesses, reference implementations, evaluation sets, benchmark libraries, interoperability profiles, public-safe technical notes, and standards-support materials. Such contributions shall not be treated as certification, accreditation, compliance approval, legal approval, public authority approval, procurement approval, mandatory conformance, or official Nexus-compatible status unless a competent standards, certification, registry, or governance process separately and lawfully records that status.

Words such as “verified,” “validated,” “tested,” “baseline,” “reference,” “compatible,” “conformant,” “standard,” “protocol,” “approved,” “certified,” “recognized,” “mature,” “ready,” or “trusted” shall be used only in accordance with controlled vocabulary and record-supported status rules.

Where technical language creates certification ambiguity, the Corporation shall use limitation statements, scope statements, method notes, confidence and uncertainty notes, public-safe labels, repository notices, compatibility notes, divergence logs, and correction pathways.

19.9 Sponsor, Donor, Funder, or Provider Capture Avoidance.\
Where ambiguity exists regarding sponsor, donor, funder, provider, host, contractor, cloud provider, AI provider, data processor, infrastructure operator, national company, Project SPV, investor, insurer, lender, underwriter, public finance actor, capital reader, university, laboratory, or public authority influence, the Corporation shall adopt the interpretation that avoids capture.

No support, grant, donation, sponsorship, in-kind contribution, subscription, fee, host arrangement, provider contribution, technical integration, public authority participation, shared staff arrangement, shared data arrangement, joint publication, public event, controlled-room participation, repository contribution, or Nexus interface shall be interpreted to permit control over the Corporation’s governance, evidence, methods, research conclusions, public-safe publications, technical baselines, public-good software, datasets, dashboards, controlled vocabulary, public authority access, GRF inputs, GRA inputs, standards-support materials, Docket inputs, Grid inputs, or correction decisions.

Capture avoidance shall be applied to both actual control and perceived control. The Corporation shall protect against sponsor-driven language, provider-driven design, donor-driven findings, funder-driven publication timing, public authority pressure, capital-reader pressure, private benefit, preferential access, outcome purchase, recognition purchase, finance-readiness purchase, certification purchase, procurement advantage, and public authority access purchase.

Where capture risk cannot be adequately mitigated by disclosure, recusal, access restriction, independent review, diversification, ring-fencing, contract terms, publication controls, or correction rights, the Corporation shall refuse, return, terminate, re-scope, or quarantine the relevant support, relationship, output, or activity.

19.10 State, Territorial, Tribal, and Federal Public Authority Overclaim Avoidance.\
Where ambiguity exists in a federal, state, District of Columbia, territorial, Tribal, Indigenous, local, public authority, public university, public laboratory, public infrastructure, emergency management, public health, public safety, public works, utility, port, water, energy, food, telecom, cyber, or infrastructure context, the Corporation shall adopt the interpretation that avoids public authority overclaim.

The Corporation shall not assume authority in any state, territory, Tribal jurisdiction, public authority context, or local jurisdiction by reason of presence, participation, invitation, public meeting, public authority attendance, public authority data contribution, public authority briefing, state-interface label, territorial-interface label, Tribal-interface label, public-facing report, website reference, dashboard, map, or Nexus-compatible activity.

Tribal and Indigenous references shall be interpreted with respect for sovereignty, governance protocols, consent pathways, Indigenous data governance, Indigenous knowledge safeguards, protected knowledge, local context, cultural integrity, and non-extraction. No participation, discussion, data contribution, observability activity, mapping exercise, publication, or technical support shall be interpreted as consent, representation, authorization, recognition, or waiver unless expressly and lawfully recorded.

Where public authority or Tribal-interface overclaim risk arises, the Corporation shall classify capacity, obtain competent review, restrict public references, use limitation language, and preserve records.

19.11 Data, AI, Cyber, Privacy, Community, Indigenous, Protected Knowledge, Civil Rights, Consumer Protection, and Public-Safety Harm Avoidance.\
Where ambiguity exists regarding data, AI, cyber, privacy, consumer protection, civil rights, accessibility, public safety, community safeguards, Tribal or Indigenous protocols, protected knowledge, health-sensitive data, cyber-sensitive data, infrastructure-sensitive data, rights-bearing data, youth or vulnerable populations, public authority data, cross-border data, or public-safe mapping, the Corporation shall adopt the interpretation that most avoids harm.

No provision shall be interpreted to permit unnecessary collection, unsafe disclosure, uncontrolled AI use, unreviewed model training, improper data reuse, unauthorized inference, uncontrolled scraping, protected knowledge extraction, public authority data misuse, cyber-sensitive exposure, infrastructure-sensitive exposure, discriminatory effect, inaccessible participation, retaliation, coercion, unsafe map publication, or public-safety risk.

The Corporation shall apply data minimization, purpose limitation, access restriction, human review, AI-use review, model and inference record discipline, cybersecurity controls, privacy review, civil rights review, accessibility review, safeguards review, community review, Tribal or Indigenous protocol review where appropriate, de-identification, aggregation, redaction, controlled-room rules, and public-safe publication discipline where material.

Where the risk cannot be resolved safely, the Corporation shall stop, hold, quarantine, restrict, delete where lawful, seal, re-scope, decline, withdraw, correct, or escalate the activity.

19.12 More Restrictive Reading Where Doubt Exists.\
Where doubt exists as to the proper interpretation of any provision, instrument, authority, delegation, role, output, statement, classification, claim, label, publication, public authority interface, finance-adjacent material, certification-adjacent material, procurement-adjacent material, data use, AI use, technical artifact, repository permission, proof receipt, dashboard, digital twin, ledger entry, registry entry, or Nexus interface, the more restrictive lawful reading shall apply.

The more restrictive reading is the reading that best preserves legality, public benefit, nonprofit character, tax-exempt or tax-exempt-compatible status, non-distribution, non-execution, GCRI / GRF / GRA role separation, public-good stack and enterprise stack separation, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber controls, research integrity, community safeguards, protected knowledge, civil rights, accessibility, competition compliance, sanctions compliance, export-control compliance, validity-by-record, correctionability, and public trust.

The more restrictive reading shall remain in effect until competent authority resolves the doubt by record. No person may rely on ambiguity to proceed with a broader interpretation, especially where the broader interpretation would create or imply authority, status, recognition, finance-readiness, certification, procurement approval, public authority action, public warning, emergency command, regulated advice, private benefit, provider preference, sponsor control, or enterprise execution.

Operational urgency, technical convenience, public relations need, sponsor expectation, provider expectation, public authority interest, funding opportunity, or market demand shall not override the more restrictive reading.

19.13 Board Designation of Less Restrictive Interpretation Only by Recorded Act Where Lawful.\
The Board may designate a less restrictive interpretation only where the designation is lawful, consistent with mandatory applicable law, consistent with the Certificate or Articles of Incorporation, consistent with this Bylaw, consistent with nonprofit and tax-exempt or tax-exempt-compatible requirements, consistent with public-benefit purpose, and supported by a competent record.

A less restrictive interpretation shall require sufficient review for the affected matter, including legal review, tax review, public authority review, finance-boundary review, certification-boundary review, procurement-boundary review, data / AI / cyber review, safeguards review, competition review, sanctions review, export-control review, research integrity review, or other review where material.

The Board record approving a less restrictive interpretation shall identify the ambiguity, the restrictive default, the proposed less restrictive interpretation, the legal basis, the public-benefit basis, the safeguards, the limitations, the duration, the affected instruments, the responsible owner, the review cycle, the correction pathway, and the reasons why the interpretation does not create prohibited authority, prohibited reliance, private inurement, impermissible private benefit, public authority confusion, finance overclaim, certification overclaim, procurement implication, provider preference, sponsor control, data / AI / cyber risk, protected knowledge exposure, or enterprise execution.

No officer, committee, council, working group, public authority participant, sponsor, donor, funder, provider, host, advisor, fellow, contractor, technical maintainer, repository administrator, AI system, or informal leadership group may designate a less restrictive interpretation of a material ambiguity unless the Board has expressly delegated that authority and such delegation is lawful and recorded.

19.14 Stop, Hold, Quarantine, Re-Scope, Legal Review, or Escalation Where Interpretation Cannot Safely Be Resolved.\
Where an interpretive ambiguity cannot safely be resolved under this Section, the Corporation shall not proceed on the basis of assumption, convenience, precedent, oral assurance, ecosystem expectation, sponsor preference, provider preference, public authority familiarity, technical confidence, AI-generated analysis, dashboard status, proof receipt, repository label, or informal consensus.

The Corporation shall apply one or more protective measures, including stop, hold, quarantine, access restriction, publication freeze, implementation freeze, technical isolation, controlled-room lockdown, re-scoping, limitation language, public-safe review, legal review, tax review, compliance review, data / AI / cyber review, safeguards review, public authority capacity review, finance-boundary review, certification-boundary review, procurement-boundary review, sanctions review, export-control review, competition review, Board escalation, externalization to a competent actor, referral, or termination.

Protective measures shall be proportionate to risk but shall err on the side of preserving public benefit, legality, non-execution, role separation, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, data / AI / cyber integrity, safeguards, protected knowledge, validity-by-record, correctionability, and public trust.

Any person with responsibility for the affected matter may raise a stop, hold, quarantine, re-scope, review, or escalation concern in good faith. Retaliation for raising such concern is prohibited. Where the concern is material, the Corporation shall record the concern, decision, interim controls, responsible owner, review process, outcome, and correction path.

19.15 Most-Restrictive Rule Records.\
The Corporation shall maintain records sufficient to demonstrate the application of the most-restrictive rule where risk, harm, role confusion, regulatory ambiguity, or legal ambiguity exists.

Such records shall include, as applicable:

a) risk-aware interpretation records;

b) harm-avoidance records;

c) role-confusion analysis records;

d) regulatory-perimeter analysis records;

e) public authority confusion records;

f) finance-readiness overclaim records;

g) securities, investment adviser, broker-dealer, insurance, banking, lending, rating, public finance, and procurement perimeter records;

h) certification-overclaim records;

i) sponsor, donor, funder, provider, host, enterprise, capital-reader, or public authority capture-risk records;

j) state, territorial, Tribal, federal, local, and public authority overclaim records;

k) data, AI, cyber, privacy, community, Indigenous, protected knowledge, civil rights, accessibility, consumer protection, and public-safety harm records;

l) records applying the more restrictive reading where doubt exists;

m) Board records approving any less restrictive interpretation;

n) legal, tax, compliance, finance-boundary, certification-boundary, procurement-boundary, public authority, data / AI / cyber, safeguards, competition, sanctions, export-control, controlled-technology, research integrity, and protected knowledge review records;

o) stop, hold, quarantine, access restriction, publication freeze, implementation freeze, technical isolation, controlled-room lockdown, re-scope, externalization, referral, termination, and escalation records;

p) public-safe notices, controlled notices, limitation statements, disclaimers, compatibility notes, divergence logs, and correction records;

q) affected instruments, public materials, dashboards, datasets, software releases, proof receipts, ledgers, registries, standards profiles, public authority materials, sponsor materials, provider materials, funding materials, and Nexus interface materials;

r) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata; and

s) records of any corrective action, withdrawal, supersession, retraction, archive, takedown, participant notice, public authority notice, sponsor notice, provider notice, or Board notice arising from the application of this Section.

The governing rule of this Section is that ambiguity shall never be used as a path to authority expansion. Where risk, harm, role confusion, regulatory ambiguity, legal ambiguity, public authority confusion, finance overclaim, certification overclaim, procurement implication, data / AI / cyber risk, protected knowledge exposure, sponsor or provider capture, or public trust risk exists, the Corporation shall apply the most restrictive lawful interpretation unless and until a competent, recorded, legally supportable, public-benefit-preserving interpretation is adopted by the proper authority.

## Section 20. No Implied Authority, No Agency, No Partnership, No Joint Venture, No Apparent Authority, and No Shared Liability

20.1 No Agency.\
No provision of this Bylaw, no relationship of participation, coordination, support, affiliation, collaboration, sponsorship, donation, funding, hosting, contribution, public authority engagement, university engagement, laboratory engagement, community engagement, Nexus interface, shared program, shared repository, shared publication, shared event, shared data room, controlled-room activity, technical integration, proof receipt, dashboard, role key, smart license, standards profile, registry entry, or public statement shall be interpreted to create an agency relationship between The Global Centre for Risk and Innovation - United States and any other person or entity unless an express written instrument, approved by competent authority, lawfully creates such agency and defines its exact scope.

The Corporation shall not be the agent of GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, any global, regional, national, state, territorial, Tribal, metropolitan, sectoral, or local Nexus consortium, any national company, any Project SPV, any qualified enterprise provider, any sponsor, donor, funder, host, public authority, public university, laboratory, community, investor, insurer, lender, underwriter, bank, capital reader, vendor, contractor, operator, integrator, or enterprise actor by reason of mission alignment, terminology alignment, technical compatibility, shared doctrine, shared participation, shared personnel, shared records, public-facing coordination, or Nexus interoperability.

No external actor shall be the agent of the Corporation by reason of using the Corporation’s name, attending meetings, contributing data, contributing code, contributing funding, providing in-kind support, participating in a committee or council, appearing in a public report, hosting a program, operating an observatory environment, referencing Nexus-compatible materials, receiving a proof receipt, or participating in a public authority learning room.

Any agency relationship, if ever created, shall be strictly construed, time-bounded where appropriate, record-supported, revocable according to its terms, subject to this Bylaw, and prohibited from authorizing regulated execution, public authority substitution, finance-readiness determinations, certification, procurement approval, recognition, emergency command, public warning, provider preference, sponsor control, or enterprise execution unless separately and lawfully authorized by competent governing instruments and applicable law.

20.2 No Partnership.\
No provision of this Bylaw and no activity of the Corporation shall be interpreted to create a legal partnership between the Corporation and any person or entity unless a written instrument expressly creates such partnership, is approved by competent authority, complies with applicable law, preserves nonprofit and tax-exempt or tax-exempt-compatible restrictions, preserves public-benefit purpose, and is consistent with this Bylaw.

Shared mission, shared doctrine, shared public-good language, shared events, shared funding applications, joint research, co-authored publications, co-branded materials, shared working groups, shared controlled rooms, shared technical repositories, shared data structures, shared observability methods, shared evidence packs, shared public authority learning activities, shared academy programs, shared software, shared standards-support work, or shared Nexus interfaces shall not create partnership.

No person may represent that a partnership exists with the Corporation unless the specific partnership has been lawfully approved, documented, scoped, and recorded. Any partnership-like language used for public legibility, ecosystem coordination, research collaboration, program participation, public authority learning, sponsorship, hosting, or technical interoperability shall be read as descriptive only unless the operative written instrument provides otherwise.

Any lawful partnership-like arrangement shall be subject to public-benefit purpose, non-distribution, private inurement controls, impermissible private benefit controls, non-execution, role separation, public authority boundary discipline, finance-boundary discipline, certification-boundary discipline, procurement neutrality, data / AI / cyber controls, safeguards, conflict controls, competition controls, sanctions and export-control review, validity-by-record, and correctionability.

20.3 No Joint Venture.\
No provision of this Bylaw and no relationship, program, project, consortium activity, public authority interface, sponsor arrangement, provider arrangement, host arrangement, technical integration, research collaboration, public-good software project, evidence room, data room, controlled room, Nexus Universe activity, Nexus Observatory activity, Nexus Rails activity, Nexus Grid activity, or Nexus-compatible deployment support shall be interpreted to create a joint venture unless an express written instrument approved by competent authority lawfully creates such joint venture.

The Corporation shall not be treated as sharing profits, losses, execution control, operational command, asset ownership, infrastructure ownership, deployment risk, finance execution, procurement decision-making, certification authority, recognition authority, public authority authority, or enterprise delivery responsibility by participating in a project or interface that also involves public authorities, national companies, Project SPVs, qualified enterprise providers, sponsors, hosts, funders, universities, laboratories, or communities.

Any lawful joint venture, if ever approved, shall require enhanced Board review and shall be structured to preserve the Corporation’s nonprofit character, public-benefit purpose, tax-exempt or tax-exempt-compatible posture, non-execution boundary, anti-capture requirements, role separation, public authority boundaries, finance boundaries, certification and procurement boundaries, data / AI / cyber controls, safeguards, asset dedication, records discipline, and correctionability.

No joint venture may be inferred from operational proximity, shared branding, shared technical infrastructure, co-location, shared dashboards, shared proof receipts, shared working groups, shared capital-readiness discussions, shared public authority learning rooms, or shared Nexus interoperability.

20.4 No Fiduciary Delegation to External Actors.\
The fiduciary duties of the Board, directors, officers, and any person lawfully holding fiduciary responsibility within the Corporation shall not be delegated to external actors except to the limited extent expressly permitted by applicable law and competent governing instruments.

No sponsor, donor, funder, provider, host, public authority participant, university, laboratory, community representative, investor, insurer, lender, underwriter, capital reader, national company, Project SPV, Nexus entity, GCRI Canada actor, GRF actor, GRA actor, advisor, fellow, contractor, consultant, technical maintainer, repository administrator, AI system, or working group shall hold, exercise, direct, or displace fiduciary authority over the Corporation unless lawfully appointed to a fiduciary office and subject to the duties, conflicts, records, and controls applicable to that office.

External advice, technical expertise, public authority feedback, donor input, sponsor reporting, provider contribution, community knowledge, Indigenous or Tribal protocol input, capital-reader literacy, academic review, peer review, model review, or committee recommendation may inform decisions, but shall not substitute for fiduciary judgment by the Board or authorized fiduciary actors.

No external actor may use support, access, expertise, data contribution, public authority status, technical centrality, financial importance, hosting leverage, platform control, repository access, or Nexus role to direct the Corporation’s governance, research conclusions, evidence methods, publication decisions, correction decisions, public-safe claims, technical baselines, or role-separation controls.

20.5 No Representative Authority Without Written Authorization.\
No person shall represent, speak for, bind, commit, negotiate on behalf of, certify on behalf of, approve on behalf of, publish on behalf of, accept funds on behalf of, issue statements on behalf of, issue proof receipts on behalf of, admit participants on behalf of, grant access on behalf of, execute documents on behalf of, or otherwise act in the name of the Corporation without written authorization, recorded delegation, office authority, or other competent record.

Representative authority shall be limited by its written scope, purpose, audience, duration, jurisdiction, budget, authority matrix, public authority classification, data / AI / cyber classification, publication class, finance-boundary classification, certification-boundary classification, procurement-boundary classification, safeguards classification, and any other applicable condition.

A person with representative authority shall not exceed that authority by using institutional titles, public-facing roles, technical expertise, repository access, speaking invitations, public authority relationships, sponsor relationships, provider relationships, fundraising activity, media presence, Nexus participation, or prior approvals.

Any representation made without authority shall be non-binding on the Corporation unless ratified by competent authority where ratification is lawful and appropriate. Ratification shall not be presumed and shall not cure prohibited functions, private inurement, impermissible private benefit, regulatory perimeter breach, public authority confusion, finance overclaim, certification overclaim, procurement implication, sponsor control, provider preference, data misuse, protected knowledge exposure, or enterprise execution.

20.6 No Apparent Authority by Title, Seniority, Technical Centrality, Authorship, Speaking Role, System Access, Public Authority Contact, State Interface Role, Territorial Interface Role, Tribal Interface Role, North America Interface Role, Social Prominence, Sponsor Relationship, Provider Relationship, or Leadership Proximity.\
No apparent authority shall arise from title, seniority, authorship, expertise, technical centrality, public visibility, speaking role, conference role, media appearance, public authority contact, state-interface role, territorial-interface role, Tribal-interface role, North America-interface role, Nexus-interface role, repository access, system access, controlled-room access, dashboard access, proof-receipt access, public-safe report authorship, software maintainer status, public authority familiarity, sponsor relationship, provider relationship, donor relationship, funder relationship, host relationship, leadership proximity, founder proximity, committee participation, council participation, working group leadership, advisory role, fellowship status, employment status, contractor status, volunteer status, or repeated operational practice.

Authority shall arise only from mandatory applicable law, the Certificate or Articles of Incorporation, this Bylaw, Board resolution, member approval where required, officer appointment, committee charter, written delegation, authority matrix, contract, policy, or other competent record within the applicable hierarchy.

No person receiving a communication from a director, officer, employee, contractor, volunteer, fellow, advisor, contributor, technical maintainer, sponsor, provider, host, public authority participant, committee member, council member, or Nexus participant may rely on apparent authority where the matter concerns binding the Corporation; approving a contract; accepting funds; making a public statement; creating public authority meaning; granting finance-readiness meaning; certifying; recognizing; approving procurement; granting provider preference; permitting sponsor control; issuing a public warning; exercising emergency command; granting access to controlled materials; releasing data; approving AI use; releasing software; or issuing public-safe claims.

Where apparent authority confusion arises, the Corporation may issue corrective notices, require retractions, restrict access, suspend participation, withdraw materials, amend public statements, notify counterparties, decline ratification, and take legal or contractual action.

20.7 No Authority to Bind GCRI US Without Delegation.\
No director, officer, employee, contractor, volunteer, fellow, advisor, contributor, committee member, council member, sponsor, donor, funder, provider, host, public authority participant, university participant, laboratory participant, community participant, technical maintainer, repository administrator, AI system, or external actor shall have authority to bind the Corporation unless such authority is expressly granted by law, the Certificate or Articles of Incorporation, this Bylaw, Board resolution, officer appointment, committee charter, authority matrix, written delegation, contract, or other competent record.

Authority to bind the Corporation shall be interpreted narrowly. A grant of authority to discuss shall not include authority to commit. A grant of authority to draft shall not include authority to approve. A grant of authority to convene shall not include authority to bind. A grant of authority to publish shall not include authority to make legal representations beyond approved language. A grant of authority to maintain a repository shall not include authority to amend governance meaning. A grant of authority to issue a proof receipt shall not include authority to recognize, certify, approve procurement, determine finance-readiness, or bind the Corporation.

No person may bind the Corporation to a contract, grant, donation agreement, sponsorship agreement, public authority instrument, data-sharing agreement, AI-use arrangement, software license, IP transfer, controlled-room access commitment, publication commitment, public statement, settlement, debt, guarantee, employment arrangement, contractor arrangement, procurement, or other obligation without proper authority.

Where a purported commitment is made without authority, the Corporation may reject, ratify, correct, re-scope, terminate, or treat the commitment as void, voidable, non-operative, or unauthorized to the fullest extent permitted by law.

20.8 No Authority to Bind GCRI Canada.\
The Corporation shall not bind GCRI Canada. No director, officer, employee, contractor, volunteer, fellow, advisor, contributor, committee member, council member, sponsor, provider, public authority participant, Nexus participant, or other person acting in relation to the Corporation shall have authority to bind GCRI Canada unless separately and lawfully authorized by GCRI Canada through its own competent governing instruments.

Coordination between the Corporation and GCRI Canada on evidence, methods, observability, ontology, technical baselines, public-good software, public-good R\&D, verifiable compute, public authority learning, safeguards, and North America interface matters shall not create mutual authority, agency, partnership, joint venture, parent-subsidiary status, branch status, common treasury, shared liability, single employer status, joint employer status, or alter ego status.

No United States record, public statement, bylaw provision, Board action, officer action, committee action, repository entry, public-safe report, proof receipt, dashboard, data room, controlled room, Nexus interface, or public authority learning activity shall be interpreted to bind GCRI Canada unless GCRI Canada separately adopts, approves, or executes a competent record.

Where cross-border or North America coordination may create confusion, the Corporation shall use compatibility notes, divergence logs, role-separation records, capacity classifications, public-safe language, and corrective records.

20.9 No Authority to Bind The Global Risks Forum (GRF).\
The Corporation shall not bind The Global Risks Forum (GRF). No evidence input, methods input, observability input, technical baseline, correction signal, public-safe report, Docket-support artifact, Grid-support artifact, proof receipt, repository entry, controlled-room record, public authority learning output, or Nexus interface output of the Corporation shall bind GRF or determine any GRF recognition, maturity record, standing, registry entry, claims-discipline outcome, stakeholder-formation outcome, public-safe reporting outcome, or public-facing legitimacy determination unless GRF separately and lawfully acts through its own competent process.

No person acting for or with the Corporation may represent that GRF has recognized, approved, certified, registered, endorsed, matured, validated, accepted, or conferred standing on any person, project, technology, provider, sponsor, public authority interface, dataset, technical baseline, public-good software, Project SPV, national company, or Nexus-compatible claim unless that status is supported by a competent GRF record.

GCRI US may support GRF through evidence, methods, observability, ontology, technical baselines, public-safe inputs, and correction signals, but such support shall remain non-determinative unless GRF’s own governing instruments provide otherwise.

20.10 No Authority to Bind The Global Risks Alliance (GRA).\
The Corporation shall not bind The Global Risks Alliance (GRA). No technical evidence input, methods input, observability input, public-good technical baseline, proof-pack input, public authority learning output, controlled-room material, dashboard, model output, proof receipt, Docket-support record, Grid-support record, or Nexus interface artifact of the Corporation shall bind GRA or determine any finance-readiness, capital-readability, insurance-readiness, diligence-translation, RNFD, NFD, UNFSD, capital-reader room, regulated-perimeter, investment, lending, insurance, underwriting, public finance, or proof-pack outcome unless GRA separately and lawfully acts through its own competent process.

No person acting for or with the Corporation may represent that GRA has determined finance-readiness, insurance-readiness, bankability, investability, capital-readability, underwriting suitability, public finance eligibility, guarantee eligibility, credit quality, proof-pack sufficiency, or capital allocation suitability unless the exact status is supported by a competent GRA record.

GCRI US may provide evidence and methods inputs to GRA-compatible processes, but shall not use such inputs to create securities, investment adviser, broker-dealer, finder, insurance, banking, lending, rating, public finance, underwriting, or capital execution meaning.

20.11 No Authority to Bind Nexus Network, Nexus Standards, Consortiums, National Companies, Project SPVs, Providers, Sponsors, Hosts, Public Authorities, Funders, Universities, Laboratories, or Partners.\
The Corporation shall not bind Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, any global, regional, national, state, territorial, Tribal, metropolitan, sectoral, or local Nexus consortium, any national consortium company, state or regional operating company, Project SPV, qualified enterprise provider, sponsor, donor, funder, host, public authority, public university, laboratory, community, civil society actor, media actor, investor, insurer, lender, underwriter, bank, public finance actor, capital reader, partner, contractor, vendor, operator, integrator, or enterprise actor unless a separate written instrument lawfully grants such authority within a defined scope.

No Nexus-compatible status, public-good stack compatibility, technical interoperability, shared rail participation, one-rail / two-stacks alignment, observability method, standards-support activity, public-good software release, technical baseline, repository permission, proof receipt, ledger entry, role key, smart license, dashboard, controlled-room participation, public authority learning session, or public-safe report shall be interpreted as authority to bind any such actor.

No public authority shall be bound by its attendance, participation, data contribution, receipt of materials, observer status, regulator-listening status, public finance reader status, emergency-management participant status, simulation participation, or use of Corporation materials unless that public authority separately acts through its own lawful process.

No sponsor, donor, funder, provider, host, university, laboratory, or partner shall be bound to governance obligations beyond the obligations contained in its own executed instrument, participation terms, access terms, confidentiality terms, data terms, IP terms, public-safe claims terms, support terms, or other competent record.

20.12 No Shared Liability by Shared Mission, Shared Personnel, Shared Data, Shared Records, Shared Repository, Shared Publication, Shared Event, Shared Program, Shared Council, or Shared Nexus Interface.\
Shared mission, shared doctrine, shared public-good purpose, shared personnel, dual-role individuals, shared directors, shared officers, shared advisors, shared contributors, shared fellows, shared volunteers, shared systems, shared data, shared records, shared repositories, shared publications, shared events, shared programs, shared committees, shared councils, shared working groups, shared controlled rooms, shared public authority learning rooms, shared technical baselines, shared public-good software, shared proof receipts, shared dashboards, shared registries, shared Nexus interfaces, or shared public narrative shall not create shared liability.

The Corporation’s liability shall be determined by applicable law and the Corporation’s own acts, omissions, records, contracts, duties, and authorized conduct. It shall not assume liability for GCRI Canada, GRF, GRA, Nexus entities, consortiums, national companies, Project SPVs, qualified providers, sponsors, hosts, funders, public authorities, universities, laboratories, communities, or enterprise actors by reason of coordination.

No external actor shall assume liability for the Corporation by reason of mission alignment, participation, attendance, contribution, funding, technical support, hosting, publication, public authority engagement, or Nexus interoperability unless that external actor separately assumes liability by written instrument or applicable law.

Where shared activities may create liability confusion, the Corporation shall maintain separate records, separate authority lines, separate signatures, separate funds, separate roles, separate publication statements, separate public-safe language, separate data responsibilities, separate IP terms, separate access controls, separate correction paths, and separate insurance treatment where appropriate.

20.13 Unauthorized Representation.\
Unauthorized representation includes any statement, act, omission, document, public claim, public authority reference, finance-adjacent statement, certification-adjacent statement, procurement-adjacent statement, recognition claim, Nexus-compatible claim, sponsor statement, provider statement, website statement, social media statement, marketing material, investor material, bid material, grant material, technical note, dashboard label, proof receipt, repository label, badge, logo, seal, role key, smart license, standards profile, registry entry, or AI-generated output that suggests authority not supported by a competent record.

Unauthorized representation includes falsely or misleadingly claiming to speak for the Corporation; bind the Corporation; represent GCRI Canada; represent GRF; represent GRA; represent Nexus Network or Nexus Standards; represent a public authority; issue public warnings; exercise emergency command; approve procurement; certify; recognize; determine finance-readiness; provide investment advice; endorse a provider; confer sponsor status beyond approved support; approve a dataset; approve a model; approve a software release; or determine Nexus-compatible status.

Unauthorized representation shall not become valid because it is made by a senior person, repeated publicly, left uncorrected for a period of time, included in a slide deck, posted on a website, generated by AI, embedded in metadata, used by a sponsor, used by a provider, used in a public authority setting, or referenced by an external actor.

Any person aware of an unauthorized representation shall promptly report it through the applicable escalation, correction, public-safe publication, legal, compliance, records, or safeguards channel.

20.14 Enforcement, Retraction, Correction, Suspension, Removal, Public Clarification, Contract Action, or Legal Response.\
Where unauthorized authority, agency, partnership, joint venture, apparent authority, representative authority, binding authority, mutual authority, or shared-liability implication is claimed, created, repeated, or reasonably likely to be inferred, the Corporation may take any lawful corrective or protective action.

Corrective or protective action may include private correction, public-safe clarification, controlled notice, public notice, takedown request, retraction demand, corrected publication, metadata correction, repository correction, dashboard label correction, proof-receipt annotation, registry correction, contract notice, access restriction, suspension, removal, offboarding, termination of participation, termination of support, return of funds where appropriate, refusal of future participation, legal demand, injunctive relief, damages claim, regulatory notice where required, public authority notice where appropriate, or other lawful action.

Where the unauthorized representation involves public authority confusion, finance overclaim, certification overclaim, procurement implication, recognition claim, emergency command, public warning, data misuse, AI misuse, cyber risk, protected knowledge exposure, civil rights harm, accessibility harm, sanctions, export control, competition, or regulated-perimeter risk, the matter shall be escalated for legal, compliance, public authority, data / AI / cyber, safeguards, finance-boundary, certification-boundary, procurement-boundary, GRF-interface, GRA-interface, Nexus-interface, or Board review as appropriate.

No corrective action shall be required to ratify, preserve, or honor an unauthorized claim. The Corporation may deny effect to the claim, preserve evidence of the misuse, and proceed as necessary to protect public benefit, nonprofit character, non-execution, role separation, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, data / AI / cyber integrity, safeguards, validity-by-record, correctionability, and public trust.

20.15 No-Authority Records.\
The Corporation shall maintain records sufficient to demonstrate the absence, scope, denial, correction, or enforcement of authority where agency, partnership, joint venture, apparent authority, representative authority, binding authority, mutual authority, or shared liability could otherwise be alleged.

Such records shall include, as applicable:

a) authority matrices;

b) delegation records;

c) officer appointment records;

d) Board and committee charters;

e) signature authority records;

f) public statement approval records;

g) public authority capacity records;

h) finance-boundary, certification-boundary, procurement-boundary, recognition-boundary, provider-neutrality, and sponsor non-control records;

i) GCRI Canada interface records;

j) GRF interface records;

k) GRA interface records;

l) Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cell, consortium, national company, Project SPV, provider, sponsor, host, public authority, university, laboratory, community, and partner interface records;

m) role maps;

n) compatibility notes;

o) divergence logs;

p) public-safe limitation language;

q) non-agency, non-partnership, non-joint-venture, non-representative-authority, and non-shared-liability clauses in contracts, MoUs, participation terms, sponsorship terms, grant terms, data terms, controlled-room terms, public authority terms, repository terms, and technical contribution terms;

r) unauthorized representation reports;

s) retraction, correction, takedown, access restriction, suspension, removal, termination, public clarification, legal demand, regulatory notice, public authority notice, and enforcement records;

t) records of ratification where lawful and expressly approved;

u) records denying ratification;

v) affected public materials, websites, GitBook pages, slide decks, reports, datasets, software releases, dashboards, proof receipts, metadata, registry entries, standards profiles, role keys, smart licenses, public authority materials, sponsor materials, provider materials, funding materials, and Nexus interface materials; and

w) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

The governing rule of this Section is that authority shall exist only by competent record, and legal relationship shall not arise by implication. Mission alignment shall not create agency. Collaboration shall not create partnership. Technical interoperability shall not create joint venture. Public presence shall not create apparent authority. Shared personnel shall not create shared liability. Nexus compatibility shall not create power to bind. Every actor remains legally distinct unless a lawful, written, recorded instrument provides otherwise, and even then only within its exact scope.

## Section 21. Non-Reliance, No Third-Party Duty, Limitation of Responsibility, and Non-Endorsement

21.1 Outputs as Governance, Evidence, Research, Methods, Convening, Technical, Training, Public-Good, Standards-Support, or Public Authority Learning Artifacts.\
All outputs, materials, records, publications, reports, whitepapers, briefings, dashboards, maps, digital twins, datasets, schemas, software, APIs, SDKs, technical baselines, reference architectures, test harnesses, benchmark materials, proof receipts, role keys, smart licenses, standards-support materials, public authority learning materials, controlled-room materials, public-safe summaries, training materials, academy materials, fellowship materials, committee materials, council materials, working-group materials, public statements, GitBook pages, website pages, slide decks, translations, plain-language summaries, and Nexus-interface artifacts produced, maintained, supported, convened, or published by the Corporation shall be understood according to their approved status classification and shall be treated as governance, evidence, research, methods, convening, technical, training, public-good, standards-support, public authority learning, or public-safe communication artifacts only.

No such output shall be interpreted as a final legal, regulatory, engineering, clinical, financial, investment, insurance, lending, underwriting, rating, public finance, procurement, certification, recognition, public authority, emergency management, public warning, or operational determination unless the Corporation has separately and lawfully issued that exact determination through a competent record and applicable law permits the Corporation to do so. The default rule is non-reliance.

Every material output shall be read with its source, purpose, version, status, authorizing record, confidence level where applicable, uncertainty where applicable, limitation language, access class, publication class, public-safe classification, correction pathway, and role-separation context. No output shall be detached from its limitations and used as an independent authority for action beyond its approved scope.

Where an output is used in a Nexus-compatible environment, public authority learning room, controlled room, capital-reader literacy context, GRF input context, GRA input context, standards-support context, public-good software context, or observability context, such use shall not alter the output’s non-executing character.

21.2 No Professional Advice.\
The Corporation does not provide professional advice by default. No output, meeting, training, report, evidence artifact, dashboard, model output, public authority learning session, public-safe publication, controlled-room discussion, technical baseline, software release, schema, benchmark, proof receipt, role key, smart license, registry entry, public statement, or Nexus-interface activity shall be treated as professional advice unless the Corporation has expressly and lawfully authorized that exact professional service through a competent record and the service is provided by persons properly qualified, licensed, authorized, insured where required, and acting within the scope of applicable law.

Professional advice includes legal advice, engineering advice, medical advice, clinical advice, public health advice, investment advice, insurance advice, tax advice, accounting advice, procurement advice, cybersecurity assurance advice, emergency management advice, public safety advice, regulatory compliance advice, environmental permitting advice, public finance advice, credit advice, underwriting advice, valuation advice, and other advice requiring professional qualification, regulated authorization, or formal duty of care.

The Corporation may provide research, education, technical literacy, methods, evidence, public-good software, public authority learning, safeguards information, public-safe reporting, and general technical materials. Such materials may assist qualified actors in their own diligence, learning, policy, research, planning, or professional review, but they shall not substitute for advice from the appropriate licensed, authorized, or accountable professional.

Any person relying on Corporation materials for a professional, regulated, operational, public authority, finance, procurement, certification, public safety, clinical, engineering, legal, or similar decision does so outside the intended reliance scope unless a separate competent written instrument expressly provides otherwise.

21.3 No Legal Advice.\
The Corporation does not provide legal advice. No Bylaw provision, policy, protocol, charter, schedule, annex, form, template, controlled vocabulary, legal-boundary note, compliance note, public authority note, public-safe notice, public statement, governance memorandum, public-facing explainer, translation, plain-language summary, GitBook page, website text, meeting discussion, controlled-room material, or AI-generated summary shall be interpreted as legal advice to any person.

The Corporation may maintain legal-boundary discipline for its own governance and may describe its own non-execution, role separation, public authority boundary, finance boundary, certification boundary, procurement boundary, data / AI / cyber boundary, safeguards boundary, records boundary, and Nexus-interface boundary. Such descriptions are institutional governance statements, not legal opinions for third parties.

No participant, sponsor, donor, funder, provider, host, public authority, university, laboratory, community, national company, Project SPV, capital reader, investor, insurer, lender, underwriter, bank, operator, integrator, contractor, vendor, media actor, civil society actor, or other person may treat Corporation materials as a legal compliance determination, regulatory approval, safe harbor, legal risk opinion, tax opinion, securities-law opinion, procurement-law opinion, public authority authorization, public finance authorization, privacy compliance determination, export-control determination, sanctions determination, or professional legal judgment.

Where a matter requires legal advice, the affected person shall obtain advice from their own qualified counsel. The Corporation may require counsel review for its own purposes before proceeding with an activity that implicates legal, regulatory, public authority, finance, certification, procurement, data / AI / cyber, safeguards, sanctions, export-control, competition, tax, nonprofit, or cross-border risk.

21.4 No Engineering Opinion by Default.\
The Corporation does not provide an engineering opinion, engineering certification, design approval, safety approval, professional engineering seal, infrastructure fitness determination, operational readiness determination, construction approval, deployment approval, commissioning approval, reliability guarantee, performance guarantee, or system safety determination by default.

Technical materials, open technical baselines, reference architectures, observability methods, AI-RAN methods, O-RAN methods, DePIN methods, digital twin methods, cyber methods, geospatial methods, sensor methods, simulation methods, test harnesses, gold vectors, negative tests, benchmark libraries, dashboards, and public-good software may support technical learning and evidence development, but they shall not be treated as professional engineering advice or approval.

No public authority, infrastructure operator, utility, port, telecom actor, water actor, energy actor, health actor, food actor, emergency management body, public works body, provider, national company, Project SPV, host, sponsor, investor, insurer, lender, contractor, integrator, or asset owner may rely on Corporation technical outputs as a substitute for engineering review by qualified professionals with authority over the relevant system.

Where engineering meaning could be inferred, the Corporation shall use limitation language, confidence and uncertainty notes, public-safe status, method notes, role-separation language, and correction pathways to prevent unsafe reliance.

21.5 No Clinical, Public Health, or Medical Advice by Default.\
The Corporation does not provide clinical, public health, medical, epidemiological, diagnostic, treatment, triage, emergency medical, public health order, health-system command, biological safety, or patient-care advice by default.

Materials relating to public health, biosecurity, health-system resilience, hospital infrastructure, epidemiological signals, climate-health risk, disaster-health interfaces, health data, AI health systems, medical supply chains, public-safe mapping, or community safeguards shall be treated as evidence, research, methods, public authority learning, technical literacy, or public-good materials only unless a separate competent record lawfully provides otherwise.

No dashboard, model output, signal, digital twin, sensor feed, evidence pack, public-safe report, AI output, observability record, proof receipt, or public authority learning material shall be treated as a clinical instruction, public health order, medical recommendation, public warning, emergency command, diagnosis, treatment recommendation, population health directive, quarantine instruction, evacuation instruction, or substitute for qualified health authority action.

Where health-sensitive materials are involved, the Corporation shall apply privacy, data protection, AI governance, cybersecurity, civil rights, accessibility, public-safe publication, community safeguards, protected knowledge, and public authority boundary controls.

21.6 No Regulatory Authorization.\
No Corporation output, participation, publication, technical baseline, evidence artifact, report, public authority learning session, controlled-room activity, data-room material, dashboard, model output, proof receipt, registry entry, standards-support artifact, or Nexus-compatible reference shall constitute regulatory authorization.

The Corporation does not grant permits, licenses, approvals, exemptions, waivers, safe harbors, compliance findings, enforcement determinations, regulatory clearances, public authority approvals, public finance approvals, procurement approvals, environmental approvals, cyber approvals, AI compliance approvals, health approvals, infrastructure approvals, export-control approvals, sanctions approvals, or controlled-technology approvals.

Regulator-listening participation, public authority attendance, public authority data contribution, public authority use of materials, public authority feedback, or public authority receipt of a report shall not create regulatory authorization. Any public authority action must arise from the public authority’s own lawful process and record.

Where regulatory authorization could be inferred, the Corporation shall classify capacity, apply limitation language, control public references, preserve records, and correct misleading statements.

21.7 No Sovereign Approval.\
No material, output, statement, meeting, public authority learning activity, Nexus interface, cross-border coordination, public-safe report, controlled-room record, dashboard, proof receipt, technical baseline, public-good software release, translation, or public-facing summary shall be interpreted as sovereign approval, governmental approval, treaty approval, intergovernmental approval, Tribal approval, Indigenous governance approval, territorial approval, state approval, federal approval, local approval, public authority endorsement, public finance approval, public procurement approval, or official adoption.

The Corporation is not a sovereign body, treaty body, intergovernmental body, regulator, public authority, emergency command body, public warning authority, public finance authority, or procurement authority. It shall not imply otherwise by title, program design, public materials, public authority participation, North America anchor language, state-interface language, territorial-interface language, Tribal-interface language, or Nexus-compatible language.

Where Tribal, Indigenous, local, territorial, or community participation is involved, participation shall not be treated as consent, approval, representation, waiver, adoption, endorsement, or authorization unless separately and lawfully recorded by the competent authority or community process.

No sovereign or public authority approval may be inferred from presence, silence, funding, attendance, data contribution, learning participation, simulation participation, receipt of materials, or public reference.

21.8 No Public Warning.\
The Corporation does not issue official public warnings by default. No report, public-safe publication, dashboard, digital twin, map, signal feed, AI output, model output, sensor output, AI-RAN signal, O-RAN signal, DePIN record, DLT entry, blockchain entry, proof receipt, anomaly flag, resilience indicator, risk score, scenario output, simulation output, or public authority learning material shall be treated as an official public warning.

The Corporation may publish public-safe information, evidence, methods, technical findings, observability summaries, educational materials, and learning outputs where authorized and reviewed. Such materials shall not substitute for emergency alerts, public health warnings, evacuation orders, boil-water notices, public safety warnings, cyber emergency warnings, infrastructure emergency commands, incident command decisions, or other official public authority communications.

Where a matter may require public warning, emergency command, public health order, public safety instruction, or operational response, the Corporation shall route the matter through appropriate public authority, legal, public-safe, safeguards, data / AI / cyber, and records pathways and shall not assume public warning authority.

Public-safe publication means careful communication designed to reduce unsafe reliance and protect the public; it does not mean official warning power.

21.9 No Market Recommendation.\
The Corporation does not issue market recommendations. No publication, report, dataset, benchmark, dashboard, technical baseline, public-good software release, controlled-room material, training material, public authority learning output, capital-reader literacy material, proof pack input, GRA-interface input, GRF-interface input, Docket input, Grid input, or Nexus-interface artifact shall be interpreted as a recommendation to buy, sell, hold, finance, insure, lend to, invest in, underwrite, procure, approve, reject, rate, endorse, select, exclude, or prefer any product, service, company, provider, sponsor, technology, asset, infrastructure, security, token, project, Project SPV, national company, jurisdiction, policy, public authority program, financing structure, or commercial offering.

Comparative technical materials may support research, evidence literacy, technical evaluation, public-good methods, and standards-support work. They shall not be used as vendor selection, procurement steering, investment recommendation, underwriting direction, market allocation, boycott, exclusion instruction, or commercial preference.

Where market-facing interpretation is possible, the Corporation shall use provider-neutral language, sponsor non-control language, public-safe limitation statements, competition-law controls, and correction pathways.

21.10 No Investment Decision Support.\
The Corporation does not provide investment decision support by default. No evidence artifact, technical report, dashboard, risk map, digital twin, model output, proof receipt, benchmark, score, public-safe publication, Docket input, Grid input, proof-pack input, capital-reader literacy material, controlled-room material, or GRA-interface material shall be treated as investment advice, suitability analysis, transaction recommendation, securities recommendation, capital allocation instruction, portfolio guidance, asset-management advice, valuation opinion, credit opinion, bankability determination, finance-readiness determination, or investment due diligence conclusion.

The Corporation may provide technical evidence, methods, observability, public-good software, public authority learning, and safeguards inputs that may assist other actors in understanding systemic risk and resilience. Such materials shall remain non-executing and shall not instruct capital action.

Any finance-adjacent output shall be accompanied by limitation language appropriate to its audience, access class, publication class, and risk profile. The Corporation shall route finance-readiness, capital-readability, proof-pack, insurance-readiness, diligence-translation, RNFD, NFD, UNFSD, and regulated-perimeter matters to The Global Risks Alliance (GRA) or another separately competent lawful actor where appropriate.

No person may rely on Corporation materials as a basis for investment, securities, lending, insurance, underwriting, public finance, tax credit, guarantee, or capital allocation action.

21.11 No Underwriting Basis.\
The Corporation does not provide an underwriting basis. No output of the Corporation shall be used as a binding underwriting opinion, underwriting approval, underwriting denial, risk pricing, insurance pricing, credit pricing, actuarial determination, loan approval, debt service capacity determination, loss estimate, guarantee basis, credit enhancement basis, resilience rating, insurability rating, financeability rating, public finance eligibility determination, or public guarantee basis.

Technical evidence may support learning and diligence by qualified actors, but underwriting decisions must be made by properly authorized insurers, reinsurers, lenders, banks, underwriters, guarantors, public finance actors, or other regulated or accountable entities acting under their own authority and records.

Where an output may be relevant to underwriting, the Corporation shall identify it as technical, evidence, methods, observability, public-good, or learning material only and shall not describe it as sufficient for underwriting unless separately and lawfully authorized, which shall not be presumed.

Any misuse of Corporation materials as underwriting basis shall be subject to correction, withdrawal, restriction, public-safe clarification, controlled notice, or legal response where appropriate.

21.12 No Insurance Placement Basis.\
The Corporation does not place, bind, price, underwrite, approve, recommend, broker, solicit, sell, adjust, administer, or guarantee insurance. No Corporation output shall be treated as an insurance placement basis, insurance approval, insurance recommendation, reinsurance recommendation, underwriting approval, premium basis, claims handling basis, loss adjustment basis, insurability determination, or policy suitability assessment.

Insurance-related evidence, resilience evidence, risk evidence, cyber evidence, climate evidence, infrastructure evidence, public-safe reporting, or observability records may support learning and technical diligence only. Such materials do not constitute insurance advice, brokerage, placement, underwriting, reinsurance support, claims administration, rating, or binding authority.

The Corporation shall preserve separation from insurers, reinsurers, brokers, agents, underwriters, claims handlers, risk-bearing intermediaries, and insurance regulators. Any insurance-readiness support or diligence translation shall be handled through GRA or another separately competent lawful actor where appropriate, and only within the limits of applicable law.

21.13 No Procurement Recommendation.\
The Corporation does not issue procurement recommendations. No technical baseline, benchmark, test result, software release, dataset, dashboard, evidence pack, public-safe report, provider participation, sponsor support, controlled-room activity, public authority learning activity, public-good software contribution, Nexus-compatible reference, proof receipt, standards-support artifact, or public statement shall be interpreted as a recommendation, requirement, preference, award, prequalification, shortlisting, scoring, vendor selection, bid evaluation, procurement approval, public contract approval, or procurement eligibility determination.

The Corporation shall remain procurement-neutral. It may support public authority learning, technical literacy, evidence methods, public-good software, and open technical baselines, but it shall not select vendors for public authorities or private actors, steer procurements, recommend providers, certify suppliers, or confer procurement advantage.

No public authority, national company, Project SPV, provider, sponsor, host, university, laboratory, or enterprise actor may use Corporation affiliation, participation, contribution, funding, report inclusion, technical compatibility, or Nexus-interface involvement as evidence of procurement approval unless a separate competent procurement authority lawfully determines such status through its own process.

Where procurement reliance risk exists, the Corporation shall apply limitation language, competition controls, provider-neutral language, public authority boundary controls, and corrective measures.

21.14 No Execution Instruction.\
No output of the Corporation shall be treated as an execution instruction. The Corporation does not direct deployment, procurement, construction, installation, integration, emergency response, operations, incident response, dispatch, evacuation, public health action, infrastructure control, financial transaction, insurance placement, lending decision, investment action, securities transaction, project closing, asset acquisition, asset operation, Project SPV action, national company action, provider action, public authority action, or community action by default.

Methods, technical baselines, public-good software, dashboards, digital twins, simulations, observability records, AI outputs, proof receipts, and public authority learning materials may inform learning and analysis, but they do not command action.

Any person using Corporation materials in an operational context shall remain responsible for obtaining proper authority, professional review, public authority approval where needed, safety review, legal review, engineering review, finance review, procurement review, data / AI / cyber review, safeguards review, and other required approvals.

The Corporation shall not be liable for actions taken by third parties who treat non-executing materials as execution instructions without a competent written authority expressly allowing such reliance.

21.15 No Public Authority Decision.\
No Corporation output shall constitute a public authority decision. The Corporation does not make governmental, regulatory, public finance, procurement, emergency management, public health, public safety, public infrastructure, public works, utility, port, territorial, Tribal, Indigenous governance, state, local, federal, or sovereign decisions.

Public authority participants may attend, learn, observe, contribute data, provide feedback, participate in scenarios, join simulations, join tabletop exercises, or review materials within approved capacity. Such participation shall not convert Corporation outputs into public authority acts, public records determinations, open meeting determinations, official approvals, public warnings, emergency commands, procurement decisions, public finance approvals, grant approvals, regulatory decisions, compliance approvals, public-private partnership commitments, or sovereign obligations.

Where public authority decision meaning could be inferred, the Corporation shall classify capacity, state limitations, control publication, maintain records, and require correction.

Public authority action remains the responsibility of the relevant public authority acting through its own lawful process.

21.16 No General Duty of Care to Third Parties.\
The Corporation’s activities, outputs, materials, meetings, publications, repositories, dashboards, models, software, datasets, public authority learning activities, controlled rooms, public-safe reports, Nexus-interface materials, and public-good assets do not create a general duty of care to third parties unless such duty is expressly created by applicable law or by a written instrument lawfully approved by competent authority.

The Corporation’s public-benefit purpose does not create an unlimited duty to monitor, warn, correct, protect, advise, supervise, intervene, execute, regulate, certify, approve procurement, determine finance-readiness, direct public authorities, direct providers, direct sponsors, direct communities, or control external actors.

The Corporation may voluntarily correct, clarify, withdraw, supersede, restrict, annotate, or update materials where appropriate, but such correctionability shall not be interpreted as an admission of a general duty of care to all users, readers, viewers, participants, public authorities, sponsors, providers, capital readers, communities, or third parties.

Where the Corporation assumes a specific duty by contract, grant, law, policy, participation terms, controlled-room terms, or other competent record, that duty shall be limited to its exact scope and shall not create broader third-party duties unless the governing instrument or applicable law requires otherwise.

21.17 Limitation of Liability to Extent Permitted by Law.\
To the fullest extent permitted by applicable law, the Corporation shall not be responsible for loss, damage, claim, liability, reliance, cost, expense, delay, operational consequence, investment consequence, insurance consequence, lending consequence, procurement consequence, certification consequence, public authority consequence, public safety consequence, clinical consequence, engineering consequence, cyber consequence, data consequence, AI consequence, community consequence, or market consequence arising from unauthorized reliance on Corporation outputs beyond their approved scope.

This limitation applies to reliance on draft materials; superseded materials; withdrawn materials; archived materials; translations; plain-language summaries; public explainers; slide decks; AI-generated summaries; unofficial copies; excerpts; partial records; dashboards; maps; model outputs; simulation outputs; digital twins; sensor signals; AI-RAN or O-RAN signals; DePIN records; blockchain or DLT entries; proof receipts; software; datasets; technical baselines; benchmarks; public authority learning materials; controlled-room discussions; and Nexus-compatible references.

Nothing in this Section shall limit liability where limitation is prohibited by law, nor shall it authorize bad faith, fraud, willful misconduct, knowing violation of law, private inurement, impermissible private benefit, intentional misconduct, gross misconduct where applicable, unlawful discrimination, retaliation, data misuse, cyber misconduct, or other conduct that cannot lawfully be disclaimed.

Liability limitations shall be read together with indemnification, insurance, records, correction, public-safe publication, data / AI / cyber, safeguards, conflicts, public authority boundary, finance boundary, certification boundary, procurement boundary, and non-execution provisions of this Bylaw.

21.18 Non-Endorsement of Persons, Entities, Products, Policies, Strategies, Jurisdictions, Public Authority Positions, Providers, Sponsors, Technologies, Commercial Offerings, or Financing Structures.\
The Corporation does not endorse persons, entities, products, services, technologies, vendors, providers, sponsors, donors, funders, hosts, public authorities, universities, laboratories, communities, policies, strategies, jurisdictions, public authority positions, financing structures, securities, tokens, insurance products, lending products, procurement approaches, commercial offerings, political positions, campaigns, candidates, parties, regulatory positions, or market strategies by default.

Participation in Corporation activities, inclusion in a report, attendance at a meeting, receipt of materials, contribution of funding, provision of in-kind support, sponsorship acknowledgment, provider participation, technical contribution, public authority participation, academic collaboration, community consultation, publication citation, repository contribution, controlled-room admission, proof receipt, role key, smart license, standards-support artifact, Nexus-compatible reference, or public-safe report mention shall not constitute endorsement.

The Corporation may acknowledge support, describe participation, cite sources, identify contributors, describe technical compatibility, recognize public-good contribution, or publish evidence, but such acknowledgment shall not imply approval, recommendation, certification, recognition, finance-readiness, procurement preference, public authority endorsement, or market preference.

Any endorsement-like statement requires express authority, approved language, conflict review, public-safe review, competition review, sponsor non-control review, provider neutrality review, and records sufficient to prevent misleading reliance.

21.19 Participant Representation Limits.\
Participants, members where applicable, non-voting members, supporters, subscribers, donors, sponsors, funders, providers, hosts, public authority participants, university participants, laboratory participants, community participants, civil society participants, media participants, fellows, advisors, observers, contractors, volunteers, contributors, technical maintainers, committee members, council members, working-group participants, controlled-room participants, and Nexus-interface actors shall not represent that their participation confers endorsement, approval, recognition, maturity, standing, certification, procurement advantage, finance-readiness, insurance-readiness, bankability, investment suitability, public authority approval, public warning authority, emergency command authority, provider preference, sponsor control, or authority to bind the Corporation.

Participants may describe their relationship to the Corporation only in accordance with approved public-claims rules, participation terms, name-use rules, mark-use rules, public-safe language, and controlled vocabulary. Any description shall be accurate, proportionate, non-misleading, and supported by a competent record.

A participant shall not use the Corporation’s name, marks, seal, logo, badge, public-good assets, reports, datasets, software, technical baselines, dashboards, proof receipts, role keys, smart licenses, public authority materials, controlled-room materials, or Nexus-interface materials in marketing, fundraising, investor materials, bid materials, public authority materials, social media, websites, proposals, grant applications, procurement submissions, financing materials, insurance materials, or public statements except as authorized.

Misuse of participant status may result in correction, retraction, takedown, access restriction, suspension, termination, contract action, public clarification, or legal response.

21.20 Required Non-Reliance Language for Public, Controlled, Public Authority, Technical, Finance-Adjacent, and Cross-Border Outputs.\
The Corporation shall maintain approved non-reliance language for public, controlled, public authority, technical, finance-adjacent, insurance-adjacent, lending-adjacent, underwriting-adjacent, procurement-adjacent, certification-adjacent, recognition-adjacent, standards-support, data / AI / cyber, safeguards, cross-border, North America, Tribal-interface, territorial, state-specific, local, GitBook, website, repository, dashboard, dataset, software, model, proof receipt, public-safe report, training, academy, and controlled-room outputs.

Such language shall be proportionate to the output’s purpose, audience, access class, publication class, risk level, jurisdiction, public authority context, finance context, certification context, procurement context, data / AI / cyber sensitivity, safeguards sensitivity, protected knowledge sensitivity, and Nexus-interface role.

Required non-reliance language may state, as applicable, that the output is for research, education, evidence, methods, public-good software, technical literacy, public authority learning, public-safe communication, or standards-support purposes only; is not legal, engineering, clinical, financial, investment, insurance, underwriting, lending, procurement, certification, public authority, emergency management, or professional advice; does not constitute public warning, emergency command, regulatory approval, public finance approval, procurement approval, certification, recognition, finance-readiness, endorsement, or execution instruction; and is subject to correction, supersession, withdrawal, limitation, and record-based interpretation.

No material output that presents foreseeable reliance risk shall be released without appropriate limitation language unless competent authority records why such language is unnecessary or inappropriate.

21.21 Non-Reliance Records.\
The Corporation shall maintain records sufficient to demonstrate the intended status, reliance limits, duty limits, responsibility limits, endorsement limits, and correction status of its outputs and activities.

Such records shall include, as applicable:

a) output classification records;

b) public, controlled, internal, public authority, finance-adjacent, technical, safeguards, and cross-border publication classifications;

c) non-reliance language libraries;

d) approved limitation statements;

e) legal, engineering, clinical, public health, finance, insurance, underwriting, lending, rating, procurement, certification, recognition, public authority, emergency command, and professional-boundary review records;

f) public authority capacity records;

g) finance-boundary, insurance-boundary, lending-boundary, underwriting-boundary, rating-boundary, public finance-boundary, procurement-boundary, certification-boundary, recognition-boundary, provider-neutrality, sponsor non-control, and non-endorsement records;

h) public-safe publication records;

i) data / AI / cyber, privacy, protected knowledge, civil rights, accessibility, community safeguards, Tribal / Indigenous, sanctions, export-control, controlled-technology, competition, and research integrity review records;

j) participant public-claims permission records;

k) mark-use and name-use permission records;

l) sponsor acknowledgment records;

m) provider participation and neutrality records;

n) public authority sharing records;

o) cross-border and North America interface records;

p) dashboard, dataset, model, proof receipt, software, repository, public-good technical asset, standards-support, and Nexus-interface limitation records;

q) correction, clarification, supersession, withdrawal, retraction, archive, takedown, access restriction, controlled notice, public notice, and public-safe notice records;

r) reports of misuse, overclaim, unauthorized reliance, unauthorized endorsement, unauthorized professional-advice claim, unauthorized public authority claim, unauthorized finance-readiness claim, unauthorized procurement claim, unauthorized certification claim, unauthorized recognition claim, or unauthorized public warning claim;

s) enforcement, suspension, termination, contract action, legal demand, regulatory notice, public authority notice, or participant notice records; and

t) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

The governing rule of this Section is that the Corporation’s outputs are public-good instruments, not open-ended reliance instruments. They may inform learning, evidence, methods, technical literacy, public authority understanding, public-safe communication, and Nexus-compatible public-good coordination, but they do not become professional advice, public authority action, market recommendation, investment basis, underwriting basis, insurance placement basis, procurement recommendation, execution instruction, endorsement, certification, recognition, or finance-readiness determination unless a competent lawful record expressly and narrowly provides otherwise.

## Section 22. Bright-Line Non-Execution Rule and Regulated-Activity Disclaimer

22.1 Non-Execution Character.\
The Corporation shall be a non-executing public-benefit technical institution. Its purposes, powers, programs, publications, convenings, evidence systems, methods, public-good software, open technical baselines, public authority learning activities, controlled rooms, dashboards, digital twins, proof receipts, Nexus-interface materials, and public-safe reports shall be interpreted and applied as non-executing unless a specific act is separately and lawfully authorized by competent governing record and applicable law permits the Corporation to perform that act.

Non-execution means that the Corporation may steward evidence, methods, observability, ontology, technical truth, public-good research and development, public-good software, open technical baselines, verifiable compute methods, public authority learning, community safeguards, public-safe publication, and Nexus public-good stack compatibility, but shall not itself execute regulated, operational, financial, public authority, procurement, certification, emergency command, public warning, infrastructure operation, market-intermediation, investment, insurance, lending, underwriting, rating, or enterprise delivery functions.

The Corporation’s non-execution character shall apply regardless of the sophistication, authority, public visibility, technical centrality, operational relevance, public authority interest, sponsor support, provider participation, finance-reader interest, Nexus compatibility, or urgency of the subject matter. A technical artifact does not become execution because it is useful. A public authority learning room does not become public authority action because public authorities attend. A dashboard does not become command because it displays risk. A proof receipt does not become approval because it is recorded. A public-safe report does not become a warning because it concerns public risk.

All persons acting for, through, with, or in reference to the Corporation shall preserve this non-execution rule in public statements, contracts, grants, sponsorships, donor materials, provider materials, public authority materials, technical repositories, controlled rooms, dashboards, datasets, software releases, public-safe reports, media materials, GitBook pages, websites, AI-generated summaries, and Nexus-interface communications.

22.2 No Securities Offering, Securities Distribution, Capital Placement, Underwriting, Brokerage, Dealer Activity, Finder Activity, or Solicitation.\
The Corporation shall not act as, or represent itself as, a securities issuer for investment purposes, securities distributor, placement agent, underwriter, broker, dealer, finder, capital arranger, transaction intermediary, solicitation agent, investment platform, token-sale platform, capital marketplace, crowdfunding portal, securities exchange, alternative trading system, or capital execution vehicle.

No report, public-safe publication, whitepaper, evidence pack, dashboard, dataset, digital twin, proof receipt, Docket-support artifact, Grid-support artifact, proof-pack input, GRA-interface input, controlled-room material, public authority learning material, sponsor material, provider material, Nexus-interface artifact, or technical baseline of the Corporation shall be used as a securities offering document, securities solicitation, private placement memorandum, investment teaser, subscription document, investor recommendation, roadshow material, transaction recommendation, capital placement support, underwriting support, or finder activity.

The Corporation may provide technical evidence, methods, public-good research, public authority learning, and non-executing readiness inputs that may assist lawful diligence by separately competent actors. Such activity shall not include soliciting investors, matching investors to projects, recommending securities, negotiating investment terms, receiving transaction-based compensation, arranging securities transactions, or directing capital allocation.

Where any activity approaches a securities, brokerage, dealer, finder, underwriting, solicitation, capital placement, token, digital asset, or transaction-intermediation perimeter, the Corporation shall hold, quarantine, re-scope, externalize, refer, terminate, or escalate the matter for legal and Board review before proceeding.

22.3 No Investment Advice, Investment Adviser Activity, Portfolio Management, Asset Management, Suitability Determination, Capital Recommendation, or Transaction Recommendation.\
The Corporation shall not provide investment advice, act as an investment adviser, manage portfolios, manage assets, recommend transactions, determine suitability, recommend capital allocation, recommend investment timing, recommend asset acquisition, recommend divestment, recommend lending or insurance participation, recommend public finance participation, or provide individualized investment analysis.

No Corporation output shall be interpreted as advising any investor, lender, insurer, underwriter, bank, public finance actor, donor, sponsor, capital reader, national company, Project SPV, provider, public authority, community, or enterprise actor to buy, sell, hold, finance, insure, lend to, underwrite, guarantee, support, fund, procure, approve, reject, or otherwise transact with respect to any security, project, company, asset, token, infrastructure, provider, technology, policy, jurisdiction, financing structure, or commercial offering.

Finance-adjacent materials produced by the Corporation shall be limited to technical evidence, public-good methods, observability records, public-safe learning, standards-support materials, or readiness inputs. Any finance-readiness, capital-readability, proof-pack, insurance-readiness, diligence-translation, RNFD, NFD, UNFSD, capital-reader room, or regulated-perimeter function shall remain with The Global Risks Alliance (GRA) or another separately competent lawful actor, and no such routing shall convert the Corporation into a regulated investment or capital actor.

The Corporation shall not receive transaction-based compensation, success fees, carried interest, placement fees, brokerage fees, underwriting fees, finder fees, investment management fees, or other compensation that would create or imply regulated capital execution unless a separate lawful structure, competent record, and applicable regulatory authorization expressly permit the activity, which shall not be presumed.

22.4 No Banking, Deposit-Taking, Payment Intermediation, Custody, Clearing, Settlement, Treasury Execution, Escrow, or Third-Party Fund Control.\
The Corporation shall not act as a bank, deposit-taking institution, payment intermediary, money transmitter, custodian, clearing agent, settlement agent, escrow agent, trustee for transaction funds, treasury execution agent for third parties, fiscal agent for unauthorized purposes, wallet custodian, digital asset custodian, collateral agent, cash manager for Project SPVs, or third-party fund-control vehicle.

The Corporation may maintain its own bank accounts, receive grants, donations, sponsorships, subscriptions, fees, cost recoveries, and in-kind support, and manage its own funds for lawful public-benefit purposes subject to this Bylaw, Board-approved controls, applicable law, tax requirements, restricted-fund rules, accounting controls, and internal controls. Such internal treasury activity shall not authorize the Corporation to hold, move, settle, escrow, allocate, or control third-party transaction funds.

No controlled room, data room, capital-reader room, project room, grant room, public authority learning room, proof-pack process, Docket-support process, Grid-support process, Nexus-interface process, or public-good support process shall be designed or operated so that the Corporation becomes a payment rail, escrow, settlement layer, custody provider, transaction counterparty, collateral holder, treasury manager, or capital allocator.

Where third-party funds, escrow-like arrangements, custodial assets, digital assets, payment flows, project treasury, public funds, grant pass-throughs, or capital execution arrangements are implicated, the Corporation shall require legal, tax, finance, compliance, sanctions, anti-money laundering, public authority, and Board review as appropriate and shall externalize or refer the function to properly authorized actors unless the Corporation is separately and lawfully authorized.

22.5 No Insurance, Reinsurance, Underwriting, Placement, Pricing, Binding, Risk-Bearing Intermediation, Claims Handling, or Insurance Approval.\
The Corporation shall not act as an insurer, reinsurer, insurance broker, insurance agent, managing general agent, underwriting agent, risk-bearing intermediary, insurance marketplace, claims administrator, claims adjuster, insurance placement adviser, policy approver, premium setter, coverage approver, binding authority, loss-reserve authority, actuarial certifier, or insurance regulator.

No resilience evidence, risk evidence, climate evidence, cyber evidence, infrastructure evidence, observability record, digital twin, dashboard, technical baseline, public-safe report, proof receipt, model output, benchmark, public authority learning material, or GRA-interface input produced by the Corporation shall constitute insurance approval, insurability determination, premium basis, underwriting decision, reinsurance recommendation, coverage recommendation, claims determination, loss adjustment, risk transfer advice, or policy placement instruction.

The Corporation may produce technical evidence and public-good methods that may be relevant to insurance literacy, resilience understanding, and lawful diligence by separately competent actors. Such materials shall remain non-executing and shall not replace underwriting, actuarial, claims, insurance, reinsurance, broker, regulatory, or legal review.

Any insurance-readiness or risk-transfer-related pathway shall be routed to The Global Risks Alliance (GRA) or another separately competent lawful actor where appropriate, and shall remain subject to regulated-perimeter review, non-reliance language, public-safe publication discipline, and records.

22.6 No Credit, Lending, Loan Origination, Credit Approval, Credit Brokerage, Guarantee, Revenue Guarantee, or Performance Guarantee.\
The Corporation shall not act as a lender, credit originator, credit broker, loan arranger, credit adviser, guarantor, revenue guarantor, performance guarantor, repayment guarantor, credit enhancer, debt placement agent, debt underwriter, public guarantee approver, or loan servicing actor.

No technical evidence, dashboard, risk map, digital twin, proof receipt, benchmark, public-safe report, Grid input, Docket input, GRA-interface input, proof-pack input, controlled-room record, public authority learning material, or Nexus-compatible artifact shall be treated as a loan approval, credit approval, credit opinion, debt capacity analysis, repayment assessment, guarantee basis, revenue sufficiency determination, performance guarantee, credit enhancement, or lending recommendation.

The Corporation shall not promise or imply that any project, national company, Project SPV, provider, host, sponsor, public authority, community, infrastructure, technology, financing structure, or commercial offering will obtain financing, maintain revenue, achieve performance, avoid loss, qualify for guarantees, or satisfy lender requirements by reason of Corporation participation, evidence, methods, technical baselines, proof receipts, or Nexus-compatible materials.

Where credit, lending, guarantee, public guarantee, revenue support, performance support, or debt-market meaning may arise, the Corporation shall apply the most restrictive lawful interpretation, include limitation language, and route or externalize the matter to properly authorized actors.

22.7 No Rating, Credit Opinion, Investment Grade Opinion, Resilience Rating, Insurability Rating, Bankability Rating, or Financeability Determination.\
The Corporation shall not act as a rating agency, credit opinion provider, investment-grade opinion provider, bankability rating provider, financeability rating provider, insurability rating provider, resilience rating provider, provider rating body, project rating body, public finance rating body, or investment suitability rating body.

No score, maturity indicator, evidence class, confidence level, dashboard flag, risk index, observability indicator, benchmark result, proof receipt, technical baseline conformance note, public-safe report, Docket-support artifact, Grid-support artifact, GRA-interface input, GRF-interface input, or Nexus-compatible reference shall be interpreted as a rating unless a separate competent record expressly and lawfully classifies it as such and the Corporation is lawfully authorized to issue that rating.

The Corporation may publish technical indicators, research findings, confidence notes, uncertainty notes, maturity inputs, evidence summaries, and public-safe observations. Such outputs shall not be labeled or marketed as credit ratings, investment ratings, underwriting ratings, resilience ratings, insurance ratings, bankability ratings, financeability ratings, procurement ratings, provider ratings, sovereign ratings, or public authority ratings.

Where numerical, color-coded, tiered, badge-like, maturity-like, or dashboard-based outputs may create rating confusion, the Corporation shall use controlled vocabulary, limitation language, status classification, non-reliance notices, and correction pathways.

22.8 No Public Finance Approval, Federal Grant Approval, State Grant Approval, Territorial Grant Approval, MDB / DFI Approval, Sovereign Finance Approval, Budget Allocation, Public Guarantee, Public Credit, Tax Credit Approval, or Appropriation Approval.\
The Corporation shall not approve, award, allocate, authorize, recommend, guarantee, certify, or determine eligibility for public finance, federal grants, state grants, territorial grants, Tribal grants, local grants, multilateral development bank finance, development finance institution finance, sovereign finance, public guarantees, public credit, tax credits, appropriations, budget allocations, public subsidies, public-private partnership funding, infrastructure funding, emergency funding, resilience funding, climate finance, or public procurement finance.

No public authority learning session, public authority attendance, public finance reader participation, public-safe report, technical evidence, observability output, proof receipt, Docket input, Grid input, GRA-interface input, Nexus-interface artifact, or public authority note shall be treated as public finance approval, grant approval, appropriation support, budget commitment, official funding decision, public guarantee, tax credit approval, public subsidy approval, or sovereign obligation.

The Corporation may support public authority learning, technical literacy, evidence interpretation, public-safe reporting, and non-executing readiness inputs. Such support shall not bind public authorities, public finance actors, grantmakers, legislatures, agencies, MDBs, DFIs, or budget authorities.

Where public finance reliance risk exists, the Corporation shall classify public authority capacity, use non-reliance language, avoid funding-outcome language, preserve public authority separateness, and require legal and public authority boundary review.

22.9 No Emergency Command, Official Public Warning, Public Health Order, Evacuation Instruction, Dispatch, Incident Management, or Safety Command.\
The Corporation shall not act as an emergency command body, incident command body, dispatch authority, emergency operations center, public warning authority, public health authority, evacuation authority, safety command body, public safety agency, public works command body, utility command body, cyber emergency command body, infrastructure command body, port command body, telecom command body, or operational incident manager.

No dashboard, map, digital twin, simulation, sensor feed, AI output, AI-RAN signal, O-RAN signal, DePIN record, cyber telemetry, geospatial output, Earth observation output, public-safe report, proof receipt, truth-engine output, observability record, controlled-room discussion, public authority learning material, or emergency-management participant record shall be treated as a public warning, evacuation instruction, dispatch instruction, public health order, incident command instruction, operational directive, or safety command.

Where evidence suggests possible imminent harm, the Corporation may route information through appropriate public-safe, legal, safeguards, cyber, privacy, public authority, and records pathways. Such routing shall not make the Corporation a public warning or emergency command authority.

The Corporation shall avoid language, interface design, color coding, notification design, escalation labels, maps, dashboards, signals, or automated messages that reasonably imply official emergency authority unless specifically approved for a lawful non-executing purpose with limitation language and public authority coordination where appropriate.

22.10 No Regulation, Enforcement, Permit, Compliance Approval, Legal Certification, Procurement Award, Vendor Selection, Public Authority Substitution, or Governmental Decision.\
The Corporation shall not regulate, enforce law, issue permits, grant licenses, approve compliance, confer legal safe harbors, issue legal certifications, award procurement, select vendors for public authorities, approve public contracts, substitute for public authority decision-making, exercise delegated governmental power, adjudicate legal rights, issue binding orders, or make governmental decisions.

No standards-support activity, technical baseline, public-good software release, benchmark, conformance note, dashboard, proof receipt, controlled-room output, public authority learning material, public-safe report, Nexus-compatible artifact, GRF-interface input, GRA-interface input, Docket input, or Grid input shall be treated as regulatory approval, legal compliance approval, procurement approval, vendor prequalification, official public authority action, or government adoption.

The Corporation may support learning, methods, evidence, technical literacy, public-safe reporting, and public-good infrastructure understanding. It shall not convert such support into governmental power by participation, repetition, public posting, public authority attendance, funding, official-looking language, or technical integration.

Any activity that may be understood as regulation, enforcement, licensing, permitting, compliance approval, procurement, vendor selection, public authority substitution, or governmental decision shall be stopped, held, quarantined, re-scoped, externalized, referred, or escalated before continuation.

22.11 No Certification by Default.\
The Corporation shall not act as a certification body by default. It shall not certify, accredit, approve, license, recognize, rank, endorse, qualify, confer official conformance status, approve procurement eligibility, grant professional credentials, or determine Nexus-compatible status unless a separate competent record expressly authorizes the specific function and applicable law permits the Corporation to perform it.

Technical review, evidence review, methods review, software testing, benchmark testing, reference architecture publication, public-good software release, schema publication, API publication, standards-support contribution, proof receipt, role key, smart license, ledger entry, dashboard output, repository label, or public-safe report shall not constitute certification.

Terms such as “validated,” “verified,” “tested,” “conformant,” “compatible,” “approved,” “recognized,” “certified,” “mature,” “ready,” “trusted,” “standard,” “protocol,” or “baseline” shall be governed by controlled vocabulary and shall not be used to imply certification where no competent certification record exists.

Where certification-like meaning is desired for public-good purposes, the Corporation shall route the matter to the competent standards, registry, recognition, or certification authority, including The Global Risks Forum (GRF), Nexus Standards, or another separately constituted authority where applicable, and shall preserve GCRI US’s evidence and methods role.

22.12 No Execution by Technical Integration, Workflow Design, Dashboard, Data Room, Controlled Room, Proof Receipt, AI System, Digital Twin, AI-RAN Signal, DePIN Record, Ledger Entry, or Public-Safe Report.\
No technical integration, workflow design, dashboard, data room, controlled room, clean room, evidence room, public authority room, proof receipt, AI system, agentic workflow, digital twin, AI-RAN signal, O-RAN signal, DePIN record, sensor feed, cyber telemetry, blockchain entry, DLT entry, ledger entry, smart license, role key, standards profile, registry entry, public-safe report, or Nexus-interface artifact shall convert the Corporation into an executing actor.

A workflow may structure information, but it shall not command execution. A dashboard may display evidence, but it shall not issue official decisions. A data room may organize diligence materials, but it shall not arrange capital. A controlled room may manage sensitive review, but it shall not approve procurement. A proof receipt may evidence that something was submitted, checked, observed, or recorded, but it shall not itself constitute recognition, certification, finance-readiness, procurement approval, public authority adoption, public warning, or emergency command. A ledger entry may preserve traceability, but it shall not replace lawful governance authority.

AI systems, model outputs, agentic workflows, digital twins, sensor signals, and automated scoring tools shall be subject to human review, records, access controls, public-safe classification, confidence and uncertainty statements, limitation language, data / AI / cyber review, safeguards review, and correction pathways where material. They shall not issue final authority unless a competent human authority lawfully records the decision within its own scope.

Where technical design creates execution confusion, the Corporation shall redesign labels, permissions, interfaces, alerts, routes, dashboards, APIs, proofs, records, or publication language to preserve non-execution.

22.13 Separation From Licensed Execution Actors.\
The Corporation may interact with licensed, regulated, or accountable execution actors, including lawyers, engineers, clinicians, public health authorities, emergency management bodies, public authorities, insurers, reinsurers, brokers, lenders, banks, underwriters, investment advisers, broker-dealers, rating agencies, procurement authorities, auditors, accountants, cybersecurity firms, infrastructure operators, utilities, national companies, Project SPVs, qualified enterprise providers, and other professional or regulated actors. Such interaction shall not make the Corporation one of those actors.

The Corporation’s role shall remain evidence, methods, research, observability, public-good software, technical baseline, public authority learning, public-safe communication, safeguards, or Nexus-interface support unless a separate lawful instrument defines a narrower and authorized role. Licensed or regulated actors shall make their own determinations under their own authority, duties, standards, professional obligations, insurance, licenses, and records.

No licensed or regulated actor may use Corporation participation to imply that the Corporation has assumed the actor’s duties, approvals, liability, professional judgment, regulated authority, execution role, public authority role, or market function. No Corporation officer, director, employee, contractor, fellow, advisor, participant, or contributor may blur the line between Corporation support and licensed execution.

Any interface with licensed execution actors shall include role-separation language, non-reliance language, records, conflicts review, data / AI / cyber review, safeguards review, and regulatory-perimeter review where appropriate.

22.14 Perimeter Breach Escalation.\
A perimeter breach or suspected perimeter breach shall exist where any person, output, activity, interface, statement, workflow, agreement, dashboard, proof receipt, model output, public authority room, capital-reader room, controlled room, technical integration, public-safe report, public material, sponsor material, provider material, or Nexus-interface artifact creates a reasonable risk that the Corporation is acting as, or being understood as, an executing, regulated, public authority, finance, procurement, certification, recognition, emergency command, public warning, professional advice, or enterprise delivery actor.

Upon identification of a perimeter breach or suspected perimeter breach, the matter shall be escalated promptly to the responsible officer, Secretary where records are implicated, legal or compliance function where applicable, relevant committee where established, Chair or Board where material, and any specialized data / AI / cyber, safeguards, public authority, finance-boundary, certification-boundary, procurement-boundary, competition, sanctions, export-control, or Nexus-interface review pathway required by the risk.

No person shall continue, publish, circulate, rely upon, market, implement, automate, externalize, or expand a perimeter-risk activity while material ambiguity remains unresolved, unless competent authority records a limited protective continuation with safeguards, limitation language, access restrictions, and review conditions.

Perimeter breach escalation shall be protective and correctionable. It shall not be treated as an admission of wrongdoing by default, but as a governance mechanism to preserve public benefit, legality, role separation, non-execution, public trust, and institutional integrity.

22.15 Hold, Quarantine, Re-Scope, Externalize, Refer, or Terminate.\
Where a regulated-activity, execution, public authority, finance, procurement, certification, recognition, public warning, emergency command, professional-advice, market-conduct, data / AI / cyber, safeguards, protected knowledge, sanctions, export-control, competition, or legal-perimeter risk cannot be safely resolved within the Corporation’s lawful non-executing role, the Corporation shall apply one or more protective measures.

Protective measures may include:

a) hold, meaning temporary suspension of action, publication, release, access, meeting, workflow, claim, or decision pending review;

b) quarantine, meaning isolation of an output, dataset, software release, proof receipt, dashboard, model output, record, public statement, controlled-room material, or technical artifact to prevent reliance or spread;

c) re-scope, meaning narrowing the activity to a lawful evidence, methods, research, learning, public-good software, public-safe publication, or technical support function;

d) externalize, meaning transferring the execution function to a separately competent licensed, regulated, public authority, professional, enterprise, finance, insurance, lending, procurement, certification, recognition, standards, or operational actor;

e) refer, meaning directing the matter to The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards, a public authority, counsel, professional adviser, licensed actor, regulated entity, or other competent body where appropriate; or

f) terminate, meaning discontinuing the activity, relationship, output, workflow, claim, interface, publication, or release where it cannot be made lawful, safe, public-benefit-aligned, or non-executing.

The Corporation shall not preserve a problematic activity merely because it is strategically important, funder-preferred, sponsor-supported, provider-requested, technically impressive, publicly visible, operationally convenient, finance-relevant, or urgent. Where lawful continuation requires restructuring, the restructuring shall be recorded before continuation.

22.16 Non-Execution and Regulated-Perimeter Records.\
The Corporation shall maintain records sufficient to demonstrate compliance with the bright-line non-execution rule and regulated-activity disclaimer.

Such records shall include, as applicable:

a) non-execution classifications for programs, outputs, publications, dashboards, datasets, software, technical baselines, proof receipts, controlled rooms, public authority rooms, and Nexus-interface materials;

b) regulated-perimeter review records;

c) securities, investment adviser, broker-dealer, finder, capital placement, underwriting, banking, payment, custody, escrow, lending, credit, insurance, rating, public finance, procurement, certification, professional advice, public authority, public warning, emergency command, and enterprise execution boundary records;

d) public authority capacity records;

e) finance-boundary, insurance-boundary, lending-boundary, underwriting-boundary, rating-boundary, public finance-boundary, procurement-boundary, certification-boundary, recognition-boundary, provider-neutrality, sponsor non-control, and non-endorsement records;

f) AI, dashboard, digital twin, proof receipt, DePIN, AI-RAN, O-RAN, sensor, ledger, registry, role-key, smart-license, model-output, agentic-workflow, and automated-score limitation records;

g) legal, compliance, tax, public authority, data / AI / cyber, safeguards, competition, sanctions, export-control, controlled-technology, research integrity, professional-boundary, and protected knowledge review records;

h) limitation language, non-reliance language, public-safe notices, controlled notices, compatibility notes, divergence logs, and correction records;

i) records of holds, quarantines, access restrictions, publication freezes, implementation freezes, technical isolations, controlled-room lockdowns, re-scoping, externalizations, referrals, terminations, withdrawals, supersessions, retractions, archives, takedowns, and public-safe clarifications;

j) Board, committee, officer, counsel, compliance, public authority, GRF-interface, GRA-interface, Nexus Standards-interface, and other escalation records;

k) participant, sponsor, donor, funder, provider, host, public authority, capital reader, university, laboratory, community, contractor, and partner notices where required or appropriate;

l) misuse, overclaim, unauthorized reliance, unauthorized execution, unauthorized public authority claim, unauthorized finance-readiness claim, unauthorized certification claim, unauthorized procurement claim, unauthorized recognition claim, unauthorized public warning claim, unauthorized professional-advice claim, or unauthorized endorsement records; and

m) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

The governing rule of this Section is that the Corporation shall remain a public-good steward, not an execution vehicle. Its evidence may inform, but shall not decide. Its methods may guide learning, but shall not command action. Its software may support public-good interoperability, but shall not approve procurement. Its dashboards may display signals, but shall not issue warnings. Its proof receipts may preserve records, but shall not confer authority. Its public authority rooms may educate, but shall not govern. Its finance-adjacent inputs may support diligence by others, but shall not allocate capital. Its Nexus compatibility may connect the public-good stack, but shall not collapse role separation.

## Section 23. Competition, Antitrust, Market-Conduct, Clean-Room, and Meeting-Discipline Primacy

23.1 Competition-Law Primacy.\
The Corporation shall conduct all meetings, programs, councils, committees, working groups, forums, panels, controlled rooms, clean rooms, benchmark activities, data-sharing activities, research consortia, technical comparisons, public statements, platform-design activities, labs, challenges, dataset activities, index-development activities, standards-support activities, provider interfaces, sponsor interfaces, public authority interfaces, capital-reader literacy interfaces, Nexus-interface activities, and public-good software activities in strict compliance with applicable federal, state, territorial, Tribal-interface, local, and cross-border competition, antitrust, unfair competition, procurement-integrity, market-conduct, and anti-collusion requirements.

Competition-law discipline shall have primacy over convenience, speed, public narrative, sponsor expectation, provider preference, funder urgency, public authority familiarity, technical enthusiasm, market interest, benchmarking ambition, standards-support ambition, or Nexus-interface coordination. No activity of the Corporation shall be interpreted to permit competitor coordination, market allocation, pricing coordination, bid coordination, wage coordination, customer allocation, supplier allocation, capacity restriction, exclusionary conduct, boycott, procurement steering, provider favoritism, sponsor control, or collusive strategy.

The Corporation’s public-benefit mission does not exempt it from competition-law discipline. Public-good language, nonprofit character, research purpose, open-source participation, standards-support activity, public authority learning, controlled-room status, clean-room status, dataset governance, technical benchmarking, or Nexus compatibility shall not be used to mask, enable, sanitize, or excuse unlawful market coordination.

Where competition-law risk is present, the Corporation shall apply the most restrictive lawful interpretation, stop or hold the activity where necessary, separate participants, restrict information flows, use clean teams or independent administration, redact or aggregate information, delay sensitive data, require counsel or compliance review, and preserve records sufficient to demonstrate lawful purpose and lawful conduct.

23.2 Application to Meetings, Councils, Committees, Working Groups, Benchmarking, Data Sharing, Research Consortia, Technical Comparisons, Public Statements, Platform Design, Labs, Challenges, Datasets, Indices, and Standardization Support.\
This Section applies to every convening and information-exchange surface of the Corporation, including Board-facing sessions, committee meetings, leadership councils, Helix councils, advisory councils, public authority forums, scientific panels, technical panels, working groups, drafting groups, standards-support groups, open-source maintainer groups, peer-review panels, model-review panels, red-team panels, labs, challenge environments, benchmarking exercises, dataset consortia, data rooms, clean rooms, controlled rooms, evidence rooms, no-download rooms, public authority learning rooms, public-safe reporting sessions, capital-reader literacy sessions, repository governance discussions, technical interoperability discussions, public-good software design, open technical baseline development, platform design, standards-support work, Nexus Observatory methods work, Nexus Truth Engine methods work, Nexus Grid or Docket support, and Nexus-compatible ecosystem coordination.

The Corporation shall treat competition risk as especially material where participants include actual or potential competitors, providers, vendors, contractors, sponsors, funders, hosts, technology companies, cloud providers, AI providers, data processors, telecom actors, AI-RAN or O-RAN actors, DePIN actors, DLT or blockchain actors, cyber firms, infrastructure operators, utilities, national companies, Project SPVs, investors, insurers, lenders, underwriters, capital readers, procurement actors, public authorities, universities with commercial interests, laboratories with commercialization interests, or any actor with market power, procurement interest, or commercial dependency.

Benchmarking, technical comparisons, indices, maturity inputs, evidence packs, dashboards, datasets, public-good baselines, interoperability profiles, standards-support materials, and public statements shall be designed so that they support lawful research, evidence, technical literacy, public authority learning, public-safe communication, or public-good interoperability without becoming market signals for coordinated conduct, exclusion, procurement steering, provider preference, price alignment, output restriction, or commercial ranking beyond lawful and recorded scope.

No meeting or activity shall proceed merely because its subject is technical. Technical work can create market-conduct risk where it affects interoperability, access, procurement, cost structures, data availability, performance claims, provider qualification, marketplace visibility, supply constraints, or competitive differentiation.

23.3 Federal Antitrust Compliance.\
The Corporation shall comply with applicable United States federal antitrust, competition, unfair competition, and market-conduct law, including rules and principles concerning agreements in restraint of trade, monopolization, attempted monopolization, market allocation, price fixing, bid rigging, group boycott, exclusionary conduct, information exchange, standard-setting conduct, procurement conduct, and unfair or deceptive market practices where applicable.

Federal antitrust compliance shall apply to activities involving interstate commerce, national providers, national sponsors, public-good infrastructure, public authority interfaces, federal programs, national laboratories, universities, public-private research activity, multistate data sharing, technology baselines, open-source repositories, AI systems, cyber systems, telecom systems, energy systems, water systems, food systems, health systems, infrastructure systems, public finance literacy, and cross-border North America interfaces where United States law may apply.

The Corporation shall not facilitate conduct that would be unlawful if performed directly by participants. The Corporation shall not serve as a hub through which competitors exchange sensitive information, align strategies, coordinate pricing, coordinate bids, restrict output, allocate markets, exclude rivals, discipline market participants, or shape procurement outcomes.

Where federal antitrust risk is material, the Corporation shall require counsel or compliance review before proceeding and shall use agendas, minutes, chair controls, stop authority, clean-team processes, aggregation, delay, anonymization, access controls, and record discipline.

23.4 State Antitrust and Unfair Competition Compliance.\
The Corporation shall comply with applicable state antitrust, unfair competition, consumer protection, procurement-integrity, nonprofit, charitable solicitation, public authority, and market-conduct requirements in each state where the Corporation operates, convenes, publishes, raises support, maintains participants, uses data, supports public authority learning, or represents itself.

State antitrust and unfair competition compliance shall be applied independently of federal law. A practice that appears acceptable at a federal level shall not proceed where a stricter state, territorial, local, public authority, procurement, grant, or contract rule applies. The Corporation shall apply the most protective lawful rule where multiple jurisdictions are implicated.

State-specific risks may arise through state public authority participation, state procurement contexts, utility regulation, port authorities, state universities, state research programs, state grants, state economic development programs, state infrastructure planning, state data sharing, charitable solicitation, local market concentration, provider ecosystems, regional pilots, state Nexus interfaces, and state or regional operating-company interfaces.

Where state or territorial competition meaning is uncertain, the Corporation shall hold, narrow, localize, segregate, externalize, or escalate the activity and preserve state-specific or territorial records.

23.5 Prohibited Topics.\
No meeting, council, committee, working group, forum, panel, controlled room, clean room, data room, benchmark activity, standards-support activity, dataset activity, public authority learning activity, provider interface, sponsor interface, capital-reader literacy activity, or Nexus-interface activity shall include discussion, exchange, signaling, agreement, encouragement, facilitation, or implied coordination concerning prohibited topics.

Prohibited topics include, without limitation:

a) current, future, or planned prices, fees, rates, margins, discounts, rebates, surcharges, commissions, premiums, lending terms, underwriting terms, revenue expectations, cost recovery, subscription terms, bid terms, or pricing formulas;

b) current, future, or planned costs, cost structures, wage levels, compensation practices, benefits, labor allocation, contractor rates, consultant rates, or staffing constraints where competitively sensitive;

c) bids, bid intentions, bid timing, procurement strategies, public tender approaches, grant-application strategies, public-private partnership strategies, concession strategies, vendor-selection strategies, or supplier-selection strategies;

d) allocation of customers, public authorities, communities, territories, states, sectors, hosts, sponsors, providers, suppliers, projects, Project SPVs, national companies, market opportunities, infrastructure corridors, data sources, or technology domains;

e) production, capacity, deployment, supply, compute capacity, AI-RAN or O-RAN capacity, cloud capacity, sensor availability, infrastructure capacity, delivery timelines, or output restrictions where such information could support market coordination;

f) refusal to deal, boycott, exclusion, denial of interoperability, access restriction, platform exclusion, procurement exclusion, provider exclusion, sponsor exclusion, data exclusion, or coordinated rejection of any person, technology, supplier, provider, sponsor, public authority, jurisdiction, project, or market participant;

g) strategic market plans, customer pipelines, capital-raising strategy, investor targeting, underwriting strategy, insurance strategy, lending strategy, public finance strategy, commercial launch strategy, merger or acquisition strategy, partnership strategy, or competitive positioning where competitively sensitive;

h) competitively sensitive research-and-development roadmaps, product roadmaps, proprietary technical roadmaps, vulnerability strategy, AI model strategy, compute strategy, data acquisition strategy, or deployment strategy unless lawfully structured through controlled and non-collusive channels;

i) market rankings, provider rankings, procurement recommendations, exclusion lists, preferred-provider lists, certified-provider lists, bankability rankings, insurability rankings, resilience ratings, financeability indicators, or maturity-like classifications unless separately lawful, recorded, role-separated, and non-collusive; and

j) any other topic that the chair, legal reviewer, compliance reviewer, Secretary, responsible officer, or Board determines may create competition, antitrust, unfair competition, procurement-integrity, market-conduct, provider-neutrality, sponsor non-control, or public trust risk.

23.6 No Price, Margin, Cost, Bid, Wage, Customer, Supplier, Market Allocation, Capacity, Exclusion, Boycott, Procurement Steering, or Collusive Strategy Discussion.\
The Corporation shall not permit discussion, exchange, signaling, agreement, alignment, facilitation, encouragement, inference, side-channel communication, AI-generated synthesis, dashboard display, dataset design, benchmark output, index output, minutes record, chat thread, repository issue, pull request, comments field, controlled-room annotation, or public statement concerning price, margin, cost, bid, wage, customer, supplier, market allocation, capacity, exclusion, boycott, procurement steering, or collusive strategy.

This prohibition applies whether the discussion is explicit or coded; oral or written; formal or informal; public or private; in-person or virtual; synchronous or asynchronous; human-generated or AI-generated; embedded in slides, dashboards, spreadsheets, datasets, metadata, tags, comments, chat messages, issue trackers, repository notes, proof receipts, model outputs, or public-safe reports.

No participant shall use the Corporation’s convening power to learn competitively sensitive information from competitors, signal market intentions, test pricing strategies, coordinate public authority approaches, influence procurement outcomes, create preferred-provider narratives, shape exclusionary standards, or pressure rivals.

If a prohibited topic arises, the chair, host, responsible officer, counsel, compliance reviewer, Secretary, or any participant shall stop the discussion, record the interruption where appropriate, direct the topic away from prohibited content, require withdrawal from the meeting where necessary, segregate or delete improperly shared materials where lawful, and escalate the incident.

23.7 Competitively Sensitive Information Handling.\
Competitively sensitive information shall not be collected, received, viewed, processed, stored, analyzed, shared, summarized, published, benchmarked, indexed, modeled, or used by the Corporation except where a lawful public-benefit purpose exists, appropriate safeguards are approved, and the information handling is structured to prevent unlawful market coordination.

Competitively sensitive information includes non-public information concerning pricing, costs, margins, bids, wages, compensation, staffing, customers, suppliers, markets, capacity, output, inventories, demand forecasts, sales, revenue, commercial terms, discounts, procurement strategy, grant strategy, capital strategy, underwriting strategy, insurance strategy, lending strategy, provider pipeline, customer pipeline, product roadmap, technical roadmap, deployment roadmap, vulnerabilities, strategic plans, or other information that could reduce independent competitive decision-making if exchanged among market participants.

Where competitively sensitive information is necessary for lawful research, evidence, benchmarking, public authority learning, public-good software, technical baseline development, standards-support, or public-safe reporting, the Corporation shall use protective measures, including:

a) collection by independent personnel, clean team, third-party administrator, or restricted internal role;

b) aggregation sufficient to prevent attribution or reverse engineering;

c) de-identification, anonymization, pseudonymization, or masking where appropriate;

d) delay or aging of data where current data would create coordination risk;

e) minimum cell-size, suppression, or range reporting rules;

f) access restrictions, need-to-know permissions, and no-download controls;

g) competition-law review of data fields, outputs, dashboards, reports, and publications;

h) prohibition on participant access to competitor-specific non-public data;

i) written terms prohibiting misuse; and

j) records documenting lawful purpose, safeguards, access, publication class, retention, correction, and disposal.

23.8 Clean-Team and Clean-Room Structures.\
The Corporation may use clean-team and clean-room structures to permit lawful handling of sensitive information while preventing unlawful information exchange, procurement steering, provider preference, sponsor control, or market coordination.

A clean team is a restricted group of authorized individuals who may access competitively sensitive or otherwise restricted materials for a defined lawful purpose under confidentiality, conflict, access, competition, data / AI / cyber, public authority, safeguards, and records controls. A clean room is a controlled environment, physical or digital, designed to permit structured review, analysis, aggregation, transformation, or comparison of sensitive materials without exposing restricted information to unauthorized persons or market participants.

Clean-team and clean-room structures shall be documented before use and shall identify the lawful purpose, data categories, participant classes, access permissions, prohibited users, permitted outputs, review gates, aggregation rules, publication rules, confidentiality obligations, AI-use restrictions, cybersecurity controls, conflict controls, competition-law controls, public authority controls, safeguards controls, retention rules, disposal rules, and responsible owner.

No clean team or clean room shall be used as a label to legitimize unlawful exchange. If the structure does not actually prevent access to sensitive information by persons who could use it for competitive decision-making, it shall not be treated as a lawful clean-team or clean-room structure.

Clean-room outputs shall be reviewed before release to ensure they do not reveal competitively sensitive information, enable reverse engineering, create provider preference, steer procurement, imply market ranking, create certification-like status, create finance-readiness meaning, or support collusive conduct.

23.9 Aggregation, De-Identification, Delay, and Independent Administration.\
Where the Corporation collects or uses information from multiple market participants, providers, sponsors, hosts, public authorities, national companies, Project SPVs, universities, laboratories, capital readers, insurers, lenders, or enterprise actors, it shall use aggregation, de-identification, delay, and independent administration where necessary to prevent competition-law risk.

Aggregation shall be sufficient to prevent identification of individual participants, providers, sponsors, customers, suppliers, public authorities, projects, jurisdictions, bids, prices, costs, or strategies. De-identification shall be designed to prevent direct or indirect re-identification through context, metadata, sample size, geographic specificity, timing, sector specificity, or cross-reference with public materials. Delay shall be used where current information could affect present or future competitive conduct. Independent administration shall be used where participant access to raw information would create risk.

The Corporation shall not publish or circulate tables, rankings, dashboards, maps, indices, benchmark outputs, maturity-like outputs, or evidence summaries that allow participants to infer confidential competitor information, align market conduct, identify pricing opportunities, coordinate bids, exclude competitors, or steer procurement.

Where aggregation or de-identification cannot adequately mitigate risk, the Corporation shall restrict access, narrow the data fields, use qualitative summaries, externalize the analysis to a qualified independent administrator, or decline the activity.

23.10 Agenda Controls.\
Every meeting, council, committee, working group, forum, panel, clean-room session, controlled-room session, benchmark session, data-sharing session, standards-support session, public authority learning session, provider session, sponsor session, or Nexus-interface session presenting competition-law risk shall use an approved agenda.

The agenda shall state the lawful purpose of the meeting, identify the permitted topics, exclude prohibited topics, include competition-law reminders where appropriate, identify any sensitive materials, identify any clean-room or controlled-room rules, and specify the chair or responsible lead with stop authority.

Agenda materials shall be reviewed before circulation where competition-law risk is material. Late agenda additions shall not be used to introduce prohibited topics. Any participant may request deferral, restriction, counsel review, or stop of an agenda item that may create competition-law, procurement, provider-neutrality, sponsor non-control, public authority, finance-boundary, certification-boundary, or market-conduct risk.

No person shall use side conversations, chat functions, informal breakout rooms, private messages, shared documents, shared dashboards, repository comments, or post-meeting communications to discuss topics that would be prohibited on the agenda.

23.11 Minutes Controls.\
Minutes or records of competition-sensitive meetings shall accurately reflect the lawful purpose, attendance, capacity classifications, agenda, materials reviewed, competition reminders where given, recusals, access restrictions, decisions, recommendations, action items, stop actions, and escalations, without recording or preserving unnecessary competitively sensitive information.

Minutes shall not include prohibited details concerning prices, margins, costs, bids, wages, customer allocation, supplier allocation, capacity plans, market allocation, exclusionary strategies, procurement steering, or competitively sensitive strategy. Where such information is inadvertently stated, the minutes shall record that the discussion was stopped and escalated, without reproducing the sensitive substance unless legal, compliance, or investigation needs require a controlled record.

Draft minutes shall be reviewed where competition risk is material. Corrections to minutes shall preserve record integrity and shall not be used to conceal a violation. Public-safe summaries shall be further reviewed to ensure they do not disclose sensitive information, imply provider preference, imply procurement direction, imply certification, imply recognition, imply finance-readiness, or create public authority confusion.

Meeting records shall be retained, sealed, restricted, corrected, superseded, or disposed of in accordance with the Corporation’s records policy, legal holds, confidentiality obligations, public authority constraints, data / AI / cyber controls, and competition records requirements.

23.12 Chair, Legal, Compliance, and Stop-Authority Powers.\
The chair, meeting lead, responsible officer, Secretary, legal reviewer, compliance reviewer, clean-room administrator, controlled-room administrator, committee chair, working-group lead, or any person expressly designated by competent record shall have authority to stop, suspend, redirect, adjourn, quarantine, restrict, re-scope, or escalate any meeting, discussion, document, data exchange, dashboard display, benchmark output, public statement, technical comparison, standard-support activity, or Nexus-interface activity that may create competition-law or market-conduct risk.

Stop authority may be exercised immediately and without prior Board approval where delay may increase risk. A participant may also request a stop in good faith. No person shall retaliate against any individual who raises a competition-law concern or requests a stop.

Upon exercise of stop authority, the responsible person shall, where appropriate:

a) stop the prohibited topic or activity;

b) state the reason in neutral compliance language;

c) redirect the meeting to lawful topics or adjourn;

d) segregate or restrict sensitive materials;

e) preserve necessary evidence without unnecessary dissemination;

f) notify counsel, compliance, the Secretary, responsible officer, committee chair, or Board where material;

g) record the incident in a controlled manner; and

h) determine whether correction, training, participant restriction, access restriction, public-safe clarification, or further investigation is required.

No sponsor, provider, donor, funder, host, public authority participant, capital reader, national company, Project SPV, committee participant, technical maintainer, or senior participant may override a properly exercised stop authority.

23.13 Incident Escalation.\
A competition incident shall include any actual, attempted, proposed, suspected, or reasonably foreseeable discussion, exchange, statement, data flow, benchmark output, platform design, public material, meeting conduct, side communication, AI-generated summary, dashboard output, repository entry, controlled-room activity, or Nexus-interface activity that may involve prohibited topics, competitively sensitive information misuse, collusion, market allocation, bid coordination, price coordination, wage coordination, supplier or customer allocation, capacity coordination, exclusion, boycott, procurement steering, provider preference, sponsor control, or unlawful standard-setting conduct.

Competition incidents shall be escalated promptly to the responsible officer, Secretary where records are implicated, legal or compliance function where applicable, committee chair where relevant, and Board where material. Where the incident involves public authority materials, public procurement, public finance, grants, regulated markets, data / AI / cyber issues, sanctions, export controls, controlled technology, protected knowledge, or public-safe publication, the relevant specialized review pathway shall also be engaged.

Pending review, the Corporation may impose protective measures, including hold, quarantine, access restriction, publication freeze, implementation freeze, technical isolation, controlled-room lockdown, meeting suspension, participant suspension, dataset restriction, dashboard withdrawal, benchmark suppression, public-safe clarification, retraction, correction, or termination of the activity.

Incident escalation shall be record-based and correctionable. It shall be used to preserve legality, public benefit, provider neutrality, sponsor non-control, public authority boundary discipline, finance-boundary discipline, certification-boundary discipline, procurement neutrality, data / AI / cyber integrity, safeguards, and public trust.

23.14 Competition Records.\
The Corporation shall maintain records sufficient to demonstrate competition-law discipline, market-conduct controls, clean-room integrity, meeting discipline, and lawful purpose for relevant activities.

Such records shall include, as applicable:

a) competition-risk classifications for meetings, committees, councils, working groups, forums, panels, labs, challenges, benchmark activities, dataset activities, data-sharing activities, platform-design activities, standards-support activities, public authority learning activities, and Nexus-interface activities;

b) agendas, meeting notices, attendance records, capacity classifications, minutes, action items, and lawful-purpose statements;

c) competition-law reminders, training acknowledgments, do-not-discuss notices, participant terms, clean-room terms, controlled-room terms, and confidentiality acknowledgments;

d) competitively sensitive information handling records;

e) clean-team and clean-room charters, access lists, restrictions, administrator records, output-review records, and closeout records;

f) aggregation, de-identification, delay, suppression, minimum-cell-size, independent-administration, and publication-review records;

g) benchmark, index, dataset, dashboard, technical-comparison, public-good baseline, standards-support, and public statement review records;

h) public authority procurement, public finance, grant, or regulated-market sensitivity records;

i) provider-neutrality, sponsor non-control, procurement-neutrality, certification-boundary, recognition-boundary, and finance-boundary records;

j) conflicts, recusals, related-party participation, sponsor participation, provider participation, and capture-risk records;

k) stop-authority exercise records;

l) incident reports, escalation records, legal or compliance review records, Board or committee review records, and corrective-action records;

m) corrected minutes, restricted records, sealed records, takedown records, retraction records, public-safe clarification records, and participant notices;

n) records of refusal, suspension, termination, redesign, externalization, or abandonment of activities due to competition-law or market-conduct risk; and

o) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

Competition records shall be retained and protected in accordance with the Corporation’s records policy, legal holds, confidentiality obligations, privilege protocols, data / AI / cyber controls, public authority restrictions, protected knowledge controls, and applicable law.

23.15 Training and Periodic Review.\
The Corporation shall provide competition, antitrust, market-conduct, meeting-discipline, clean-room, provider-neutrality, sponsor non-control, procurement-neutrality, public authority boundary, and public-safe claims training to directors, officers, committee chairs, council leads, working-group leads, staff, contractors, fellows, advisors, contributors, technical maintainers, clean-room administrators, controlled-room administrators, public authority interface leads, sponsor-interface leads, provider-interface leads, and other participants where appropriate.

Training shall address prohibited topics, competitively sensitive information, clean-team and clean-room use, benchmarking discipline, standards-support discipline, public authority procurement risk, provider-neutrality rules, sponsor non-control rules, side-channel communications, chat and repository conduct, AI-generated summaries, dashboard and dataset publication risk, stop authority, incident escalation, and correction obligations.

Competition controls shall be reviewed periodically and whenever there is a material change in the Corporation’s activities, participants, public authority interfaces, provider ecosystem, sponsor ecosystem, technical baselines, data-sharing practices, benchmark activities, standards-support work, public-good software ecosystem, Nexus-interface activities, or applicable law.

The Board, or a committee designated by the Board, shall receive periodic reports on competition-law posture, incident trends, training completion, clean-room use, benchmarking risk, provider-neutrality issues, sponsor non-control issues, procurement sensitivity, and corrective actions.

The governing rule of this Section is that the Corporation may convene, compare, learn, benchmark, research, publish, and support public-good technical interoperability only within disciplined competition boundaries. Public-good coordination shall never become market coordination. Technical standardization support shall never become exclusionary control. Benchmarking shall never become collusion. Public authority learning shall never become procurement steering. Provider participation shall never become provider preference. Sponsor support shall never become sponsor control. Nexus interoperability shall never become a forum for market allocation.

## Section 24. Cross-State, Territorial, Tribal, and Cross-Border Participation, Conflict-of-Law Handling, Localization Without Fracture, and Non-Extraterritorial Effect

24.1 United States Governing Law for Internal Corporate Acts.\
The internal corporate acts of the Corporation shall be governed by the mandatory law of the Corporation’s state of incorporation or organization, the Certificate or Articles of Incorporation, this Bylaw, duly adopted Board resolutions, and any member approval required by applicable law or governing instruments.

For purposes of this Section, internal corporate acts include formation, legal identity, registered office, registered agent, principal office, governance seat, Board authority, director appointment or election, officer appointment, committee creation, fiduciary governance, adoption of bylaws, amendment of bylaws, adoption of policies, adoption of delegations, approval of reserved matters, corporate records, minutes, resolutions, internal registers, authority matrices, indemnification, dissolution, merger, conversion, wind-up, and disposition of assets.

No state-specific, territorial, Tribal-interface, local, foreign, cross-border, public authority, sponsor, donor, funder, host, provider, university, laboratory, community, Nexus-interface, GCRI Canada-interface, GRF-interface, GRA-interface, national-company-interface, Project SPV-interface, or enterprise-stack instrument shall displace the governing law for the Corporation’s internal corporate acts unless the displacement is required by mandatory applicable law or lawfully adopted by competent corporate authority.

United States governing-law discipline shall not be interpreted as permission to disregard the law of any other jurisdiction where the Corporation operates, convenes, contracts, receives support, processes data, publishes, hosts controlled rooms, engages public authorities, engages communities, engages Tribal or Indigenous interfaces, coordinates cross-border activity, or supports Nexus-compatible public-good work. The governing rule is separateness: internal corporate law governs internal corporate acts, while local law, federal law, territorial law, Tribal law or protocol where applicable, foreign law, public authority constraints, contract law, data law, AI law, cyber law, tax law, employment law, procurement law, grant law, sanctions law, export-control law, and other applicable law may govern the Corporation’s activities in context.

24.2 State-by-State Compliance Review.\
The Corporation shall conduct state-by-state compliance review where its activities, personnel, participants, fundraising, charitable solicitation, grants, contracts, public authority interfaces, employment, contractor engagement, events, controlled rooms, data rooms, public-safe publications, software releases, datasets, public-good technical assets, sponsorships, subscriptions, fee programs, academy programs, fellowships, research programs, public authority learning activities, or Nexus-interface activities may create legal obligations in any state.

State-by-state compliance review shall include, as applicable, corporate qualification, foreign registration, charitable solicitation registration, tax registration, franchise tax, sales and use tax, employment law, contractor classification, fundraising law, grant compliance, procurement integrity, lobbying and political activity limits, government ethics, public authority constraints, privacy, AI governance, cybersecurity, consumer protection, public records implications, open meetings implications where public authorities are involved, research ethics, accessibility, civil rights, professional-boundary requirements, unfair competition, antitrust, data localization, and public-safe publication requirements.

No United States state shall be treated as merely an operating convenience. Where the Corporation speaks, convenes, publishes, raises support, contracts, holds events, engages public authorities, engages communities, operates controlled rooms, processes sensitive data, or supports Nexus-compatible work in or concerning a state, the Corporation shall determine whether state-specific review, limitation language, registration, qualification, capacity classification, localized terms, or separate approvals are required.

State-by-state compliance review shall be preventive. It shall occur before material launch, public announcement, fundraising, contracting, public authority engagement, controlled-room activation, data intake, dataset release, software release, public-safe publication, state Nexus-interface activation, state partner onboarding, or state-specific public claim where such activity may create state-law consequence.

24.3 Territorial Compliance Review.\
The Corporation shall conduct territorial compliance review where its activities may involve Puerto Rico, Guam, the U.S. Virgin Islands, American Samoa, the Northern Mariana Islands, or any other United States territorial or insular context in which federal, territorial, local, public authority, customary, Indigenous, community, data, tax, employment, procurement, grant, charitable solicitation, research, public safety, infrastructure, or cross-border rules may differ from those applicable in a state.

Territorial compliance review shall address legal status, registration, solicitation, taxation, contracting, employment, data protection, public authority participation, emergency management interfaces, infrastructure interfaces, community safeguards, language access, accessibility, civil rights, local public authority constraints, protected knowledge, public-safe mapping, public-safe publication, public records issues, public procurement sensitivity, federal-territorial program requirements, and cross-border or regional implications.

The Corporation shall not assume that state-law forms, mainland public authority assumptions, mainland data practices, mainland publication practices, mainland community engagement models, or mainland Nexus localization language are appropriate for a territorial context. Territorial participation shall be localized where necessary without weakening the Corporation’s mission lock, non-execution boundary, public authority boundary, finance boundary, certification boundary, procurement neutrality, data / AI / cyber controls, community safeguards, validity-by-record, or correctionability.

Where territorial law, federal law, local practice, public authority constraints, Indigenous or community protocols, or cross-border regional conditions create ambiguity, the Corporation shall apply the most protective lawful posture until competent review produces a recorded resolution.

24.4 Tribal and Indigenous Protocol Respect.\
The Corporation shall respect Tribal sovereignty, Indigenous governance, Indigenous data governance, Indigenous knowledge protocols, local cultural protocols, protected knowledge, community consent pathways, non-consent pathways, attribution requirements, withdrawal pathways, correction pathways, and community-specific safeguards wherever the Corporation engages with Tribal Nations, Indigenous governments, Indigenous organizations, Indigenous knowledge holders, Indigenous communities, Indigenous lands, Indigenous data, Indigenous cultural knowledge, or matters materially affecting Indigenous peoples.

No participation, attendance, data contribution, consultation, public authority presence, community meeting, controlled-room participation, public-safe report, mapping exercise, observability activity, technical baseline, proof receipt, dashboard, digital twin, AI output, sensor signal, public statement, grant proposal, sponsorship material, or Nexus-interface reference shall be interpreted as Tribal approval, Indigenous consent, community consent, sovereign waiver, representation authority, public authority delegation, public adoption, recognition, certification, procurement approval, finance-readiness, or authorization unless a competent record expressly and lawfully establishes the relevant status.

The Corporation shall not extract Indigenous knowledge, protected knowledge, community-protected data, cultural knowledge, local ecological knowledge, sacred-site information, sensitive geographic information, health-sensitive community data, infrastructure-sensitive community data, or vulnerability information for sponsor, provider, donor, funder, host, public authority, research, publication, technical, AI, mapping, or institutional convenience.

Tribal and Indigenous protocol respect shall apply even where formal legal requirements are unclear. Where doubt exists, the Corporation shall use the more protective interpretation, restrict access, delay publication, seek appropriate guidance, preserve community dignity, protect protected knowledge, and avoid public-safe harm.

24.5 Cross-Border Organizational and Contractual Reach.\
The Corporation may coordinate, contract, receive support, share public-good methods, participate in research, support public authority learning, publish public-safe materials, maintain technical repositories, develop public-good software, support open technical baselines, and engage Nexus-compatible cross-border interfaces only where such activity is lawful, properly scoped, and consistent with the Corporation’s United States legal personality, nonprofit character, tax-exempt or tax-exempt-compatible posture, public-benefit purpose, non-execution boundary, role separation, and records requirements.

Cross-border reach shall not create foreign legal personality, foreign public authority status, treaty status, intergovernmental status, sovereign authority, foreign branch status, foreign regulator status, regional public authority status, emergency command authority, public warning authority, public finance authority, procurement authority, certification authority, finance-readiness authority, or enterprise execution authority unless separately and lawfully established by competent instrument and applicable law.

Cross-border contracts, MoUs, data-sharing arrangements, public authority learning arrangements, research collaborations, repository contributions, sponsorship arrangements, grant arrangements, hosting arrangements, and Nexus-interface instruments shall include appropriate provisions on legal identity, authority, non-agency, non-partnership, non-joint venture, non-reliance, non-execution, public authority boundaries, finance boundaries, certification and procurement boundaries, data / AI / cyber controls, privacy, confidentiality, IP, sanctions, export controls, controlled technology, anti-corruption, competition, safeguards, public-safe claims, governing law, dispute handling, records, correction, suspension, termination, and notices.

The Corporation shall not use cross-border structure to avoid United States law, avoid state or territorial law, avoid local law, avoid Tribal or Indigenous protocol respect, avoid public authority constraints, avoid data / AI / cyber obligations, avoid sanctions or export-control controls, avoid competition-law discipline, avoid tax obligations, avoid charitable solicitation requirements, avoid nonprofit duties, or avoid the discipline of this Bylaw.

24.6 Local Law Respect.\
The Corporation shall respect local law, local public authority requirements, local community protocols, local infrastructure sensitivities, local civil rights and accessibility obligations, local data and privacy conditions, local emergency management boundaries, local public health conditions, local procurement rules, local public records implications, local environmental and land-use sensitivities, local Tribal and Indigenous protocols, and local public-safe communication requirements wherever the Corporation operates, convenes, researches, publishes, contracts, receives support, uses data, engages public authorities, engages communities, or supports Nexus-compatible activity.

Local law respect shall apply to municipalities, counties, metropolitan authorities, ports, utilities, water authorities, energy authorities, food-system authorities, health-system actors, emergency management bodies, public safety bodies, public works bodies, telecommunications actors, cyber authorities, infrastructure operators, local universities, public laboratories, community organizations, and host sites.

The Corporation shall not treat local participation as a substitute for legal review. Local familiarity, invitation, attendance, informal approval, public authority interest, sponsor support, provider support, community enthusiasm, media interest, or technical utility shall not establish lawful authority, public authority adoption, public procurement status, public warning authority, emergency command authority, data-use authority, public-safe publication authority, or community consent.

Where local law or protocol differs from general state, territorial, federal, or cross-border assumptions, the Corporation shall localize the activity through approved terms, limitation language, access controls, records, public-safe review, community safeguards, or separate instruments without fracturing the core governance of the Corporation.

24.7 Non-Extraterritorial Effect Principle.\
This Bylaw governs the Corporation and persons acting for, through, with, or in reference to the Corporation within the scope of their relationship to the Corporation. It shall not be interpreted to impose extraterritorial legal obligations on foreign sovereigns, foreign public authorities, Tribal Nations, Indigenous governments, foreign entities, public authorities, universities, laboratories, communities, providers, sponsors, funders, hosts, national companies, Project SPVs, or other third parties except to the extent they voluntarily agree by lawful instrument, participate under approved terms, access Corporation materials subject to terms, or are otherwise subject to applicable law.

The Corporation’s public-benefit mission, North America anchor role, Nexus compatibility, technical baselines, evidence methods, public-safe reports, dashboards, proof receipts, controlled-room records, public authority learning materials, public-good software, open technical baselines, or repository assets shall not be interpreted as exercising extraterritorial regulatory authority, sovereign authority, public authority power, procurement authority, certification authority, finance-readiness authority, public warning authority, or emergency command.

Non-extraterritorial effect shall not limit the Corporation’s ability to define conditions for use of its own name, marks, materials, datasets, software, repositories, reports, technical baselines, controlled rooms, access permissions, participation terms, public-safe claims, public authority materials, sponsor acknowledgments, provider references, and Nexus-compatible references.

Where the Corporation’s materials are used outside the United States or in cross-border contexts, such use shall remain subject to non-reliance, non-execution, role-separation, limitation, correction, and public-safe claim conditions, but such conditions shall not convert the Corporation into a regulator, public authority, professional adviser, finance actor, certification body, procurement body, emergency command body, or enterprise execution vehicle.

24.8 Localization Without Fracture.\
The Corporation may localize programs, terms, notices, forms, controlled vocabularies, public-safe language, participation terms, public authority capacity classifications, data-processing terms, AI-use terms, cyber controls, research protocols, community safeguards, Tribal or Indigenous protocol interfaces, accessibility materials, state-specific notes, territorial notes, local notes, cross-border notes, and Nexus-interface records to fit legal, cultural, operational, linguistic, public authority, community, technical, or public-safe conditions.

Localization shall not fracture the Corporation’s legal identity, mission lock, public-benefit purpose, nonprofit character, non-distribution rule, tax-exempt or tax-exempt-compatible posture, non-execution boundary, public authority boundary, finance boundary, certification boundary, procurement neutrality, provider neutrality, sponsor non-control, anti-capture controls, controlled vocabulary, records discipline, validity-by-record, correctionability, data / AI / cyber controls, community safeguards, protected knowledge controls, or public-safe publication discipline.

Localized instruments shall state their relationship to the Corporation’s governing instruments and shall not be treated as amendments, waivers, exemptions, side bylaws, shadow governance texts, or parallel constitutional instruments unless adopted through the proper hierarchy of authority.

Localization shall be recorded through compatibility notes, divergence logs, jurisdictional notes, legal review records, public-safe language records, and responsible-owner metadata. Where localization creates material difference, the difference shall be visible to the appropriate governance body and not hidden in operational documents.

24.9 No Localization That Weakens Mission Lock, Non-Execution, Controlled Vocabulary, Records Discipline, Public-Good Purpose, Legal Identity, Public Authority Boundary, Finance Boundary, Data / AI / Cyber Controls, or Safeguards.\
No state, territorial, Tribal-interface, local, public authority, cross-border, host-site, sponsor, donor, funder, provider, university, laboratory, community, national company, Project SPV, consortium, Nexus-interface, repository, software, dataset, dashboard, public-safe publication, controlled-room, clean-room, data-room, evidence-room, public authority room, academy, fellowship, challenge, lab, or program localization may weaken the Corporation’s core protections.

A localization shall be invalid, restricted, corrected, superseded, withdrawn, quarantined, or escalated where it:

a) obscures the legal identity of GCRI US;

b) implies merger, agency, partnership, joint venture, shared liability, common treasury, branch status, parent-subsidiary status, alter ego status, single employer status, or joint employer status without lawful record;

c) weakens public-benefit purpose, nonprofit character, non-distribution, no-private-inurement, or no-impermissible-private-benefit requirements;

d) converts evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, or public authority learning into execution;

e) creates or implies public authority action, public warning, emergency command, regulatory approval, public finance approval, procurement approval, certification, accreditation, recognition, maturity, standing, finance-readiness, insurance-readiness, investment suitability, bankability, rating, provider preference, or sponsor control;

f) weakens controlled vocabulary, status classification, non-reliance language, public-safe claims discipline, or correction pathways;

g) weakens data governance, privacy, AI governance, cybersecurity, secure development, model review, inference records, compute records, access controls, or public-safe publication requirements;

h) weakens civil rights, accessibility, Tribal or Indigenous protocol respect, community safeguards, protected knowledge controls, consent pathways, grievance pathways, non-retaliation, or public-safe mapping controls;

i) weakens competition, antitrust, sanctions, export-control, controlled-technology, national-security, procurement-integrity, grant-compliance, tax, or professional-boundary controls; or

j) creates hidden authority, hidden delegation, hidden public authority role, hidden finance role, hidden certification role, hidden provider preference, hidden sponsor influence, hidden data permission, hidden AI permission, or hidden publication permission.

24.10 Conflict-of-Law Escalation.\
A conflict-of-law issue shall be escalated where any state, territorial, Tribal-interface, local, federal, foreign, cross-border, public authority, contract, grant, data, AI, cyber, privacy, employment, tax, charitable solicitation, procurement, public records, open meetings, sanctions, export-control, competition, professional-boundary, research, community safeguards, protected knowledge, or Nexus-interface requirement may conflict with another requirement, with this Bylaw, with the Certificate or Articles of Incorporation, or with the Corporation’s public-benefit and non-execution obligations.

Conflict-of-law escalation shall be made promptly to the responsible officer, Secretary where records are implicated, legal or compliance function where applicable, relevant committee where established, Chair or Board where material, and any specialized data / AI / cyber, safeguards, public authority, finance-boundary, certification-boundary, procurement-boundary, competition, sanctions, export-control, controlled-technology, research integrity, or Nexus-interface review pathway required by the matter.

No person shall resolve a material conflict-of-law issue by informal convenience, operational practice, public authority familiarity, sponsor preference, provider preference, host preference, academic practice, local custom, AI-generated analysis, translation assumption, prior template, or market expectation.

Where conflict-of-law risk is material, the Corporation shall document the issue, jurisdictions implicated, applicable instruments, risk classification, interim controls, responsible owner, review process, decision, limitation language, affected materials, and correction pathway.

24.11 Interim Handling Under Most Protective Lawful Posture.\
Pending resolution of a conflict-of-law issue, legal ambiguity, jurisdictional ambiguity, public authority ambiguity, Tribal-interface ambiguity, local-law ambiguity, cross-border ambiguity, data-transfer ambiguity, AI-use ambiguity, cyber ambiguity, publication ambiguity, finance-boundary ambiguity, certification-boundary ambiguity, procurement-boundary ambiguity, or professional-boundary ambiguity, the Corporation shall apply the most protective lawful posture.

The most protective lawful posture is the posture that best preserves legality, public benefit, nonprofit character, tax-exempt or tax-exempt-compatible status, non-execution, role separation, legal identity, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, data / AI / cyber integrity, privacy, civil rights, accessibility, community safeguards, Tribal and Indigenous protocol respect, protected knowledge, competition compliance, sanctions compliance, export-control compliance, research integrity, validity-by-record, correctionability, and public trust.

Interim measures may include hold, stop, quarantine, access restriction, publication freeze, implementation freeze, technical isolation, controlled-room lockdown, data transfer suspension, AI-use restriction, public authority reference restriction, removal of localized claims, use of narrower language, use of controlled notices, legal review, counsel review, public authority review, community safeguards review, or Board escalation.

Operational urgency, funding opportunity, public authority interest, sponsor expectation, provider expectation, host pressure, media timing, publication schedule, technical release timing, or Nexus-interface deadline shall not override the most protective lawful posture.

24.12 Suspension, Narrowing, Compartmentalization, Segregation, Separate Instrument, or Routing Through Compliant Structures.\
Where state, territorial, Tribal-interface, local, cross-border, or conflict-of-law risk cannot be safely resolved through interpretation alone, the Corporation may suspend, narrow, compartmentalize, segregate, separately instrument, externalize, refer, or route the activity through compliant structures.

Suspension may apply to meetings, publications, data flows, AI uses, software releases, dashboard releases, public authority references, controlled-room access, participant onboarding, sponsor acknowledgments, provider participation, research activity, academy activity, public-safe reports, Nexus-interface activity, or localized terms pending resolution.

Narrowing may limit geography, audience, data fields, participant categories, public authority capacity, publication class, access class, technical scope, public claims, funding references, provider references, sponsor references, output labels, or reliance language.

Compartmentalization and segregation may separate state-specific activities, territorial activities, Tribal-interface activities, public authority materials, community materials, sensitive data, protected knowledge, competitively sensitive information, export-controlled materials, sanctions-sensitive materials, public records-sensitive materials, procurement-sensitive materials, finance-adjacent materials, certification-adjacent materials, or enterprise-stack materials.

Separate instruments may be used to create jurisdiction-specific participation terms, data terms, public authority terms, host terms, research terms, community terms, Tribal or Indigenous protocol terms, cross-border terms, repository terms, software terms, sponsorship terms, grant terms, or Nexus-interface terms, provided such instruments remain subordinate to mandatory law, the Certificate or Articles of Incorporation, and this Bylaw.

Routing through compliant structures may include referral to GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards, a public authority, a licensed professional, a regulated entity, a national company, a Project SPV, a qualified provider, a university, a laboratory, counsel, an independent administrator, or another competent actor where appropriate. Such routing shall not create agency, merger, shared liability, authority transfer, or execution by the Corporation.

24.13 Cross-State Records.\
The Corporation shall maintain cross-state records sufficient to demonstrate lawful state-by-state operation, localization, limitation, and compliance.

Cross-state records shall include, as applicable:

a) state qualification and foreign registration records;

b) charitable solicitation registration records;

c) state tax, franchise tax, sales tax, employment, contractor, and payroll records;

d) state public authority capacity records;

e) state public authority interface records;

f) state procurement, grant, lobbying, government ethics, gifts, public records, and open meetings review records where applicable;

g) state privacy, AI, cybersecurity, consumer protection, accessibility, civil rights, research, and data-use review records;

h) state-specific participation terms, notices, limitation language, and public-safe publication records;

i) state-specific controlled-room, data-room, clean-room, evidence-room, public authority room, academy, fellowship, challenge, lab, and repository access records;

j) state Nexus-interface records;

k) state conflict-of-law escalation records;

l) state localization records, compatibility notes, divergence logs, and equivalence notes;

m) records of state-specific holds, suspensions, restrictions, withdrawals, corrections, retractions, takedowns, or public-safe clarifications; and

n) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

Cross-state records shall be maintained without creating misleading state-level authority, state public authority adoption, state procurement approval, state funding approval, state certification, state recognition, or state finance-readiness meaning.

24.14 Territorial Records.\
The Corporation shall maintain territorial records sufficient to demonstrate lawful and respectful operation, localization, limitation, and compliance in United States territories and insular contexts.

Territorial records shall include, as applicable:

a) territorial registration, qualification, solicitation, tax, employment, contractor, and local filing records;

b) territorial public authority capacity records;

c) territorial public authority interface records;

d) territorial public-safe publication, language access, accessibility, civil rights, research, community safeguards, and protected knowledge review records;

e) territorial data, AI, cyber, privacy, public records, procurement, grant, emergency management, public health, infrastructure, and public authority review records;

f) territorial participation terms, notices, limitation language, and localization instruments;

g) territorial controlled-room, data-room, clean-room, evidence-room, public authority room, academy, fellowship, challenge, lab, and repository access records;

h) territorial Nexus-interface records;

i) territorial conflict-of-law escalation records;

j) territorial compatibility notes, divergence logs, and equivalence notes; and

k) records of territorial holds, suspensions, restrictions, withdrawals, corrections, retractions, takedowns, public-safe clarifications, and community notices where appropriate.

Territorial records shall preserve local specificity without implying territorial public authority delegation, official adoption, public finance approval, procurement approval, certification, recognition, public warning, emergency command, or finance-readiness.

24.15 Tribal Interface Records.\
The Corporation shall maintain Tribal-interface and Indigenous-interface records sufficient to demonstrate respect for sovereignty, governance protocols, participation limits, knowledge safeguards, data safeguards, public-safe publication discipline, consent or non-consent pathways where applicable, and correctionability.

Tribal-interface records shall include, as applicable:

a) capacity classification records;

b) engagement records;

c) consent, non-consent, limitation, withdrawal, attribution, confidentiality, and correction records where applicable;

d) Indigenous data governance records;

e) protected knowledge records;

f) community safeguards records;

g) public-safe mapping review records;

h) access restriction, sealing, redaction, aggregation, and no-publication records;

i) public authority, public warning, emergency command, procurement, finance, certification, recognition, and provider-neutrality boundary records;

j) Tribal or Indigenous protocol notes;

k) local and cultural protocol notes;

l) grievance and remedy records;

m) records of community notices, controlled notices, public-safe notices, corrections, retractions, withdrawals, takedowns, and restrictions; and

n) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

Tribal-interface records shall not be used as evidence of consent, representation, authorization, approval, waiver, public authority delegation, or public adoption unless the record expressly and lawfully establishes such status. Silence, attendance, participation, data contribution, technical review, or receipt of materials shall not be converted into consent.

24.16 Cross-Border Records.\
The Corporation shall maintain cross-border records sufficient to demonstrate lawful organizational, contractual, data, AI, cyber, research, public authority, publication, financial, tax, sanctions, export-control, competition, IP, safeguards, and Nexus-interface discipline.

Cross-border records shall include, as applicable:

a) cross-border legal review records;

b) foreign registration or qualification records where applicable;

c) cross-border tax review records;

d) cross-border charitable solicitation, grant, sponsorship, donation, subscription, fee, or cost-recovery review records;

e) cross-border contract, MoU, interface agreement, participation terms, host terms, public authority terms, research terms, data terms, repository terms, and software terms;

f) cross-border data-transfer records;

g) AI-use, model, inference, compute, secure enclave, confidential computing, sovereign compute, and cyber review records;

h) sanctions, export-control, controlled-technology, national-security, and anti-corruption review records;

i) cross-border public authority capacity records;

j) GCRI Canada interface records;

k) Mexico, Caribbean, Arctic, Great Lakes, Pacific, Atlantic, Gulf, border, regional, and other North America interface records where applicable;

l) GRF, GRA, Nexus Standards, Nexus Network, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cell, consortium, national company, Project SPV, provider, sponsor, host, university, laboratory, and community cross-border interface records;

m) compatibility notes, divergence logs, equivalence notes, and localization records;

n) records of holds, suspensions, restrictions, compartmentalization, segregation, externalization, referrals, terminations, corrections, retractions, withdrawals, takedowns, and public-safe clarifications; and

o) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, and repository metadata.

Cross-border records shall preserve the Corporation’s United States legal identity and shall not imply foreign sovereign authority, treaty status, public authority delegation, merger with GCRI Canada, branch status, agency, shared liability, public finance authority, procurement authority, certification authority, recognition authority, finance-readiness authority, public warning authority, emergency command, or enterprise execution.

24.17 Divergence Logs and Equivalence Notes.\
The Corporation shall maintain divergence logs and equivalence notes where state, territorial, Tribal-interface, local, cross-border, GCRI Canada-interface, GRF-interface, GRA-interface, Nexus-interface, public authority, host, sponsor, provider, community, data, AI, cyber, publication, research, public-safe, or legal requirements differ from general Corporation templates, standard terms, policies, protocols, notices, controlled vocabulary, public-safe language, or technical assumptions.

A divergence log shall identify the difference, source of difference, affected jurisdiction or interface, affected instruments, affected outputs, risk classification, legal or protocol basis, review authority, responsible owner, effective date, review cycle, limitation language, correction pathway, and whether the divergence is mandatory, discretionary, temporary, permanent, experimental, or pending review.

An equivalence note shall identify how a localized or cross-border practice preserves functional equivalence with the Corporation’s core requirements, including mission lock, legal identity, public-benefit purpose, nonprofit character, non-execution, role separation, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, controlled vocabulary, records discipline, data / AI / cyber controls, safeguards, validity-by-record, and correctionability.

No divergence log or equivalence note shall authorize weakening of core constitutional protections. Where equivalence cannot be established, the Corporation shall suspend, narrow, re-scope, separate, externalize, refer, or terminate the activity.

24.18 No Foreign Host, Donor, Affiliate, Regional Presence, State Interface, Territorial Interface, or North America Interface May Obscure United States Seat Discipline.\
No foreign host, donor, sponsor, funder, affiliate, partner, regional presence, state interface, territorial interface, Tribal-interface, local interface, North America interface, GCRI Canada coordination, Mexico coordination, Caribbean coordination, Arctic coordination, cross-border project, public authority interface, university interface, laboratory interface, community interface, Nexus-interface, national company, Project SPV, qualified provider, public-good software collaboration, technical repository, controlled room, public-safe publication, dashboard, proof receipt, or public-facing statement shall obscure the Corporation’s United States legal seat and governing discipline.

The Corporation shall maintain clear separation between:

a) United States internal corporate governance and cross-border cooperation;

b) United States legal personality and broader GCRI mission or brand family;

c) GCRI US and GCRI Canada;

d) GCRI US and The Global Risks Forum (GRF);

e) GCRI US and The Global Risks Alliance (GRA);

f) GCRI US and Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, and Nexus consortiums;

g) public-good stack functions and enterprise stack functions;

h) evidence and recognition;

i) readiness inputs and finance-readiness determinations;

j) technical baselines and certification;

k) public authority learning and public authority action;

l) public-safe reporting and official public warning;

m) technical coordination and enterprise execution; and

n) sponsorship or support and governance control.

Every cross-state, territorial, Tribal-interface, local, cross-border, North America, public authority, sponsor, provider, host, university, laboratory, community, and Nexus-interface arrangement shall preserve the Corporation’s legal identity, seat discipline, authority hierarchy, non-execution posture, role separation, record control, and correction pathway.

The governing rule of this Section is that the Corporation may operate, learn, coordinate, localize, and support public-good technical work across states, territories, Tribal-interface contexts, localities, and borders only without fracturing its governance or exporting false authority. Localization shall make the Corporation more lawful, more legible, and more respectful; it shall never become a path to hidden authority, weakened safeguards, role confusion, public authority overclaim, finance overclaim, certification overclaim, procurement implication, data misuse, sponsor control, provider preference, or enterprise execution.

## Section 25. Regulatory Perimeter Escalation, Hold, Stop, Quarantine, Re-Scoping, and Publication Discipline

25.1 Regulatory Perimeter Review Trigger.\
A regulatory perimeter review shall be triggered whenever any activity, output, relationship, publication, meeting, controlled room, clean room, data room, evidence room, public authority room, dashboard, dataset, software release, technical baseline, benchmark, proof receipt, role key, smart license, ledger entry, Docket-support artifact, Grid-support artifact, GRA-interface input, GRF-interface input, Nexus-interface artifact, sponsor material, provider material, public authority material, academy material, fundraising material, grant material, public statement, website page, GitBook page, AI-generated output, or cross-border interface may reasonably be interpreted as approaching, implying, substituting for, or performing a regulated, executing, public authority, finance, procurement, certification, recognition, emergency command, public warning, professional advice, or enterprise delivery function.

Regulatory perimeter review shall be preventive and mandatory. It shall not depend on a completed violation, complaint, regulatory inquiry, public misunderstanding, media issue, funder concern, sponsor concern, provider concern, public authority concern, or Board intervention. The trigger shall arise when a reasonable governance, legal, compliance, technical, public authority, finance-boundary, data / AI / cyber, safeguards, research, publication, or records reviewer identifies a material possibility of role confusion, reliance confusion, authority confusion, legal ambiguity, public-safe harm, regulated-activity implication, or public trust risk.

The Corporation shall treat the regulatory perimeter as a governance boundary, not merely a legal afterthought. Activities that are technically valuable, publicly useful, urgently needed, funder-supported, sponsor-supported, provider-requested, public-authority-attended, or Nexus-compatible shall remain subject to review where they may blur the Corporation’s non-executing public-benefit role.

A regulatory perimeter review may be initiated by the Board, Chair, officer, Secretary, counsel, compliance reviewer, committee chair, public authority interface lead, data / AI / cyber lead, safeguards lead, publication lead, repository maintainer, controlled-room administrator, program lead, participant, contributor, or any person acting in good faith to protect the Corporation’s public-benefit purpose, legality, role separation, non-execution, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, data / AI / cyber integrity, safeguards, validity-by-record, correctionability, and public trust.

25.2 Triggers for Regulated Execution Risk.\
A regulated execution risk shall be deemed to exist where the Corporation, or any person acting for, through, with, or in reference to the Corporation, appears to perform, direct, approve, command, implement, operate, execute, manage, supervise, guarantee, certify, finance, procure, insure, underwrite, rate, broker, solicit, place, clear, settle, custody, dispatch, warn, regulate, enforce, adjudicate, credential, or deliver a function that belongs to a public authority, licensed professional, regulated entity, enterprise operator, national company, Project SPV, qualified enterprise provider, insurer, lender, bank, underwriter, broker-dealer, investment adviser, rating agency, procurement authority, emergency command body, public warning authority, certification body, recognition body, or other separately competent actor.

Regulated execution risk includes any activity that may suggest that the Corporation has moved from evidence to decision, from methods to approval, from observability to command, from public authority learning to public authority action, from technical baseline to certification, from readiness input to finance-readiness determination, from public-safe publication to official warning, from proof receipt to recognition, from dashboard to operational instruction, from public-good software to procurement mandate, from controlled-room facilitation to capital intermediation, or from Nexus compatibility to whole-system authority.

Such risk may arise through words, workflows, documents, interface design, meeting structure, labels, badges, dashboards, rankings, scores, ratings-like outputs, color codes, alerts, proof receipts, automated outputs, AI agents, repository permissions, public-facing statements, contracts, grant materials, fundraising decks, sponsor references, provider references, public authority references, or repeated operational practice.

Where regulated execution risk exists, the activity shall be held, stopped, quarantined, re-scoped, externalized, referred, or escalated under this Section before continuation, publication, reliance, marketing, contracting, or technical deployment.

25.3 Triggers for Securities, Investment Adviser, Broker-Dealer, Finder, Insurance, Banking, Lending, Rating, Public Finance, Procurement, Certification, Emergency Command, Public Warning, or Public Authority Risk.\
A specialized regulatory perimeter trigger shall exist where any activity may reasonably suggest securities offering, securities solicitation, capital placement, investment advice, investment adviser activity, broker-dealer activity, finder activity, transaction-based compensation, underwriting, banking, deposit-taking, payment intermediation, custody, escrow, lending, credit approval, credit brokerage, guarantee, insurance placement, insurance underwriting, reinsurance recommendation, premium basis, claims handling, rating, credit opinion, financeability rating, public finance approval, grant approval, tax credit approval, procurement recommendation, vendor selection, certification, accreditation, compliance approval, recognition, maturity determination, official public warning, emergency command, public authority decision, regulatory authorization, public health order, evacuation instruction, incident command, or public safety directive.

The trigger shall apply whether the risk arises directly, indirectly, by implication, by repeated usage, by public perception, by participant claim, by sponsor or provider statement, by public authority attendance, by dashboard design, by proof receipt, by AI output, by controlled vocabulary misuse, by Docket or Grid reference, by GRA-interface material, by GRF-interface material, by Nexus-interface material, by publication, or by public-safe report.

The Corporation shall apply heightened scrutiny to any material that uses or resembles terms such as “approved,” “certified,” “recognized,” “ready,” “finance-ready,” “insurance-ready,” “bankable,” “investment-grade,” “rated,” “eligible,” “qualified,” “validated,” “official,” “authorized,” “public authority endorsed,” “procurement-ready,” “emergency-ready,” “safe,” “trusted,” “compliant,” “standard,” “accepted,” “cleared,” “underwritten,” “guaranteed,” or similar status-bearing language.

No specialized perimeter trigger shall be waived because the Corporation’s intent is educational, technical, research-based, public-good, open-source, nonprofit, public authority learning-oriented, or Nexus-compatible. Intent shall inform review but shall not eliminate the need for boundary discipline.

25.4 Triggers for Delegated Authority Risk.\
Delegated authority risk shall exist where any person, body, system, AI workflow, committee, council, working group, controlled room, public authority room, technical maintainer, repository administrator, sponsor, provider, host, participant, public authority participant, university participant, laboratory participant, fellow, advisor, contractor, contributor, or external actor appears to exercise authority that has not been expressly granted by law, the Certificate or Articles of Incorporation, this Bylaw, Board resolution, officer appointment, committee charter, written delegation, authority matrix, contract, participation terms, or another competent record.

Delegated authority risk includes any act that may suggest authority to bind the Corporation; speak for the Corporation; approve publications; release data; approve AI use; grant repository access; admit controlled-room participants; issue proof receipts; approve public authority references; approve sponsor acknowledgments; approve provider references; sign contracts; accept funds; approve expenses; make public claims; determine evidence status; determine method status; determine public-safe status; determine Nexus-compatible status; determine Docket or Grid status; determine finance-readiness; determine recognition; determine certification; approve procurement; or issue public authority, emergency, or professional advice meaning.

Delegated authority risk shall also exist where a person’s title, seniority, founder proximity, technical centrality, authorship, speaking role, public authority relationship, sponsor relationship, provider relationship, public visibility, repository access, dashboard access, controlled-room access, or recurring practice may create apparent authority.

Where delegated authority risk exists, the Corporation shall require authority verification, scope confirmation, record review, limitation language, public clarification where needed, and corrective action where the purported authority exceeds recorded scope.

25.5 Triggers for Prohibited Intermediation Risk.\
Prohibited intermediation risk shall exist where the Corporation may be perceived as connecting, arranging, matching, soliciting, introducing, negotiating, recommending, brokering, placing, allocating, steering, intermediating, or facilitating a regulated or execution transaction beyond its non-executing public-benefit role.

Such risk includes any activity that may suggest the Corporation is matching investors to projects; matching insurers or lenders to projects; arranging Project SPV financing; soliciting securities; arranging insurance placement; arranging loans; arranging public finance; introducing providers for procurement advantage; steering public authorities toward vendors; matching sponsors to influence outcomes; negotiating transaction terms; receiving transaction-based compensation; operating a capital-reader room as execution; operating a data room as a capital placement tool; operating a public authority room as a procurement or funding channel; or operating a Nexus interface as a market allocation or enterprise execution channel.

The Corporation may support lawful public-good learning, evidence organization, technical literacy, public-safe reporting, and non-executing diligence translation where properly bounded. It shall not arrange, recommend, place, solicit, broker, underwrite, approve, guarantee, or execute the underlying transaction.

Where prohibited intermediation risk exists, the Corporation shall re-scope the activity to evidence, methods, literacy, public authority learning, or public-safe communication; externalize regulated intermediation to separately authorized actors; or terminate the activity where lawful separation cannot be preserved.

25.6 Triggers for Impermissible Advice Risk.\
Impermissible advice risk shall exist where any Corporation output, meeting, publication, dashboard, AI output, technical baseline, evidence artifact, dataset, software release, public authority learning material, controlled-room discussion, proof receipt, public-safe report, academy material, oral statement, written statement, or public-facing summary may reasonably be understood as legal, engineering, clinical, medical, public health, financial, investment, insurance, lending, underwriting, rating, tax, accounting, procurement, cybersecurity assurance, emergency management, public safety, regulatory compliance, environmental permitting, public finance, credit, valuation, or other professional advice.

Impermissible advice risk shall exist even where the output is framed as research, education, methods, evidence, technical literacy, public-good software, public-safe reporting, or public authority learning if the content is personalized, prescriptive, directive, status-conferring, action-oriented, transaction-specific, jurisdiction-specific, system-specific, patient-specific, project-specific, provider-specific, investment-specific, procurement-specific, or emergency-specific in a way that may create reliance beyond the Corporation’s approved role.

The Corporation shall distinguish between general public-good knowledge and professional advice; between technical methods and engineering approval; between evidence literacy and legal compliance; between finance-boundary inputs and investment advice; between public-safe reporting and public warning; between scenario learning and emergency command; between cybersecurity methods and security assurance; and between research findings and clinical or public health direction.

Where impermissible advice risk exists, the Corporation shall add limitation language, narrow the audience, require qualified professional review, remove prescriptive language, restrict access, reclassify the output, route the matter to appropriate licensed or accountable actors, or withhold publication.

25.7 Triggers for Public Authority Confusion.\
Public authority confusion shall exist where any activity, output, meeting, public authority room, public-safe report, map, dashboard, data contribution, public authority attendance, public authority quotation, public authority logo, public authority title, public authority role, public authority feedback, simulation, tabletop, after-action review, public finance reader session, regulator-listening session, emergency-management participant session, public infrastructure operator session, or public statement may reasonably imply official adoption, delegation, endorsement, approval, funding commitment, procurement decision, regulatory approval, public finance approval, emergency command, public warning, public health order, public safety instruction, sovereign obligation, public-private partnership, treaty status, intergovernmental status, or governmental decision.

The Corporation shall treat public authority confusion as a high-risk condition because public trust, public safety, procurement integrity, public finance integrity, civil rights, public records obligations, open meetings obligations, public-sector data obligations, emergency management boundaries, and sovereign authority may be implicated.

Public authority participation shall be classified by capacity, including official capacity, observer capacity, regulator-listening capacity, public finance reader capacity, emergency-management participant capacity, public infrastructure operator capacity, simulation participant capacity, learning participant capacity, or other approved classification. Silence, attendance, receipt of materials, data contribution, meeting participation, or informal feedback shall not be treated as approval, adoption, delegation, or endorsement.

Where public authority confusion exists, the Corporation shall correct titles, labels, agendas, minutes, slide decks, reports, dashboards, notices, public statements, logos, capacity statements, metadata, public-safe summaries, and repository materials before reliance spreads.

25.8 Triggers for State, Territorial, Tribal, Federal, or Local Legal Ambiguity.\
Legal ambiguity shall exist where any federal, state, territorial, Tribal-interface, local, cross-border, foreign, public authority, grant, procurement, public records, open meetings, tax, nonprofit, charitable solicitation, employment, contractor, privacy, AI, cyber, health data, research, public safety, public health, infrastructure, sanctions, export-control, controlled-technology, competition, professional-boundary, civil rights, accessibility, Indigenous knowledge, protected knowledge, or community-safeguards requirement may be uncertain, conflicting, incomplete, newly applicable, or materially context-dependent.

The Corporation shall not proceed on assumptions where legal ambiguity may affect formation status, good standing, registration, qualification, fundraising, donation receipting, grant eligibility, public authority engagement, public records handling, public procurement integrity, lobbying, government ethics, data use, AI use, cyber controls, research ethics, publication, employment, contractor classification, controlled rooms, technical releases, cross-border transfers, sanctions, export controls, or public-safe communication.

Legal ambiguity shall trigger review even where similar activity has occurred elsewhere. State-by-state, territory-by-territory, Tribal-interface, local, public authority, cross-border, host-specific, data-specific, AI-specific, and community-specific differences shall be treated as potentially material.

Pending review, the Corporation shall apply the most protective lawful posture, including hold, stop, quarantine, access restriction, narrowing, compartmentalization, separate instrument, localization, externalization, referral, or termination where appropriate.

25.9 Mandatory Counsel and Compliance Review.\
Counsel and compliance review shall be mandatory for material regulatory perimeter issues, including securities, investment adviser, broker-dealer, finder, insurance, banking, lending, rating, public finance, procurement, certification, professional advice, public authority, emergency command, public warning, public health, public safety, sanctions, export-control, controlled technology, competition, nonprofit tax, charitable solicitation, public records, open meetings, research ethics, privacy, AI, cyber, employment, civil rights, accessibility, Tribal-interface, Indigenous knowledge, protected knowledge, cross-border, and public-safe publication matters.

Counsel review may be internal, external, pro bono, retained, specialized, or jurisdiction-specific, as appropriate. Compliance review may be conducted by a designated officer, committee, compliance function, risk function, Secretary, data / AI / cyber lead, safeguards lead, publication reviewer, controlled-room administrator, or other competent person acting within recorded authority.

No person shall substitute informal assurance, business judgment, operational convenience, prior practice, public authority comfort, sponsor comfort, provider comfort, funder comfort, academic custom, technical confidence, AI-generated analysis, or general nonprofit practice for mandatory counsel or compliance review where this Section requires it.

Where privilege may apply, the Corporation shall preserve attorney-client privilege, work product protection, confidentiality, access controls, record segregation, and controlled communications.

25.10 No Informal Operational Comfort as Substitute.\
Operational comfort shall not substitute for legal authority, compliance review, Board approval, officer delegation, public authority capacity classification, data / AI / cyber review, safeguards review, finance-boundary review, certification-boundary review, procurement-boundary review, competition review, sanctions review, export-control review, or public-safe publication review.

Operational comfort includes statements such as “this has been done before,” “the public authority is comfortable,” “the sponsor expects it,” “the provider needs it,” “the funder approved it,” “the community asked for it,” “the technical team cleared it,” “the dashboard is only informational,” “the AI output is only a draft,” “the proof receipt is only a receipt,” “the deck is only internal,” “the data room is only for learning,” “the capital reader is not an investor,” “the publication is only public-safe,” or similar informal rationales.

No informal label shall override the substance of an activity. Where the activity may create legal, public authority, regulated, professional, reliance, data, AI, cyber, safeguards, finance, procurement, certification, recognition, or execution meaning, formal review shall be required.

The Corporation shall train officers, staff, committee chairs, working-group leads, repository maintainers, public authority interface leads, controlled-room administrators, publication leads, and technical leads to recognize that comfort is not authority, usefulness is not legality, participation is not approval, and silence is not consent.

25.11 Hold Power.\
The Corporation may place any matter on hold where regulatory perimeter risk, legal ambiguity, public authority confusion, finance overclaim, certification overclaim, procurement implication, recognition overclaim, public warning implication, emergency command implication, professional advice risk, data / AI / cyber risk, safeguards risk, protected knowledge risk, sanctions risk, export-control risk, competition risk, sponsor control, provider preference, unauthorized authority, or public-safe publication concern is identified.

A hold may suspend drafting, review, publication, circulation, meeting discussion, participant onboarding, controlled-room admission, data intake, data export, AI use, model execution, software release, dashboard deployment, proof receipt issuance, public authority reference, sponsor acknowledgment, provider reference, grant submission, fundraising material, contract execution, or external communication pending review.

A hold shall identify, where practicable, the matter held, reason for hold, responsible owner, authority imposing the hold, scope, affected materials, affected persons, access restrictions, review pathway, interim communication rule, and conditions for release.

No person shall bypass, dilute, re-label, duplicate, externalize, or continue a held matter through side channels, informal meetings, alternate repositories, unapproved AI tools, private accounts, parallel drafts, sponsor communications, provider communications, public authority communications, or other means.

25.12 Stop Power.\
The Corporation may stop any activity immediately where continuation may create material legal, regulatory, public authority, finance, procurement, certification, recognition, emergency command, public warning, professional advice, public-safe, data, AI, cyber, safeguards, protected knowledge, sanctions, export-control, competition, tax, nonprofit, private benefit, or public trust risk.

Stop power may be exercised by the Board, Chair, responsible officer, Secretary, counsel, compliance reviewer, committee chair, meeting chair, controlled-room administrator, data / AI / cyber lead, safeguards lead, publication lead, repository security lead, or any other person expressly authorized by competent record. A participant may request a stop in good faith, and such request shall be escalated without retaliation.

Stop power may apply to meetings, discussions, data sharing, publication, software release, dashboard use, AI workflow, public authority engagement, controlled-room session, clean-room session, capital-reader session, public-safe report, grant submission, fundraising claim, sponsor acknowledgment, provider reference, public statement, public event, or Nexus-interface activity.

When stop power is exercised, the Corporation shall preserve necessary evidence, restrict further dissemination, document the stop in a controlled record, notify appropriate responsible persons, and determine whether the matter may be corrected, re-scoped, externally referred, or terminated.

25.13 Quarantine Power.\
The Corporation may quarantine any record, dataset, software, model, AI output, inference record, compute record, dashboard, map, digital twin, sensor feed, proof receipt, technical baseline, publication, public-safe report, slide deck, public authority material, sponsor material, provider material, grant material, repository issue, pull request, controlled-room exhibit, clean-room output, data-room material, benchmark, index, public claim, or Nexus-interface artifact where the material may be inaccurate, unauthorized, unsafe, misleading, unlawfully obtained, improperly classified, contaminated by conflicts, contaminated by prohibited information, contaminated by protected knowledge, infected by malware, exposed to cyber compromise, subject to sanctions or export-control concern, or likely to create regulated-perimeter confusion.

Quarantine may include access suspension, sealing, restricted storage, no-download status, hash preservation, chain-of-custody control, deletion hold, publication freeze, repository isolation, branch lockdown, credential revocation, model-output isolation, dashboard suppression, takedown, watermarking, metadata annotation, public-safe notice, controlled notice, or legal hold.

Quarantine shall not be treated as an admission of wrongdoing. It is a protective control to preserve evidence, prevent reliance, prevent spread, protect affected persons and communities, protect public authorities, protect technical integrity, preserve legal rights, and support correctionability.

Quarantined materials shall not be used, cited, summarized, exported, shared, trained on, embedded, indexed, translated, published, relied upon, or incorporated into derivative outputs unless released by competent authority under recorded conditions.

25.14 Access Restriction.\
The Corporation may restrict access to any person, role, system, repository, controlled room, data room, evidence room, clean room, public authority room, dashboard, dataset, model, AI tool, software branch, technical baseline, publication draft, public authority material, sponsor material, provider material, protected knowledge, confidential material, cyber-sensitive material, infrastructure-sensitive material, finance-sensitive material, commercially sensitive material, public-safe material, or Nexus-interface material where access may create risk.

Access restriction may be temporary, conditional, permanent, role-based, jurisdiction-specific, matter-specific, data-field-specific, repository-specific, room-specific, publication-specific, public authority-specific, sponsor-specific, provider-specific, or technology-specific.

Access restriction may be imposed for unresolved conflicts, recusal, confidentiality risk, public authority boundary risk, finance-boundary risk, procurement-boundary risk, certification-boundary risk, recognition-boundary risk, public warning risk, emergency command risk, data / AI / cyber risk, protected knowledge risk, sanctions or export-control risk, competition risk, misconduct, investigation, suspension, termination, offboarding, or failure to complete required acknowledgments or training.

Access restriction shall be recorded with sufficient metadata to support auditability, continuity, lawful review, correction, and later restoration where appropriate.

25.15 Publication Freeze.\
The Corporation may impose a publication freeze on any public, controlled, internal, technical, public authority, finance-adjacent, certification-adjacent, procurement-adjacent, recognition-adjacent, safeguards-sensitive, data-sensitive, AI-sensitive, cyber-sensitive, research-sensitive, community-sensitive, Tribal-interface, territorial, cross-border, sponsor-facing, provider-facing, fundraising, grant, GitBook, website, repository, dashboard, dataset, software, public-safe report, translation, plain-language summary, or media output pending review.

A publication freeze may be imposed where the output may contain inaccurate evidence, unsupported claims, unauthorized authority, legal overclaim, public authority confusion, finance-readiness overclaim, certification overclaim, procurement implication, recognition overclaim, provider preference, sponsor control, market recommendation, professional advice, public warning implication, emergency command implication, protected knowledge exposure, privacy issue, data misuse, AI misuse, cyber vulnerability, export-controlled content, sanctions concern, competition concern, research integrity concern, civil rights issue, accessibility issue, or public-safe harm.

No publication freeze shall be bypassed by re-posting, excerpting, summarizing, translating, quoting, using screenshots, circulating drafts, publishing through a partner, publishing through a sponsor, publishing through a provider, publishing through a public authority, publishing through a personal account, uploading to a repository, or generating an AI summary.

Release from publication freeze shall require a competent record identifying the review completed, changes made, limitation language used, access class, publication class, correction pathway, and responsible authority.

25.16 Implementation Freeze.\
The Corporation may impose an implementation freeze on any program, workflow, technical integration, AI workflow, data pipeline, controlled room, clean room, evidence room, public authority room, dashboard, model deployment, repository release, software deployment, API activation, dataset release, benchmark launch, academy program, fellowship program, challenge, lab, public authority engagement, sponsor engagement, provider engagement, cross-border interface, Nexus-interface activity, Docket-support workflow, Grid-support workflow, or GRA / GRF interface pending review.

An implementation freeze may be imposed where continuation may deepen reliance, create legal commitments, expand access, increase public authority confusion, increase finance-boundary risk, increase certification or procurement overclaim, expose protected knowledge, spread erroneous outputs, create cyber risk, trigger sanctions or export-control issues, create competition-law risk, or lock in a technical architecture that blurs role separation.

During an implementation freeze, the Corporation may allow only protective activities necessary to preserve safety, security, records, confidentiality, continuity, legal rights, public-safe correction, or evidence integrity. No new participant onboarding, external release, public claim, public authority reference, sponsor benefit, provider benefit, data transfer, AI processing, or operational expansion shall occur unless expressly authorized for protective purposes.

The implementation freeze shall remain in effect until competent authority records release, re-scope, externalization, referral, termination, or replacement.

25.17 Technical Isolation.\
Technical isolation may be required where any system, software, repository, branch, dataset, model, AI workflow, digital twin, dashboard, API, SDK, data connector, sensor feed, AI-RAN signal, O-RAN signal, DePIN record, blockchain or DLT entry, proof receipt, smart license, role key, credential, secret, token, compute environment, secure enclave, confidential computing environment, no-download room, controlled room, clean room, or public authority room may present cyber, data, AI, privacy, integrity, provenance, access, export-control, sanctions, evidence-contamination, protected knowledge, or public-safe risk.

Technical isolation may include disabling access, revoking credentials, rotating keys, freezing repositories, locking branches, pausing automations, disabling model access, stopping agents, isolating compute workloads, disconnecting data sources, disabling dashboards, suppressing public endpoints, disabling APIs, preserving logs, capturing hashes, snapshotting records, marking materials non-operative, restricting inference, preventing training or embedding, and preserving chain-of-custody.

Technical isolation shall be coordinated with data / AI / cyber, legal, compliance, records, public authority, safeguards, research, publication, and technical owners as appropriate. Isolation shall be proportionate but sufficiently protective to prevent further risk.

No person shall reconnect, restore, fork, copy, export, re-run, re-train, publish, or redeploy isolated technical materials without recorded release authority.

25.18 Controlled-Room Lockdown.\
The Corporation may impose controlled-room lockdown where a controlled room, clean room, data room, evidence room, public authority room, capital-reader literacy room, no-download room, research room, benchmark room, technical review room, public-safe review room, or Nexus-interface room may involve unauthorized access, improper disclosure, public authority confusion, finance-boundary risk, procurement-boundary risk, certification-boundary risk, recognition-boundary risk, prohibited intermediation, competitively sensitive information, protected knowledge exposure, personal information exposure, AI misuse, cyber incident, sanctions or export-control concern, research integrity concern, or safety risk.

Controlled-room lockdown may include suspending sessions, closing access, disabling downloads, disabling AI tools, disabling external sharing, disabling chat, freezing exhibits, sealing records, preserving logs, restricting participant communications, requiring re-acknowledgment of terms, removing conflicted participants, requiring counsel or compliance attendance, reclassifying materials, and preparing controlled notices.

A lockdown may be full or partial. It may apply to a room, sub-room, data category, exhibit set, participant class, jurisdiction, public authority interface, sponsor interface, provider interface, technical component, or publication pathway.

Lockdown shall remain until the responsible authority determines whether the room can safely reopen, must be re-scoped, must be compartmentalized, must be transferred to a compliant structure, or must be terminated.

25.19 Remediation, Redesign, Role Clarification, Function Separation, Externalization, Referral, Abandonment, or Re-Scoping.\
Where regulatory perimeter review identifies risk, the Corporation shall select the protective path that best preserves legality, public benefit, nonprofit character, tax-exempt or tax-exempt-compatible posture, non-execution, role separation, public authority boundaries, finance boundaries, procurement neutrality, certification boundaries, recognition boundaries, provider neutrality, sponsor non-control, data / AI / cyber integrity, safeguards, validity-by-record, correctionability, and public trust.

Remediation may include correction, limitation language, metadata correction, records supplementation, evidence strengthening, public-safe revision, access restriction, participant notice, re-training, conflict mitigation, contributor replacement, workflow change, or control enhancement.

Redesign may include changing labels, dashboards, workflows, forms, user interfaces, proof receipts, role keys, smart licenses, public authority capacity language, finance-adjacent language, certification-adjacent language, procurement-adjacent language, publication pathways, data flows, AI prompts, model gates, review gates, or repository permissions.

Role clarification may include express statements distinguishing the Corporation from GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, public authorities, national companies, Project SPVs, providers, sponsors, hosts, universities, laboratories, and enterprise actors.

Function separation may include dividing evidence from recognition, methods from certification, readiness inputs from finance-readiness determinations, public authority learning from public authority action, public-safe reporting from official public warning, technical baselines from procurement approval, and controlled-room facilitation from transaction execution.

Externalization or referral may route a matter to GRF, GRA, Nexus Standards, a public authority, a licensed professional, a regulated entity, a qualified enterprise provider, a national company, a Project SPV, counsel, an independent administrator, a university, a laboratory, or another competent actor. Abandonment or termination shall be required where the matter cannot be made lawful, safe, non-executing, public-benefit-aligned, or role-separated.

25.20 Controlled or Public Notice Where Needed.\
The Corporation may issue controlled notice, public notice, internal notice, participant notice, Board notice, committee notice, public authority notice, sponsor notice, provider notice, host notice, community notice, Tribal-interface notice, cross-border notice, repository notice, dashboard notice, dataset notice, software notice, proof-receipt annotation, GitBook notice, website notice, or public-safe clarification where regulatory perimeter review, hold, stop, quarantine, re-scope, withdrawal, supersession, correction, takedown, or termination requires communication.

Notice shall be proportionate to the audience, risk, legal requirement, public-safe need, confidentiality, privilege, public authority sensitivity, cyber sensitivity, protected knowledge sensitivity, research sensitivity, contractual obligations, and risk of further reliance.

Controlled notice shall be used where public notice may expose protected knowledge, personal information, cyber-sensitive information, infrastructure-sensitive information, public authority-sensitive information, legally privileged information, trade secret information, competitively sensitive information, sanctions-sensitive information, export-controlled information, or other restricted material.

Public notice shall be used where public reliance has occurred or is reasonably likely, where public-safe clarification is needed, where a public output has been withdrawn, superseded, corrected, or restricted, or where the public interest requires clarification. Public notice shall avoid over-disclosure and shall not create new reliance, public warning, public authority, finance-readiness, certification, procurement, recognition, or endorsement meaning.

25.21 Privilege, Confidentiality, Public-Safe, Cybersecurity, Protected Knowledge, and Public Authority Notice Discipline.\
All review, escalation, hold, stop, quarantine, investigation, correction, notice, and publication processes under this Section shall preserve attorney-client privilege, work product protection, confidentiality, research confidentiality, data privacy, AI security, cybersecurity, infrastructure security, public authority restrictions, controlled-room restrictions, clean-room restrictions, protected knowledge, Indigenous knowledge, community-protected information, personal information, health-sensitive information, commercially sensitive information, competitively sensitive information, sanctions-sensitive information, export-controlled information, and legal rights.

No person shall disclose the existence, content, scope, or findings of a regulatory perimeter review beyond the authorized audience unless disclosure is required by law, approved by competent authority, required for public-safe correction, required for public authority communication, required for cyber or data incident response, or required to prevent material harm.

Public-safe discipline shall govern all communications. Communications shall be accurate, proportionate, non-alarming where not necessary, non-minimizing where risk is material, non-defamatory, non-misleading, non-retaliatory, and consistent with role separation, non-reliance, non-execution, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, and correctionability.

Where public authority notice is required or appropriate, the Corporation shall classify capacity, identify the lawful basis for notice, avoid implying public authority delegation or adoption, protect restricted information, preserve records, and coordinate with legal, compliance, data / AI / cyber, safeguards, and Board pathways where material.

25.22 Perimeter Review Records.\
The Corporation shall maintain records sufficient to demonstrate identification, escalation, handling, review, resolution, and correction of regulatory perimeter matters.

Perimeter review records shall include, as applicable:

a) regulatory perimeter trigger records;

b) regulated execution risk assessments;

c) securities, investment adviser, broker-dealer, finder, insurance, banking, lending, rating, public finance, procurement, certification, emergency command, public warning, professional advice, public authority, and enterprise execution boundary records;

d) delegated authority risk records;

e) prohibited intermediation risk records;

f) impermissible advice risk records;

g) public authority confusion records;

h) state, territorial, Tribal-interface, federal, local, cross-border, and conflict-of-law ambiguity records;

i) counsel and compliance review records, including privilege classifications where applicable;

j) hold records;

k) stop records;

l) quarantine records;

m) access restriction records;

n) publication freeze records;

o) implementation freeze records;

p) technical isolation records;

q) controlled-room lockdown records;

r) remediation, redesign, role clarification, function separation, re-scope, externalization, referral, abandonment, and termination records;

s) controlled notice, public notice, internal notice, participant notice, public authority notice, sponsor notice, provider notice, host notice, community notice, Tribal-interface notice, cross-border notice, repository notice, dashboard notice, dataset notice, software notice, proof-receipt annotation, GitBook notice, website notice, and public-safe clarification records;

t) privilege, confidentiality, public-safe, cybersecurity, protected knowledge, and public authority notice discipline records;

u) affected outputs, versions, materials, datasets, software releases, dashboards, proof receipts, public statements, public authority materials, sponsor materials, provider materials, grant materials, fundraising materials, contracts, participation terms, repository entries, AI outputs, model records, compute records, and Nexus-interface artifacts;

v) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, legal hold status, and repository metadata; and

w) closeout records identifying whether the matter was released, corrected, superseded, withdrawn, restricted, re-scoped, externalized, referred, terminated, or archived.

The governing rule of this Section is that uncertainty shall be governed before it becomes authority confusion. The Corporation shall not allow technical usefulness to become execution, public authority interest to become public authority action, finance literacy to become capital intermediation, evidence to become recognition, readiness input to become finance-readiness, technical baseline to become certification, dashboard signal to become public warning, proof receipt to become approval, controlled-room access to become reliance, or Nexus compatibility to become role collapse. Every perimeter concern shall be treated as a recordable governance event, and every resolution shall preserve the Corporation’s public-benefit purpose, United States legal discipline, non-execution, role separation, public-safe communication, validity-by-record, and correctionability.

## Section 26. United States-Specific Compliance and Nexus Alignment Statement

26.1 United States Federal Compliance.\
The Corporation shall conduct its affairs in compliance with applicable United States federal law. Federal compliance shall apply to the Corporation’s formation-sensitive activities, tax status, nonprofit operations, charitable or public-benefit representations, grants, contracts, public authority interfaces, public-good research, publications, data activities, AI activities, cybersecurity activities, controlled technology interfaces, sanctions-sensitive matters, export-control-sensitive matters, employment practices, civil rights obligations, accessibility duties, competition-law obligations, lobbying and political activity limits where applicable, government ethics constraints where applicable, procurement-integrity constraints where applicable, public finance boundary discipline, and any other federal requirement applicable to the Corporation’s activities, personnel, participants, systems, publications, or relationships.

The Corporation shall not rely on its nonprofit character, public-benefit purpose, technical role, research character, public-good mission, open-source orientation, public authority learning role, Nexus compatibility, sponsor support, provider participation, or cross-border relevance as a substitute for federal compliance. Where federal law imposes registration, reporting, restriction, disclosure, screening, withholding, recordkeeping, confidentiality, data protection, cybersecurity, export-control, sanctions, tax, employment, civil rights, accessibility, procurement, grant, lobbying, political activity, public authority, or professional-boundary duties, the Corporation shall comply within its lawful role.

Federal compliance shall be interpreted in a mission-preserving and boundary-preserving manner. No federal interface, federal grant, federal public authority attendance, federal advisory participation, federal research collaboration, federal data contribution, federal infrastructure context, federal resilience context, federal cyber context, federal AI context, federal public health context, federal disaster context, federal finance-reader context, or federal technical reference shall convert the Corporation into a federal agency, federal contractor with unrecorded authority, federal instrumentality, federal public warning authority, emergency command body, public finance approver, procurement authority, regulator, certification body, or execution vehicle.

Where a federal compliance issue is material or ambiguous, the Corporation shall apply the most protective lawful posture pending review, including hold, stop, quarantine, re-scope, externalization, referral, access restriction, publication freeze, implementation freeze, technical isolation, counsel review, compliance review, Board escalation, or controlled notice where appropriate.

26.2 State Compliance.\
The Corporation shall comply with the laws of each United States state in which it is incorporated, qualified, registered, operates, conducts activities, solicits support, receives support, employs or engages personnel, contracts, convenes meetings, conducts public authority learning, hosts controlled rooms, processes data, publishes state-specific materials, engages communities, maintains facilities, participates in Nexus-compatible activity, or otherwise creates state-law obligations.

State compliance shall include, where applicable, nonprofit corporation law, foreign qualification, annual reports, state tax, franchise tax, charitable solicitation registration, fundraising law, donation receipt limitations, employment law, contractor classification, sales and use tax, privacy law, cybersecurity law, AI-related law, consumer protection law, public records implications, open meetings implications where public authorities participate, procurement integrity, lobbying registration, political activity limits, grant compliance, public authority ethics, accessibility, civil rights, research requirements, professional-boundary restrictions, unfair competition, antitrust, and local-state interface requirements.

No state-specific activity shall be treated as operationally authorized merely because it is mission-aligned, public-good-oriented, technically valuable, sponsor-supported, provider-supported, public authority attended, community requested, or consistent with activity in another state. State law may impose separate conditions, and the Corporation shall maintain state-specific compliance review where required.

State compliance shall preserve a single coherent GCRI US legal identity. State localization may adapt terms, notices, public-safe language, participation rules, data controls, public authority capacity classifications, and operational procedures, but shall not create a shadow state entity, unrecorded branch, separate treasury, unapproved legal personality, public authority status, certification authority, finance-readiness authority, procurement role, emergency command role, or enterprise execution function.

26.3 Territorial Compliance.\
The Corporation shall comply with applicable law and public authority requirements in United States territorial and insular contexts, including Puerto Rico, Guam, the U.S. Virgin Islands, American Samoa, the Northern Mariana Islands, and any other United States territorial or insular jurisdiction in which the Corporation operates, convenes, contracts, receives support, processes data, publishes materials, engages public authorities, engages communities, conducts research, maintains controlled rooms, or supports Nexus-compatible activities.

Territorial compliance shall include, where applicable, local registration, qualification, taxation, charitable solicitation, employment, contracting, public authority interface, public procurement, grant, privacy, AI, cyber, public health, public safety, emergency management, infrastructure, environmental, cultural, Indigenous, community, language access, accessibility, civil rights, protected knowledge, public-safe mapping, and public-safe publication requirements.

The Corporation shall not assume that mainland state templates, mainland public authority assumptions, mainland community engagement practices, mainland data controls, mainland language practices, or mainland publication approaches are sufficient for territorial contexts. Territorial contexts may require localized review, language access, community safeguards, protected knowledge restrictions, public authority boundary language, public-safe publication review, and separate records.

Territorial compliance shall preserve the Corporation’s United States legal seat discipline, public-benefit purpose, nonprofit character, non-execution rule, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, data / AI / cyber controls, safeguards, validity-by-record, correctionability, and Nexus role separation.

26.4 District of Columbia Compliance.\
The Corporation shall comply with applicable requirements of the District of Columbia where it operates, registers, solicits support, receives support, contracts, employs or engages personnel, convenes meetings, engages federal or District public authorities, processes data, publishes District-specific materials, or maintains any District-based activity.

District of Columbia compliance may include corporate qualification, charitable solicitation, tax, employment, contractor, lobbying, political activity, government ethics, procurement integrity, public authority engagement, privacy, data, AI, cyber, civil rights, accessibility, public records-sensitive, public meeting-sensitive, grant, contracting, and public-benefit obligations where applicable.

The proximity of federal public authorities, national associations, public finance actors, embassies, multilateral bodies, think tanks, universities, laboratories, media, public-interest organizations, and capital readers in the District of Columbia shall not weaken the Corporation’s non-execution, non-reliance, no-solicitation, no-finance-readiness, no-public-authority-substitution, no-procurement, no-certification, no-recognition, and no-emergency-command boundaries.

District of Columbia activities shall be recorded with the same discipline as state, territorial, federal, cross-border, and public authority interfaces, including capacity classifications, role-separation records, public authority reference controls, sponsorship controls, provider-neutrality controls, and publication controls where material.

26.5 Tribal Interface and Indigenous Governance Respect.\
The Corporation shall respect Tribal sovereignty, Indigenous governance, Indigenous data governance, Indigenous knowledge protocols, local cultural protocols, community consent pathways, non-consent pathways, withdrawal pathways, attribution requirements, confidentiality requirements, protected knowledge restrictions, public-safe mapping limits, and correction pathways where it engages with Tribal Nations, Indigenous governments, Indigenous organizations, Indigenous communities, Indigenous knowledge holders, Indigenous lands, Indigenous data, Indigenous cultural knowledge, or matters materially affecting Indigenous peoples.

No activity, meeting, public authority room, community room, observability method, dashboard, map, dataset, public-safe report, technical baseline, proof receipt, AI output, digital twin, sensor output, evidence artifact, grant material, sponsor material, provider material, public statement, or Nexus-interface reference shall be interpreted as Tribal approval, Indigenous consent, sovereign waiver, authorization, delegation, endorsement, adoption, certification, recognition, finance-readiness, public authority action, public warning, or procurement approval unless a competent record expressly and lawfully establishes that status.

The Corporation shall not extract, publish, commercialize, train models on, map, expose, re-identify, infer, or route Indigenous knowledge, protected knowledge, sacred-site information, community-protected information, health-sensitive community information, infrastructure-sensitive community information, environmental knowledge, vulnerability information, or culturally sensitive information for institutional convenience, sponsor convenience, provider convenience, donor convenience, public authority convenience, media convenience, technical convenience, AI convenience, or Nexus-interface convenience.

Where Tribal-interface or Indigenous-governance requirements are unclear, the Corporation shall apply the more protective lawful and ethical posture pending competent review. Protective measures may include non-public treatment, access restriction, community review, Tribal-interface review, no-publication status, redaction, aggregation, delay, withdrawal, correction, sealing, or termination of the activity.

26.6 Local Compliance.\
The Corporation shall comply with applicable county, municipal, metropolitan, port, utility, public health, emergency management, public safety, public works, water, energy, food, telecom, cyber, infrastructure, zoning, facility, contracting, procurement, civil rights, accessibility, community engagement, and local public authority requirements where its activities create local obligations.

Local compliance shall be required for local convenings, host-site activity, public authority learning sessions, observability exercises, controlled rooms, public-safe mapping, community engagement, infrastructure-sensitive work, local public authority data use, public works interfaces, utility interfaces, port interfaces, emergency management simulations, health-system interfaces, public safety interfaces, local grant activity, local procurement-sensitive contexts, and local publication.

The Corporation shall not treat local invitation, local public authority attendance, local host support, local sponsor support, local provider support, local media interest, community interest, or technical utility as legal authorization. Local participation shall be capacity-classified and recorded.

Local compliance shall preserve localization without fragmentation. Local terms, notices, translations, accessibility aids, community safeguards, data controls, public authority language, and public-safe publication restrictions may be adopted where appropriate, but shall not weaken the Corporation’s public-benefit purpose, legal identity, non-execution boundary, finance boundary, certification boundary, procurement neutrality, data / AI / cyber controls, safeguards, records discipline, or correctionability.

26.7 Corporate and Governance Compliance.\
The Corporation shall maintain corporate and governance compliance under its governing state nonprofit corporation law, Certificate or Articles of Incorporation, this Bylaw, Board resolutions, member approvals where applicable, committee charters, policies, registers, authority matrices, and records requirements.

Corporate and governance compliance shall include maintenance of corporate existence, registered agent, registered office, principal office, governance seat records, director records, officer records, member records where applicable, Board minutes, committee minutes, resolutions, consents, authority matrices, delegations, conflict records, recusal records, register entries, annual filings, franchise tax filings where applicable, beneficial ownership or exemption records where applicable, banking authority records, insurance records, contract authority records, and records-retention controls.

No corporate act shall be treated as valid merely because it occurred operationally. Material corporate acts shall require competent authority, proper notice where required, quorum where required, voting or consent where required, conflict handling where required, execution by authorized persons, repository deposit where required, and record entry.

Corporate and governance compliance shall preserve the Corporation’s internal hierarchy: mandatory applicable law, Certificate or Articles of Incorporation, this Bylaw, Board resolutions, member resolutions where applicable, committee charters, policies, procedures, templates, and operational materials. No lower-order instrument, public statement, AI summary, slide deck, grant narrative, sponsor agreement, provider agreement, public authority exchange, repository entry, proof receipt, or Nexus-interface artifact shall override governing instruments.

26.8 Registered Agent, Corporate Filings, Annual Reports, Franchise Taxes Where Applicable, Director Records, Officer Records, Member Records Where Applicable, Minute Books, and Resolutions.\
The Corporation shall maintain a registered agent and registered office as required by its governing state law and any other jurisdiction in which qualification or registration is required. The Corporation shall make required corporate filings, annual reports, franchise tax filings where applicable, good-standing filings, amendments, statements of information, charitable registrations, foreign qualifications, withdrawals, and related filings within applicable deadlines.

The Corporation shall maintain accurate director records, officer records, committee records, member records where applicable, non-voting member records where applicable, supporter records where applicable, participant records where required, delegation records, authority records, and registers sufficient to demonstrate who has authority, who does not have authority, what capacity each person occupies, and what restrictions apply.

Minute books and resolution records shall document Board and member actions where applicable, including adoption of this Bylaw, amendments, appointments, delegations, reserved matters, budgets, major contracts, major grants, major sponsorships, policies, committees, conflicts, recusals, regulatory-perimeter reviews, public authority boundary matters, data / AI / cyber matters, safeguards matters, and correction actions.

Corporate records shall be maintained with integrity, access control, retention classification, repository metadata, custodianship, version control, signature evidence, and correction history. Defective, missing, inconsistent, or ambiguous corporate records shall be escalated for correction, ratification, restatement, supersession, withdrawal, or other lawful cure.

26.9 Federal Tax Compliance.\
The Corporation shall comply with applicable United States federal tax law, including federal income tax classification, employer identification number requirements, payroll tax obligations, withholding obligations, information returns, unrelated business income review where applicable, donor acknowledgment rules where charitable status or deductible contributions are implicated, restricted fund treatment, grant treatment, sponsorship treatment, fee treatment, cost-recovery treatment, scholarship or stipend treatment, independent contractor reporting, expense reimbursement rules, excess benefit transaction rules where applicable, private inurement prohibitions, and impermissible private benefit controls.

Federal tax compliance shall be aligned with the Corporation’s public-benefit purpose, nonprofit character, tax-exempt or tax-exempt-compatible posture, non-distribution rule, no-private-inurement rule, no-impermissible-private-benefit rule, and anti-capture controls. No sponsor, donor, funder, provider, host, director, officer, member, contractor, related party, founder, public authority participant, capital reader, or enterprise actor shall receive impermissible private benefit through the Corporation’s funds, assets, access, public authority relationships, technical assets, data, reports, publications, controlled rooms, technical baselines, recognition-like references, finance-adjacent materials, or Nexus-compatible claims.

If the Corporation obtains or seeks recognition of federal tax-exempt status, including status under Section 501(c)(3) or another applicable provision, all activities, publications, fundraising, lobbying, political activity, private benefit, compensation, grantmaking, research, education, public authority learning, sponsorship, fee, and unrelated business activities shall be reviewed for compatibility with that status.

Federal tax compliance shall not be treated as a clerical function only. It shall be integrated into governance, fundraising, sponsorship, grantmaking, fee programs, academy programs, research collaborations, public-good software licensing, IP stewardship, cross-border activities, support acceptance, and dissolution planning.

26.10 State and Local Tax Compliance.\
The Corporation shall comply with applicable state and local tax requirements in each jurisdiction where it has tax nexus, filing obligations, employment obligations, sales and use tax obligations, franchise tax obligations, property tax obligations, exemption claims, registration duties, withholding duties, or other state or local tax consequences.

State and local tax compliance may include income or franchise tax filings, annual fees, sales and use tax collection or exemption treatment, property tax exemption review, payroll tax registration, unemployment insurance, workers’ compensation contributions, contractor reporting, local business taxes, municipal taxes, gross receipts taxes, public charity state-level treatment where applicable, and state-level unrelated business income treatment where applicable.

No state or local tax exemption shall be assumed by mission, nonprofit character, public-benefit purpose, or federal tax classification alone. Each exemption, registration, filing position, donation receipt, sales tax treatment, fee treatment, sponsorship treatment, grant treatment, and local tax treatment shall be supported by law and record.

Where state or local tax treatment is uncertain, the Corporation shall apply the most protective lawful posture, including tax review, registration, conservative receipting language, fee classification review, restricted fund accounting, withholding, segregation of revenues, or limitation of activity pending resolution.

26.11 Nonprofit and Tax-Exempt Compliance.\
The Corporation shall preserve its nonprofit character, non-stock or non-share character where applicable, public-benefit orientation, non-distribution rule, no-private-inurement rule, no-impermissible-private-benefit rule, and tax-exempt or tax-exempt-compatible posture.

Nonprofit and tax-exempt compliance shall apply to governance, compensation, related-party transactions, grants, sponsorships, donations, restricted funds, public-good support, intellectual property, public-good software, technical assets, controlled-room access, public authority access, publications, datasets, software releases, academy activities, fellowships, awards, scholarships, public events, donor acknowledgment, sponsor benefits, provider participation, public authority participation, and enterprise-stack interfaces.

The Corporation shall not permit mission language to become a vehicle for private capture. Public-good evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, public authority learning, and Nexus-compatible public-good work shall be stewarded for lawful public-benefit purposes, not for the private control, commercial advantage, procurement advantage, recognition advantage, finance-readiness advantage, certification advantage, or market advantage of any private actor.

Where nonprofit or tax-exempt compliance risk exists, the Corporation shall apply conflict review, private benefit review, inurement review, related-party review, Board or independent approval where required, comparability review where appropriate, restricted fund accounting, public-safe disclosure where appropriate, correction, refusal, return, re-scope, or termination.

26.12 Charitable Solicitation Compliance Where Applicable.\
Where the Corporation solicits donations, grants, sponsorships, public-good support, in-kind contributions, restricted funds, memberships, subscriptions, public-interest seats, scholarships, challenge support, or other support in a manner that triggers charitable solicitation, fundraising, commercial co-venture, professional fundraiser, crowdfunding, donor disclosure, state registration, territorial registration, local registration, or donor receipt requirements, the Corporation shall comply with those requirements before or during solicitation as required by applicable law.

No person shall solicit support using the Corporation’s name, marks, mission, reports, public authority learning role, Nexus compatibility, public-good software, open technical baselines, public-safe publications, controlled rooms, dashboards, academy programs, public authority interface, sponsor relationships, provider relationships, or North America anchor role unless authorized and compliant with applicable solicitation rules.

Fundraising and support materials shall not imply that support purchases governance influence, research outcomes, publication outcomes, public authority access, recognition, finance-readiness, certification, procurement advantage, provider preference, public warning authority, emergency command authority, standards outcome, Nexus-compatible status, Docket status, Grid status, or enterprise opportunity.

Charitable solicitation records shall include registration status, exemptions, filing dates, renewal dates, fundraising materials, donation receipt language, sponsor acknowledgment language, restricted fund terms, professional fundraiser or platform records where applicable, state and territorial filing records, and correction records.

26.13 Privacy Compliance.\
The Corporation shall comply with applicable privacy, data protection, confidentiality, public-sector data, health data, education data, children’s data, biometric data, geolocation data, rights-bearing data, sensitive data, community-protected data, Indigenous data, cross-border data transfer, data retention, data access, data correction, data deletion, and data security requirements.

Privacy compliance shall apply to personal information of directors, officers, employees, contractors, fellows, volunteers, advisors, members, supporters, subscribers, donors, sponsors, funders, participants, public authority participants, community participants, research participants, Indigenous knowledge holders, technical contributors, repository users, controlled-room users, website users, academy users, event participants, and any other identifiable person whose data is collected, processed, stored, analyzed, shared, published, or archived by or for the Corporation.

The Corporation shall use data minimization, purpose limitation, lawful basis review where applicable, consent or alternative lawful pathway where required, notice, access controls, role-based permissions, retention schedules, deletion or archival rules, de-identification, pseudonymization, aggregation, redaction, encryption where appropriate, secure transfer, vendor review, incident response, and correction pathways.

Privacy compliance shall be integrated with public-safe publication. No report, map, dashboard, dataset, AI output, digital twin, sensor output, observability record, proof receipt, public authority material, or Nexus-interface artifact shall disclose personal information or sensitive community information unless lawful, necessary, proportionate, reviewed, and properly classified.

26.14 AI Governance Compliance.\
The Corporation shall maintain AI governance controls for all AI systems, models, tools, agents, copilots, retrieval systems, embedding systems, classifiers, scoring systems, dashboards, digital twins, synthetic-data systems, model evaluation systems, automated workflows, and AI-assisted publications used by or for the Corporation.

AI governance compliance shall include approved-use rules, prohibited-use rules, model and system registers where appropriate, dataset cards, model cards, system cards, benchmark cards, inference records, human review requirements, prompt and output handling where material, bias and civil rights review where applicable, public authority boundary review, finance-boundary review, certification-boundary review, procurement-boundary review, public warning boundary review, research integrity review, cyber review, privacy review, protected knowledge review, and public-safe publication review.

No AI output shall constitute official truth, public warning, emergency command, public authority decision, legal advice, investment advice, finance-readiness determination, insurance-readiness determination, rating, certification, procurement approval, recognition, Docket approval, Grid approval, Nexus-compatible status, or institutional decision unless a competent human authority lawfully reviews, adopts, and records the decision within its lawful scope.

AI governance compliance shall preserve correctionability. Material AI outputs shall be challengeable, reviewable, traceable where appropriate, supersedable, correctable, withdrawable, and subject to limitation language. The Corporation shall not use unapproved AI tools for confidential, privileged, personal, public authority-sensitive, cyber-sensitive, infrastructure-sensitive, health-sensitive, community-protected, Indigenous, export-controlled, sanctions-sensitive, or protected knowledge materials.

26.15 Cybersecurity Compliance.\
The Corporation shall maintain cybersecurity controls appropriate to its public-benefit mission, technical assets, repositories, datasets, controlled rooms, public authority materials, public-good software, open technical baselines, dashboards, AI systems, digital twins, sensor interfaces, DePIN interfaces, DLT or blockchain records, AI-RAN or O-RAN interfaces, compute environments, cloud environments, devices, credentials, secrets, keys, tokens, and communications systems.

Cybersecurity compliance shall include identity and access management, multi-factor authentication where appropriate, least privilege, logging, monitoring, vulnerability management, secure development practices, dependency review, software bill of materials where appropriate, artifact signing where appropriate, secrets management, key rotation, backup, business continuity, disaster recovery, incident response, vendor security review, data encryption where appropriate, repository protections, secure release procedures, and controlled-room security.

Cybersecurity controls shall be heightened for cyber-sensitive, infrastructure-sensitive, public authority-sensitive, health-sensitive, personal, community-protected, Indigenous, protected knowledge, export-controlled, sanctions-sensitive, confidential, privileged, and public-safe materials.

No technical urgency, release schedule, sponsor deadline, provider deadline, public authority interest, conference deadline, grant deadline, or Nexus-interface deadline shall override cybersecurity controls. Where cybersecurity risk exists, the Corporation may impose technical isolation, publication freeze, implementation freeze, controlled-room lockdown, access revocation, credential rotation, repository freeze, takedown, public-safe notice, or incident escalation.

26.16 Accessibility and Civil Rights Compliance Where Applicable.\
The Corporation shall comply with applicable accessibility, civil rights, nondiscrimination, equal opportunity, disability access, language access where applicable, public accommodation where applicable, employment discrimination, harassment, retaliation, and inclusive participation requirements.

Accessibility and civil rights compliance shall apply to governance participation, employment, contractor engagement, fellowships, academy programs, public events, controlled rooms, public authority learning, community engagement, publications, websites, digital platforms, dashboards, software interfaces, datasets where applicable, public-safe materials, translations, notices, forms, complaint pathways, grievance pathways, and public-good technical assets.

The Corporation shall not design participation systems, technical systems, data systems, AI systems, publication systems, controlled rooms, academy programs, public authority learning sessions, or community interfaces in a manner that creates unlawful exclusion, discriminatory effect, inaccessible participation, language barriers where avoidable and material, retaliation risk, harassment risk, or inequitable access inconsistent with the Corporation’s public-benefit purpose.

Accessibility and civil rights review shall be integrated into public-safe publication, AI governance, data governance, public authority learning, community safeguards, academy programs, research ethics, fellowship design, and technical asset release.

26.17 Sanctions Compliance.\
The Corporation shall comply with applicable United States sanctions laws and restrictions. Sanctions compliance shall apply to directors, officers, employees, contractors, fellows, advisors, volunteers, contributors, members, supporters, subscribers, donors, sponsors, funders, providers, hosts, public authorities where relevant, universities, laboratories, communities, partners, vendors, data sources, controlled-room participants, repository participants, grant recipients, award recipients, scholarship recipients, and cross-border interfaces where applicable.

The Corporation shall conduct sanctions screening where required or appropriate for support acceptance, contracting, controlled-room access, cross-border collaboration, technical contribution, software release, data sharing, grantmaking, sponsorship, donation acceptance, public-good support, public authority interfaces, vendor engagement, travel, events, and high-risk technology contexts.

The Corporation shall not accept funds, provide services, share controlled materials, grant access, release restricted software, transfer data, engage in prohibited dealings, or route benefits in violation of sanctions requirements.

Where sanctions risk is identified, the Corporation shall hold, stop, quarantine, restrict access, reject support, return support where lawful and appropriate, terminate relationships, block access, seek counsel review, preserve records, and make required reports or notices where applicable.

26.18 Export-Control and Controlled-Technology Compliance.\
The Corporation shall comply with applicable export-control, re-export, deemed export, controlled technology, dual-use, defense, encryption, cyber, AI, compute, semiconductor, telecommunications, satellite, drone, robotics, biosecurity, quantum-relevant, geospatial, sensing, critical infrastructure, national security, and controlled-technical-data requirements.

Export-control and controlled-technology compliance shall apply to software, source code, models, datasets, technical baselines, APIs, SDKs, documentation, diagrams, methods, training materials, dashboards, sensor designs, AI-RAN or O-RAN methods, DePIN methods, DLT methods, cybersecurity tools, vulnerability information, digital twins, geospatial information, compute configurations, secure enclave methods, confidential computing methods, and any other technical material subject to control.

The Corporation shall not treat open-source, public-good, research, educational, nonprofit, or Nexus-compatible status as automatically exempting technology from export-control or controlled-technology review. Public release, repository publication, conference presentation, academy training, controlled-room access, cross-border collaboration, foreign national access, AI-assisted code generation, cloud deployment, and data transfer may each require review.

Where export-control or controlled-technology risk exists, the Corporation shall classify the material, restrict access, compartmentalize, obtain counsel or specialist review, apply licensing or exclusion rules where lawful, prevent unauthorized export or deemed export, freeze release, remove materials, quarantine repositories, or terminate the activity.

26.19 Research Ethics Compliance.\
The Corporation shall comply with applicable research ethics, research integrity, human-subjects, institutional review, community review, Tribal or Indigenous protocol, health-sensitive research, youth and vulnerable population, data ethics, AI ethics, publication integrity, conflict disclosure, sponsored research independence, peer review, reproducibility, correction, withdrawal, and retraction requirements.

Research ethics compliance shall apply to formal research, applied research, public-benefit R\&D, observability pilots, simulation exercises, public authority learning, academy activities, fellowships, public-safe reporting, community engagement, dataset construction, AI evaluation, digital twin development, sensor studies, evidence collection, model evaluation, controlled-room review, and cross-border research.

No research activity shall proceed merely because it is technical, public-good, open-source, urgent, sponsor-supported, public authority attended, or low-cost. Where research involves human participants, personal information, health-sensitive data, youth, vulnerable populations, Indigenous knowledge, protected knowledge, community-protected data, public authority data, or material public-safe publication risk, appropriate review shall be required.

Research ethics compliance shall preserve the integrity of evidence, methods, publication, attribution, correction, and community safeguards. Research outputs shall not be overstated as certification, recognition, public authority approval, finance-readiness, procurement approval, professional advice, public warning, or emergency command.

26.20 Employment, Contractor, Volunteer, Fellow, Advisor, Workplace, and Safety Compliance.\
The Corporation shall comply with applicable employment, contractor, volunteer, fellow, advisor, workplace, wage and hour, tax withholding, payroll, benefits, workers’ compensation, unemployment insurance, occupational safety, harassment prevention, nondiscrimination, accessibility, immigration where applicable, background screening where lawful and appropriate, confidentiality, IP, data access, AI-use, cybersecurity, conflict, non-retaliation, whistleblower, and workplace safety requirements.

Personnel classifications shall be accurate and recorded. Employees, contractors, volunteers, fellows, advisors, seconded personnel, technical contributors, and other participants shall not be misclassified for convenience, funding, speed, sponsorship, or operational flexibility.

The Corporation shall provide written terms where appropriate, including role scope, authority limits, compensation or unpaid status, confidentiality, IP, data / AI / cyber obligations, conflicts, public claims, controlled-room obligations, public authority boundary obligations, finance-boundary obligations, certification-boundary obligations, safeguards obligations, and offboarding duties.

Workplace and safety compliance shall apply to physical workplaces, virtual workplaces, laboratories, host sites, field activities, public authority rooms, controlled rooms, academy activities, events, community engagements, travel, and remote collaboration environments.

26.21 Lobbying, Political Activity, Government Ethics, Gifts, Procurement Integrity, and Grant Compliance Where Applicable.\
The Corporation shall comply with applicable lobbying, political activity, campaign activity, election-related, government ethics, gifts, hospitality, conflicts, procurement integrity, grant compliance, public authority communications, public-sector data, public records, open meetings, and public finance reader requirements where applicable.

No person shall use the Corporation’s public-benefit mission, public authority learning role, research outputs, evidence artifacts, public-safe reports, technical baselines, public-good software, Nexus compatibility, public authority relationships, sponsors, providers, donors, funders, hosts, or community relationships to conduct unapproved lobbying, partisan political activity, campaign intervention, procurement steering, grant manipulation, gift or hospitality violation, government ethics violation, public finance influence, or public authority pressure.

Public authority communications shall be capacity-classified and recorded where material. The Corporation may educate, inform, convene, publish, and support learning within its lawful role, but shall not represent that it has authority to direct public policy, bind public authorities, approve grants, influence procurement, allocate public finance, issue public warnings, or make governmental decisions.

Where lobbying, political activity, procurement, grant, gift, ethics, or public authority compliance risk exists, the Corporation shall require review before action, including limitation language, role clarification, registration where required, reporting where required, recusals, access restrictions, or termination of the activity.

26.22 Public Authority Interaction Compliance.\
The Corporation shall manage all public authority interactions with role clarity, capacity classification, non-execution discipline, non-reliance language, records, public-safe communication, data controls, public authority reference controls, and avoidance of official-adoption overclaim.

Public authority interactions include engagement with federal agencies, state agencies, territorial bodies, District of Columbia bodies, Tribal governments, local governments, public health authorities, emergency management bodies, public safety bodies, public works bodies, utilities, ports, infrastructure authorities, public universities, public laboratories, public finance bodies, regulators, legislative bodies, grantmakers, procurement bodies, and public infrastructure operators.

The Corporation shall distinguish among official capacity, observer capacity, regulator-listening capacity, public finance reader capacity, emergency-management participant capacity, public infrastructure operator capacity, simulation participant capacity, learning participant capacity, technical reviewer capacity, and other approved public authority capacity classifications.

No public authority interaction shall be interpreted as public authority delegation, public warning authority, emergency command, official adoption, procurement approval, funding approval, grant approval, regulatory approval, public finance approval, sovereign obligation, public-private partnership, treaty status, intergovernmental status, certification, recognition, finance-readiness, provider preference, or execution authority unless separately and lawfully established by competent record.

26.23 Nexus Constitutional Alignment Where Consistent With United States Law.\
The Corporation shall align its activities, instruments, policies, records, public-good software, technical baselines, public authority learning, observability methods, evidence systems, data / AI / cyber controls, safeguards, and public-safe publications with the Nexus constitutional architecture where such alignment is consistent with United States law, the Corporation’s Certificate or Articles of Incorporation, this Bylaw, Board authority, tax-exempt or tax-exempt-compatible posture, public-benefit purpose, non-execution rule, role separation, and applicable regulatory boundaries.

Nexus constitutional alignment may include alignment with the public-good stack, one-rail / two-stacks architecture, GCRI / GRF / GRA role separation, Nexus Network interoperability, Nexus Standards compatibility, Nexus Observatory methods, Nexus Truth Engine methods, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortium interfaces, national company interfaces, Project SPV interfaces, qualified provider interfaces, public authority learning interfaces, proof receipts, role keys, smart licenses, controlled vocabularies, validity-by-record, and correctionability.

Nexus constitutional alignment shall be functional and bounded. It shall not create legal merger, agency, shared liability, shared treasury, branch status, parent-subsidiary status, alter ego status, joint employer status, public authority status, protocol monopoly, standards authority, recognition authority, finance-readiness authority, procurement authority, certification authority, emergency command authority, public warning authority, or enterprise execution role.

Where Nexus alignment conflicts or may conflict with United States law, governing state law, tax requirements, public authority obligations, data / AI / cyber law, sanctions, export controls, competition law, civil rights, accessibility, Tribal or Indigenous protocols, protected knowledge controls, or this Bylaw, the Corporation shall apply United States legal primacy for internal corporate acts and the most protective lawful posture for activities.

26.24 No Nexus Instrument May Displace United States Legal Primacy for Internal Corporate Acts.\
No Nexus constitutional framework, charter, doctrine, protocol, standard, registry, ledger, proof receipt, role key, smart license, controlled vocabulary, Docket entry, Grid entry, standards profile, maturity record, recognition record, finance-readiness record, consortium instrument, national company instrument, Project SPV instrument, provider agreement, sponsor agreement, public authority note, technical baseline, repository entry, AI output, dashboard, public-safe report, or cross-border interface shall displace the United States legal primacy governing the Corporation’s internal corporate acts.

Internal corporate acts include legal existence, incorporation, registered agent, registered office, principal office, governance seat, director appointment or election, officer appointment, committee creation, fiduciary governance, member rights where applicable, Board authority, reserved matters, adoption and amendment of this Bylaw, corporate records, authority matrices, delegations, conflicts, indemnification, dissolution, merger, conversion, wind-up, asset distribution, and other internal governance matters.

Nexus instruments may support mission alignment, interoperability, public-good stack compatibility, semantic consistency, technical architecture, evidence routing, public-safe publication, and correctionability only where adopted, recognized, or implemented through the proper hierarchy of authority and consistent with applicable law. No external instrument shall become binding internal governance by repetition, reference, technical integration, public use, sponsor expectation, provider reliance, public authority attendance, repository placement, proof receipt, AI summary, or operational habit.

Where a Nexus instrument appears to conflict with United States legal primacy, the Corporation shall hold the affected activity, identify the conflict, preserve records, obtain appropriate review, issue compatibility notes or divergence logs where needed, amend lower-order instruments where appropriate, and refuse any interpretation that weakens legal identity, mission lock, fiduciary governance, non-execution, tax compliance, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, data / AI / cyber controls, safeguards, validity-by-record, or correctionability.

26.25 United States-Specific Compliance Records.\
The Corporation shall maintain records sufficient to demonstrate United States-specific compliance, United States legal seat discipline, all-states-and-territories compliance posture, North America anchor boundary discipline, and Nexus alignment within United States legal primacy.

United States-specific compliance records shall include, as applicable:

a) federal compliance records;

b) state compliance records;

c) territorial compliance records;

d) District of Columbia compliance records;

e) Tribal-interface and Indigenous-governance respect records;

f) local compliance records;

g) corporate and governance compliance records;

h) registered agent, registered office, principal office, governance seat, annual report, franchise tax, director, officer, member, minute book, resolution, consent, delegation, authority matrix, and good-standing records;

i) federal tax records;

j) state and local tax records;

k) nonprofit and tax-exempt compliance records;

l) charitable solicitation records;

m) privacy and data protection records;

n) AI governance records;

o) cybersecurity records;

p) accessibility and civil rights records;

q) sanctions records;

r) export-control and controlled-technology records;

s) research ethics records;

t) employment, contractor, volunteer, fellow, advisor, workplace, and safety records;

u) lobbying, political activity, government ethics, gifts, procurement integrity, grant compliance, public records, open meetings, and public authority interaction records where applicable;

v) public authority capacity records;

w) Nexus constitutional alignment records;

x) compatibility notes, divergence logs, equivalence notes, and conflict-of-law records;

y) records of holds, stops, quarantines, access restrictions, publication freezes, implementation freezes, technical isolations, controlled-room lockdowns, corrections, withdrawals, supersessions, retractions, takedowns, public-safe clarifications, referrals, externalizations, and terminations; and

z) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, legal hold status, repository location, and metadata.

United States-specific compliance records shall be maintained so that the Corporation can demonstrate not only that it pursued a public-benefit mission, but that it pursued that mission lawfully, separately, transparently, correctionably, and without role collapse. The governing rule of this Section is that Nexus alignment strengthens the Corporation only when it remains subordinate to United States legal discipline for GCRI US internal corporate acts and consistent with applicable law for external activities. The Corporation shall be a United States public-benefit technical institution and North America anchor within a bounded public-good role, not a regulator, public authority, finance actor, certification body, procurement body, emergency command body, public warning authority, enterprise execution vehicle, or whole-system controller.

## Section 27. Relationship to GCRI Canada and Other National, Regional, or Global GCRI Entities

27.1 Separate Legal Personality of GCRI US.\
The Corporation shall at all times be maintained, described, governed, recorded, funded, administered, represented, and interpreted as a separate United States legal person. Its legal existence, rights, duties, liabilities, assets, records, officers, directors, filings, tax status, bank accounts, contracts, public-benefit obligations, governance acts, authority matrices, policies, delegations, publications, controlled rooms, technical assets, data systems, public authority interfaces, and Nexus-alignment records shall belong to the Corporation and shall not be treated as the legal acts, assets, liabilities, authority, or records of GCRI Canada, any other national or regional GCRI entity, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, any consortium, national company, Project SPV, provider, sponsor, host, donor, funder, public authority, university, laboratory, partner, or enterprise actor.

The Corporation may share mission language, doctrine, methods, ontology, public-good technical baselines, public-safe learning materials, evidence principles, research frameworks, Nexus-interface structures, and public-good commitments with other GCRI-related entities, but such shared mission or compatibility shall not merge legal personality. The Corporation’s separateness shall be preserved in all filings, contracts, board records, committee records, financial records, donor records, sponsorship records, public authority materials, data-sharing terms, software repositories, public-safe publications, websites, GitBook pages, slide decks, fundraising materials, grant applications, press statements, and Nexus-facing materials.

No person shall represent that GCRI US is merely an office, chapter, branch, division, desk, program, operating unit, project label, or implementation arm of another entity unless such status is separately and lawfully created by competent legal instrument and expressly approved by the Board where required. Absent such competent record, GCRI US shall be treated as a separate corporation with its own governing instruments and United States legal seat discipline.

27.2 Separate Legal Personality of GCRI Canada.\
GCRI Canada shall be treated as a separate Canadian legal person, public-benefit anchor, governing entity, record holder, rights holder, liability holder, and compliance subject. Its Canadian legal existence, Canadian governance acts, Canadian directors, officers, members where applicable, bylaws, filings, tax records, registrations, assets, contracts, bank accounts, public authority interfaces, data obligations, research activities, publications, controlled rooms, technical assets, and Nexus-interface records shall not be treated as the legal acts or obligations of GCRI US unless expressly assumed by GCRI US through a lawful written instrument authorized by competent authority.

The Corporation may coordinate with GCRI Canada in evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, Nexus Truth Engine methods, Nexus Observatory methods, verifiable compute, public authority learning, safeguards, North America evidence architecture, and cross-border public-good work. Such coordination shall remain coordination between separate legal persons.

No Canadian filing, Canadian public authority engagement, Canadian grant, Canadian donor arrangement, Canadian sponsorship, Canadian employment matter, Canadian data activity, Canadian research activity, Canadian publication, Canadian controlled-room record, Canadian Nexus-interface act, or Canadian operational practice shall bind GCRI US unless GCRI US has expressly and lawfully accepted the relevant obligation through proper authority and record. Likewise, no GCRI US act shall bind GCRI Canada without competent Canadian authority and record.

27.3 Separate Legal Personality of Other National or Regional GCRI Entities.\
Any other national, regional, state, territorial, provincial, local, continental, or global GCRI-related entity shall be treated as legally separate unless a competent legal instrument expressly provides otherwise and such instrument is approved through the required governance process of each affected entity. The existence of a common name, common mission, common doctrine, common public-good vocabulary, common Nexus alignment, common technical baseline, shared publication style, shared founder history, shared personnel, shared advisory participation, shared public authority learning activity, or shared technical repository shall not create legal unity.

The Corporation shall not assume liability, authority, governance responsibility, public authority status, tax responsibility, employment responsibility, data responsibility, financial responsibility, or operational responsibility for any other GCRI-related entity by reason of shared mission or institutional affinity. Each entity shall maintain its own governing records, compliance records, financial records, authority records, public descriptions, and correction pathways.

Where the Corporation cooperates with another GCRI-related entity, the relationship shall be documented through an MoU, interface agreement, cooperation instrument, shared-services agreement, data-sharing agreement, research agreement, public-good software agreement, licensing instrument, publication protocol, controlled-room terms, or other competent record appropriate to the relationship.

27.4 Shared Mission Without Legal Fusion.\
GCRI US may share a common mission with GCRI Canada and other GCRI-related entities to advance evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute, public authority learning, public-safe reporting support, systemic risk literacy, community safeguards, and Nexus-compatible public-good infrastructure.

Shared mission shall not create legal fusion. No shared purpose statement, mission statement, doctrine, public-facing narrative, public-good pledge, Nexus reference, whitepaper, charter, technical baseline, academy program, public authority convening, research project, or public-safe report shall be interpreted as merging corporate identities, combining treasuries, creating agency, creating partnership, creating joint venture, creating joint employment, creating alter ego status, creating shared liability, or transferring authority between entities.

Public descriptions of shared mission shall use language that preserves legal separateness. The Corporation may describe alignment, coordination, interoperability, complementarity, and shared public-good purpose, but shall avoid language suggesting a single legal entity, consolidated organization, branch structure, parent-subsidiary structure, common treasury, unified command, or whole-system authority.

27.5 Shared Doctrine Without Shared Liability.\
The Corporation may adopt, reference, adapt, localize, contribute to, or align with shared GCRI and Nexus doctrines, including doctrines concerning non-execution, validity-by-record, correctionability, public-good stack discipline, one rail / two stacks, verifiable compute, verifiable intelligence, observability, evidence integrity, public-safe publication, sponsor support-without-control, provider neutrality, public authority boundary discipline, and regulated-perimeter discipline.

Shared doctrine shall not create shared liability. The adoption or use of a common doctrine by GCRI US and another entity shall not make either entity liable for the other’s acts, omissions, publications, records, data handling, public authority statements, sponsor arrangements, provider relationships, employment matters, tax positions, contracts, technical releases, controlled-room decisions, or Nexus-interface conduct.

Where a shared doctrine is localized for GCRI US, the localized United States version shall be interpreted through applicable United States law, the Corporation’s Certificate or Articles of Incorporation, this Bylaw, Board resolutions, tax-exempt or tax-exempt-compatible requirements, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, data / AI / cyber controls, safeguards, and records requirements.

27.6 Shared Ontology Without Shared Treasury.\
The Corporation may share ontology, controlled vocabulary, taxonomies, schemas, data dictionaries, evidence classifications, risk categories, technology categories, public authority capacity classifications, finance-boundary semantics, certification-boundary semantics, Nexus-compatible claim semantics, and public-safe publication language with GCRI Canada and other GCRI-related entities.

Shared ontology shall not create a shared treasury. No shared term, shared schema, shared register structure, shared public-good repository, shared dashboard language, shared proof-receipt label, shared role-key language, shared smart-license vocabulary, shared Nexus vocabulary, or shared classification system shall be interpreted as combining funds, assets, reserves, donations, grants, sponsorships, restricted funds, in-kind support, bank accounts, investment accounts, receivables, payables, liabilities, or financial obligations.

Each entity shall maintain separate financial records, bank accounts, accounting records, restricted fund records, grant records, sponsorship records, donation records, expense approvals, procurement records, tax filings, and audit or review records unless a lawful shared-services or cost-sharing instrument expressly provides otherwise. Any shared-services or cost-sharing arrangement shall preserve nonprofit and tax compliance, arm’s-length or reasonableness requirements where applicable, conflict controls, private benefit controls, inurement controls, sponsor non-control, provider neutrality, and records discipline.

27.7 Shared Methods Without Agency.\
The Corporation may share methods with GCRI Canada and other GCRI-related entities, including methods for evidence intake, source lineage, provenance, uncertainty, confidence, validation, corroboration, observability, AI-output review, AI-RAN and O-RAN signal interpretation, DePIN and DLT validation, digital twin assumption review, geospatial evidence, cyber evidence, verifiable compute, public-safe publication, research correction, and safeguards review.

Shared methods shall not create agency. No entity shall be deemed the agent of another merely because it uses, adapts, contributes to, reviews, tests, implements, or publishes common methods. No person acting for one GCRI-related entity may bind another entity by using shared methods, common templates, common technical systems, common repositories, common forms, common controlled vocabulary, or common Nexus-interface logic.

Where method sharing may create reliance, public authority confusion, finance-boundary risk, certification-boundary risk, procurement implication, public-safe risk, data / AI / cyber risk, export-control risk, sanctions risk, competition risk, or protected knowledge risk, the Corporation shall use limitation language, capacity classification, access controls, role clarification, compatibility notes, divergence logs, or separate instruments.

27.8 Shared Projects Without Partnership Unless Expressly Constituted.\
The Corporation may participate with GCRI Canada or other GCRI-related entities in shared projects, research collaborations, technical baselines, observability methods, public-good software, public authority learning programs, academy activities, fellowships, labs, public-safe publications, controlled rooms, data rooms, clean rooms, evidence rooms, Nexus-interface pilots, cross-border learning activities, and North America coordination.

A shared project shall not create a legal partnership, joint venture, association of persons for profit, common enterprise, common employer, common treasury, common agency, shared liability, shared ownership, or joint authority unless expressly constituted by a written instrument approved by competent authority and consistent with applicable law, nonprofit restrictions, tax requirements, public-benefit purpose, and this Bylaw.

Each shared project shall identify, where applicable, the participating entities, legal capacity of each entity, project purpose, scope, funding responsibilities, asset ownership, IP ownership or licensing, data responsibilities, AI responsibilities, cyber responsibilities, publication authority, public authority capacity language, sponsor and provider controls, records custodian, correction pathway, termination rights, governing law, dispute handling, and non-execution boundaries.

No shared project shall be marketed, described, funded, or operated in a manner that implies merger, public authority delegation, certification, recognition, finance-readiness, procurement approval, provider preference, sponsor control, public warning authority, emergency command, or enterprise execution by GCRI US.

27.9 Shared Directors, Officers, Advisors, Contributors, Staff, Fellows, or Systems Without Alter Ego Status.\
The existence of shared or overlapping directors, officers, advisors, contributors, staff, fellows, volunteers, contractors, technical maintainers, public authority participants, committee members, working-group participants, systems, repositories, forms, templates, dashboards, controlled vocabularies, software tools, communication channels, or public-good technical assets shall not by itself create alter ego status, single employer status, joint employer status, partnership, joint venture, agency, common treasury, shared liability, or merger between GCRI US and any other GCRI-related entity.

Dual-role persons shall act in the capacity expressly applicable to the relevant act. A person who serves more than one entity shall not rely on title, seniority, founder status, technical centrality, authorship, public authority relationship, sponsor relationship, provider relationship, repository access, controlled-room access, or institutional prominence to blur capacity. Every material act shall be attributable to the correct entity and capacity.

Where shared personnel or shared systems create risk of confusion, the Corporation shall require capacity statements, separate email or system identifiers where appropriate, conflict disclosures, recusal records, separate approval paths, access restrictions, separate financial approvals, separate minutes, separate registers, separate repository permissions, and public description controls.

27.10 Shared Records Without Automatic Mutual Authority.\
GCRI US may maintain, access, contribute to, or interoperate with shared records, shared evidence registers, shared method registers, shared ontology registers, shared repository records, shared public-good software records, shared controlled vocabulary records, shared proof-receipt records, shared correction records, shared Nexus-interface records, or shared public-safe publication records where lawful and properly governed.

Shared records shall not create automatic mutual authority. Access to a record shall not mean authority to approve, modify, publish, certify, recognize, finance, procure, execute, bind, endorse, or act for another entity. The authority to act on a record shall be determined by applicable law, governing instruments, Board resolutions, delegations, data terms, repository permissions, controlled-room terms, public authority capacity classifications, and the relevant record’s metadata.

Shared records shall include sufficient metadata to identify record owner, custodian, originating entity, responsible owner, authority basis, access class, publication class, retention class, correction pathway, reliance limitations, affected jurisdictions, Nexus-interface status, and whether the record is evidence, method, draft, public-safe output, controlled output, technical artifact, governance record, or non-operative reference.

Where a shared record may create authority confusion, the Corporation shall annotate, restrict, correct, supersede, withdraw, seal, segregate, or reclassify the record.

27.11 United States Localization by GCRI US.\
GCRI US shall be responsible for United States localization of GCRI and Nexus-compatible public-good functions within the scope of its lawful authority. United States localization may include adaptation of evidence methods, public authority learning materials, public-safe publication practices, controlled vocabulary, data governance terms, AI governance controls, cybersecurity controls, research protocols, community safeguards, accessibility requirements, civil rights requirements, public authority capacity classifications, state and territorial compliance notes, Tribal-interface protocols, local-law notes, tax and nonprofit controls, charitable solicitation controls, and regulatory-perimeter language.

United States localization shall be performed in accordance with United States federal law, governing state law, applicable state, territorial, Tribal-interface, local, and cross-border requirements, the Corporation’s Certificate or Articles of Incorporation, this Bylaw, Board authority, tax-exempt or tax-exempt-compatible obligations, public-benefit purpose, non-execution boundary, public authority boundary, finance boundary, certification boundary, procurement neutrality, data / AI / cyber controls, safeguards, validity-by-record, and correctionability.

United States localization shall not be treated as authority to rewrite the global mission in a manner that creates role collapse, sponsor control, provider preference, public authority overclaim, finance-readiness overclaim, certification overclaim, procurement implication, recognition overclaim, emergency command, public warning authority, or enterprise execution.

27.12 Canadian Localization by GCRI Canada.\
Canadian localization shall be performed by GCRI Canada or another competent Canadian entity within its own legal authority and applicable Canadian legal framework. The Corporation may coordinate with GCRI Canada, exchange methods, support interoperability, contribute evidence, compare practices, and maintain compatibility notes, but shall not exercise Canadian corporate authority, Canadian public authority authority, Canadian tax authority, Canadian charitable authority, Canadian employment authority, Canadian data authority, Canadian controlled-room authority, Canadian certification authority, Canadian recognition authority, Canadian finance-readiness authority, or Canadian execution authority unless separately and lawfully authorized.

GCRI US shall not represent Canadian-localized instruments as GCRI US instruments unless expressly adopted for GCRI US through the proper hierarchy of authority. Canadian-localized terms, records, public authority classifications, data practices, grant terms, charitable representations, public-safe publications, or Nexus-interface practices shall not govern GCRI US internal corporate acts unless lawfully incorporated into GCRI US governing records.

Where Canadian localization and United States localization differ, the Corporation shall use divergence logs, compatibility notes, cross-border legal review, public-safe language, and clear public descriptions to avoid confusion.

27.13 North America Coordination Without Merger.\
GCRI US may coordinate with GCRI Canada and other lawful North America interfaces to support evidence architecture, methods continuity, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute, Nexus Truth Engine methods, Nexus Observatory methods, public authority learning, public-safe publication, cross-border hazard awareness, climate and disaster evidence, cyber and infrastructure evidence, public health evidence, energy-water-food-health evidence, telecom and AI-RAN evidence, DePIN and DLT evidence, supply-chain evidence, border and port evidence, Arctic, Great Lakes, Pacific, Atlantic, Gulf, Caribbean, Mexico, Indigenous, and regional evidence contexts.

North America coordination shall not create merger. No North America coordination body, meeting, council, working group, public authority forum, controlled room, public-safe report, map, dashboard, evidence pack, technical baseline, repository, academy program, sponsor arrangement, provider arrangement, public authority engagement, or Nexus-interface record shall be interpreted as creating a single North America legal entity, regional public authority, treaty body, intergovernmental organization, regulator, public finance authority, certification body, recognition body, finance-readiness body, emergency command body, public warning authority, procurement authority, or enterprise execution vehicle.

North America coordination shall remain bounded by entity separateness, applicable law, cross-border review, public authority capacity classification, data / AI / cyber controls, export-control and sanctions controls, safeguards, protected knowledge controls, public-safe publication discipline, and correctionability.

27.14 No Branch, Office, Division, Parent, Subsidiary, Alter Ego, Single Employer, Joint Employer, Common Treasury, or Shared Liability by Coordination.\
Coordination between GCRI US, GCRI Canada, and any other GCRI-related entity shall not, by itself, create a branch, office, division, parent-subsidiary relationship, alter ego relationship, single employer relationship, joint employer relationship, common treasury, fiscal unity, shared liability, agency, partnership, joint venture, or integrated enterprise.

The Corporation shall not use or permit public descriptions, contracts, grant materials, donor materials, sponsorship materials, public authority materials, employment materials, recruitment materials, public-safe reports, websites, GitBook pages, repositories, dashboards, press releases, conference materials, or Nexus-interface materials that imply such relationship without competent legal basis and recorded approval.

Factors such as shared logos, shared names, shared mission, shared doctrine, common founder history, overlapping personnel, shared technical tools, shared public-good repositories, shared public authority learning sessions, shared donors, shared sponsors, shared providers, shared advisors, shared committees, shared controlled vocabulary, shared methods, shared academy activities, shared publications, or shared Nexus references shall not be sufficient to overcome the separateness rule.

Where any person asserts or implies branch, parent, subsidiary, alter ego, single employer, joint employer, common treasury, or shared liability status, the Corporation shall review the statement, correct public language, restrict authority, issue clarification where needed, and preserve corrective records.

27.15 No Automatic Mutual Authority.\
No GCRI-related entity shall have automatic authority to bind GCRI US, and GCRI US shall have no automatic authority to bind any other GCRI-related entity. Mutual authority may arise only through a lawful written instrument approved by competent authority and limited to the scope, duration, conditions, budget, access, records, and restrictions stated in that instrument.

No person serving in a role with GCRI US shall be deemed to have authority to act for GCRI Canada or another GCRI-related entity merely because of title, seniority, public visibility, technical contribution, shared mission, shared email channel, shared event, shared repository, shared document, shared project, shared governance discussion, or shared public authority meeting. The same rule shall apply in reverse.

Any purported act outside recorded authority shall be treated as unauthorized, subject to correction, ratification where lawful, rejection, withdrawal, notice, contract action, access restriction, disciplinary action, or legal response where appropriate.

27.16 No Agency Between GCRI US and GCRI Canada Without Express Written Instrument.\
There shall be no agency relationship between GCRI US and GCRI Canada unless expressly established by a written instrument approved by competent authority of each entity and consistent with applicable law, nonprofit restrictions, tax requirements, public-benefit purposes, data / AI / cyber controls, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, safeguards, and this Bylaw.

Any agency instrument shall identify the principal, agent, scope of authority, prohibited acts, duration, territory, financial limits, data authority, publication authority, public authority reference authority, contracting authority, conflict controls, indemnity or liability treatment, insurance requirements, records custodian, reporting duties, termination rights, and correction pathway.

No implied agency shall arise from coordination, public statements, shared mission, shared personnel, shared projects, shared systems, public authority attendance, sponsorship, donor support, provider participation, controlled-room access, technical repository access, or Nexus-interface collaboration.

27.17 Complementarity Without Legal Fusion.\
The Corporation may operate as a complementary United States and North America anchor within the broader GCRI public-good function. Complementarity may include differentiated roles, parallel methods, cross-border evidence support, reciprocal learning, compatible ontology, shared public-safe vocabulary, aligned technical baselines, coordinated public authority learning, interoperable public-good software, and synchronized correction signals.

Complementarity shall not create legal fusion. Each entity shall maintain its own governance organs, legal personality, records, filings, finances, tax status, public authority relationships, controlled-room authorizations, data permissions, publication approvals, sponsor controls, provider controls, employment decisions, and correction responsibilities.

Complementary activity shall be described in terms of cooperation, alignment, support, interoperability, coordination, and mutual learning, and shall not be described in terms of command, control, ownership, merger, branch, parentage, consolidated authority, unified treasury, unified board, unified employment, or whole-system execution unless legally true and recorded.

27.18 Equivalence Duties.\
Where GCRI US and another GCRI-related entity maintain parallel or interoperable instruments, policies, methods, classifications, public authority capacity language, data rules, AI rules, cyber rules, safeguards, public-safe publication rules, controlled vocabulary, repository rules, or Nexus-interface rules, the Corporation shall seek functional equivalence without legal confusion.

Equivalence means that each localized instrument preserves the same core public-good protections within its own legal context, including public-benefit purpose, nonprofit discipline where applicable, non-execution, role separation, public authority boundary discipline, finance boundary discipline, certification boundary discipline, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber integrity, safeguards, protected knowledge controls, validity-by-record, correctionability, anti-capture, and public-safe publication.

Equivalence does not require identical wording where local law, language, governance form, public authority practice, Indigenous protocol, data law, tax law, nonprofit law, or operational context requires different expression. The Corporation shall document equivalence through compatibility notes, divergence logs, crosswalks, board materials, policy records, or public-safe explanatory notes where appropriate.

27.19 Divergence Logs.\
The Corporation shall maintain divergence logs where GCRI US practices, instruments, policies, terms, public descriptions, data rules, AI rules, cyber rules, methods, public-safe publication rules, public authority capacity classifications, controlled-room terms, technical baselines, repository rules, sponsor terms, provider terms, or Nexus-interface records differ from GCRI Canada or other GCRI-related entities.

A divergence log shall identify the affected entities, affected instruments, nature of divergence, legal or operational basis, jurisdictional cause, public authority relevance, data / AI / cyber relevance, safeguards relevance, tax or nonprofit relevance, finance-boundary relevance, certification-boundary relevance, procurement relevance, records implications, public-safe language implications, responsible owner, effective date, review date, and correction pathway.

Divergence shall not be used to weaken core protections. Where a divergence would weaken non-execution, role separation, public authority boundaries, finance boundaries, certification boundaries, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber controls, safeguards, validity-by-record, or correctionability, the Corporation shall reject, suspend, correct, or escalate the divergence.

27.20 Compatibility Notes.\
The Corporation shall maintain compatibility notes where GCRI US instruments, methods, public-good software, technical baselines, public authority learning materials, public-safe publications, records, controlled vocabularies, data structures, proof receipts, role keys, smart licenses, or Nexus-interface artifacts are intended to interoperate with GCRI Canada or another GCRI-related entity.

Compatibility notes shall clarify the purpose of compatibility, the entities involved, the legal status of each entity, the non-agency rule, the non-merger rule, the non-shared-liability rule, the governing instrument hierarchy, the relevant jurisdictional limits, the public authority boundary, the finance boundary, the certification boundary, the procurement boundary, the data / AI / cyber controls, safeguards, public-safe limitations, correction pathway, and responsible record custodian.

Compatibility notes shall not create independent authority. They shall be interpretive and records-supporting instruments unless adopted as binding instruments through the proper hierarchy of authority.

27.21 Cross-Entity Role Clarity.\
All cross-entity activity involving GCRI US shall identify the role of each participating entity and, where material, the capacity of each person participating. Cross-entity role clarity shall apply to board materials, committee materials, shared projects, public authority meetings, donor meetings, sponsorship discussions, provider discussions, research collaborations, data rooms, controlled rooms, public-safe publications, academy programs, fellowships, grant applications, technical repositories, software releases, dashboards, proof receipts, role keys, smart licenses, Nexus-interface materials, and public descriptions.

The Corporation shall distinguish GCRI US from GCRI Canada, other GCRI entities, GRF, GRA, Nexus Network, Nexus Standards, consortiums, national companies, Project SPVs, qualified providers, sponsors, hosts, public authorities, universities, laboratories, communities, and enterprise actors.

Cross-entity materials shall avoid ambiguous phrases such as “we,” “the organization,” “GCRI,” “the consortium,” “the network,” “the platform,” “the authority,” “the standard,” “the registry,” “the finance-ready process,” or “the official system” where ambiguity may create legal, public authority, finance, certification, procurement, recognition, sponsor, provider, data, AI, cyber, or public-safe risk. Where shorthand is used, the legal entity and capacity shall remain clear.

27.22 Dual-Role Person Controls.\
Any person who serves, advises, contracts with, contributes to, or participates in more than one GCRI-related entity, Nexus entity, consortium, national company, Project SPV, provider, sponsor, host, public authority, university, laboratory, funder, donor, capital reader, or enterprise actor shall be subject to dual-role controls where their roles may create confusion, conflict, capture risk, confidentiality risk, public authority risk, finance-boundary risk, certification-boundary risk, procurement risk, data / AI / cyber risk, protected knowledge risk, or records risk.

Dual-role controls may include annual disclosure, event-based disclosure, capacity statements, separate email accounts or communication channels where appropriate, separate approvals, recusal, access restriction, committee restriction, voting restriction, publication restriction, repository restriction, public statement restriction, conflict management plans, confidentiality undertakings, non-use obligations, and offboarding procedures.

No dual-role person shall use information, authority, access, trust, public authority relationships, donor relationships, sponsor relationships, provider relationships, technical access, or governance participation obtained in one entity to benefit, bind, influence, or represent another entity without lawful authority and record.

Dual-role person controls shall be recorded and periodically reviewed.

27.23 Public Description Discipline.\
The Corporation shall maintain disciplined public descriptions of its relationship to GCRI Canada and other GCRI-related entities. Public descriptions shall be accurate, non-misleading, legally clear, public-safe, role-separated, and consistent with this Bylaw.

Public descriptions may state that GCRI US coordinates with, aligns with, interoperates with, learns from, supports, or complements GCRI Canada or other GCRI-related entities where true and recorded. Public descriptions shall not state or imply that GCRI US and GCRI Canada are the same legal entity, that one automatically binds the other, that they share a treasury, that they are branches of one another, that they are parent and subsidiary, that they are jointly liable, that they are a single employer, that they operate as a partnership or joint venture, that either exercises public authority for the other, or that North America coordination creates regional sovereign authority.

Public description discipline shall apply to websites, GitBook pages, public reports, whitepapers, decks, press releases, speeches, conference materials, grant applications, sponsorship materials, donor materials, public authority materials, provider materials, procurement-sensitive materials, academy materials, repository notices, software documentation, controlled-room notices, public-safe reports, AI summaries, and media statements.

Where a public description is inaccurate, incomplete, ambiguous, overbroad, or capable of creating reliance or role confusion, the Corporation shall correct, clarify, withdraw, supersede, annotate, restrict, or issue public-safe clarification.

27.24 Records, Interfaces, Cooperation Instruments, and Correction Paths.\
The Corporation shall maintain records sufficient to demonstrate the lawful, separate, bounded, and correctionable relationship between GCRI US, GCRI Canada, and any other national, regional, or global GCRI-related entity.

Such records shall include, as applicable:

a) entity-separateness records;

b) legal personality records;

c) public description records;

d) relationship maps;

e) MoUs, interface agreements, cooperation instruments, shared-services agreements, research agreements, data-sharing agreements, IP licenses, repository agreements, publication protocols, controlled-room terms, and public authority interface terms;

f) authority records identifying who may act for GCRI US and who may not;

g) cross-entity capacity records;

h) dual-role person disclosures, restrictions, recusals, and access controls;

i) shared mission records;

j) shared doctrine records;

k) shared ontology records;

l) shared methods records;

m) shared project records;

n) shared records metadata;

o) United States localization records;

p) Canadian localization records;

q) North America coordination records;

r) divergence logs;

s) compatibility notes;

t) equivalence notes;

u) public authority capacity records;

v) finance-boundary, certification-boundary, procurement-boundary, recognition-boundary, and non-execution records;

w) data / AI / cyber, privacy, protected knowledge, sanctions, export-control, competition, research, tax, nonprofit, and safeguards review records;

x) records of holds, stops, quarantines, access restrictions, publication freezes, implementation freezes, technical isolations, corrections, withdrawals, retractions, takedowns, supersessions, public-safe clarifications, referrals, externalizations, and terminations; and

y) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, legal hold status, repository location, and metadata.

Where relationship confusion, authority confusion, public description error, cross-entity overclaim, public authority confusion, finance overclaim, certification overclaim, procurement implication, recognition overclaim, data-sharing ambiguity, sponsor or provider overclaim, or Nexus-interface ambiguity arises, the Corporation shall use a correction path proportionate to the risk. Correction may include private clarification, controlled notice, public-safe clarification, amendment of records, amendment of public descriptions, access restriction, recusal, revised compatibility note, revised divergence log, revised cooperation instrument, Board review, counsel review, or termination of the affected activity.

The governing rule of this Section is that GCRI US may cooperate deeply without fusing legally. It may share mission without sharing liability; share doctrine without surrendering seat discipline; share ontology without sharing treasury; share methods without creating agency; share projects without creating partnership; and coordinate across North America without becoming a merged regional authority. All such cooperation shall remain lawful, record-based, role-separated, public-benefit-aligned, non-executing, correctionable, and subordinate to the Corporation’s United States governing instruments.

## Section 28. Relationship to The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Standards, Nexus Network, and Enterprise Stack Actors at the Interpretive Level

28.1 GRF Role Recognition.\
The Corporation recognizes The Global Risks Forum (GRF) as a separate institution within the Nexus public-good architecture, with its own legal identity, governing instruments, authority records, public-facing role, registry responsibilities, recognition discipline, maturity-records function, standing discipline, claims-discipline function, stakeholder-formation role, public-safe reporting role, and legitimacy-stewardship function.

Recognition of GRF in this Bylaw is interpretive and role-separating. It is intended to preserve the distinction between evidence generation and public-facing legitimacy stewardship. It shall not merge GCRI US with GRF; shall not make GRF a committee, branch, office, agent, subsidiary, parent, alter ego, representative, registry arm, publication arm, public authority interface, or controlled body of GCRI US; and shall not make GCRI US a recognition body, registry authority, maturity authority, standing authority, claims-discipline body, or public-facing legitimacy steward.

The Corporation may provide evidence, methods, observability outputs, ontology support, technical baselines, public-good software, correction signals, and research support to GRF where lawful, authorized, and properly recorded. Such support shall remain non-executing, evidence-based, role-separated, and subject to public-safe publication, data / AI / cyber, safeguards, non-reliance, and correctionability controls.

28.2 GRF as Registry, Recognition, Maturity-Records, Standing, Claims-Discipline, Stakeholder-Formation, Public-Safe Reporting, and Public-Facing Legitimacy Steward.\
GRF shall be understood, for purposes of this Bylaw, as the Nexus public-good steward for registry integrity, recognition discipline, maturity records, standing records, public-facing claims discipline, stakeholder-formation records, public-safe reporting, and public-facing legitimacy functions, where such functions are separately and lawfully constituted by GRF’s own governing instruments and applicable law.

GCRI US shall not perform GRF’s registry or recognition function by implication, technical contribution, evidence authorship, observability work, dashboard publication, public authority convening, Nexus-interface participation, proof-receipt support, Docket input, Grid input, technical baseline, public-safe report, or open software release.

No record, report, dataset, software asset, method, benchmark, model output, technical baseline, evidence pack, public authority learning material, public-safe publication, proof receipt, role key, smart license, dashboard, map, digital twin, AI-RAN signal, DePIN signal, DLT record, blockchain entry, repository entry, working-group note, committee note, or public statement issued by or through GCRI US shall be interpreted as GRF recognition, GRF registry acceptance, GRF maturity status, GRF standing, GRF public legitimacy, GRF claims clearance, or GRF public-facing approval unless GRF has separately and lawfully issued such status through its own competent record.

GCRI US may support GRF by supplying technical evidence inputs, method notes, correction notices, uncertainty statements, source-lineage records, public-safe explanations, ontology mappings, and technical baselines, provided such support is clearly labeled as GCRI US evidence or methods support and not as GRF recognition or public legitimacy determination.

28.3 GRA Role Recognition.\
The Corporation recognizes The Global Risks Alliance (GRA) as a separate institution within the Nexus public-good and finance-readiness architecture, with its own legal identity, governing instruments, authority records, finance-readiness role, capital-readability role, proof-pack role, insurance-readiness role, diligence-translation role, RNFD, NFD, UNFSD, capital-reader room, and regulated-perimeter discipline functions.

Recognition of GRA in this Bylaw is interpretive and boundary-preserving. It is intended to preserve the distinction between evidence and finance-readiness translation. It shall not merge GCRI US with GRA; shall not make GRA a committee, branch, office, agent, subsidiary, parent, alter ego, representative, finance arm, investment arm, insurance arm, public finance arm, or controlled body of GCRI US; and shall not make GCRI US a finance-readiness authority, capital-readability authority, proof-pack issuer, insurance-readiness authority, diligence-translation authority, public finance interface, securities actor, investment adviser, broker, dealer, finder, lender, insurer, underwriter, rating agency, or capital intermediary.

The Corporation may provide evidence, methods, observability outputs, ontology support, technical baselines, public-good software, correction signals, and technical literacy support to GRA where lawful, authorized, and properly recorded. Such support shall remain non-executing, non-soliciting, non-transactional, role-separated, and subject to regulatory-perimeter review, public-safe publication, data / AI / cyber, safeguards, non-reliance, and correctionability controls.

28.4 GRA as Finance-Readiness, Capital-Readability, Proof-Pack, Insurance-Readiness, Diligence-Translation, RNFD, NFD, UNFSD, and Regulated-Perimeter Discipline Steward.\
GRA shall be understood, for purposes of this Bylaw, as the separate Nexus-aligned steward for finance-readiness, capital-readability, proof-pack, insurance-readiness, diligence-translation, Regional Nexus Financing for Development, National Nexus Financing for Development, Universal Nexus Financing for Sustainable Development, capital-reader-room discipline, and regulated-perimeter discipline, where such functions are separately and lawfully constituted by GRA’s own governing instruments and applicable law.

GCRI US shall not perform GRA’s finance-readiness or capital-readability function by implication, evidence authorship, technical contribution, observability output, Nexus-interface participation, controlled-room facilitation, data-room access, dashboard publication, proof-receipt support, Docket input, Grid input, technical baseline, public authority learning, or public-safe report.

No record, report, dataset, software asset, method, benchmark, model output, technical baseline, evidence pack, public authority learning material, public-safe publication, proof receipt, role key, smart license, dashboard, map, digital twin, AI-RAN signal, DePIN signal, DLT record, blockchain entry, repository entry, working-group note, committee note, or public statement issued by or through GCRI US shall be interpreted as GRA finance-readiness, capital-readability, proof-pack issuance, insurance-readiness, investability, bankability, suitability, rating, underwriting basis, lending basis, public finance approval, insurance approval, securities solicitation, broker-dealer activity, investment advice, credit opinion, or capital placement.

GCRI US may support GRA by supplying technical evidence inputs, evidence lineage, method notes, uncertainty statements, public-safe technical explanations, correction notices, ontology mappings, data-quality records, observability records, and open technical baseline references, provided such support is clearly labeled as GCRI US evidence or methods support and not as GRA finance-readiness, capital-readability, insurance-readiness, diligence approval, proof-pack issuance, rating, recommendation, solicitation, underwriting, or public finance approval.

28.5 Nexus Standards and Protocol Authority Role Recognition.\
The Corporation recognizes Nexus Standards and any separately constituted Nexus protocol authority as distinct functions within the Nexus public-good architecture. Such bodies or functions may steward standards profiles, protocol rules, interoperability expectations, technical conformance logic, proof-receipt logic, role-key logic, smart-license logic, registry-adjacent technical semantics, and network compatibility rules where separately and lawfully constituted.

Recognition of Nexus Standards or protocol authority shall not make GCRI US the standards authority, protocol authority, certification authority, conformance body, accreditation body, procurement authority, network controller, ledger authority, or mandatory technical regulator. GCRI US may support standards and protocol work through evidence, methods, ontology, open technical baselines, public-good software, reference implementations, test harnesses, benchmark libraries, schema proposals, technical notes, and correction signals, but shall not convert such support into binding standards authority unless separately and lawfully designated by competent instrument and approved through the required governance pathway.

No technical centrality, authorship, repository control, public-good software release, reference architecture, test vector, schema, API, SDK, dashboard, proof receipt, role key, smart license, ledger entry, DLT record, or standards-support note shall be interpreted as granting GCRI US protocol authority, certification authority, procurement authority, or whole-network governance authority.

28.6 Nexus Network Role Recognition.\
The Corporation recognizes Nexus Network as the permanent public-good infrastructure rail connecting systemic risk evidence, observability, standards, maturity, public-safe claims, finance-readiness routing, regional legitimacy, national mandate, investible infrastructure, Project SPVs, qualified providers, and open enterprise delivery within a role-separated public-good and enterprise-stack architecture.

Recognition of Nexus Network shall not make GCRI US the owner, operator, controller, regulator, public authority, public finance body, enterprise execution body, emergency command body, public warning authority, procurement authority, certification body, or universal standards authority for Nexus Network. GCRI US may serve as an evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baseline, Nexus Truth Engine methods, Nexus Observatory methods, verifiable compute, and public authority learning steward within Nexus-compatible workflows, but only within its own lawful role and authority.

Nexus Network references in GCRI US materials shall be interpretive, architectural, and role-separating unless a specific lawful instrument provides otherwise. No Nexus Network reference shall be used to imply that GCRI US controls all Nexus entities, all Nexus rails, all Nexus protocols, all Nexus standards, all Nexus registries, all Nexus finance-readiness pathways, all Nexus enterprise actors, or all Nexus public authority interfaces.

28.7 Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, and Nexus Competence Cell Role Recognition.\
The Corporation recognizes Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, and Nexus Competence Cells as distinct Nexus-aligned functions, environments, or institutional instruments within the broader Nexus architecture, each with its own purpose, operating logic, records discipline, and role boundary where separately constituted.

GCRI US may contribute to or support:

a) Nexus Observatory through observability methods, evidence logic, technical baselines, sensor interpretation methods, AI-RAN / O-RAN methods, DePIN and DLT validation methods, digital twin assumption review, cyber telemetry methods, geospatial methods, and public-safe output discipline;

b) Nexus Universe through annual public-good learning, benchmarking, controlled build, public authority learning, technical demonstration, safe publication, and correction cycles;

c) Nexus Risk Management through evidence, methods, risk taxonomy, risk register logic, issue register support, control register support, scenario methods, safeguards, and correction signals;

d) Nexus Rails through public-good technical baselines, role-separated routing logic, proof-receipt discipline, data / AI / cyber controls, and interoperability methods;

e) Nexus Grid through evidence-readiness inputs, maturity-relevant technical records, Docket-support artifacts, and public-good technical baselines without maturity determination or recognition authority;

f) Nexus Academy through education, training, evidence literacy, AI governance literacy, cyber literacy, public authority learning, safeguards literacy, and competence formation without regulated credentialing by default; and

g) Nexus Competence Cells through methods, playbooks, train-the-trainer materials, technical baselines, controlled annexes, evidence review, data / AI / cyber support, safeguards support, and localization support.

Such support shall not convert GCRI US into the governing authority of these functions. No Nexus Observatory, Universe, Risk Management, Rails, Grid, Academy, or Competence Cell reference shall imply GCRI US recognition authority, finance-readiness authority, certification authority, procurement authority, public authority authority, public warning authority, emergency command authority, enterprise execution authority, or whole-system control.

28.8 National, Regional, State, Territorial, Tribal, and Local Consortium Role Recognition.\
The Corporation recognizes global, regional, national, state, territorial, Tribal-interface, metropolitan, local, sectoral, public authority, university, laboratory, community, and cross-border Nexus consortiums or consortium-like structures as separate coordination instruments where lawfully constituted. Such consortiums may support stakeholder formation, public-good alignment, public authority learning, regional legitimacy, national mandate formation, capability mapping, localization, public-safe convening, and interface discipline.

Recognition of any consortium shall not make such consortium an organ, member, committee, board, officer, agent, representative, subsidiary, branch, public authority, procurement authority, finance-readiness authority, certification body, recognition body, or enterprise execution vehicle of GCRI US unless separately and lawfully constituted and approved by competent authority.

GCRI US may support consortiums through evidence, methods, public-good software, technical baselines, public authority learning, observability methods, ontology, safeguards, data / AI / cyber controls, and correction signals. Such support shall not create public authority delegation, procurement approval, funding approval, recognition, finance-readiness, certification, provider preference, sponsor control, or execution by GCRI US.

Where GCRI US engages with a consortium, the records shall identify the consortium’s legal or non-legal status, participants, public authority capacities, sponsor and provider roles, data responsibilities, publication responsibilities, evidence responsibilities, GCRI US role, GRF role, GRA role, Nexus Standards role, enterprise-stack role, and correction pathway.

28.9 National Companies and Project SPVs as Enterprise Stack Actors.\
National consortium companies, state or regional operating companies where separately constituted, Project SPVs, project companies, asset owners, delivery companies, operators, integrators, concessionaires, deployment vehicles, procurement vehicles, infrastructure vehicles, finance vehicles, and other execution entities shall be treated as enterprise stack actors unless a competent record establishes a different lawful status.

GCRI US may interface with such actors only within its non-executing public-benefit role. It may provide evidence, methods, public-good technical baselines, public authority learning materials, technical literacy, research outputs, open software, public-safe reports, and correction signals where lawful, authorized, and properly bounded. It shall not own, operate, manage, control, finance, underwrite, guarantee, procure, certify, rate, select, supervise, dispatch, or execute enterprise-stack activity by default.

No national company or Project SPV shall be described as a GCRI US subsidiary, branch, controlled vehicle, public authority instrument, guaranteed project, approved provider, recognized entity, certified entity, finance-ready entity, Nexus-approved vehicle, or procurement-preferred vehicle unless such status is separately and lawfully established by competent authority outside ordinary GCRI US evidence support.

28.10 Qualified Enterprise Providers as Enterprise Delivery Actors.\
Qualified enterprise providers, vendors, contractors, integrators, operators, cloud providers, AI providers, data processors, cybersecurity providers, telecom providers, AI-RAN and O-RAN providers, DePIN providers, DLT providers, robotics providers, sensor providers, geospatial providers, engineering firms, laboratories, consultants, and other commercial or enterprise actors shall be treated as enterprise delivery actors unless a competent record establishes a different lawful role.

GCRI US may engage enterprise delivery actors as vendors, contractors, contributors, technical participants, sponsors, hosts, data processors, repository contributors, public-good support providers, or controlled-room participants where lawful and properly governed. Such engagement shall not create provider preference, procurement advantage, certification, recognition, finance-readiness, insurance-readiness, public authority endorsement, public authority approval, Nexus-wide qualification, or market recommendation.

Provider participation in GCRI US work shall be subject to conflict controls, competition controls, sponsor non-control, provider neutrality, data / AI / cyber controls, public-safe claims discipline, confidentiality, IP terms, export-control and sanctions review where applicable, and correction obligations.

No enterprise provider shall use GCRI US participation, contribution, sponsorship, hosting, repository access, public authority room attendance, technical review, open-source contribution, public-safe report mention, or Nexus-interface participation to claim preferred provider status, procurement approval, certification, recognition, finance-readiness, public authority endorsement, or guaranteed access to national companies, Project SPVs, public authorities, donors, sponsors, investors, insurers, lenders, or capital readers.

28.11 GCRI US as Evidence, Methods, Observability, Ontology, Technical Truth, Public-Good R\&D, Public-Good Software, and Open Technical Baseline Steward.\
GCRI US shall be interpreted as the United States public-benefit technical institution and North America anchor for evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute methods, verifiable intelligence methods, Nexus Truth Engine methods, Nexus Observatory methods, public authority learning, public-safe publication support, data / AI / cyber governance methods, safeguards, and correctionability.

The Corporation’s role is to make technical reality more observable, evidence more disciplined, methods more reproducible, public-good software more available, public authority learning more informed, cross-border evidence more coherent, and Nexus public-good infrastructure more verifiable within lawful limits.

This role shall be interpreted as stewardship, not control; support, not substitution; evidence, not recognition; methods, not certification; technical baselines, not procurement approval; readiness inputs, not finance-readiness determinations; public authority learning, not public authority action; public-safe reporting support, not official public warning; and public-good R\&D, not enterprise execution.

The Corporation may maintain records, registers, repositories, datasets, methods, technical baselines, dashboards, controlled rooms, evidence rooms, clean rooms, public authority learning rooms, public-good software, open technical assets, public-safe reports, technical notes, training materials, and correction notices, but such instruments shall remain within GCRI US’s bounded public-good role.

28.12 No Recognition Function by GCRI US.\
GCRI US shall not exercise a recognition function unless separately and lawfully designated by competent authority and approved through the Corporation’s governing instruments. In ordinary course, GCRI US shall not recognize persons, entities, projects, providers, technologies, jurisdictions, public authorities, Project SPVs, national companies, consortiums, maturity stages, standing, public legitimacy, Nexus-compatible status, Docket status, Grid status, finance-readiness status, insurance-readiness status, or public-safe claims status.

Evidence generated, reviewed, held, published, or supported by GCRI US may inform recognition processes conducted by GRF or another competent body, but such evidence shall not itself constitute recognition. A GCRI US evidence artifact may state what was observed, what method was used, what confidence level applies, what limitations exist, what sources support the record, what uncertainty remains, and what correction pathway applies. It shall not state or imply that a party is recognized, mature, standing-approved, publicly legitimate, Nexus-approved, certified, finance-ready, insurance-ready, bankable, investable, procurement-ready, or officially adopted.

Where a GCRI US output could be misunderstood as recognition, the Corporation shall add limitation language, revise the label, reclassify the output, route the matter to GRF where appropriate, issue a compatibility note, restrict publication, or correct the record.

28.13 No Finance-Readiness Function by GCRI US.\
GCRI US shall not exercise a finance-readiness, capital-readability, insurance-readiness, investment suitability, bankability, creditworthiness, rating, underwriting, lending, brokerage, securities, public finance, proof-pack issuance, or capital placement function unless separately and lawfully authorized by competent law and governance record, which shall not be presumed.

Evidence generated, reviewed, held, published, or supported by GCRI US may inform GRA or other competent actors, but such evidence shall not itself constitute finance-readiness. A GCRI US technical evidence input may describe technical evidence, source lineage, method quality, uncertainty, observability, data quality, system assumptions, risk indicators, or public-safe constraints. It shall not recommend an investment, solicit capital, approve a loan, approve insurance, underwrite a risk, rate a project, approve a public finance allocation, guarantee revenue, validate bankability, confirm insurability, or determine capital-readiness.

Where a GCRI US output may be used in a finance-adjacent context, the Corporation shall apply regulated-perimeter review, non-reliance language, finance-boundary language, access controls, public-safe publication review, and, where appropriate, GRA routing. Finance-adjacent use shall not convert GCRI US into a securities actor, investment adviser, broker, dealer, finder, lender, insurer, underwriter, rating agency, public finance approver, or capital intermediary.

28.14 No Protocol Authority Function by GCRI US Unless Separately and Lawfully Designated.\
GCRI US shall not exercise Nexus protocol authority, standards authority, conformance authority, certification authority, accreditation authority, network governance authority, ledger governance authority, proof-receipt authority, role-key authority, smart-license authority, or mandatory interoperability authority unless separately and lawfully designated by competent instrument and approved through the required governance process.

The Corporation may propose, draft, test, research, publish, and maintain technical baselines, schemas, APIs, SDKs, software tools, reference architectures, test harnesses, benchmark libraries, data dictionaries, model cards, system cards, evaluation methods, and public-good software. Such work may support protocol development or standards development but shall not by itself establish binding protocol authority.

No GCRI US repository, technical baseline, public-good software release, proof-of-concept, reference implementation, method library, benchmark, role key, smart license, DLT record, blockchain entry, dashboard, standard profile draft, or public-safe technical note shall be interpreted as a binding Nexus protocol, formal standard, certification decision, conformance decision, procurement mandate, or official network approval unless separately adopted by the competent authority under the applicable instrument.

Where protocol-authority confusion arises, the Corporation shall re-label, annotate, restrict, correct, supersede, withdraw, or route the material to Nexus Standards or another competent body.

28.15 No Enterprise Execution Function by GCRI US.\
GCRI US shall not act as an enterprise execution vehicle. It shall not own, develop, finance, procure, build, operate, manage, deploy, maintain, dispatch, supervise, command, insure, underwrite, rate, sell, broker, place, integrate, or deliver infrastructure, projects, Project SPVs, national company operations, commercial services, regulated services, public authority operations, emergency operations, public warning systems, procurement processes, or provider delivery functions unless separately and lawfully authorized in a manner consistent with nonprofit restrictions, tax requirements, public-benefit purpose, and this Bylaw; such authorization shall not be presumed.

The Corporation’s public-good technical role may support enterprise actors through general methods, evidence, public-good software, technical literacy, public-safe publications, open baselines, public authority learning, and correction signals. Such support shall remain non-executing and shall not create operational control, project ownership, asset ownership, public procurement role, provider selection, finance-readiness, investment recommendation, insurance approval, certification, recognition, guarantee, or enterprise responsibility.

Enterprise execution shall be routed, where appropriate, to separately constituted national companies, Project SPVs, qualified enterprise providers, public authorities, licensed professionals, regulated entities, operators, integrators, or other competent actors. Routing shall not create agency, partnership, shared liability, public authority delegation, or control by GCRI US.

28.16 Interpretive Role-Separation Records.\
The Corporation shall maintain records sufficient to demonstrate interpretive role separation among GCRI US, GCRI Canada, GRF, GRA, Nexus Standards, Nexus Network, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, national companies, Project SPVs, qualified enterprise providers, sponsors, hosts, public authorities, universities, laboratories, communities, and enterprise actors.

Interpretive role-separation records shall include, as applicable:

a) GRF interface records;

b) GRF registry, recognition, maturity-records, standing, claims-discipline, stakeholder-formation, public-safe reporting, and public-facing legitimacy boundary records;

c) GRA interface records;

d) GRA finance-readiness, capital-readability, proof-pack, insurance-readiness, diligence-translation, RNFD, NFD, UNFSD, capital-reader room, and regulated-perimeter boundary records;

e) Nexus Standards and protocol authority interface records;

f) Nexus Network interface records;

g) Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, and Nexus Competence Cell interface records;

h) consortium interface records;

i) national company and Project SPV interface records;

j) qualified enterprise provider, sponsor, host, vendor, contractor, and enterprise actor records;

k) public authority capacity records;

l) evidence-support records;

m) methods-support records;

n) technical-baseline support records;

o) public-good software support records;

p) recognition-boundary records;

q) finance-boundary records;

r) protocol-authority boundary records;

s) certification-boundary records;

t) procurement-boundary records;

u) enterprise-execution boundary records;

v) compatibility notes;

w) divergence logs;

x) public description records;

y) correction, clarification, supersession, withdrawal, retraction, takedown, public-safe clarification, referral, externalization, and termination records; and

z) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, legal hold status, repository location, and metadata.

Where role-separation ambiguity arises, the Corporation shall apply the most protective lawful interpretation, including hold, stop, quarantine, re-scope, limitation language, access restriction, public-safe clarification, compatibility note, divergence log, counsel review, Board review, routing to GRF, routing to GRA, routing to Nexus Standards, routing to a public authority, routing to a regulated actor, or termination of the affected activity.

The governing rule of this Section is that GCRI US is the evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, and open technical baseline steward. GRF is the public-facing registry, recognition, maturity-records, standing, claims-discipline, stakeholder-formation, public-safe reporting, and legitimacy steward. GRA is the finance-readiness, capital-readability, proof-pack, insurance-readiness, diligence-translation, RNFD, NFD, UNFSD, capital-reader room, and regulated-perimeter discipline steward. Nexus Standards and protocol authority steward standards and protocol logic where separately constituted. National companies, Project SPVs, qualified providers, operators, integrators, and other delivery actors belong to the enterprise stack. No interpretive reading shall collapse these roles, and no shared mission, shared rail, shared method, shared record, shared event, shared dashboard, shared proof receipt, shared repository, shared public authority room, or shared Nexus reference shall override the role separation required by this Bylaw.

## Section 29. United States Mission-Lock Statement

29.1 Mission-Lock Purpose.\
The Corporation shall be governed, interpreted, operated, funded, represented, and corrected under a United States mission lock. The mission lock is the controlling institutional discipline by which GCRI US preserves its public-benefit purpose, nonprofit character, non-distribution rule, United States legal seat, all-states-and-territories posture, North America anchor role, Nexus public-good stack compatibility, GCRI / GRF / GRA role separation, non-execution boundary, public authority boundary, finance boundary, certification boundary, procurement neutrality, provider neutrality, sponsor non-control, data / AI / cyber discipline, community safeguards, protected knowledge controls, validity-by-record, and correctionability.

The mission lock shall apply to every interpretation of this Bylaw, the Certificate or Articles of Incorporation, Board resolutions, committee charters, policies, protocols, schedules, annexes, registers, authority matrices, public statements, public-safe publications, software releases, technical baselines, controlled-room materials, public authority materials, sponsor materials, provider materials, grant materials, fundraising materials, Nexus-interface materials, and any other instrument issued by, for, or in reference to the Corporation.

The mission lock exists to ensure that the Corporation remains a United States public-benefit technical institution and North America anchor for evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute methods, public authority learning, public-safe publication support, and systemic-risk de-risking support, and does not drift into regulated execution, public authority substitution, enterprise execution, finance execution, recognition, certification, procurement approval, emergency command, public warning, or private-market control.

The mission lock shall be interpreted as affirmative and restrictive. It affirmatively authorizes the Corporation to pursue its public-benefit technical purposes within lawful limits. It restrictively prohibits use of the Corporation’s name, resources, records, relationships, technical assets, public authority interfaces, Nexus references, sponsor support, provider participation, or public trust to perform functions outside its lawful public-good role.

29.2 GCRI US Exists to Steward Evidence.\
The Corporation exists to steward evidence for systemic risk, resilience infrastructure, public-good technology, public authority learning, community safeguards, public-safe publication, and Nexus-compatible public-good functions. Evidence stewardship includes the disciplined collection, intake, classification, provenance review, source-lineage recording, confidence marking, uncertainty disclosure, corroboration, limitation, review, correction, supersession, withdrawal, and archival of evidence relevant to public-good technical understanding.

Evidence stewardship may concern AI, AI-RAN, O-RAN, private wireless, DePIN, DLT, blockchain, Web3, quantum-relevant systems, sovereign compute, high-performance computing, cybersecurity, robotics, drones, sensors, geospatial systems, Earth observation, digital twins, biosecurity, climate, nature, energy, water, food, health, disaster, telecom, supply chain, public trust, advanced manufacturing, semiconductors, and other exponential or mission-critical technologies and systems.

Evidence stewardship shall not be interpreted as recognition, certification, finance-readiness, insurance-readiness, rating, public finance approval, procurement approval, public authority decision, emergency command, public warning, legal advice, investment advice, engineering sign-off, clinical advice, or enterprise execution. The Corporation may state what evidence exists, how it was derived, what method was used, what confidence and uncertainty attach to it, what limitations apply, and what correction pathway governs it. It shall not convert evidence into final authority.

The Corporation shall maintain evidence records so that technical claims can be traced, challenged, corrected, superseded, withdrawn, and interpreted within proper institutional boundaries.

29.3 GCRI US Exists to Steward Methods.\
The Corporation exists to steward methods for evidence review, validation, confidence scoring, uncertainty treatment, source lineage, sensor fusion, AI-output review, AI-RAN and O-RAN signal interpretation, DePIN and DLT validation, blockchain and ledger evidence review, digital twin assumption review, geospatial evidence, cyber evidence, verifiable compute, public-safe publication, safeguards review, correction, and reproducibility.

Methods stewardship includes the design, testing, publication, versioning, limitation, localization, peer review, technical review, challenge, correction, retirement, and archival of public-good methods. The Corporation may develop methods for use by public authorities, universities, laboratories, communities, GRF, GRA, Nexus Standards, Nexus Observatory, Nexus Network, consortiums, national companies, Project SPVs, qualified providers, and other actors, provided that such methods remain properly labeled and role-bounded.

A method stewarded by the Corporation shall not, by itself, constitute certification, accreditation, conformance approval, compliance approval, procurement approval, public authority adoption, finance-readiness, recognition, rating, public warning, emergency command, or professional advice. Methods shall remain methods unless separately adopted by a competent actor within its own lawful authority.

The Corporation shall preserve method records showing purpose, scope, version, author, reviewer, limitations, data dependencies, jurisdictional assumptions, public-safe status, correction history, and approved use.

29.4 GCRI US Exists to Steward Observability.\
The Corporation exists to steward observability methods for systemic risk, resilience infrastructure, mission-critical technologies, public-good technology systems, public authority learning, public-safe reporting support, and Nexus-compatible evidence environments. Observability stewardship includes methods, schemas, dashboards, signal interpretation logic, sensor assumptions, degraded-mode awareness, resilience indicators, data-quality rules, public-safe thresholds, and correction pathways.

Observability may include methods for Nexus Observatory nodes, hubs, clusters, hotspots, regional clusters, national dense Nexus cores, state interfaces, territorial interfaces, Tribal-interface contexts, metropolitan interfaces, port interfaces, utility interfaces, sectoral observability environments, AI-RAN / O-RAN signal environments, DePIN environments, digital twins, cyber telemetry, geospatial systems, Earth observation systems, and cross-border North America evidence architectures.

Observability outputs shall be interpreted as learning, evidence, methods, or public-safe technical artifacts, not as official public warnings, emergency commands, dispatch instructions, evacuation notices, public health orders, public authority decisions, procurement triggers, investment triggers, insurance triggers, certification decisions, or enterprise operating instructions.

Where observability outputs may create public reliance, the Corporation shall apply public-safe publication review, limitation language, access controls, public authority capacity classification, data / AI / cyber review, safeguards review, and correctionability controls.

29.5 GCRI US Exists to Steward Ontology.\
The Corporation exists to steward ontology, controlled vocabulary, taxonomies, schemas, data dictionaries, evidence classifications, risk categories, maturity concepts, technology-family definitions, AI-readable knowledge structures, public authority capacity semantics, finance-boundary semantics, certification-boundary semantics, procurement-boundary semantics, recognition-boundary semantics, and Nexus-compatible claim semantics.

Ontology stewardship is essential to prevent silent meaning shifts, public authority confusion, finance overclaim, certification overclaim, recognition overclaim, procurement implication, provider preference, sponsor control, data misuse, AI misuse, and public-safe publication error. The same words shall not be permitted to carry different legal, technical, public-facing, financial, regulatory, or public authority meanings without review and record.

The Corporation may support semantic interoperability across GCRI US, GCRI Canada, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, Nexus Observatory, Nexus Universe, Nexus Risk Management, Nexus Rails, Nexus Grid, Nexus Academy, Nexus Competence Cells, consortiums, national companies, Project SPVs, qualified providers, public authorities, universities, laboratories, communities, sponsors, hosts, and enterprise actors.

Ontology stewardship shall not create recognition authority, finance-readiness authority, standards authority, protocol authority, certification authority, procurement authority, public authority authority, or enterprise execution authority. Controlled vocabulary is a boundary-preserving instrument, not a license to collapse roles.

29.6 GCRI US Exists to Steward Technical Truth.\
The Corporation exists to steward technical truth as disciplined, evidence-based, method-supported, uncertainty-aware, challengeable, correctable, and record-backed technical understanding. Technical truth, for purposes of the Corporation, shall not mean infallibility, oracle status, final public authority decision, legal truth, financial truth, market truth, professional advice, certification, recognition, or emergency command.

Technical truth stewardship includes source comparison, corroboration logic, confidence rules, dispute handling, failed-signal handling, spoof-indicator handling, model-output review, public-safe explanation, uncertainty disclosure, limitation marking, correction triggers, supersession, withdrawal, and archival. Technical truth shall remain bound to the record that supports it.

The Corporation may support Nexus Truth Engine methods, evidence comparison frameworks, verifiable intelligence methods, and public-good technical memory. Such support shall not make the Corporation an official truth authority, public authority decision-maker, public warning body, recognition body, finance-readiness body, certification body, rating agency, procurement body, or standards monopoly.

Every technical-truth output shall remain subject to validity-by-record and correctionability. A claim unsupported by record shall not become true by repetition, publication, dashboard appearance, public authority attendance, sponsor reference, provider use, AI output, ledger entry, proof receipt, or Nexus reference.

29.7 GCRI US Exists to Steward Public-Good R\&D.\
The Corporation exists to steward public-good research and development directed toward systemic risk literacy, resilience infrastructure, exponential technology governance, public-good software, open technical baselines, evidence systems, data governance methods, AI governance methods, cybersecurity baselines, public authority learning tools, technical literacy, public-safe publication, community safeguards, and Nexus-compatible public-good infrastructure.

Public-good R\&D may include applied research, technical prototyping, reference architectures, test harnesses, gold vectors, negative tests, evaluation sets, benchmark libraries, data-quality tools, observability methods, verifiable compute methods, secure release methods, academy materials, and public-good technical memory.

Public-good R\&D shall not become enterprise execution by technical usefulness, sponsor interest, provider participation, public authority attendance, investor attention, grant support, market demand, urgent need, public-safe value, or Nexus compatibility. The Corporation may research, prototype, test, publish, and educate; it shall not, by default, deploy, operate, manage, finance, procure, underwrite, certify, recognize, rate, command, or deliver enterprise systems.

Public-good R\&D shall be governed by research integrity, ethics review where applicable, data / AI / cyber review, safeguards review, intellectual property stewardship, anti-enclosure controls, public-safe publication discipline, and correctionability.

29.8 GCRI US Exists to Steward Public-Good Software.\
The Corporation exists to steward public-good software, open technology, public-good repositories, technical tools, schemas, APIs, SDKs, dashboards, data tools, reference architectures, test harnesses, benchmark assets, evaluation libraries, documentation, and other technical assets that support evidence, methods, observability, ontology, technical truth, public authority learning, public-safe publication, and Nexus-compatible public-good functions.

Public-good software stewardship includes secure development, repository governance, contributor governance, license review, IP chain-of-title review, vulnerability review, dependency review, SBOM discipline where appropriate, artifact signing where appropriate, release governance, deprecation, takedown, correction, archive, and anti-enclosure controls.

No public-good software asset, reference implementation, dashboard, schema, API, SDK, repository, proof-of-concept, technical baseline, or open-source contribution issued by or through the Corporation shall be interpreted as certification, procurement approval, provider preference, public authority adoption, finance-readiness, recognition, rating, guarantee, legal compliance approval, security assurance, operational instruction, or enterprise delivery.

The Corporation shall maintain public-good software and technical asset records sufficient to demonstrate ownership or license basis, permitted use, limitations, release status, security status, correction history, public-safe status, and relationship to the Corporation’s mission lock.

29.9 GCRI US Exists to Steward Open Technical Baselines.\
The Corporation exists to steward open technical baselines that help public authorities, communities, universities, laboratories, standards bodies, GRF, GRA, Nexus entities, consortiums, national companies, Project SPVs, qualified providers, and enterprise actors understand evidence requirements, method expectations, interoperability assumptions, data-quality needs, AI-governance conditions, cybersecurity expectations, observability logic, public-safe publication constraints, and correction pathways.

Open technical baselines may include reference architectures, method profiles, data schemas, evidence templates, assurance checklists, evaluation harnesses, risk taxonomies, system cards, model cards, dataset cards, benchmark cards, interface profiles, observability baselines, and public-safe publication baselines.

Open technical baselines shall be interpreted as public-good technical guidance unless expressly adopted by a competent body within its lawful authority. They shall not constitute binding standards, certification, accreditation, procurement requirements, legal compliance rules, finance-readiness requirements, public authority mandates, official public warnings, emergency commands, or provider-selection requirements by default.

Where an open technical baseline is routed to Nexus Standards, GRF, GRA, a public authority, a consortium, a national company, a Project SPV, or an enterprise actor, the Corporation shall preserve the distinction between GCRI US technical support and the receiving actor’s separate decision authority.

29.10 GCRI US Exists to Support Public Authority Learning Without Public Authority Substitution.\
The Corporation exists to support public authority learning by providing evidence literacy, technical literacy, observability methods, public-safe reporting literacy, scenario and simulation support, tabletop learning, after-action learning support, data / AI / cyber learning, public-good software literacy, safeguards literacy, and systemic-risk understanding to public authorities within lawful and clearly classified capacities.

Public authority learning may involve federal, state, territorial, District of Columbia, Tribal-interface, local, county, municipal, metropolitan, port, utility, public health, emergency management, public safety, public works, telecom, energy, water, food, cyber, infrastructure, public finance reader, regulator-listening, and public infrastructure operator contexts.

Public authority participation shall not be interpreted as public authority delegation, official adoption, public warning authority, emergency command, regulatory approval, funding approval, procurement approval, public finance approval, public-private partnership, sovereign obligation, legal endorsement, certification, recognition, or public authority decision unless separately and lawfully recorded by the competent public authority.

The Corporation shall classify public authority capacity, preserve records, use non-reliance language where appropriate, avoid official-adoption overclaim, and correct public authority confusion promptly.

29.11 GCRI US Exists to Support Nexus Public-Good Stack Compatibility Without Enterprise Execution.\
The Corporation exists to support Nexus public-good stack compatibility by contributing evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, Nexus Truth Engine methods, Nexus Observatory methods, verifiable compute methods, public authority learning, public-safe publication support, safeguards, and correction signals.

Nexus public-good stack compatibility shall be interpreted through the one rail / two stacks discipline. GCRI US belongs to the public-good evidence and methods function. GRF stewards public-facing registry, recognition, maturity-records, standing, claims-discipline, stakeholder-formation, public-safe reporting, and legitimacy functions. GRA stewards finance-readiness, capital-readability, proof-pack, insurance-readiness, diligence-translation, RNFD, NFD, UNFSD, capital-reader room, and regulated-perimeter discipline functions. Nexus Standards and protocol authority steward standards and protocol logic where separately constituted. National companies, Project SPVs, qualified providers, operators, integrators, asset owners, and other delivery actors belong to the enterprise stack.

GCRI US may make the public-good stack more evidence-capable, method-capable, interoperable, observable, correctable, and technically legible. It shall not use Nexus compatibility to control the enterprise stack, approve projects, select providers, certify systems, determine maturity, recognize entities, determine finance-readiness, solicit capital, approve insurance, direct public authorities, command emergencies, issue public warnings, operate infrastructure, or execute delivery.

29.12 GCRI US Exists as United States and North America Anchor Within Bounded Public-Good Role.\
The Corporation exists as the United States public-benefit technical institution and North America anchor for GCRI evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute methods, public authority learning, and public-good technical memory, within a bounded role and subject to United States legal primacy for its internal corporate acts.

The North America anchor role may include lawful coordination with GCRI Canada and lawful interfaces concerning Mexico, the Caribbean, the Arctic, the Great Lakes, Pacific, Atlantic, Gulf, border, port, Indigenous, cross-border, regional, climate, disaster, cyber, public health, energy, water, food, biodiversity, telecom, AI-RAN, DePIN, supply chain, and critical infrastructure evidence contexts.

The North America anchor role shall not create North America sovereign authority, treaty status, intergovernmental status, public authority status, regional regulator status, public finance authority, emergency command authority, public warning authority, procurement authority, certification body, recognition body, finance-readiness authority, standards monopoly, enterprise execution vehicle, or cross-border legal merger.

The Corporation shall preserve localization without fragmentation. State, territorial, Tribal-interface, local, cross-border, and North America adaptations may be adopted where lawful and needed, but shall not weaken the mission lock, non-execution rule, public authority boundary, finance boundary, certification boundary, procurement neutrality, data / AI / cyber controls, safeguards, validity-by-record, correctionability, or legal identity of GCRI US.

29.13 No Mission Drift Into Regulator, Fund, Broker, Lender, Insurer, Rating Agency, Procurement Body, Certification Body, Public Warning Authority, Emergency Command Body, Public Authority, Standards Monopoly, Provider, Asset Owner, National Company, Project SPV, or Enterprise Execution Vehicle.\
The Corporation shall not permit mission drift into any prohibited or role-collapsing function. No interpretation of this Bylaw, no operational practice, no urgent circumstance, no public authority interest, no sponsor support, no provider participation, no donor expectation, no funder condition, no grant narrative, no public-safe need, no technical centrality, no Nexus compatibility, no dashboard output, no proof receipt, no ledger entry, no AI output, no public statement, no controlled-room practice, and no repeated usage shall convert the Corporation into a regulator, public authority, public warning authority, emergency command body, procurement body, certification body, recognition body, standards monopoly, finance-readiness body, fund, broker, dealer, finder, investment adviser, lender, insurer, underwriter, rating agency, public finance approver, provider, operator, asset owner, national company, Project SPV, or enterprise execution vehicle.

The Corporation shall not exercise or imply authority to issue binding public policy; regulate conduct; enforce law; issue permits; approve compliance; award procurement; select vendors for public authorities; certify systems; accredit providers; recognize entities; determine standing; determine maturity; determine Nexus-compatible status; determine finance-readiness; determine insurance-readiness; solicit securities; place capital; broker transactions; underwrite risk; approve lending; guarantee revenue; rate credit or resilience; approve public finance; issue public warnings; command emergencies; dispatch resources; operate public infrastructure; own execution projects; or manage enterprise deployment.

Where activity risks mission drift, the Corporation shall apply hold, stop, quarantine, re-scope, access restriction, publication freeze, implementation freeze, technical isolation, controlled-room lockdown, counsel review, Board review, public-safe clarification, externalization, referral, or termination as appropriate.

Mission drift shall be treated as a governance risk, legal risk, public trust risk, tax risk, public authority risk, finance risk, data / AI / cyber risk, safeguards risk, and Nexus role-separation risk.

29.14 Mission Lock Records.\
The Corporation shall maintain records sufficient to demonstrate that the United States mission lock has been adopted, implemented, monitored, enforced, corrected, and preserved.

Mission lock records shall include, as applicable:

a) mission-lock adoption records;

b) public-benefit purpose records;

c) nonprofit, non-distribution, no-private-inurement, and no-impermissible-private-benefit records;

d) United States legal seat and all-states-and-territories posture records;

e) North America anchor role records;

f) evidence stewardship records;

g) methods stewardship records;

h) observability stewardship records;

i) ontology and controlled-vocabulary records;

j) technical-truth records;

k) public-good R\&D records;

l) public-good software and technical-asset records;

m) open technical baseline records;

n) public authority learning records;

o) Nexus public-good stack compatibility records;

p) GCRI / GRF / GRA role-separation records;

q) public-good stack and enterprise stack separation records;

r) non-execution records;

s) public authority boundary records;

t) finance, securities, insurance, lending, underwriting, rating, public finance, and capital-reader boundary records;

u) certification, procurement, recognition, maturity, Docket, Grid, Nexus-compatible claim, and protocol-authority boundary records;

v) data / AI / cyber / privacy records;

w) community safeguards, Indigenous knowledge, Tribal-interface, local, territorial, protected knowledge, civil rights, accessibility, and public-safe mapping records;

x) sponsor non-control, donor non-control, funder non-control, provider-neutrality, and anti-capture records;

y) regulatory-perimeter escalation records;

z) mission-drift review records;

aa) holds, stops, quarantines, access restrictions, publication freezes, implementation freezes, technical isolations, controlled-room lockdowns, re-scopes, externalizations, referrals, withdrawals, takedowns, supersessions, retractions, corrections, public-safe clarifications, and terminations;

bb) compatibility notes, divergence logs, equivalence notes, public description records, and public-safe summaries;

cc) Board, officer, committee, council, working-group, repository, controlled-room, public authority room, sponsor, provider, donor, funder, host, and participant records relevant to mission lock; and

dd) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, legal hold status, repository location, and metadata.

The governing rule of this Section is that the Corporation shall remain what it is created to be: a United States public-benefit technical institution and North America anchor for evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute methods, public authority learning, safeguards, and correctionable public-good technical memory. It shall not become, by interpretation or drift, the public authority, finance actor, recognition body, certification body, standards monopoly, procurement body, emergency command body, public warning authority, provider, asset owner, national company, Project SPV, or enterprise execution vehicle that the Nexus architecture deliberately separates from it.

## Section 30. Initial Constitutional Protections Summary for Article I

30.1 Legal Identity Protection.\
The Corporation’s legal identity shall be protected as a foundational constitutional condition of this Bylaw. The Corporation shall be identified, governed, recorded, represented, and interpreted as The Global Centre for Risk and Innovation - United States, with “GCRI US” used only as an approved short name and not as a substitute for legal-identity discipline where full legal precision is required.

Legal identity protection shall require that the Corporation’s name, status, public-benefit purpose, nonprofit character, governing state law, United States legal seat, records, filings, contracts, bank accounts, tax records, insurance records, authority matrices, Board resolutions, committee records, public materials, repositories, technical assets, public authority materials, grant materials, sponsorship materials, and Nexus-facing records remain clearly attributable to the Corporation and not to any other entity, function, network, consortium, sponsor, provider, public authority, or enterprise actor.

No shared mission, shared brand family, shared founder history, shared public-good doctrine, shared repository, shared publication, shared public authority room, shared Nexus reference, shared staff or advisor, shared technical method, shared public-good software, shared controlled vocabulary, shared evidence record, or shared event shall be interpreted as merging the Corporation’s legal identity with GCRI Canada, any other GCRI-related entity, The Global Risks Forum (GRF), The Global Risks Alliance (GRA), Nexus Network, Nexus Standards, any consortium, national company, Project SPV, provider, sponsor, host, donor, funder, public authority, university, laboratory, community, or enterprise execution actor.

Legal identity protection shall be enforced through controlled naming, public description discipline, signature discipline, repository metadata, records custody, correction pathways, unauthorized-use controls, and authority matrices. Where ambiguity arises, the Corporation shall use the most protective interpretation: separate legal personality, separate authority, separate treasury, separate records, separate liability, and separate governance unless a competent written instrument lawfully provides otherwise.

30.2 United States Seat Protection.\
The Corporation’s United States legal seat shall be protected as the governing jurisdictional anchor for internal corporate acts. The Corporation’s incorporation, registered office, registered agent, principal office, governance seat, corporate records, Board authority, officer authority, member rights where applicable, filings, good-standing obligations, minute books, resolutions, amendments, delegations, indemnification, dissolution, wind-up, and internal governance shall be governed by the applicable United States legal framework, including the governing state nonprofit corporation law, applicable federal law, the Certificate or Articles of Incorporation, and this Bylaw.

United States seat protection shall not prevent lawful cross-state, territorial, Tribal-interface, local, North America, or cross-border activity. It shall instead require that such activity be structured, localized, recorded, and bounded without displacing the Corporation’s United States legal primacy for internal corporate acts.

No foreign host, donor, sponsor, provider, GCRI Canada interface, North America interface, Nexus interface, public authority interface, technical platform, repository location, cloud location, data-room location, event location, or public-facing label shall obscure the Corporation’s United States legal seat. Where the Corporation operates or coordinates outside its state of incorporation or outside the United States, such activity shall be treated as external or localized activity, not as a relocation of legal seat, merger of legal personality, transfer of corporate authority, or creation of foreign sovereign authority.

The Corporation shall maintain records evidencing its United States seat, including governing law, registered agent, registered office, principal office, governance seat, filings, state qualifications, charitable solicitation registrations where applicable, tax records, Board records, and any cross-border compatibility or divergence notes.

30.3 All-States-and-Territories Localization Protection.\
The Corporation’s all-states-and-territories operating posture shall be protected by disciplined localization. The Corporation may operate, register, qualify, convene, publish, contract, employ, solicit support, receive support, maintain programs, engage public authorities, engage communities, maintain controlled rooms, and support Nexus-compatible public-good activity across the United States only where lawful, properly reviewed, and properly recorded.

All-states-and-territories localization shall include, where applicable, federal law, state law, District of Columbia law, territorial law, Tribal-interface and Indigenous governance respect, local law, charitable solicitation rules, tax registration, employment law, privacy law, AI and cybersecurity law, public records-sensitive matters, open meetings-sensitive matters, procurement-sensitive matters, lobbying and government ethics rules, grant rules, civil rights, accessibility, research ethics, public authority capacity classifications, public-safe publication rules, and safeguards requirements.

Localization shall not fracture the Corporation. A state-specific, territorial, Tribal-interface, local, public authority-specific, host-specific, sponsor-specific, provider-specific, grant-specific, or program-specific adaptation shall not create a separate legal entity, separate treasury, separate Board, shadow branch, public authority status, execution vehicle, certification function, recognition function, finance-readiness function, or procurement role unless separately and lawfully constituted.

Where local requirements require different language, notices, translations, participation terms, data controls, public authority language, safeguards, or publication restrictions, such adaptations shall be documented through compatibility notes, divergence logs, localized terms, Board or officer approvals where required, and records sufficient to preserve legal identity and mission lock.

30.4 North America Anchor Boundary Protection.\
The Corporation’s North America anchor role shall be protected as a bounded public-good role. The Corporation may serve as the United States and North America anchor for evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute methods, public authority learning, public-safe publication support, and technical memory, including lawful coordination with GCRI Canada and other lawful North America interfaces.

North America anchor boundary protection shall permit coordination concerning climate, disaster, cyber, public health, energy, water, food, biodiversity, telecom, AI-RAN, O-RAN, DePIN, DLT, supply chain, ports, borders, Arctic, Great Lakes, Pacific, Atlantic, Gulf, Caribbean, Mexico, Indigenous, regional, and cross-border evidence contexts, provided such coordination remains lawful, role-separated, non-executing, and record-based.

The North America anchor role shall not create a North America legal entity, treaty body, intergovernmental organization, regional regulator, public finance authority, emergency command body, public warning authority, procurement body, certification body, recognition body, finance-readiness body, standards monopoly, enterprise execution vehicle, public authority, sovereign delegate, or cross-border operating company.

The Corporation shall use North America anchor language only where it is accurate, bounded, and not legally confusing. Any North America reference shall preserve the separateness of GCRI US, GCRI Canada, any other GCRI-related entity, GRF, GRA, Nexus entities, public authorities, consortiums, national companies, Project SPVs, providers, sponsors, and enterprise actors.

30.5 Public-Benefit Lock.\
The Corporation’s public-benefit purpose shall be locked against private capture, institutional drift, role collapse, and execution-facing misuse. All powers, programs, publications, records, technical assets, controlled rooms, public authority interactions, sponsorships, grants, donations, provider engagements, research collaborations, software releases, and Nexus-interface activities shall be interpreted and conducted in furtherance of lawful public-benefit purposes.

The public-benefit lock shall require the Corporation to prioritize evidence integrity, methods integrity, observability, ontology, technical truth, research integrity, public-good software, open technical baselines, public authority learning, public-safe publication, civil rights, accessibility, community safeguards, protected knowledge, Indigenous governance respect, anti-capture, transparency where lawful and safe, validity-by-record, and correctionability.

No donor, sponsor, funder, provider, host, public authority participant, enterprise actor, capital reader, national company, Project SPV, director, officer, member, advisor, contractor, employee, fellow, volunteer, founder, or related party shall use the Corporation’s public-benefit mission to obtain impermissible private benefit, special access, governance control, research control, publication control, public authority access, provider preference, procurement advantage, recognition, finance-readiness, certification, or market positioning.

Where a proposed activity is technically useful but public-benefit ambiguous, the Corporation shall apply the more protective interpretation and may require Board review, conflict review, tax review, nonprofit review, safeguards review, public authority boundary review, finance-boundary review, or refusal.

30.6 Nonprofit and Non-Distribution Lock.\
The Corporation’s nonprofit and non-distribution character shall be locked as a mandatory governance condition. The Corporation shall not issue shares, distribute profits, declare dividends, return surplus to private persons, operate for private inurement, or permit impermissible private benefit.

All revenues, assets, technical assets, records, grants, donations, sponsorships, restricted funds, subscriptions, fees, cost-recovery payments, in-kind support, software, data assets, publications, controlled-room materials, and public-good infrastructure support shall be dedicated to lawful public-benefit purposes, subject to reasonable compensation, lawful reimbursement, lawful grants, lawful program support, and lawful contractual payments where properly approved and documented.

The nonprofit and non-distribution lock shall apply to directors, officers, members where applicable, non-voting members, supporters, subscribers, donors, sponsors, funders, providers, hosts, contractors, employees, fellows, advisors, volunteers, founders, related parties, public authority participants, universities, laboratories, communities, enterprise actors, national companies, Project SPVs, and any person or entity interacting with the Corporation.

Where financial arrangements create risk of private inurement, excess benefit, impermissible private benefit, related-party benefit, donor control, sponsor control, provider preference, outcome purchase, or mission capture, the Corporation shall require review, recusal, independent approval, comparability where appropriate, limitation, rejection, return, termination, or correction.

30.7 Non-Execution Lock.\
The Corporation’s non-execution character shall be locked as a bright-line institutional protection. The Corporation shall not, by default, act as an execution vehicle, operator, owner, developer, deployer, manager, financier, underwriter, lender, insurer, broker, dealer, investment adviser, finder, rating agency, procurement body, certification body, recognition body, regulator, emergency command body, public warning authority, public authority, national company, Project SPV, provider, asset owner, or enterprise delivery company.

The Corporation may research, convene, educate, publish, develop public-good software, maintain open technical baselines, operate records, maintain controlled rooms, support public authority learning, steward methods, support observability, provide evidence inputs, and issue correction signals. Such activity shall remain non-executing and shall not become execution because it is technical, useful, urgent, sponsor-supported, provider-supported, public authority-attended, finance-adjacent, enterprise-relevant, or Nexus-compatible.

No dashboard, AI system, model output, digital twin, AI-RAN signal, O-RAN signal, DePIN record, DLT or blockchain entry, sensor output, proof receipt, technical baseline, public-safe report, controlled-room workflow, evidence room, data room, or repository artifact shall be treated as execution authority.

Where activity approaches execution, the Corporation shall stop, hold, quarantine, re-scope, externalize, refer, restrict access, freeze publication, freeze implementation, isolate technical systems, obtain review, or terminate the activity.

30.8 GCRI / GRF / GRA Role-Separation Lock.\
The Corporation shall maintain the separation of GCRI, GRF, and GRA functions as an interpretive lock. GCRI US shall steward evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baselines, verifiable compute methods, public authority learning, safeguards, and correctionable technical memory.

The Global Risks Forum (GRF) shall be treated as the separate public-facing registry, recognition, maturity-records, standing, claims-discipline, stakeholder-formation, public-safe reporting, and legitimacy steward where such functions are separately and lawfully constituted. The Global Risks Alliance (GRA) shall be treated as the separate finance-readiness, capital-readability, proof-pack, insurance-readiness, diligence-translation, RNFD, NFD, UNFSD, capital-reader room, and regulated-perimeter discipline steward where such functions are separately and lawfully constituted.

No GCRI US evidence, method, dashboard, publication, technical baseline, proof receipt, controlled-room artifact, Nexus-interface record, public authority learning material, or public statement shall constitute GRF recognition, GRF standing, GRF maturity record, GRF public legitimacy, GRA finance-readiness, GRA proof-pack issuance, GRA insurance-readiness, GRA capital-readability, or GRA investment-related determination unless separately and lawfully issued by the competent body.

Role-separation ambiguity shall be corrected through labels, limitation language, compatibility notes, divergence logs, routing records, public-safe clarifications, access restrictions, or withdrawal.

30.9 Public-Good Stack and Enterprise Stack Separation Lock.\
The Corporation shall preserve the separation between the Nexus public-good stack and the enterprise stack. GCRI US shall operate within the public-good stack as an evidence, methods, observability, ontology, technical truth, public-good R\&D, public-good software, open technical baseline, public authority learning, safeguards, and correctionability institution.

Enterprise stack actors, including national companies, state or regional operating companies, Project SPVs, asset owners, operators, integrators, qualified enterprise providers, lenders, insurers, investors, underwriters, banks, public finance actors, capital readers, vendors, contractors, and deployment entities, shall remain separate from the Corporation’s public-good governance role.

The Corporation may interface with enterprise stack actors through lawful contracts, research collaboration, public-good support, controlled rooms, data rooms, technical contribution, public authority learning, public-safe publication, and Nexus-compatible evidence support. Such interfaces shall not create provider preference, project approval, procurement advantage, finance-readiness, certification, recognition, public authority endorsement, operational control, shared liability, or execution responsibility.

The Corporation shall not allow enterprise needs to determine public-good evidence, methods, research conclusions, publication outcomes, public authority access, controlled vocabulary, safeguards, or correction pathways.

30.10 Public Authority Boundary Lock.\
The Corporation shall protect the boundary between public authority learning and public authority action. The Corporation may support public authorities through evidence literacy, technical literacy, scenario learning, simulation support, tabletop support, observability methods, public-safe reporting literacy, data / AI / cyber learning, safeguards literacy, and systemic-risk understanding.

No participation by a federal, state, territorial, District of Columbia, Tribal-interface, local, municipal, county, metropolitan, port, utility, public health, emergency management, public safety, public works, telecom, energy, water, food, cyber, infrastructure, regulator-listening, or public finance reader participant shall be interpreted as public authority delegation, official adoption, procurement approval, funding approval, regulatory approval, public finance approval, public-private partnership, sovereign obligation, emergency command, public warning, legal endorsement, certification, recognition, or public authority decision unless separately and lawfully recorded by the competent public authority.

The Corporation shall classify public authority capacity, maintain records, use public authority reference controls, prevent official-adoption overclaim, protect public-sector data, respect public records and open meetings sensitivities where applicable, and correct public authority confusion promptly.

Public authority boundary protection shall survive urgency. No crisis, disaster, cyber incident, public health concern, infrastructure failure, model output, dashboard signal, public request, or public authority interest shall convert the Corporation into an emergency command body or public warning authority.

30.11 Finance, Investment, Insurance, Lending, Underwriting, Rating, Securities, Public Finance, and Capital-Reader Boundary Lock.\
The Corporation shall protect the boundary between technical evidence and finance execution. The Corporation shall not act as a fund, broker, dealer, finder, investment adviser, lender, insurer, underwriter, rating agency, public finance approver, securities solicitor, capital-placement agent, insurance-placement agent, bank, credit approver, guarantee issuer, or capital intermediary.

The Corporation may provide technical evidence inputs, methods, observability records, uncertainty statements, data-quality records, public-good technical baselines, and public authority learning materials that may be read by GRA, public finance readers, capital readers, insurers, lenders, investors, national companies, Project SPVs, or enterprise actors. Such inputs shall not constitute investment advice, securities solicitation, finance-readiness, insurance-readiness, bankability, investability, rating, underwriting basis, lending approval, public finance approval, or capital recommendation.

Finance-adjacent use shall require disciplined limitation language, access controls, regulated-perimeter review where appropriate, GRA routing where appropriate, public-safe publication review, and records. No technical evidence shall be marketed as finance-ready, insurance-ready, bankable, investable, guaranteed, rated, underwritten, or capital-approved by GCRI US.

The Corporation shall correct any finance overclaim, capital-reader overclaim, investor-material misuse, insurance overclaim, lending overclaim, rating implication, public finance implication, or securities-related misuse.

30.12 Certification, Procurement, Recognition, Maturity, Docket, Grid, and Nexus-Compatible Claim Boundary Lock.\
The Corporation shall protect the boundary between evidence support and status determination. The Corporation shall not, by default, certify, accredit, recognize, approve, rank, rate, mature, docket-approve, grid-approve, procurement-approve, compliance-approve, or confer Nexus-compatible status on any person, entity, technology, provider, project, jurisdiction, public authority, consortium, national company, Project SPV, system, software, dataset, method, report, dashboard, or technical baseline.

The Corporation may provide evidence inputs, method notes, public-good software, technical baselines, review artifacts, observability records, correction signals, and controlled vocabulary support to GRF, GRA, Nexus Standards, public authorities, consortiums, national companies, Project SPVs, providers, universities, laboratories, and communities. Such support shall not itself create certification, procurement approval, recognition, maturity status, standing, Docket status, Grid status, conformance status, or Nexus-compatible status.

Claims using terms such as “certified,” “recognized,” “mature,” “standing,” “approved,” “validated,” “verified,” “Docket,” “Grid,” “Nexus-compatible,” “conformant,” “finance-ready,” “insurance-ready,” or similar controlled terms shall require authority, record, and approved vocabulary. Misuse shall be subject to correction, withdrawal, takedown, clarification, suspension, or legal response where appropriate.

30.13 Data / AI / Cyber / Privacy Lock.\
The Corporation shall protect data, AI, cybersecurity, privacy, rights-bearing systems, controlled materials, public authority materials, cyber-sensitive materials, infrastructure-sensitive materials, health-sensitive materials, personal information, community-protected information, Indigenous data, protected knowledge, repository assets, credentials, keys, tokens, models, datasets, dashboards, digital twins, and compute environments through a mandatory governance lock.

No operational convenience, public authority interest, sponsor demand, provider demand, publication deadline, grant deadline, conference deadline, technical curiosity, AI convenience, data-room request, public-safe reporting interest, or Nexus-interface need shall override approved data / AI / cyber / privacy controls.

The Corporation shall maintain controls for data minimization, purpose limitation, lawful basis where applicable, consent or other lawful pathway where required, access control, retention, deletion, encryption where appropriate, secure transfer, vendor review, model governance, inference records, human review for material outputs, secure development, repository security, incident response, vulnerability management, and correction.

No AI output, automated score, model inference, dashboard, digital twin, proof receipt, ledger entry, sensor signal, AI-RAN signal, O-RAN signal, DePIN record, or computed result shall be treated as institutional authority without competent human review, record support, classification, limitation, and correction pathway.

30.14 Community Safeguards and Protected Knowledge Lock.\
The Corporation shall protect communities, Tribal Nations, Indigenous governments, Indigenous knowledge holders, local knowledge holders, territorial communities, vulnerable communities, remote communities, civil society participants, public-interest participants, research participants, and persons affected by public-safe mapping, observability, evidence collection, AI systems, data systems, public authority learning, and publication activity.

Community safeguards and protected knowledge protection shall include respect for Tribal sovereignty, Indigenous governance, Indigenous data governance, consent and non-consent pathways where applicable, withdrawal pathways where applicable, attribution requirements, confidentiality requirements, protected knowledge restrictions, public-safe mapping limits, anti-extraction principles, grievance and remedy pathways, protected participation, non-retaliation, civil rights, accessibility, and do-no-harm review.

The Corporation shall not extract, expose, commercialize, publish, map, infer, train models on, or route protected knowledge for sponsor convenience, provider convenience, institutional convenience, donor convenience, funder convenience, public authority convenience, media convenience, technical convenience, or AI convenience.

Where safeguards risk exists, the Corporation shall apply the more protective posture, including non-public treatment, aggregation, redaction, delay, restricted access, controlled review, community review, Tribal-interface review, withdrawal, correction, sealing, or termination.

30.15 Validity-by-Record Lock.\
The Corporation shall protect validity-by-record as a constitutional operating condition. No corporate act, governance act, public authority capacity, evidence claim, technical method, publication, software release, public-good baseline, controlled-room decision, public description, delegation, authority, recognition-related input, finance-related input, Nexus-interface status, or correction shall be treated as valid unless supported by the required record.

Validity shall require proper authority, proper process, proper classification, proper custody, proper metadata, proper versioning, proper effective date, proper repository placement where required, proper limitation language where required, proper review where required, and proper correction pathway.

A claim shall not become valid by repetition, informal consensus, public use, operational habit, slide-deck circulation, website posting, AI summary, sponsor reference, provider reference, public authority attendance, media mention, repository presence, dashboard display, proof receipt, ledger entry, controlled-room discussion, or Nexus reference.

Where the record is missing, defective, ambiguous, incomplete, unauthorized, stale, superseded, withdrawn, or inconsistent, the Corporation shall treat the act or claim as restricted, provisional, voidable, non-authoritative, or invalid as appropriate pending correction, ratification where lawful, supersession, withdrawal, or restatement.

30.16 Correctionability Lock.\
The Corporation shall protect correctionability as a standing duty. All material records, public descriptions, evidence artifacts, methods, technical baselines, public-safe publications, software releases, controlled vocabularies, dashboards, datasets, AI outputs, model records, public authority materials, sponsor materials, provider materials, Nexus-interface records, Board records, officer records, committee records, participation records, and controlled-room records shall be capable of challenge, review, correction, supersession, withdrawal, retraction, takedown, archival, or clarification where appropriate.

Correctionability shall not be treated as reputational weakness. It is a constitutional discipline for preserving public trust, technical integrity, legal compliance, public-safe communication, safeguards, public authority boundary discipline, finance-boundary discipline, certification-boundary discipline, and Nexus role separation.

The Corporation shall maintain correction pathways for errors, overclaims, outdated records, public authority confusion, finance overclaims, certification overclaims, recognition overclaims, procurement implications, provider-preference claims, sponsor-control claims, AI errors, data errors, cybersecurity issues, protected knowledge concerns, research integrity concerns, civil rights concerns, accessibility concerns, and public-safe publication concerns.

Where correction is required, the Corporation may issue private correction, controlled notice, public-safe clarification, repository update, version change, erratum, withdrawal, takedown, supersession, retraction, access restriction, or termination of affected activity, while preserving records of the correction.

30.17 Anti-Capture Lock.\
The Corporation shall protect itself against capture by sponsors, donors, funders, providers, vendors, contractors, hosts, enterprise actors, public authorities, capital readers, investors, insurers, lenders, national companies, Project SPVs, political actors, founders, directors, officers, members, advisors, staff, volunteers, or any coordinated group of related persons.

Anti-capture protection shall require independence review, conflict disclosure, related-party review, recusal, access restriction, influence-concentration review, support acceptance review, sponsor non-control, donor non-control, funder non-control, provider neutrality, public authority boundary discipline, competition-law discipline, and public-safe claims discipline.

No support, sponsorship, donation, grant, subscription, fee, in-kind contribution, hosting arrangement, technical contribution, equipment contribution, compute contribution, data contribution, staff secondment, public authority participation, or controlled-room participation shall purchase governance control, research outcomes, publication outcomes, public authority access, provider preference, procurement advantage, recognition, finance-readiness, certification, Docket status, Grid status, Nexus-compatible status, or public legitimacy.

Where capture risk cannot be safely managed, the Corporation shall refuse, return, restrict, re-scope, ring-fence, diversify, suspend, terminate, or correct the relationship.

30.18 Amendment and Change-Control Protection.\
The Corporation shall protect this Bylaw and the constitutional structure established by Article I through disciplined amendment, versioning, supersession, withdrawal, restatement, and archival controls. No amendment, interpretation, localization, annex, schedule, policy, protocol, Board resolution, committee charter, operating procedure, template, public summary, AI summary, repository update, technical profile, public authority note, sponsor term, provider term, grant term, or Nexus instrument shall silently amend or override Article I.

Any proposed change affecting legal identity, United States seat, all-states-and-territories posture, North America anchor role, nonprofit character, public-benefit purpose, non-execution, GCRI / GRF / GRA role separation, public-good stack and enterprise stack separation, public authority boundary, finance boundary, certification boundary, procurement neutrality, data / AI / cyber controls, safeguards, validity-by-record, correctionability, anti-capture, or amendment control shall be treated as material or constitutional unless the Board determines otherwise by recorded act consistent with law.

Change-control protection shall require classification, authority review, notice where required, Board approval where required, member approval where required, repository update, effective date, transition rule, supersession record, archive record, and public-safe clarification where appropriate.

No operational drift, repeated practice, informal approval, external expectation, sponsor pressure, provider pressure, public authority interest, technical integration, AI-generated text, public summary, or Nexus reference shall amend this Bylaw.

30.19 Article I Control Records.\
The Corporation shall maintain Article I control records sufficient to demonstrate that the constitutional protections established in Article I have been adopted, implemented, monitored, enforced, corrected, and preserved.

Article I control records shall include, as applicable:

a) legal identity records;

b) name-use records;

c) United States seat records;

d) registered office, registered agent, principal office, and governance seat records;

e) all-states-and-territories operating posture records;

f) state, territorial, District of Columbia, Tribal-interface, local, and cross-border localization records;

g) North America anchor role records;

h) public-benefit lock records;

i) nonprofit, non-distribution, no-private-inurement, and no-impermissible-private-benefit records;

j) non-execution records;

k) GCRI / GRF / GRA role-separation records;

l) public-good stack and enterprise stack separation records;

m) public authority boundary records;

n) finance, investment, insurance, lending, underwriting, rating, securities, public finance, and capital-reader boundary records;

o) certification, procurement, recognition, maturity, Docket, Grid, and Nexus-compatible claim boundary records;

p) data / AI / cyber / privacy records;

q) community safeguards, Indigenous knowledge, Tribal-interface, local, territorial, protected knowledge, civil rights, accessibility, and public-safe mapping records;

r) validity-by-record records;

s) correctionability records;

t) anti-capture records;

u) amendment, versioning, supersession, withdrawal, restatement, and archival records;

v) compatibility notes, divergence logs, equivalence notes, public description records, and public-safe summaries;

w) records of holds, stops, quarantines, access restrictions, publication freezes, implementation freezes, technical isolations, controlled-room lockdowns, re-scopes, referrals, externalizations, withdrawals, retractions, takedowns, supersessions, corrections, public-safe clarifications, and terminations; and

x) responsible owner, custodian, authority, effective date, review date, retention class, access class, publication class, legal hold status, repository location, and metadata.

The governing rule of this Section is that Article I is not merely introductory. It is the constitutional control layer of the GCRI US Bylaw. It protects the Corporation’s legal identity, United States seat, public-benefit purpose, nonprofit discipline, North America anchor boundary, non-execution status, role separation, public authority boundary, finance boundary, certification and procurement boundary, data / AI / cyber integrity, safeguards, validity-by-record, correctionability, anti-capture discipline, and change-control integrity. No later Article, lower-order instrument, operational practice, public statement, technical artifact, external interface, or Nexus reference shall be interpreted to weaken these protections unless the change is lawful, express, properly authorized, properly recorded, and consistent with the Corporation’s public-benefit mission.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.therisk.global/organization/organization/governance/bylaws/gcri-us/article-i.-foundations.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.